[netfilter-cvslog] r6431 - in branches/iptables/iptables-1.4: . extensions include include/libiptc libiptc

laforge at netfilter.org laforge at netfilter.org
Mon Jan 23 18:24:51 CET 2006


Author: laforge at netfilter.org
Date: 2006-01-23 18:24:41 +0100 (Mon, 23 Jan 2006)
New Revision: 6431

Added:
   branches/iptables/iptables-1.4/include/libiptc/libxtc.h
   branches/iptables/iptables-1.4/include/xtables.h
   branches/iptables/iptables-1.4/xtables.c
Modified:
   branches/iptables/iptables-1.4/Makefile
   branches/iptables/iptables-1.4/extensions/libipt_CLASSIFY.c
   branches/iptables/iptables-1.4/extensions/libipt_CLUSTERIP.c
   branches/iptables/iptables-1.4/extensions/libipt_CONNMARK.c
   branches/iptables/iptables-1.4/extensions/libipt_DNAT.c
   branches/iptables/iptables-1.4/extensions/libipt_DSCP.c
   branches/iptables/iptables-1.4/extensions/libipt_ECN.c
   branches/iptables/iptables-1.4/extensions/libipt_FTOS.c
   branches/iptables/iptables-1.4/extensions/libipt_IPMARK.c
   branches/iptables/iptables-1.4/extensions/libipt_IPV4OPTSSTRIP.c
   branches/iptables/iptables-1.4/extensions/libipt_LOG.c
   branches/iptables/iptables-1.4/extensions/libipt_MARK.c
   branches/iptables/iptables-1.4/extensions/libipt_MASQUERADE.c
   branches/iptables/iptables-1.4/extensions/libipt_MIRROR.c
   branches/iptables/iptables-1.4/extensions/libipt_NETLINK.c
   branches/iptables/iptables-1.4/extensions/libipt_NETMAP.c
   branches/iptables/iptables-1.4/extensions/libipt_NFQUEUE.c
   branches/iptables/iptables-1.4/extensions/libipt_NOTRACK.c
   branches/iptables/iptables-1.4/extensions/libipt_POOL.c
   branches/iptables/iptables-1.4/extensions/libipt_REDIRECT.c
   branches/iptables/iptables-1.4/extensions/libipt_REJECT.c
   branches/iptables/iptables-1.4/extensions/libipt_ROUTE.c
   branches/iptables/iptables-1.4/extensions/libipt_SAME.c
   branches/iptables/iptables-1.4/extensions/libipt_SET.c
   branches/iptables/iptables-1.4/extensions/libipt_SNAT.c
   branches/iptables/iptables-1.4/extensions/libipt_TARPIT.c
   branches/iptables/iptables-1.4/extensions/libipt_TCPLAG.c
   branches/iptables/iptables-1.4/extensions/libipt_TCPMSS.c
   branches/iptables/iptables-1.4/extensions/libipt_TOS.c
   branches/iptables/iptables-1.4/extensions/libipt_TRACE.c
   branches/iptables/iptables-1.4/extensions/libipt_TTL.c
   branches/iptables/iptables-1.4/extensions/libipt_ULOG.c
   branches/iptables/iptables-1.4/extensions/libipt_XOR.c
   branches/iptables/iptables-1.4/extensions/libipt_account.c
   branches/iptables/iptables-1.4/extensions/libipt_addrtype.c
   branches/iptables/iptables-1.4/extensions/libipt_ah.c
   branches/iptables/iptables-1.4/extensions/libipt_childlevel.c
   branches/iptables/iptables-1.4/extensions/libipt_comment.c
   branches/iptables/iptables-1.4/extensions/libipt_condition.c
   branches/iptables/iptables-1.4/extensions/libipt_connbytes.c
   branches/iptables/iptables-1.4/extensions/libipt_connlimit.c
   branches/iptables/iptables-1.4/extensions/libipt_connmark.c
   branches/iptables/iptables-1.4/extensions/libipt_connrate.c
   branches/iptables/iptables-1.4/extensions/libipt_conntrack.c
   branches/iptables/iptables-1.4/extensions/libipt_dccp.c
   branches/iptables/iptables-1.4/extensions/libipt_dscp.c
   branches/iptables/iptables-1.4/extensions/libipt_dstlimit.c
   branches/iptables/iptables-1.4/extensions/libipt_ecn.c
   branches/iptables/iptables-1.4/extensions/libipt_esp.c
   branches/iptables/iptables-1.4/extensions/libipt_fuzzy.c
   branches/iptables/iptables-1.4/extensions/libipt_hashlimit.c
   branches/iptables/iptables-1.4/extensions/libipt_helper.c
   branches/iptables/iptables-1.4/extensions/libipt_icmp.c
   branches/iptables/iptables-1.4/extensions/libipt_iprange.c
   branches/iptables/iptables-1.4/extensions/libipt_ipv4options.c
   branches/iptables/iptables-1.4/extensions/libipt_length.c
   branches/iptables/iptables-1.4/extensions/libipt_limit.c
   branches/iptables/iptables-1.4/extensions/libipt_mac.c
   branches/iptables/iptables-1.4/extensions/libipt_mark.c
   branches/iptables/iptables-1.4/extensions/libipt_mport.c
   branches/iptables/iptables-1.4/extensions/libipt_multiport.c
   branches/iptables/iptables-1.4/extensions/libipt_nth.c
   branches/iptables/iptables-1.4/extensions/libipt_osf.c
   branches/iptables/iptables-1.4/extensions/libipt_owner.c
   branches/iptables/iptables-1.4/extensions/libipt_physdev.c
   branches/iptables/iptables-1.4/extensions/libipt_pkttype.c
   branches/iptables/iptables-1.4/extensions/libipt_policy.c
   branches/iptables/iptables-1.4/extensions/libipt_pool.c
   branches/iptables/iptables-1.4/extensions/libipt_psd.c
   branches/iptables/iptables-1.4/extensions/libipt_realm.c
   branches/iptables/iptables-1.4/extensions/libipt_rpc.c
   branches/iptables/iptables-1.4/extensions/libipt_sctp.c
   branches/iptables/iptables-1.4/extensions/libipt_standard.c
   branches/iptables/iptables-1.4/extensions/libipt_state.c
   branches/iptables/iptables-1.4/extensions/libipt_tcp.c
   branches/iptables/iptables-1.4/extensions/libipt_tcpmss.c
   branches/iptables/iptables-1.4/extensions/libipt_time.c
   branches/iptables/iptables-1.4/extensions/libipt_tos.c
   branches/iptables/iptables-1.4/extensions/libipt_ttl.c
   branches/iptables/iptables-1.4/extensions/libipt_u32.c
   branches/iptables/iptables-1.4/extensions/libipt_udp.c
   branches/iptables/iptables-1.4/extensions/libipt_unclean.c
   branches/iptables/iptables-1.4/include/ip6tables.h
   branches/iptables/iptables-1.4/include/iptables.h
   branches/iptables/iptables-1.4/include/iptables_common.h
   branches/iptables/iptables-1.4/include/libiptc/libip6tc.h
   branches/iptables/iptables-1.4/include/libiptc/libiptc.h
   branches/iptables/iptables-1.4/ip6tables.c
   branches/iptables/iptables-1.4/iptables.c
   branches/iptables/iptables-1.4/libiptc/libip4tc.c
   branches/iptables/iptables-1.4/libiptc/libip6tc.c
   branches/iptables/iptables-1.4/libiptc/libiptc.c
Log:
first steps towards x_tables generalization (not compiling, don't use it yet)


Modified: branches/iptables/iptables-1.4/Makefile
===================================================================
--- branches/iptables/iptables-1.4/Makefile	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/Makefile	2006-01-23 17:24:41 UTC (rev 6431)
@@ -14,8 +14,8 @@
 ifndef KERNEL_DIR
 KERNEL_DIR=/usr/src/linux
 endif
-IPTABLES_VERSION:=1.3.4
-OLD_IPTABLES_VERSION:=1.3.3
+IPTABLES_VERSION:=1.4.0
+OLD_IPTABLES_VERSION:=1.3.4
 
 PREFIX:=/usr/local
 LIBDIR:=$(PREFIX)/lib

Modified: branches/iptables/iptables-1.4/extensions/libipt_CLASSIFY.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_CLASSIFY.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_CLASSIFY.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,12 +26,6 @@
 	{ 0 }
 };
 
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
 int string_to_priority(const char *s, unsigned int *p)
 {
 	unsigned int i, j;
@@ -47,11 +41,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_classify_target_info *clinfo
-		= (struct ipt_classify_target_info *)(*target)->data;
+	struct ipt_classify_target_info *clinfo = targetinfo;
 
 	switch (c) {
 	case '1':
@@ -87,35 +79,30 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_classify_target_info *clinfo =
-		(const struct ipt_classify_target_info *)target->data;
+	const struct ipt_classify_target_info *clinfo = targetinfo;
 	printf("CLASSIFY set ");
 	print_class(clinfo->priority, numeric);
 }
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_classify_target_info *clinfo =
-		(const struct ipt_classify_target_info *)target->data;
+	const struct ipt_classify_target_info *clinfo = targetinfo;
 
 	printf("--set-class %.4x:%.4x ",
 	       TC_H_MAJ(clinfo->priority)>>16, TC_H_MIN(clinfo->priority));
 }
 
-static struct iptables_target classify = { 
-	.next		= NULL,
+static struct xtables_target classify = { 
 	.name		= "CLASSIFY",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_classify_target_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_classify_target_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_classify_target_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_classify_target_info)),
 	.help		= &help,
-	.init		= &init,
 	.parse		= &parse,
 	.final_check	= &final_check,
 	.print		= &print,

Modified: branches/iptables/iptables-1.4/extensions/libipt_CLUSTERIP.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_CLUSTERIP.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_CLUSTERIP.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -55,11 +55,6 @@
 };
 
 static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
-static void
 parse_mac(const char *mac, char *macbuf)
 {
 	unsigned int i = 0;
@@ -85,11 +80,9 @@
 
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_clusterip_tgt_info *cipinfo
-		= (struct ipt_clusterip_tgt_info *)(*target)->data;
+	struct ipt_clusterip_tgt_info *cipinfo = targetinfo;
 
 	switch (c) {
 		unsigned int num;
@@ -207,12 +200,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_clusterip_tgt_info *cipinfo =
-		(const struct ipt_clusterip_tgt_info *)target->data;
+	const struct ipt_clusterip_tgt_info *cipinfo = targetinfo;
 	
 	if (!cipinfo->flags & CLUSTERIP_FLAG_NEW) {
 		printf("CLUSTERIP");
@@ -229,10 +219,9 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_clusterip_tgt_info *cipinfo =
-		(const struct ipt_clusterip_tgt_info *)target->data;
+	const struct ipt_clusterip_tgt_info *cipinfo = targetinfo;
 
 	/* if this is not a new entry, we don't need to save target
 	 * parameters */
@@ -248,13 +237,12 @@
 }
 
 static struct iptables_target clusterip = { 
-	.next		= NULL,
 	.name		= "CLUSTERIP",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_clusterip_tgt_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_clusterip_tgt_info)),
 	.userspacesize	= offsetof(struct ipt_clusterip_tgt_info, config),
  	.help		= &help,
-	.init		= &init,
 	.parse		= &parse,
 	.final_check	= &final_check,
 	.print		= &print,

Modified: branches/iptables/iptables-1.4/extensions/libipt_CONNMARK.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_CONNMARK.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_CONNMARK.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -28,13 +28,6 @@
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include "../include/linux/netfilter_ipv4/ipt_CONNMARK.h"
 
-#if 0
-struct markinfo {
-	struct ipt_entry_target t;
-	struct ipt_connmark_target_info mark;
-};
-#endif
-
 /* Function which prints out usage message. */
 static void
 help(void)
@@ -56,21 +49,13 @@
 	{ 0 }
 };
 
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
 /* Function which parses command options; returns true if it
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_connmark_target_info *markinfo
-		= (struct ipt_connmark_target_info *)(*target)->data;
+	struct ipt_connmark_target_info *markinfo = targetinfo;
 
 	markinfo->mask = 0xffffffffUL;
 
@@ -144,12 +129,9 @@
 
 /* Prints out the target info. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_connmark_target_info *markinfo =
-		(const struct ipt_connmark_target_info *)target->data;
+	const struct ipt_connmark_target_info *markinfo = targetinfo;
 	switch (markinfo->mode) {
 	case IPT_CONNMARK_SET:
 	    printf("CONNMARK set ");
@@ -174,10 +156,9 @@
 
 /* Saves the target into in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_connmark_target_info *markinfo =
-		(const struct ipt_connmark_target_info *)target->data;
+	const struct ipt_connmark_target_info *markinfo = targetinfo;
 
 	switch (markinfo->mode) {
 	case IPT_CONNMARK_SET:
@@ -200,13 +181,13 @@
 	}
 }
 
-static struct iptables_target connmark_target = {
+static struct xtables_target connmark_target = {
     .name          = "CONNMARK",
     .version       = IPTABLES_VERSION,
-    .size          = IPT_ALIGN(sizeof(struct ipt_connmark_target_info)),
-    .userspacesize = IPT_ALIGN(sizeof(struct ipt_connmark_target_info)),
+    .pf		   = PF_INET,
+    .size          = XT_ALIGN(sizeof(struct ipt_connmark_target_info)),
+    .userspacesize = XT_ALIGN(sizeof(struct ipt_connmark_target_info)),
     .help          = &help,
-    .init          = &init,
     .parse         = &parse,
     .final_check   = &final_check,
     .print         = &print,

Modified: branches/iptables/iptables-1.4/extensions/libipt_DNAT.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_DNAT.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_DNAT.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -39,7 +39,7 @@
 	unsigned int size;
 
 	/* One rangesize already in struct ipt_natinfo */
-	size = IPT_ALIGN(sizeof(*info) + info->mr.rangesize * sizeof(*range));
+	size = XT_ALIGN(sizeof(*info) + info->mr.rangesize * sizeof(*range));
 
 	info = realloc(info, size);
 	if (!info)
@@ -136,10 +136,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_natinfo *info = (void *)*target;
+	struct ipt_natinfo *info = targetinfo;
 	int portok;
 
 	if (entry->ip.proto == IPPROTO_TCP
@@ -201,11 +200,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	struct ipt_natinfo *info = (void *)target;
+	const struct ipt_natinfo *info = targetinfo;
 	unsigned int i = 0;
 
 	printf("to:");
@@ -217,9 +214,9 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	struct ipt_natinfo *info = (void *)target;
+	const struct ipt_natinfo *info = targetinfo;
 	unsigned int i = 0;
 
 	for (i = 0; i < info->mr.rangesize; i++) {
@@ -230,11 +227,11 @@
 }
 
 static struct iptables_target dnat = { 
-	.next		= NULL,
 	.name		= "DNAT",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ip_nat_multi_range)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_DSCP.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_DSCP.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_DSCP.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -21,11 +21,6 @@
 /* This is evil, but it's my code - HW*/
 #include "libipt_dscp_helper.c"
 
-
-static void init(struct ipt_entry_target *t, unsigned int *nfcache) 
-{
-}
-
 static void help(void) 
 {
 	printf(
@@ -78,11 +73,9 @@
 
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_DSCP_info *dinfo
-		= (struct ipt_DSCP_info *)(*target)->data;
+	struct ipt_DSCP_info *dinfo = targetinfo;
 
 	switch (c) {
 	case 'F':
@@ -123,34 +116,29 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_DSCP_info *dinfo =
-		(const struct ipt_DSCP_info *)target->data;
+	const struct ipt_DSCP_info *dinfo = targetinfo;
 	printf("DSCP set ");
 	print_dscp(dinfo->dscp, numeric);
 }
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_DSCP_info *dinfo =
-		(const struct ipt_DSCP_info *)target->data;
+	const struct ipt_DSCP_info *dinfo = targetinfo;
 
 	printf("--set-dscp 0x%02x ", dinfo->dscp);
 }
 
 static struct iptables_target dscp = { 
-	.next		= NULL,
 	.name		= "DSCP",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_DSCP_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_DSCP_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_DSCP_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_DSCP_info)),
 	.help		= &help,
-	.init		= &init,
 	.parse		= &parse,
 	.final_check	= &final_check,
 	.print		= &print,

Modified: branches/iptables/iptables-1.4/extensions/libipt_ECN.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ECN.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ECN.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -17,10 +17,6 @@
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv4/ipt_ECN.h>
 
-static void init(struct ipt_entry_target *t, unsigned int *nfcache) 
-{
-}
-
 static void help(void) 
 {
 	printf(
@@ -47,12 +43,10 @@
 
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
 	unsigned int result;
-	struct ipt_ECN_info *einfo
-		= (struct ipt_ECN_info *)(*target)->data;
+	struct ipt_ECN_info *einfo = targetinfo;
 
 	switch (c) {
 	case 'F':
@@ -114,12 +108,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, void *targetinfo, int numeric)
 {
-	const struct ipt_ECN_info *einfo =
-		(const struct ipt_ECN_info *)target->data;
+	const struct ipt_ECN_info *einfo = targetinfo;
 
 	printf("ECN ");
 
@@ -143,8 +134,7 @@
 static void
 save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
 {
-	const struct ipt_ECN_info *einfo =
-		(const struct ipt_ECN_info *)target->data;
+	const struct ipt_ECN_info *einfo = targetinfo;
 
 	if (einfo->operation == (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)
 	    && einfo->proto.tcp.ece == 0
@@ -164,14 +154,13 @@
 }
 
 static
-struct iptables_target ecn = { 
-	.next		= NULL,
+struct xtables_target ecn = { 
 	.name		= "ECN",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_ECN_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_ECN_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_ECN_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_ECN_info)),
 	.help		= &help,
-	.init		= &init,
 	.parse		= &parse,
 	.final_check	= &final_check,
 	.print		= &print,

Modified: branches/iptables/iptables-1.4/extensions/libipt_FTOS.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_FTOS.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_FTOS.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -21,10 +21,6 @@
 	u_int8_t ftos;
 };
 
-static void init(struct ipt_entry_target *t, unsigned int *nfcache) 
-{
-}
-
 static void help(void) 
 {
 	printf(
@@ -54,11 +50,9 @@
 
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_FTOS_info *finfo
-		= (struct ipt_FTOS_info *)(*target)->data;
+	struct ipt_FTOS_info *finfo = targetinfo;
 
 	switch (c) {
 	case 'F':
@@ -92,34 +86,29 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_FTOS_info *finfo =
-		(const struct ipt_FTOS_info *)target->data;
+	const struct ipt_FTOS_info *finfo = targetinfo;
 	printf("TOS set ");
 	print_ftos(finfo->ftos, numeric);
 }
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_FTOS_info *finfo =
-		(const struct ipt_FTOS_info *)target->data;
+	const struct ipt_FTOS_info *finfo = targetinfo;
 
 	printf("--set-ftos 0x%02x ", finfo->ftos);
 }
 
-static struct iptables_target ftos = {
-	.next		= NULL,
+static struct xtables_target ftos = {
 	.name		= "FTOS",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_FTOS_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_FTOS_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_FTOS_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_FTOS_info)),
 	.help		= &help,
-	.init		= &init,
 	.parse		= &parse,
 	.final_check	= &final_check,
 	.print		= &print,

Modified: branches/iptables/iptables-1.4/extensions/libipt_IPMARK.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_IPMARK.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_IPMARK.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -45,10 +45,9 @@
 
 /* Initialize the target. */
 static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
 {
-	struct ipt_ipmark_target_info *ipmarkinfo =
-		(struct ipt_ipmark_target_info *)t->data;
+	struct ipt_ipmark_target_info *ipmarkinfo = targetinfo;
 
 	ipmarkinfo->andmask=0xffffffff;
 	ipmarkinfo->ormask=0;
@@ -59,11 +58,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_ipmark_target_info *ipmarkinfo
-		= (struct ipt_ipmark_target_info *)(*target)->data;
+	struct ipt_ipmark_target_info *ipmarkinfo = targetinfo;
 
 	switch (c) {
 		char *end;
@@ -116,12 +113,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_ipmark_target_info *ipmarkinfo =
-		(const struct ipt_ipmark_target_info *)target->data;
+	const struct ipt_ipmark_target_info *ipmarkinfo = targetinfo;
 
 	if(ipmarkinfo->addr == IPT_IPMARK_SRC)
 	  printf("IPMARK src");
@@ -132,10 +126,9 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_ipmark_target_info *ipmarkinfo =
-		(const struct ipt_ipmark_target_info *)target->data;
+	const struct ipt_ipmark_target_info *ipmarkinfo = targetinfo;
 
 	if(ipmarkinfo->addr == IPT_IPMARK_SRC)
 	  printf("--addr=src ");
@@ -148,11 +141,11 @@
 }
 
 static struct iptables_target ipmark = { 
-	.next		= NULL,
 	.name		= "IPMARK",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_ipmark_target_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_ipmark_target_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_ipmark_target_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_ipmark_target_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_IPV4OPTSSTRIP.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_IPV4OPTSSTRIP.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_IPV4OPTSSTRIP.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -27,8 +27,7 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
 	return 0;
 }
@@ -40,26 +39,24 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
 	/* nothing to print, we don't take option... */
 }
 
 /* Saves the stuff in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
 	/* nothing to print, we don't take option... */
 }
 
 static struct iptables_target IPV4OPTSSTRIP = { 
-	.next		= NULL,
 	.name		= "IPV4OPTSSTRIP",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(0),
-	.userspacesize	= IPT_ALIGN(0),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(0),
+	.userspacesize	= XT_ALIGN(0),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_LOG.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_LOG.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_LOG.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -110,10 +110,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_log_info *loginfo = (struct ipt_log_info *)(*target)->data;
+	struct ipt_log_info *loginfo = targetinfo;
 
 	switch (c) {
 	case '!':
@@ -202,12 +201,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_log_info *loginfo
-		= (const struct ipt_log_info *)target->data;
+	const struct ipt_log_info *loginfo = targetinfo;
 	unsigned int i = 0;
 
 	printf("LOG ");
@@ -243,10 +239,9 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_log_info *loginfo
-		= (const struct ipt_log_info *)target->data;
+	const struct ipt_log_info *loginfo = targetinfo;
 
 	if (strcmp(loginfo->prefix, "") != 0)
 		printf("--log-prefix \"%s\" ", loginfo->prefix);
@@ -264,13 +259,13 @@
 		printf("--log-uid ");
 }
 
-static
-struct iptables_target log
+static struct xtables_target log
 = {
     .name          = "LOG",
     .version       = IPTABLES_VERSION,
-    .size          = IPT_ALIGN(sizeof(struct ipt_log_info)),
-    .userspacesize = IPT_ALIGN(sizeof(struct ipt_log_info)),
+    .pf		   = PF_INET,
+    .size          = XT_ALIGN(sizeof(struct ipt_log_info)),
+    .userspacesize = XT_ALIGN(sizeof(struct ipt_log_info)),
     .help          = &help,
     .init          = &init,
     .parse         = &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_MARK.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_MARK.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_MARK.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -29,21 +29,13 @@
 	{ 0 }
 };
 
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
 /* Function which parses command options; returns true if it
    ate an option */
 static int
 parse_v0(int c, char **argv, int invert, unsigned int *flags,
-	 const struct ipt_entry *entry,
-	 struct ipt_entry_target **target)
+	 const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_mark_target_info *markinfo
-		= (struct ipt_mark_target_info *)(*target)->data;
+	struct ipt_mark_target_info *markinfo = targetinfo;
 
 	switch (c) {
 	case '1':
@@ -86,11 +78,9 @@
    ate an option */
 static int
 parse_v1(int c, char **argv, int invert, unsigned int *flags,
-	 const struct ipt_entry *entry,
-	 struct ipt_entry_target **target)
+	 const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_mark_target_info_v1 *markinfo
-		= (struct ipt_mark_target_info_v1 *)(*target)->data;
+	struct ipt_mark_target_info_v1 *markinfo = targetinfo;
 
 	switch (c) {
 	case '1':
@@ -137,22 +127,18 @@
 
 /* Prints out the targinfo. */
 static void
-print_v0(const struct ipt_ip *ip,
-	 const struct ipt_entry_target *target,
-	 int numeric)
+print_v0(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_mark_target_info *markinfo =
-		(const struct ipt_mark_target_info *)target->data;
+	const struct ipt_mark_target_info *markinfo = targetinfo;
 	printf("MARK set ");
 	print_mark(markinfo->mark);
 }
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save_v0(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save_v0(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_mark_target_info *markinfo =
-		(const struct ipt_mark_target_info *)target->data;
+	const struct ipt_mark_target_info *markinfo = targetinfo;
 
 	printf("--set-mark ");
 	print_mark(markinfo->mark);
@@ -160,12 +146,9 @@
 
 /* Prints out the targinfo. */
 static void
-print_v1(const struct ipt_ip *ip,
-	 const struct ipt_entry_target *target,
-	 int numeric)
+print_v1(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_mark_target_info_v1 *markinfo =
-		(const struct ipt_mark_target_info_v1 *)target->data;
+	const struct ipt_mark_target_info_v1 *markinfo = targetinfo;
 
 	switch (markinfo->mode) {
 	case IPT_MARK_SET:
@@ -183,10 +166,9 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save_v1(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save_v1(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_mark_target_info_v1 *markinfo =
-		(const struct ipt_mark_target_info_v1 *)target->data;
+	const struct ipt_mark_target_info_v1 *markinfo = targetinfo;
 
 	switch (markinfo->mode) {
 	case IPT_MARK_SET:
@@ -204,14 +186,13 @@
 
 static
 struct iptables_target mark_v0 = {
-	.next		= NULL,
 	.name		= "MARK",
 	.version	= IPTABLES_VERSION,
+	.pf		= PF_UNSPEC,
 	.revision	= 0,
-	.size		= IPT_ALIGN(sizeof(struct ipt_mark_target_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_mark_target_info)),
+	.size		= XT_ALIGN(sizeof(struct ipt_mark_target_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_mark_target_info)),
 	.help		= &help,
-	.init		= &init,
 	.parse		= &parse_v0,
 	.final_check	= &final_check,
 	.print		= &print_v0,
@@ -221,14 +202,13 @@
 
 static
 struct iptables_target mark_v1 = {
-	.next		= NULL,
 	.name		= "MARK",
 	.version	= IPTABLES_VERSION,
+	.pf		= PF_UNSPEC,
 	.revision	= 1,
-	.size		= IPT_ALIGN(sizeof(struct ipt_mark_target_info_v1)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_mark_target_info_v1)),
+	.size		= XT_ALIGN(sizeof(struct ipt_mark_target_info_v1)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_mark_target_info_v1)),
 	.help		= &help,
-	.init		= &init,
 	.parse		= &parse_v1,
 	.final_check	= &final_check,
 	.print		= &print_v1,

Modified: branches/iptables/iptables-1.4/extensions/libipt_MASQUERADE.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_MASQUERADE.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_MASQUERADE.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,13 +26,12 @@
 
 /* Initialize the target. */
 static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
 {
-	struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+	struct ip_nat_multi_range *mr = targetinfo;
 
 	/* Actually, it's 0, but it's ignored at the moment. */
 	mr->rangesize = 1;
-
 }
 
 /* Parses ports */
@@ -73,12 +72,10 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
 	int portok;
-	struct ip_nat_multi_range *mr
-		= (struct ip_nat_multi_range *)(*target)->data;
+	struct ip_nat_multi_range *mr = targetinfo;
 
 	if (entry->ip.proto == IPPROTO_TCP
 	    || entry->ip.proto == IPPROTO_UDP
@@ -112,12 +109,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	struct ip_nat_multi_range *mr
-		= (struct ip_nat_multi_range *)target->data;
+	struct ip_nat_multi_range *mr = targetinfo;
 	struct ip_nat_range *r = &mr->range[0];
 
 	if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
@@ -131,10 +125,9 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	struct ip_nat_multi_range *mr
-		= (struct ip_nat_multi_range *)target->data;
+	struct ip_nat_multi_range *mr = targetinfo;
 	struct ip_nat_range *r = &mr->range[0];
 
 	if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
@@ -145,11 +138,12 @@
 	}
 }
 
-static struct iptables_target masq = { NULL,
+static struct xtables_target masq = {
 	.name		= "MASQUERADE",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ip_nat_multi_range)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_MIRROR.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_MIRROR.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_MIRROR.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -20,18 +20,11 @@
 	{ 0 }
 };
 
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
 /* Function which parses command options; returns true if it
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
 	return 0;
 }
@@ -42,13 +35,12 @@
 }
 
 static struct iptables_target mirror = {
-	.next		= NULL,
 	.name		= "MIRROR",
 	.version	= IPTABLES_VERSION,
+	.pf		= PF_INET,
 	.size		= IPT_ALIGN(0),
 	.userspacesize	= IPT_ALIGN(0),
  	.help		= &help,
-	.init		= &init,
  	.parse		= &parse,
 	.final_check 	= &final_check,
 	.print		= NULL,

Modified: branches/iptables/iptables-1.4/extensions/libipt_NETLINK.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_NETLINK.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_NETLINK.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,20 +26,18 @@
 	{0}
 };
 
-static void init(struct ipt_entry_target *t, unsigned int *nfcache)
+static void init(void *targetinfo, unsigned int *nfcache)
 {
-	struct ipt_nldata *nld = (struct ipt_nldata *) t->data;
+	struct ipt_nldata *nld = targetinfo;
 	
 	nld->flags=0;
-	
 }
 
 /* Parse command options */
 static int parse(int c, char **argv, int invert, unsigned int *flags,
-		 const struct ipt_entry *entry,
-		 struct ipt_entry_target **target)
+		 const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_nldata *nld=(struct ipt_nldata *)(*target)->data;
+	struct ipt_nldata *nld = targetinfo;
 
 	switch (c) {
 		case 'd':
@@ -101,11 +99,9 @@
 }
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip,
-		 const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_nldata *nld
-	    = (const struct ipt_nldata *) target->data;
+	const struct ipt_nldata *nld = targetinfo;
 
 	if ( MASK(nld->flags, USE_DROP) )
 		printf("--nldrop ");
@@ -119,11 +115,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target, int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_nldata *nld
-	    = (const struct ipt_nldata *) target->data;
+	const struct ipt_nldata *nld = targetinfo;
 
 	if ( MASK(nld->flags, USE_DROP) )
 		printf("nldrop ");
@@ -135,12 +129,12 @@
 		printf("nlsize %i ", nld->size);
 }
 
-static struct iptables_target netlink = {
-	.next		= NULL,
+static struct xtables_target netlink = {
 	.name		= "NETLINK",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_nldata)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_nldata)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_nldata)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_nldata)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_NETMAP.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_NETMAP.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_NETMAP.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -56,13 +56,12 @@
 
 /* Initialize the target. */
 static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
 {
-	struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+	struct ip_nat_multi_range *mr = targetinfo;
 
 	/* Actually, it's 0, but it's ignored at the moment. */
 	mr->rangesize = 1;
-
 }
 
 /* Parses network address */
@@ -118,11 +117,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ip_nat_multi_range *mr
-		= (struct ip_nat_multi_range *)(*target)->data;
+	struct ip_nat_multi_range *mr = targetinfo;
 
 	switch (c) {
 	case '1':
@@ -149,12 +146,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	struct ip_nat_multi_range *mr
-		= (struct ip_nat_multi_range *)target->data;
+	const struct ip_nat_multi_range *mr = targetinfo;
 	struct ip_nat_range *r = &mr->range[0];
 	struct in_addr a;
 	int bits;
@@ -171,18 +165,18 @@
 
 /* Saves the targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *target)
 {
 	printf("--%s ", opts[0].name);
 	print(ip, target, 0);
 }
 
-static struct iptables_target target_module = {
-	.next		= NULL,
+static struct xtables_target target_module = {
 	.name		= MODULENAME,
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ip_nat_multi_range)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_NFQUEUE.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_NFQUEUE.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_NFQUEUE.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -14,10 +14,6 @@
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv4/ipt_NFQUEUE.h>
 
-static void init(struct ipt_entry_target *t, unsigned int *nfcache) 
-{
-}
-
 static void help(void) 
 {
 	printf(
@@ -47,11 +43,9 @@
 
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_NFQ_info *tinfo
-		= (struct ipt_NFQ_info *)(*target)->data;
+	struct ipt_NFQ_info *tinfo = targetinfo;
 
 	switch (c) {
 	case 'F':
@@ -74,33 +68,28 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_NFQ_info *tinfo =
-		(const struct ipt_NFQ_info *)target->data;
+	const struct ipt_NFQ_info *tinfo = targetinfo;
 	printf("NFQUEUE num %u", tinfo->queuenum);
 }
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_NFQ_info *tinfo =
-		(const struct ipt_NFQ_info *)target->data;
+	const struct ipt_NFQ_info *tinfo = targetinfo;
 
 	printf("--queue-num %u ", tinfo->queuenum);
 }
 
-static struct iptables_target nfqueue = { 
-	.next		= NULL,
+static struct xtables_target nfqueue = { 
 	.name		= "NFQUEUE",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_NFQ_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_NFQ_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_NFQ_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_NFQ_info)),
 	.help		= &help,
-	.init		= &init,
 	.parse		= &parse,
 	.final_check	= &final_check,
 	.print		= &print,

Modified: branches/iptables/iptables-1.4/extensions/libipt_NOTRACK.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_NOTRACK.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_NOTRACK.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -20,18 +20,11 @@
 	{ 0 }
 };
 
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
 /* Function which parses command options; returns true if it
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
 	return 0;
 }
@@ -42,14 +35,13 @@
 }
 
 static
-struct iptables_target notrack 
-= {	.next = NULL,
+struct xtables_target notrack = {
 	.name = "NOTRACK",
 	.version = IPTABLES_VERSION,
-	.size = IPT_ALIGN(0),
-	.userspacesize = IPT_ALIGN(0),
+	.pf = PF_INET,
+	.size = XT_ALIGN(0),
+	.userspacesize = XT_ALIGN(0),
 	.help = &help,
-	.init = &init,
 	.parse = &parse,
 	.final_check = &final_check,
 	.print = NULL, /* print */

Modified: branches/iptables/iptables-1.4/extensions/libipt_POOL.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_POOL.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_POOL.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -44,9 +44,9 @@
 
 /* Initialize the target. */
 static void
-init(struct ipt_entry_target *target, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
 {
-	struct ipt_pool_info *ipi = (struct ipt_pool_info *) target->data;
+	struct ipt_pool_info *ipi = targetinfo;
 
 	ipi->src = ipi->dst = IP_POOL_NONE;
 	ipi->flags = 0;
@@ -57,10 +57,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_pool_info *ipi = (struct ipt_pool_info *) (*target)->data;
+	struct ipt_pool_info *ipi = targetinfo;
 	switch (c) {
 	case '1':	/* --add-srcip <pool> */
 		ipi->src = ip_pool_get_index(optarg);
@@ -91,12 +90,10 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
 	char buf[256];
-	struct ipt_pool_info *ipi = (struct ipt_pool_info *) target->data;
+	struct ipt_pool_info *ipi = targetinfo;
 
 	printf("POOL");
 	if (ipi->src != IP_POOL_NONE) {
@@ -113,10 +110,10 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
 	char buf[256];
-	struct ipt_pool_info *ipi = (struct ipt_pool_info *) target->data;
+	struct ipt_pool_info *ipi = targetinfo;
 
 	printf("-j POOL");
 	if (ipi->src != IP_POOL_NONE) {
@@ -131,12 +128,12 @@
 	}
 }
 
-static struct iptables_target ipt_pool_target = { 
-	.next		= NULL,
+static struct xtables_target ipt_pool_target = { 
 	.name		= "POOL",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_pool_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_pool_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_pool_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_pool_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_REDIRECT.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_REDIRECT.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_REDIRECT.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,13 +26,12 @@
 
 /* Initialize the target. */
 static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo *t, unsigned int *nfcache)
 {
-	struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+	struct ip_nat_multi_range *mr = targetinfo;
 
 	/* Actually, it's 0, but it's ignored at the moment. */
 	mr->rangesize = 1;
-
 }
 
 /* Parses ports */
@@ -73,11 +72,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ip_nat_multi_range *mr
-		= (struct ip_nat_multi_range *)(*target)->data;
+	struct ip_nat_multi_range *mr = targetinfo;
 	int portok;
 
 	if (entry->ip.proto == IPPROTO_TCP
@@ -112,12 +109,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	struct ip_nat_multi_range *mr
-		= (struct ip_nat_multi_range *)target->data;
+	struct ip_nat_multi_range *mr = targetinfo;
 	struct ip_nat_range *r = &mr->range[0];
 
 	if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
@@ -131,10 +125,9 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	struct ip_nat_multi_range *mr
-		= (struct ip_nat_multi_range *)target->data;
+	struct ip_nat_multi_range *mr = targetinfo;
 	struct ip_nat_range *r = &mr->range[0];
 
 	if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {

Modified: branches/iptables/iptables-1.4/extensions/libipt_REJECT.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_REJECT.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_REJECT.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -87,9 +87,9 @@
 
 /* Allocate and initialize the target. */
 static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
 {
-	struct ipt_reject_info *reject = (struct ipt_reject_info *)t->data;
+	struct ipt_reject_info *reject = targetinfo;
 
 	/* default */
 	reject->with = IPT_ICMP_PORT_UNREACHABLE;
@@ -100,10 +100,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_reject_info *reject = (struct ipt_reject_info *)(*target)->data;
+	struct ipt_reject_info *reject = targetinfo;
 	unsigned int limit = sizeof(reject_table)/sizeof(struct reject_names);
 	unsigned int i;
 
@@ -139,12 +138,9 @@
 
 /* Prints out ipt_reject_info. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_reject_info *reject
-		= (const struct ipt_reject_info *)target->data;
+	const struct ipt_reject_info *reject = targetinfo;
 	unsigned int i;
 
 	for (i = 0; i < sizeof(reject_table)/sizeof(struct reject_names); i++) {
@@ -155,10 +151,9 @@
 }
 
 /* Saves ipt_reject in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_reject_info *reject
-		= (const struct ipt_reject_info *)target->data;
+	const struct ipt_reject_info *reject = targetinfo;
 	unsigned int i;
 
 	for (i = 0; i < sizeof(reject_table)/sizeof(struct reject_names); i++)
@@ -168,12 +163,12 @@
 	printf("--reject-with %s ", reject_table[i].name);
 }
 
-static struct iptables_target reject = { 
-	.next		= NULL,
+static struct xtables_target reject = { 
 	.name		= "REJECT",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_reject_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_reject_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_reject_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_reject_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_ROUTE.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ROUTE.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ROUTE.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -49,10 +49,9 @@
 
 /* Initialize the target. */
 static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
 {
-	struct ipt_route_target_info *route_info = 
-		(struct ipt_route_target_info*)t->data;
+	struct ipt_route_target_info *route_info = targetinfo;
 
 	route_info->oif[0] = '\0';
 	route_info->iif[0] = '\0';
@@ -71,11 +70,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_route_target_info *route_info = 
-		(struct ipt_route_target_info*)(*target)->data;
+	struct ipt_route_target_info *route_info = targetinfo;
 
 	switch (c) {
 	case '1':
@@ -189,12 +186,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_route_target_info *route_info
-		= (const struct ipt_route_target_info *)target->data;
+	const struct ipt_route_target_info *route_info = targetinfo;
 
 	printf("ROUTE ");
 
@@ -218,11 +212,9 @@
 }
 
 
-static void save(const struct ipt_ip *ip, 
-		 const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_route_target_info *route_info
-		= (const struct ipt_route_target_info *)target->data;
+	const struct ipt_route_target_info *route_info = targetinf;
 
 	if (route_info->oif[0])
 		printf("--oif %s ", route_info->oif);
@@ -243,12 +235,12 @@
 }
 
 
-static struct iptables_target route = { 
-	.next		= NULL,
+static struct xtables_target route = { 
 	.name		= "ROUTE",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_route_target_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_route_target_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_route_target_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_route_target_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_SAME.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_SAME.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_SAME.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -34,9 +34,9 @@
 
 /* Initialize the target. */
 static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
 {
-	struct ipt_same_info *mr = (struct ipt_same_info *)t->data;
+	struct ipt_same_info *mr = targetinfo;
 
 	/* Set default to 0 */
 	mr->rangesize = 0;
@@ -84,11 +84,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_same_info *mr
-		= (struct ipt_same_info *)(*target)->data;
+	struct ipt_same_info *mr = targetinfo;
 
 	switch (c) {
 	case '1':
@@ -132,13 +130,10 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
 	int count;
-	struct ipt_same_info *mr
-		= (struct ipt_same_info *)target->data;
+	const struct ipt_same_info *mr = targetinfo;
 	
 	printf("same:");
 	
@@ -163,11 +158,10 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
 	int count;
-	struct ipt_same_info *mr
-		= (struct ipt_same_info *)target->data;
+	const struct ipt_same_info *mr = targetinfo;
 
 	for (count = 0; count < mr->rangesize; count++) {
 		struct ip_nat_range *r = &mr->range[count];
@@ -187,12 +181,12 @@
 		printf("--nodst ");
 }
 
-static struct iptables_target same = {
-	.next		= NULL,
+static struct xtables_target same = {
 	.name		= "SAME",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_same_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_same_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_same_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_same_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_SET.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_SET.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_SET.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -42,10 +42,9 @@
 };
 
 /* Initialize the target. */
-static void init(struct ipt_entry_target *target, unsigned int *nfcache)
+static void init(void *targetinfo, unsigned int *nfcache)
 {
-	struct ipt_set_info_target *info =
-	    (struct ipt_set_info_target *) target->data;
+	struct ipt_set_info_target *info = targetinfo;
 
 	memset(info, 0, sizeof(struct ipt_set_info_target));
 	info->add_set.index =
@@ -86,10 +85,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry, struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_set_info_target *myinfo =
-	    (struct ipt_set_info_target *) (*target)->data;
+	struct ipt_set_info_target *myinfo = targetinfo;
 
 	switch (c) {
 	case '1':		/* --add-set <set> <flags> */
@@ -137,11 +135,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target, int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	struct ipt_set_info_target *info =
-	    (struct ipt_set_info_target *) target->data;
+	struct ipt_set_info_target *info = targetinfo;
 
 	print_target("add-set", &info->add_set);
 	print_target("del-set", &info->del_set);
@@ -149,22 +145,22 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	struct ipt_set_info_target *info =
-	    (struct ipt_set_info_target *) target->data;
+	const struct ipt_set_info_target *info = targetinfo;
 
 	print_target("--add-set", &info->add_set);
 	print_target("--del-set", &info->del_set);
 }
 
 static
-struct iptables_target ipt_set_target 
+struct xtables_target ipt_set_target 
 = {
 	.name		= "SET",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_set_info_target)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_set_info_target)),
+	.pf 		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_set_info_target)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_set_info_target)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_SNAT.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_SNAT.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_SNAT.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -136,10 +136,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_natinfo *info = (void *)*target;
+	struct ipt_natinfo *info = targetinfo;
 	int portok;
 
 	if (entry->ip.proto == IPPROTO_TCP
@@ -201,11 +200,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	struct ipt_natinfo *info = (void *)target;
+	const struct ipt_natinfo *info = targetinfo;
 	unsigned int i = 0;
 
 	printf("to:");
@@ -217,9 +214,9 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	struct ipt_natinfo *info = (void *)target;
+	const struct ipt_natinfo *info = targetinfo;
 	unsigned int i = 0;
 
 	for (i = 0; i < info->mr.rangesize; i++) {
@@ -229,12 +226,12 @@
 	}
 }
 
-static struct iptables_target snat = {
-	.next		= NULL,
+static struct xtables_target snat = {
 	.name		= "SNAT",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ip_nat_multi_range)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_TARPIT.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TARPIT.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TARPIT.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -17,8 +17,7 @@
 
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
 	return 0;
 }
@@ -28,22 +27,20 @@
 }
 
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
 }
 
-static void save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
 {
 }
 
-static struct iptables_target tarpit = {
-	.next		= NULL,
+static struct xtables_target tarpit = {
 	.name		= "TARPIT",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(0),
-	.userspacesize	= IPT_ALIGN(0),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(0),
+	.userspacesize	= XT_ALIGN(0),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_TCPLAG.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TCPLAG.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TCPLAG.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -71,9 +71,9 @@
  * Probably we could fiddle with t->tflags too but there is
  * no great advantage in doing so.
  */
-static void init( struct ipt_entry_target *t, unsigned int *nfcache )
+static void init( void *targetinfo, unsigned int *nfcache )
 {
-	struct ipt_tcplag *el = (struct ipt_tcplag *)t->data;
+	struct ipt_tcplag *el = targetinfo;
 	memset( el, 0, sizeof( struct ipt_tcplag ));
 	el->level = 4; /* Default to warning level */
 	strcpy( el->prefix, "TCPLAG:" ); /* Give a reasonable default prefix */
@@ -111,9 +111,9 @@
  *             (this has already been malloced for us).
  */
 static int parse( int c, char **argv, int invert, unsigned int *flags,
-				  const struct ipt_entry *entry, struct ipt_entry_target **target )
+		  const struct ipt_entry *entry, void *targetinfo )
 {
-	struct ipt_tcplag *el = (struct ipt_tcplag *)( *target )->data;
+	struct ipt_tcplag *el = targetinfo;
 /*
  * Yeah, we could complain about options being issued twice but
  * is it really worth the trouble? Will it make the world a better place?
@@ -158,9 +158,9 @@
  * but coding of the various libipt_XX.c modules suggests
  * that it is safe to presume target is correctly initialised.
  */
-static void print(const struct ipt_ip *ip, const struct ipt_entry_target *target, int numeric)
+static void print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_tcplag *el = (const struct ipt_tcplag *)target->data;
+	const struct ipt_tcplag *el = targetinfo;
 	printf("TCPLAG <%d>", el->level );
 	if( el->prefix[ 0 ])
 	{
@@ -172,9 +172,9 @@
  * As above but command-line style printout
  * (machine-readable for restoring table)
  */
-static void save( const struct ipt_ip *ip, const struct ipt_entry_target *target )
+static void save( const struct ipt_ip *ip, const void *targetinfo )
 {
-	const struct ipt_tcplag *el = (const struct ipt_tcplag *)target->data;
+	const struct ipt_tcplag *el = targetinfo;
 	printf("TCPLAG --log-level=%d", el->level );
 	if( el->prefix[ 0 ])
 	{
@@ -193,11 +193,11 @@
  */
 static struct iptables_target targ =
 {
-next:	          0,
 name:             "TCPLAG",
 version:          IPTABLES_VERSION,
-size:             IPT_ALIGN( sizeof( struct ipt_tcplag )),
-userspacesize:    IPT_ALIGN( sizeof( struct ipt_tcplag )),
+pf:		  PF_INET,
+size:             XT_ALIGN( sizeof( struct ipt_tcplag )),
+userspacesize:    XT_ALIGN( sizeof( struct ipt_tcplag )),
 help:             &help,
 init:             &init,
 parse:            &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_TCPMSS.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TCPMSS.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TCPMSS.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -33,21 +33,13 @@
 	{ 0 }
 };
 
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
 /* Function which parses command options; returns true if it
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_tcpmss_info *mssinfo
-		= (struct ipt_tcpmss_info *)(*target)->data;
+	struct ipt_tcpmss_info *mssinfo = targetinfo;
 
 	switch (c) {
 		unsigned int mssval;
@@ -88,12 +80,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_tcpmss_info *mssinfo =
-		(const struct ipt_tcpmss_info *)target->data;
+	const struct ipt_tcpmss_info *mssinfo = targetinfo;
 	if(mssinfo->mss == IPT_TCPMSS_CLAMP_PMTU)
 		printf("TCPMSS clamp to PMTU ");
 	else
@@ -102,10 +91,9 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_tcpmss_info *mssinfo =
-		(const struct ipt_tcpmss_info *)target->data;
+	const struct ipt_tcpmss_info *mssinfo = targetinfo;
 
 	if(mssinfo->mss == IPT_TCPMSS_CLAMP_PMTU)
 		printf("--clamp-mss-to-pmtu ");
@@ -113,14 +101,13 @@
 		printf("--set-mss %u ", mssinfo->mss);
 }
 
-static struct iptables_target mss = {
-	.next		= NULL,
+static struct xtables_target mss = {
 	.name		= "TCPMSS",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_tcpmss_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_tcpmss_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_tcpmss_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_tcpmss_info)),
 	.help		= &help,
-	.init		= &init,
 	.parse		= &parse,
 	.final_check	= &final_check,
 	.print		= &print,

Modified: branches/iptables/iptables-1.4/extensions/libipt_TOS.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TOS.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TOS.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -52,13 +52,7 @@
 	{ 0 }
 };
 
-/* Initialize the target. */
 static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
-static void
 parse_tos(const char *s, struct ipt_tos_target_info *info)
 {
 	unsigned int i, tos;
@@ -86,11 +80,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_tos_target_info *tosinfo
-		= (struct ipt_tos_target_info *)(*target)->data;
+	struct ipt_tos_target_info *tosinfo = targetinfo;
 
 	switch (c) {
 	case '1':
@@ -133,34 +125,29 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target,
-      int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_tos_target_info *tosinfo =
-		(const struct ipt_tos_target_info *)target->data;
+	const struct ipt_tos_target_info *tosinfo = targetinfo;
 	printf("TOS set ");
 	print_tos(tosinfo->tos, numeric);
 }
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_tos_target_info *tosinfo =
-		(const struct ipt_tos_target_info *)target->data;
+	const struct ipt_tos_target_info *tosinfo = targetinfo;
 
 	printf("--set-tos 0x%02x ", tosinfo->tos);
 }
 
 static struct iptables_target tos = {
-	.next		= NULL,
 	.name		= "TOS",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_tos_target_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_tos_target_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_tos_target_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_tos_target_info)),
 	.help		= &help,
-	.init		= &init,
 	.parse		= &parse,
 	.final_check	= &final_check,
 	.print		= &print,

Modified: branches/iptables/iptables-1.4/extensions/libipt_TRACE.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TRACE.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TRACE.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -20,18 +20,11 @@
 	{ 0 }
 };
 
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
 /* Function which parses command options; returns true if it
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *targetinfo)
 {
 	return 0;
 }
@@ -43,13 +36,13 @@
 
 static
 struct iptables_target trace
-= {	.next = NULL,
-	.name = "TRACE",
+= {	.name = "TRACE",
 	.version = IPTABLES_VERSION,
-	.size = IPT_ALIGN(0),
-	.userspacesize = IPT_ALIGN(0),
+	.pf = PF_INET,
+	.size = XT_ALIGN(0),
+	.userspacesize = XT_ALIGN(0),
 	.help = &help,
-	.init = &init,
+	.init = NULL,
 	.parse = &parse,
 	.final_check = &final_check,
 	.print = NULL, /* print */

Modified: branches/iptables/iptables-1.4/extensions/libipt_TTL.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TTL.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TTL.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -31,10 +31,9 @@
 }
 
 static int parse(int c, char **argv, int invert, unsigned int *flags,
-		const struct ipt_entry *entry,
-		struct ipt_entry_target **target)
+		const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_TTL_info *info = (struct ipt_TTL_info *) (*target)->data;
+	struct ipt_TTL_info *info = targetinfo;
 	unsigned int value;
 
 	if (*flags & IPT_TTL_USED) {
@@ -96,11 +95,9 @@
 				"TTL: You must specify an action");
 }
 
-static void save(const struct ipt_ip *ip,
-		const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_TTL_info *info = 
-		(struct ipt_TTL_info *) target->data;
+	const struct ipt_TTL_info *info =  targetinfo;
 
 	switch (info->mode) {
 		case IPT_TTL_SET:
@@ -117,11 +114,9 @@
 	printf("%u ", info->ttl);
 }
 
-static void print(const struct ipt_ip *ip,
-		const struct ipt_entry_target *target, int numeric)
+static void print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_TTL_info *info =
-		(struct ipt_TTL_info *) target->data;
+	const struct ipt_TTL_info *info = targetinfo;
 
 	printf("TTL ");
 	switch (info->mode) {
@@ -145,12 +140,12 @@
 	{ 0 }
 };
 
-static struct iptables_target TTL = {
-	.next		= NULL, 
+static struct xtables_target TTL = {
 	.name		= "TTL",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_TTL_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_TTL_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_TTL_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_TTL_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_ULOG.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ULOG.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ULOG.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -53,9 +53,9 @@
 };
 
 /* Initialize the target. */
-static void init(struct ipt_entry_target *t, unsigned int *nfcache)
+static void init(void *targetinfo, unsigned int *nfcache)
 {
-	struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) t->data;
+	struct ipt_ulog_info *loginfo = targetinfo;
 
 	loginfo->nl_group = ULOG_DEFAULT_NLGROUP;
 	loginfo->qthreshold = ULOG_DEFAULT_QTHRESHOLD;
@@ -70,11 +70,9 @@
 /* Function which parses command options; returns true if it
    ate an option */
 static int parse(int c, char **argv, int invert, unsigned int *flags,
-		 const struct ipt_entry *entry,
-		 struct ipt_entry_target **target)
+		 const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_ulog_info *loginfo =
-	    (struct ipt_ulog_info *) (*target)->data;
+	struct ipt_ulog_info *loginfo = targetinfo;
 	int group_d;
 
 	switch (c) {
@@ -156,11 +154,9 @@
 }
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip,
-		 const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_ulog_info *loginfo
-	    = (const struct ipt_ulog_info *) target->data;
+	const struct ipt_ulog_info *loginfo = targetinfo;
 
 	if (strcmp(loginfo->prefix, "") != 0)
 		printf("--ulog-prefix \"%s\" ", loginfo->prefix);
@@ -186,11 +182,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_target *target, int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_ulog_info *loginfo
-	    = (const struct ipt_ulog_info *) target->data;
+	const struct ipt_ulog_info *loginfo = targetinfo;
 
 	printf("ULOG ");
 #ifdef KERNEL_64_USERSPACE_32
@@ -208,12 +202,12 @@
 #endif
 }
 
-static struct iptables_target ulog = {
-	.next		= NULL,
+static struct xtables_target ulog = {
 	.name		= "ULOG",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_ulog_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_ulog_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_ulog_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_ulog_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_XOR.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_XOR.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_XOR.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -19,10 +19,6 @@
 #define	IPT_KEY_SET		1
 #define IPT_BLOCKSIZE_SET	2
 
-static void init(struct ipt_entry_target *t, unsigned int *nfcache) 
-{
-}
-
 static void help(void) 
 {
 	printf(
@@ -33,10 +29,9 @@
 }
 
 static int parse(int c, char **argv, int invert, unsigned int *flags,
-		const struct ipt_entry *entry, 
-		struct ipt_entry_target **target)
+		const struct ipt_entry *entry, void *targetinfo)
 {
-	struct ipt_XOR_info *info = (struct ipt_XOR_info *) (*target)->data;
+	struct ipt_XOR_info *info = targetinfo;
 	
 	if (!optarg)
 		exit_error(PARAMETER_PROBLEM, "XOR: too few arguments");
@@ -69,19 +64,17 @@
 		exit_error(PARAMETER_PROBLEM, "XOR: You must specify a block-size");
 }
 
-static void save (const struct ipt_ip *ip,
-		const struct ipt_entry_target *target)
+static void save (const struct ipt_ip *ip, const void *targetinfo)
 {
-	const struct ipt_XOR_info *info = (struct ipt_XOR_info *) target->data;
+	const struct ipt_XOR_info *info = targetinfo;
 
 	printf("--key %s ", info->key);
 	printf("--block-size %u ", info->block_size);
 }
 
-static void print (const struct ipt_ip *ip,
-	const struct ipt_entry_target *target, int numeric)
+static void print (const struct ipt_ip *ip, const void *targetinfo, int numeric)
 {
-	const struct ipt_XOR_info *info = (struct ipt_XOR_info *) target->data;
+	const struct ipt_XOR_info *info = targetinfo;
 
 	printf("key: %s ", info->key);
 	printf("block-size: %u ", info->block_size);
@@ -93,14 +86,13 @@
 	{ 0 }
 };
 
-static struct iptables_target XOR = {
-	.next		= NULL, 
+static struct xtables_target XOR = {
 	.name		= "XOR",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_XOR_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_XOR_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_XOR_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_XOR_info)),
 	.help		= &help,
-	.init		= &init,
 	.parse		= &parse,
 	.final_check	= &final_check,
 	.print		= &print,

Modified: branches/iptables/iptables-1.4/extensions/libipt_account.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_account.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_account.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -46,7 +46,7 @@
 };
 
 /* Helper functions for parse_network */
-int parseip(const char *parameter, u_int32_t *ip) {
+static int parseip(const char *parameter, u_int32_t *ip) {
 	
 	char buffer[16], *bufferptr, *dot;
 	unsigned int i, shift, part;
@@ -163,10 +163,10 @@
 
 
 /* Function initializes match */
-static void init(struct ipt_entry_match *match, 
+static void init(void *matchinfo,
 		 unsigned int *nfcache) {
 	
-	struct t_ipt_account_info *info = (struct t_ipt_account_info *)(match)->data;
+	struct t_ipt_account_info *info = matchinfo;
 
 
 	/* set default table name to DEFAULT */
@@ -181,9 +181,9 @@
 		  unsigned int *flags,
                   const struct ipt_entry *entry,
                   unsigned int *nfcache,
-                  struct ipt_entry_match **match) {
+		  void *matchinfo) {
 	
-	struct t_ipt_account_info *info = (struct t_ipt_account_info *)(*match)->data;
+	struct t_ipt_account_info *info = matchinfo;
 
 	switch (c) {
 		
@@ -219,11 +219,10 @@
 }
 
 /* Function used for printing rule with account match for iptables -L */
-static void print(const struct ipt_ip *ip,
-                  const struct ipt_entry_match *match, 
+static void print(const struct ipt_ip *ip, const void *matchinfo,
 		  int numeric) {
 	
-	struct t_ipt_account_info *info = (struct t_ipt_account_info *)match->data;
+	struct t_ipt_account_info *info = matchinfo;
 	
 	printf("account: ");
 	printf("network/netmask: ");
@@ -238,10 +237,9 @@
 }
 
 /* Function used for saving rule containing account match */
-static void save(const struct ipt_ip *ip, 
-		 const struct ipt_entry_match *match) {
+static void save(const struct ipt_ip *ip, consg void *matchinfo) {
 
-	struct t_ipt_account_info *info = (struct t_ipt_account_info *)match->data;
+	struct t_ipt_account_info *info = matchinfo;
 	
 	printf("--aaddr ");
 	printf("%u.%u.%u.%u/%u.%u.%u.%u ",
@@ -256,10 +254,11 @@
 	
 static struct iptables_match account = {
 	.next = NULL,
+	.pf = AF_INET,
 	.name = "account",
 	.version = IPTABLES_VERSION,
-	.size = IPT_ALIGN(sizeof(struct t_ipt_account_info)),
-	.userspacesize = IPT_ALIGN(sizeof(struct t_ipt_account_info)),
+	.size = XT_ALIGN(sizeof(struct t_ipt_account_info)),
+	.userspacesize = XT_ALIGN(sizeof(struct t_ipt_account_info)),
 	.help = &help,
 	.init = &init,
 	.parse = &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_addrtype.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_addrtype.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_addrtype.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -83,10 +83,9 @@
 
 static int parse(int c, char **argv, int invert, unsigned int *flags,
 		const struct ipt_entry *entry, unsigned int *nfcache,
-		struct ipt_entry_match **match)
+		void *matchinfo)
 {
-	struct ipt_addrtype_info *info =
-		(struct ipt_addrtype_info *) (*match)->data;
+	struct ipt_addrtype_info *info = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -137,12 +136,9 @@
 	printf(" ");
 }
 
-static void print(const struct ipt_ip *ip, 
-		const struct ipt_entry_match *match,
-		int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_addrtype_info *info = 
-		(struct ipt_addrtype_info *) match->data;
+	const struct ipt_addrtype_info *info = matchinfo;
 
 	printf("ADDRTYPE match ");
 	if (info->source) {
@@ -159,11 +155,9 @@
 	}
 }
 
-static void save(const struct ipt_ip *ip, 
-		const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, void *matchinfo)
 {
-	const struct ipt_addrtype_info *info =
-		(struct ipt_addrtype_info *) match->data;
+	const struct ipt_addrtype_info *info = matchinfo;
 
 	if (info->source) {
 		printf("--src-type ");
@@ -188,10 +182,11 @@
 static
 struct iptables_match addrtype = {
 	.next 		= NULL,
+	.pf		= AF_INET,
 	.name 		= "addrtype",
 	.version 	= IPTABLES_VERSION,
-	.size 		= IPT_ALIGN(sizeof(struct ipt_addrtype_info)),
-	.userspacesize 	= IPT_ALIGN(sizeof(struct ipt_addrtype_info)),
+	.size 		= XT_ALIGN(sizeof(struct ipt_addrtype_info)),
+	.userspacesize 	= XT_ALIGN(sizeof(struct ipt_addrtype_info)),
 	.help 		= &help,
 	.parse 		= &parse,
 	.final_check 	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_ah.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ah.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ah.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -68,9 +68,9 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_ah *ahinfo = (struct ipt_ah *)m->data;
+	struct ipt_ah *ahinfo = matchinfo;
 
 	ahinfo->spis[1] = 0xFFFFFFFF;
 }
@@ -82,10 +82,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_ah *ahinfo = (struct ipt_ah *)(*match)->data;
+	struct ipt_ah *ahinfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -134,10 +133,9 @@
 
 /* Prints out the union ipt_matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match, int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_ah *ah = (struct ipt_ah *)match->data;
+	const struct ipt_ah *ah = matchinfo;
 
 	printf("ah ");
 	print_spis("spi", ah->spis[0], ah->spis[1],
@@ -148,9 +146,9 @@
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_ah *ahinfo = (struct ipt_ah *)match->data;
+	const struct ipt_ah *ahinfo = matchinfo;
 
 	if (!(ahinfo->spis[0] == 0
 	    && ahinfo->spis[1] == 0xFFFFFFFF)) {
@@ -168,12 +166,12 @@
 
 }
 
-static struct iptables_match ah = { 
-	.next 		= NULL,
+static struct xtables_match ah = { 
 	.name 		= "ah",
+	.pf		= AF_INET,
 	.version 	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_ah)),
-	.userspacesize 	= IPT_ALIGN(sizeof(struct ipt_ah)),
+	.size		= XT_ALIGN(sizeof(struct ipt_ah)),
+	.userspacesize 	= XT_ALIGN(sizeof(struct ipt_ah)),
 	.help 		= &help,
 	.init 		= &init,
 	.parse 		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_childlevel.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_childlevel.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_childlevel.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -42,10 +42,9 @@
 /* Function which parses command options; returns true if it ate an option */
 static int parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry, unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      void *matchinfo)
 {
-	struct ipt_childlevel_info *childlevelinfo = 
-		(struct ipt_childlevel_info *)(*match)->data;
+	struct ipt_childlevel_info *childlevelinfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -78,29 +77,29 @@
 }
 
 /* Prints out the matchinfo. */
-static void print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
+        const struct ipt_childlevel_info *info = matchinfo;
+
 	printf("CHILDLEVEL ");
 
-	print_protocol(((struct ipt_childlevel_info *)match->data)->childlevel,
-		  ((struct ipt_childlevel_info *)match->data)->invert, numeric);
+	print_protocol(info->childlevel, info->invert, numeric);
 }
+
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-        const struct ipt_childlevel_info *info =
-            (const struct ipt_childlevel_info*) match->data;
+        const struct ipt_childlevel_info *info = matchinfo;
 
         printf("--childlevel %s%d ", (info->invert) ? "! ": "", info->childlevel);
 }
 
 static struct iptables_match childlevel = { 
 	.name		= "childlevel",
+	.pf		= AF_INET,
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_childlevel_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_childlevel_info)),
+	.size		= XT_ALIGN(sizeof(struct ipt_childlevel_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_childlevel_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_comment.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_comment.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_comment.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -45,11 +45,10 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      const struct ipt_entry *entry, unsigned int *nfcache,
+      void *matchinfo)
 {
-	struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)(*match)->data;
+	struct ipt_comment_info *commentinfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -79,11 +78,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)match->data;
+	struct ipt_comment_info *commentinfo = matchinfo;
 
 	commentinfo->comment[IPT_MAX_COMMENT_LEN-1] = '\0';
 	printf("/* %s */ ", commentinfo->comment);
@@ -91,9 +88,9 @@
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)match->data;
+	struct ipt_comment_info *commentinfo = matchinfo;
 
 	commentinfo->comment[IPT_MAX_COMMENT_LEN-1] = '\0';
 	printf("--comment \"%s\" ", commentinfo->comment);
@@ -102,9 +99,10 @@
 static struct iptables_match comment = {
     .next 		= NULL,
     .name 		= "comment",
+    .pf			= AF_INET,
     .version 		= IPTABLES_VERSION,
-    .size 		= IPT_ALIGN(sizeof(struct ipt_comment_info)),
-    .userspacesize	= IPT_ALIGN(sizeof(struct ipt_comment_info)),
+    .size 		= XT_ALIGN(sizeof(struct ipt_comment_info)),
+    .userspacesize	= XT_ALIGN(sizeof(struct ipt_comment_info)),
     .help		= &help,
     .parse 		= &parse,
     .final_check 	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_condition.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_condition.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_condition.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -27,10 +27,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry, unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      void *matchinfo)
 {
-	struct condition_info *info =
-	    (struct condition_info *) (*match)->data;
+	struct condition_info *info = matchinfo;
 
 	if (c == 'X') {
 		if (*flags)
@@ -64,22 +63,18 @@
 
 
 static void
-print(const struct ipt_ip *ip,
-		  const struct ipt_entry_match *match, int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct condition_info *info =
-	    (const struct condition_info *) match->data;
+	const struct condition_info *info = matchinfo;
 
 	printf("condition %s%s ", (info->invert) ? "!" : "", info->name);
 }
 
 
 static void
-save(const struct ipt_ip *ip,
-		 const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct condition_info *info =
-	    (const struct condition_info *) match->data;
+	const struct condition_info *info = matchinfo;
 
 	printf("--condition %s\"%s\" ", (info->invert) ? "! " : "", info->name);
 }
@@ -88,8 +83,9 @@
 static struct iptables_match condition = {
 	.name 		= "condition",
 	.version 	= IPTABLES_VERSION,
-	.size 		= IPT_ALIGN(sizeof(struct condition_info)),
-	.userspacesize 	= IPT_ALIGN(sizeof(struct condition_info)),
+	.pf		= AF_INET,
+	.size 		= XT_ALIGN(sizeof(struct condition_info)),
+	.userspacesize 	= XT_ALIGN(sizeof(struct condition_info)),
 	.help 		= &help,
 	.parse 		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_connbytes.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_connbytes.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_connbytes.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -49,11 +49,9 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      const struct ipt_entry *entry, unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)(*match)->data;
+	struct ipt_connbytes_info *sinfo = matchinfo;
 	unsigned long i;
 
 	switch (c) {
@@ -146,11 +144,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)match->data;
+	const struct ipt_connbytes_info *sinfo = matchinfo;
 
 	if (sinfo->count.from > sinfo->count.to) 
 		printf("connbytes ! %llu:%llu ", sinfo->count.to,
@@ -167,9 +163,9 @@
 }
 
 /* Saves the matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)match->data;
+	const struct ipt_connbytes_info *sinfo = matchinfo;
 
 	if (sinfo->count.from > sinfo->count.to) 
 		printf("! --connbytes %llu:%llu ", sinfo->count.to,
@@ -185,9 +181,10 @@
 	print_direction(sinfo);
 }
 
-static struct iptables_match state = {
+static struct iptables_match connbytes = {
 	.next 		= NULL,
 	.name 		= "connbytes",
+	.pf		= AF_INET,
 	.version 	= IPTABLES_VERSION,
 	.size 		= IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
 	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
@@ -201,5 +198,5 @@
 
 void _init(void)
 {
-	register_match(&state);
+	register_match(&connbytes);
 }

Modified: branches/iptables/iptables-1.4/extensions/libipt_connlimit.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_connlimit.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_connlimit.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -31,10 +31,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)(*match)->data;
+	struct ipt_connlimit_info *info = matchinfo;
 	int i;
 
 	if (0 == (*flags & 2)) {
@@ -94,20 +93,18 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)match->data;
+	struct ipt_connlimit_info *info = matchinfo;
 
 	printf("#conn/%d %s %d ", count_bits(info->mask),
 	       info->inverse ? "<" : ">", info->limit);
 }
 
 /* Saves the matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)match->data;
+	struct ipt_connlimit_info *info = matchinfo;
 
 	printf("%s--connlimit-above %d ",info->inverse ? "! " : "",info->limit);
 	printf("--connlimit-mask %d ",count_bits(info->mask));
@@ -115,8 +112,9 @@
 
 static struct iptables_match connlimit = {
 	.name		= "connlimit",
+	.pf		= AF_INET,
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_connlimit_info)),
+	.size		= XT_ALIGN(sizeof(struct ipt_connlimit_info)),
 	.userspacesize 	= offsetof(struct ipt_connlimit_info,data),
 	.help		= help,
 	.parse 		= parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_connmark.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_connmark.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_connmark.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -57,10 +57,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_connmark_info *markinfo = (struct ipt_connmark_info *)(*match)->data;
+	struct ipt_connmark_info *markinfo = matchinfo;
 
 	switch (c) {
 		char *end;
@@ -106,11 +105,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
+	struct ipt_connmark_info *info = matchinfo;
 
 	printf("CONNMARK match ");
 	if (info->invert)
@@ -120,9 +117,9 @@
 
 /* Saves the matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
+	struct ipt_connmark_info *info = matchinfo;
 
 	if (info->invert)
 		printf("! ");
@@ -131,11 +128,12 @@
 	print_mark(info->mark, info->mask, 0);
 }
 
-static struct iptables_match connmark_match = {
+static struct xtables_match connmark_match = {
     .name          = "connmark",
+    .pf		   = AF_INET,
     .version       = IPTABLES_VERSION,
-    .size          = IPT_ALIGN(sizeof(struct ipt_connmark_info)),
-    .userspacesize = IPT_ALIGN(sizeof(struct ipt_connmark_info)),
+    .size          = XT_ALIGN(sizeof(struct ipt_connmark_info)),
+    .userspacesize = XT_ALIGN(sizeof(struct ipt_connmark_info)),
     .help          = &help,
     .init          = &init,
     .parse         = &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_connrate.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_connrate.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_connrate.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -77,10 +77,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_connrate_info *sinfo = (struct ipt_connrate_info *)(*match)->data;
+	struct ipt_connrate_info *sinfo = matchinfo;
 	u_int32_t tmp;
 
 	switch (c) {
@@ -122,7 +121,7 @@
 }
 
 static void
-print_range(struct ipt_connrate_info *sinfo)
+print_range(const struct ipt_connrate_info *sinfo)
 {
 	if (sinfo->from > sinfo->to) {
 		printf("! ");
@@ -138,11 +137,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_connrate_info *sinfo = (struct ipt_connrate_info *)match->data;
+	const struct ipt_connrate_info *sinfo = matchinfo;
 
 	printf("connrate ");
 	print_range(sinfo);
@@ -150,21 +147,22 @@
 }
 
 /* Saves the matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_connrate_info *sinfo = (struct ipt_connrate_info *)match->data;
+	const struct ipt_connrate_info *sinfo = matchinfo;
 
 	printf("--connrate ");
 	print_range(sinfo);
 	printf(" ");
 }
 
-static struct iptables_match state = { 
+static struct xtables_match state = { 
 	.next 		= NULL,
 	.name		= "connrate",
+	.pf		= AF_INET,
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_connrate_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_connrate_info)),
+	.size		= XT_ALIGN(sizeof(struct ipt_connrate_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_connrate_info)),
 	.help 		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_conntrack.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_conntrack.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_conntrack.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -187,10 +187,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_conntrack_info *sinfo = (struct ipt_conntrack_info *)(*match)->data;
+	struct ipt_conntrack_info *sinfo = matchinfo;
 	char *protocol = NULL;
 	unsigned int naddrs = 0;
 	struct in_addr *addrs = NULL;
@@ -431,9 +430,10 @@
 
 /* Saves the matchinfo in parsable form to stdout. */
 static void
-matchinfo_print(const struct ipt_ip *ip, const struct ipt_entry_match *match, int numeric, const char *optpfx)
+matchinfo_print(const struct ipt_ip *ip, const void *matchinfo,
+		int numeric, const char *optpfx)
 {
-	struct ipt_conntrack_info *sinfo = (struct ipt_conntrack_info *)match->data;
+	struct ipt_conntrack_info *sinfo = matchinfo;
 
 	if(sinfo->flags & IPT_CONNTRACK_STATE) {
 		printf("%sctstate ", optpfx);
@@ -517,25 +517,24 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	matchinfo_print(ip, match, numeric, "");
+	matchinfo_print(ip, matchinfo, numeric, "");
 }
 
 /* Saves the matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	matchinfo_print(ip, match, 1, "--");
+	matchinfo_print(ip, matchinfo, 1, "--");
 }
 
 static struct iptables_match conntrack = { 
 	.next 		= NULL,
 	.name		= "conntrack",
+	.pf		= AF_INET,
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_conntrack_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_conntrack_info)),
+	.size		= XT_ALIGN(sizeof(struct ipt_conntrack_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_conntrack_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_dccp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_dccp.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_dccp.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,10 +26,9 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *m, 
-     unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_dccp_info *einfo = (struct ipt_dccp_info *)m->data;
+	struct ipt_dccp_info *einfo = matchinfo;
 
 	memset(einfo, 0, sizeof(struct ipt_dccp_info));
 }
@@ -160,11 +159,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_dccp_info *einfo
-		= (struct ipt_dccp_info *)(*match)->data;
+	struct ipt_dccp_info *einfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -304,12 +301,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_dccp_info *einfo =
-		(const struct ipt_dccp_info *)match->data;
+	const struct ipt_dccp_info *einfo = matchinfo;
 
 	printf("dccp ");
 
@@ -339,11 +333,9 @@
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, 
-     const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_dccp_info *einfo =
-		(const struct ipt_dccp_info *)match->data;
+	const struct ipt_dccp_info *einfo = matchinfo;
 
 	if (einfo->flags & IPT_DCCP_SRC_PORTS) {
 		if (einfo->invflags & IPT_DCCP_SRC_PORTS)
@@ -381,8 +373,9 @@
 struct iptables_match dccp
 = { .name          = "dccp",
     .version       = IPTABLES_VERSION,
-    .size          = IPT_ALIGN(sizeof(struct ipt_dccp_info)),
-    .userspacesize = IPT_ALIGN(sizeof(struct ipt_dccp_info)),
+    .pf		   = PF_INET,
+    .size          = XT_ALIGN(sizeof(struct ipt_dccp_info)),
+    .userspacesize = XT_ALIGN(sizeof(struct ipt_dccp_info)),
     .help          = &help,
     .init          = &init,
     .parse         = &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_dscp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_dscp.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_dscp.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -76,11 +76,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_dscp_info *dinfo
-		= (struct ipt_dscp_info *)(*match)->data;
+	struct ipt_dscp_info *dinfo = matchinfo;
 
 	switch (c) {
 	case 'F':
@@ -131,22 +129,19 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_dscp_info *dinfo =
-		(const struct ipt_dscp_info *)match->data;
+	const struct ipt_dscp_info *dinfo = matchinfo;
+
 	printf("DSCP match ");
 	print_dscp(dinfo->dscp, dinfo->invert, numeric);
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_dscp_info *dinfo =
-		(const struct ipt_dscp_info *)match->data;
+	const struct ipt_dscp_info *dinfo = matchinfo;
 
 	printf("--dscp ");
 	print_dscp(dinfo->dscp, dinfo->invert, 1);
@@ -155,9 +150,10 @@
 static struct iptables_match dscp = { 
 	.next 		= NULL,
 	.name 		= "dscp",
+	.pf		= PF_INET,
 	.version 	= IPTABLES_VERSION,
-	.size 		= IPT_ALIGN(sizeof(struct ipt_dscp_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_dscp_info)),
+	.size 		= XT_ALIGN(sizeof(struct ipt_dscp_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_dscp_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_dstlimit.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_dstlimit.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_dstlimit.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -97,9 +97,9 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_dstlimit_info *r = (struct ipt_dstlimit_info *)m->data;
+	struct ipt_dstlimit_info *r = matchinfo;
 
 	r->cfg.burst = IPT_DSTLIMIT_BURST;
 	r->cfg.gc_interval = IPT_DSTLIMIT_GCINTERVAL;
@@ -121,11 +121,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_dstlimit_info *r = 
-			(struct ipt_dstlimit_info *)(*match)->data;
+	struct ipt_dstlimit_info *r = matchinfo;
 	unsigned int num;
 
 	switch(c) {
@@ -253,12 +251,10 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
+print(const struct ipt_ip *ip, const void *matchinfo,
       int numeric)
 {
-	struct ipt_dstlimit_info *r = 
-		(struct ipt_dstlimit_info *)match->data;
+	struct ipt_dstlimit_info *r = matchinfo;
 	printf("limit: avg "); print_rate(r->cfg.avg);
 	printf("burst %u ", r->cfg.burst);
 	switch (r->cfg.mode) {
@@ -286,10 +282,9 @@
 }
 
 /* FIXME: Make minimalist: only print rate if not default --RR */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_dstlimit_info *r = 
-		(struct ipt_dstlimit_info *)match->data;
+	const struct ipt_dstlimit_info *r = matchinfo;
 
 	printf("--dstlimit "); print_rate(r->cfg.avg);
 	if (r->cfg.burst != IPT_DSTLIMIT_BURST)
@@ -318,12 +313,13 @@
 		printf("--dstlimit-htable-expire %u ", r->cfg.expire);
 }
 
-static struct iptables_match dstlimit = { 
+static struct xtables_match dstlimit = { 
 	.next		= NULL,
 	.name 		= "dstlimit",
+	.pf		= PF_INET,
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_dstlimit_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_dstlimit_info)),
+	.size		= XT_ALIGN(sizeof(struct ipt_dstlimit_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_dstlimit_info)),
 	//offsetof(struct ipt_dstlimit_info, prev),
 	.help		= &help,
 	.init		= &init,

Modified: branches/iptables/iptables-1.4/extensions/libipt_ecn.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ecn.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ecn.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -36,12 +36,10 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
 	unsigned int result;
-	struct ipt_ecn_info *einfo
-		= (struct ipt_ecn_info *)(*match)->data;
+	struct ipt_ecn_info *einfo = matchinfo;
 
 	switch (c) {
 	case 'F':
@@ -97,12 +95,10 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
+print(const struct ipt_ip *ip, const void *matchinfo,
       int numeric)
 {
-	const struct ipt_ecn_info *einfo =
-		(const struct ipt_ecn_info *)match->data;
+	const struct ipt_ecn_info *einfo = matchinfo;
 
 	printf("ECN match ");
 
@@ -127,10 +123,9 @@
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_ecn_info *einfo =
-		(const struct ipt_ecn_info *)match->data;
+	const struct ipt_ecn_info *einfo = matchinfo;
 	
 	if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
 		if (einfo->invert & IPT_ECN_OP_MATCH_ECE)
@@ -152,11 +147,12 @@
 }
 
 static
-struct iptables_match ecn
+struct xtables_match ecn
 = { .name          = "ecn",
     .version       = IPTABLES_VERSION,
-    .size          = IPT_ALIGN(sizeof(struct ipt_ecn_info)),
-    .userspacesize = IPT_ALIGN(sizeof(struct ipt_ecn_info)),
+    .pf		   = PF_INET,
+    .size          = XT_ALIGN(sizeof(struct ipt_ecn_info)),
+    .userspacesize = XT_ALIGN(sizeof(struct ipt_ecn_info)),
     .help          = &help,
     .parse         = &parse,
     .final_check   = &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_esp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_esp.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_esp.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -68,9 +68,9 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_esp *espinfo = (struct ipt_esp *)m->data;
+	struct ipt_esp *espinfo = matchinfo;
 
 	espinfo->spis[1] = 0xFFFFFFFF;
 }
@@ -134,10 +134,9 @@
 
 /* Prints out the union ipt_matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match, int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_esp *esp = (struct ipt_esp *)match->data;
+	const struct ipt_esp *esp = matchinfo;
 
 	printf("esp ");
 	print_spis("spi", esp->spis[0], esp->spis[1],
@@ -148,9 +147,9 @@
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_esp *espinfo = (struct ipt_esp *)match->data;
+	const struct ipt_esp *espinfo = matchinfo;
 
 	if (!(espinfo->spis[0] == 0
 	    && espinfo->spis[1] == 0xFFFFFFFF)) {
@@ -168,12 +167,13 @@
 
 }
 
-static struct iptables_match esp = { 
+static struct xtables_match esp = { 
 	.next 		= NULL,
 	.name 		= "esp",
+	.pf		= PF_INET,
 	.version 	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_esp)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_esp)),
+	.size		= XT_ALIGN(sizeof(struct ipt_esp)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_esp)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_fuzzy.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_fuzzy.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_fuzzy.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -40,9 +40,9 @@
 
 /* Initialize data structures */
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_fuzzy_info *presentinfo = (struct ipt_fuzzy_info *)(m)->data;
+	struct ipt_fuzzy_info *presentinfo = matchinfo;
 
 	/*
 	 * Default rates ( I'll improve this very soon with something based 
@@ -59,12 +59,10 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
+	struct ipt_fuzzy_info *fuzzyinfo = matchinfo;
 
-struct ipt_fuzzy_info *fuzzyinfo = (struct ipt_fuzzy_info *)(*match)->data;
-
 	u_int32_t num;
 
 	switch (c) {
@@ -114,12 +112,9 @@
 }
 
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_fuzzy_info *fuzzyinfo
-		= (const struct ipt_fuzzy_info *)match->data;
+	const struct ipt_fuzzy_info *fuzzyinfo = matchinfo;
 
 	printf(" fuzzy: lower limit = %u pps - upper limit = %u pps ",fuzzyinfo->minimum_rate,fuzzyinfo->maximum_rate);
 
@@ -127,22 +122,22 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_fuzzy_info *fuzzyinfo
-		= (const struct ipt_fuzzy_info *)match->data;
+	const struct ipt_fuzzy_info *fuzzyinfo = matchinfo;
 
 	printf("--lower-limit %u ",fuzzyinfo->minimum_rate);
 	printf("--upper-limit %u ",fuzzyinfo->maximum_rate);
 
 }
 
-static struct iptables_match fuzzy_match = { 
+static struct xtables_match fuzzy_match = { 
 	.next 		= NULL,
 	.name		= "fuzzy",
+	.pf 		= PF_INET,
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_fuzzy_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_fuzzy_info)),
+	.size		= XT_ALIGN(sizeof(struct ipt_fuzzy_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_fuzzy_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_hashlimit.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_hashlimit.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_hashlimit.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -96,9 +96,9 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_hashlimit_info *r = (struct ipt_hashlimit_info *)m->data;
+	struct ipt_hashlimit_info *r = matchinfo;
 
 	r->cfg.burst = IPT_HASHLIMIT_BURST;
 	r->cfg.gc_interval = IPT_HASHLIMIT_GCINTERVAL;
@@ -151,12 +151,10 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      const struct ipt_entry *entry, unsigned int *nfcache,
+      void *matchinfo)
 {
-	struct ipt_hashlimit_info *r = 
-			(struct ipt_hashlimit_info *)(*match)->data;
+	struct ipt_hashlimit_info *r = matchinfo;
 	unsigned int num;
 
 	switch(c) {
@@ -304,12 +302,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_hashlimit_info *r = 
-		(struct ipt_hashlimit_info *)match->data;
+	const struct ipt_hashlimit_info *r = matchinfo;
 	fputs("limit: avg ", stdout); print_rate(r->cfg.avg);
 	printf("burst %u ", r->cfg.burst);
 	fputs("mode ", stdout);
@@ -325,10 +320,9 @@
 }
 
 /* FIXME: Make minimalist: only print rate if not default --RR */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_hashlimit_info *r = 
-		(struct ipt_hashlimit_info *)match->data;
+	const struct ipt_hashlimit_info *r = matchinfo;
 
 	fputs("--hashlimit ", stdout); print_rate(r->cfg.avg);
 	if (r->cfg.burst != IPT_HASHLIMIT_BURST)
@@ -349,10 +343,11 @@
 		printf("--hashlimit-htable-expire %u ", r->cfg.expire);
 }
 
-static struct iptables_match hashlimit = { NULL,
+static struct xtables_match hashlimit = {
 	.name		= "hashlimit",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_hashlimit_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_hashlimit_info)),
 	.userspacesize	= offsetof(struct ipt_hashlimit_info, hinfo),
 	.help		= &help,
 	.init		= &init,

Modified: branches/iptables/iptables-1.4/extensions/libipt_helper.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_helper.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_helper.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -29,10 +29,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_helper_info *info = (struct ipt_helper_info *)(*match)->data;
+	struct ipt_helper_info *info = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -64,29 +63,28 @@
 
 /* Prints out the info. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_helper_info *info = (struct ipt_helper_info *)match->data;
+	const struct ipt_helper_info *info = matchinfo;
 
 	printf("helper match %s\"%s\" ", info->invert ? "! " : "", info->name);
 }
 
 /* Saves the union ipt_info in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_helper_info *info = (struct ipt_helper_info *)match->data;
+	const struct ipt_helper_info *info = matchinfo;
 
 	printf("%s--helper \"%s\" ",info->invert ? "! " : "", info->name);
 }
 
-static struct iptables_match helper = { 
+static struct xtables_match helper = { 
 	.next		= NULL,
 	.name		= "helper",
+	.pf		= PF_INET,
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_helper_info)),
+	.size		= XT_ALIGN(sizeof(struct ipt_helper_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_icmp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_icmp.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_icmp.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -169,9 +169,9 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_icmp *icmpinfo = (struct ipt_icmp *)m->data;
+	struct ipt_icmp *icmpinfo = matchinfo;
 
 	icmpinfo->type = 0xFF;
 	icmpinfo->code[1] = 0xFF;
@@ -182,10 +182,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_icmp *icmpinfo = (struct ipt_icmp *)(*match)->data;
+	struct ipt_icmp *icmpinfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -242,11 +241,9 @@
 
 /* Prints out the union ipt_matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data;
+	const struct ipt_icmp *icmp = matchinfo;
 
 	printf("icmp ");
 	print_icmptype(icmp->type, icmp->code[0], icmp->code[1],
@@ -259,9 +256,9 @@
 }
 
 /* Saves the match in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data;
+	const struct ipt_icmp *icmp = matchinfo;
 
 	if (icmp->invflags & IPT_ICMP_INV)
 		printf("! ");
@@ -282,12 +279,13 @@
 {
 }
 
-static struct iptables_match icmp = { 
+static struct xtables_match icmp = { 
 	.next		= NULL,
 	.name		= "icmp",
+	.pf		= PF_INET,
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_icmp)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_icmp)),
+	.size		= XT_ALIGN(sizeof(struct ipt_icmp)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_icmp)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_iprange.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_iprange.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_iprange.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -57,10 +57,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_iprange_info *info = (struct ipt_iprange_info *)(*match)->data;
+	struct ipt_iprange_info *info = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -123,11 +122,9 @@
 
 /* Prints out the info. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_iprange_info *info = (struct ipt_iprange_info *)match->data;
+	struct ipt_iprange_info *info = matchinfo;
 
 	if (info->flags & IPRANGE_SRC) {
 		printf("source IP range ");
@@ -145,9 +142,9 @@
 
 /* Saves the union ipt_info in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_iprange_info *info = (struct ipt_iprange_info *)match->data;
+	struct ipt_iprange_info *info = matchinfo;
 
 	if (info->flags & IPRANGE_SRC) {
 		if (info->flags & IPRANGE_SRC_INV)
@@ -165,12 +162,13 @@
 	}
 }
 
-static struct iptables_match iprange = { 
+static struct xtables_match iprange = { 
 	.next		= NULL,
 	.name		= "iprange",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_iprange_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_iprange_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_iprange_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_iprange_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_ipv4options.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ipv4options.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ipv4options.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -40,10 +40,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_ipv4options_info *info = (struct ipt_ipv4options_info *)(*match)->data;
+	struct ipt_ipv4options_info *info = matchinfo;
 
 	switch (c)
 	{
@@ -226,11 +225,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_ipv4options_info *info = ((struct ipt_ipv4options_info *)match->data);
+	const struct ipt_ipv4options_info *info = matchinfo;
 
 	printf(" IPV4OPTS");
 	if (info->options & IPT_IPV4OPTION_MATCH_SSRR)
@@ -261,9 +258,9 @@
 
 /* Saves the data in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_ipv4options_info *info = ((struct ipt_ipv4options_info *)match->data);
+	const struct ipt_ipv4options_info *info = matchinfo;
 
 	if (info->options & IPT_IPV4OPTION_MATCH_SSRR)
 		printf(" --ssrr");
@@ -291,12 +288,12 @@
 	printf(" ");
 }
 
-static struct iptables_match ipv4options_struct = { 
-	.next		= NULL,
+static struct xtables_match ipv4options_struct = { 
 	.name		= "ipv4options",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_ipv4options_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_ipv4options_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_length.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_length.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_length.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -67,10 +67,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_length_info *info = (struct ipt_length_info *)(*match)->data;
+	struct ipt_length_info *info = matchinfo;
 
 	switch (c) {
 		case '1':
@@ -115,28 +114,30 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
+	const struct ipt_length_info *info = matchinfo;
+
 	printf("length ");
-	print_length((struct ipt_length_info *)match->data);
+	print_length(info);
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
+	const struct ipt_length_info *info = matchinfo;
+
 	printf("--length ");
-	print_length((struct ipt_length_info *)match->data);
+	print_length(info);
 }
 
-static struct iptables_match length = { 
-	.next		= NULL,
+static struct xtables_match length = { 
 	.name		= "length",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_length_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_length_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_length_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_length_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_limit.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_limit.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_limit.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -74,9 +74,9 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_rateinfo *r = (struct ipt_rateinfo *)m->data;
+	struct ipt_rateinfo *r = matchinfo;
 
 	parse_rate(IPT_LIMIT_AVG, &r->avg);
 	r->burst = IPT_LIMIT_BURST;
@@ -94,10 +94,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_rateinfo *r = (struct ipt_rateinfo *)(*match)->data;
+	struct ipt_rateinfo *r = matchinfo;
 	unsigned int num;
 
 	switch(c) {
@@ -156,30 +155,28 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_rateinfo *r = (struct ipt_rateinfo *)match->data;
+	struct ipt_rateinfo *r = matchinfo;
 	printf("limit: avg "); print_rate(r->avg);
 	printf("burst %u ", r->burst);
 }
 
 /* FIXME: Make minimalist: only print rate if not default --RR */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_rateinfo *r = (struct ipt_rateinfo *)match->data;
+	struct ipt_rateinfo *r = matchinfo;
 
 	printf("--limit "); print_rate(r->avg);
 	if (r->burst != IPT_LIMIT_BURST)
 		printf("--limit-burst %u ", r->burst);
 }
 
-static struct iptables_match limit = { 
-	.next		= NULL,
+static struct xtables_match limit = { 
 	.name		= "limit",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_rateinfo)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_rateinfo)),
 	.userspacesize	= offsetof(struct ipt_rateinfo, prev),
 	.help		= &help,
 	.init		= &init,

Modified: branches/iptables/iptables-1.4/extensions/libipt_mac.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_mac.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_mac.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -57,10 +57,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_mac_info *macinfo = (struct ipt_mac_info *)(*match)->data;
+	struct ipt_mac_info *macinfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -98,34 +97,36 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
+	const struct ipt_mac_info *info = matchinfo;
+
 	printf("MAC ");
 
-	if (((struct ipt_mac_info *)match->data)->invert)
+	if (info->invert)
 		printf("! ");
 	
-	print_mac(((struct ipt_mac_info *)match->data)->srcaddr);
+	print_mac(info->srcaddr);
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	if (((struct ipt_mac_info *)match->data)->invert)
+	const struct ipt_mac_info *info = matchinfo;
+
+	if (info->invert)
 		printf("! ");
 
 	printf("--mac-source ");
-	print_mac(((struct ipt_mac_info *)match->data)->srcaddr);
+	print_mac(info->srcaddr);
 }
 
-static struct iptables_match mac = { 
-	.next		= NULL,
+static struct xtables_match mac = { 
  	.name		= "mac",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_mac_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_mac_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_mac_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_mac_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_mark.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_mark.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_mark.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -30,10 +30,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_mark_info *markinfo = (struct ipt_mark_info *)(*match)->data;
+	struct ipt_mark_info *markinfo = matchinfo;
 
 	switch (c) {
 		char *end;
@@ -96,11 +95,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_mark_info *info = (struct ipt_mark_info *)match->data;
+	struct ipt_mark_info *info = matchinfo;
 
 	printf("MARK match ");
 
@@ -112,9 +109,9 @@
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_mark_info *info = (struct ipt_mark_info *)match->data;
+	struct ipt_mark_info *info = matchinfo;
 
 	if (info->invert)
 		printf("! ");
@@ -123,12 +120,12 @@
 	print_mark(info->mark, info->mask, 0);
 }
 
-static struct iptables_match mark = { 
-	.next		= NULL,
+static struct xtables_match mark = { 
 	.name		= "mark",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_mark_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_mark_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_mark_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_mark_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_mport.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_mport.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_mport.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -127,12 +127,10 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
 	const char *proto;
-	struct ipt_mport *minfo
-		= (struct ipt_mport *)(*match)->data;
+	struct ipt_mport *minfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -204,12 +202,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_mport *minfo
-		= (const struct ipt_mport *)match->data;
+	const struct ipt_mport *minfo = matchinfo;
 	unsigned int i;
         u_int16_t pflags = minfo->pflags;
 
@@ -251,10 +246,9 @@
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_mport *minfo
-		= (const struct ipt_mport *)match->data;
+	const struct ipt_mport *minfo = matchinfo;
 	unsigned int i;
         u_int16_t pflags = minfo->pflags;
 
@@ -290,11 +284,11 @@
 }
 
 static struct iptables_match mport = { 
-	.next		= NULL,
 	.name		= "mport",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_mport)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_mport)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_mport)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_mport)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_multiport.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_multiport.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_multiport.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -137,7 +137,7 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
 }
 
@@ -165,12 +165,10 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
 	const char *proto;
-	struct ipt_multiport *multiinfo
-		= (struct ipt_multiport *)(*match)->data;
+	struct ipt_multiport *multiinfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -397,11 +395,9 @@
 	printf(" ");
 }
 
-static void save_v1(const struct ipt_ip *ip, 
-		    const struct ipt_entry_match *match)
+static void save_v1(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_multiport_v1 *multiinfo
-		= (const struct ipt_multiport_v1 *)match->data;
+	const struct ipt_multiport_v1 *multiinfo = matchinfo;
 	unsigned int i;
 
 	switch (multiinfo->flags) {
@@ -432,13 +428,13 @@
 	printf(" ");
 }
 
-static struct iptables_match multiport = { 
-	.next		= NULL,
+static struct xtables_match multiport = { 
 	.name		= "multiport",
-	.revision	= 0,
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_multiport)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_multiport)),
+	.pf		= PF_INET,
+	.revision	= 0,
+	.size		= XT_ALIGN(sizeof(struct ipt_multiport)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_multiport)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,
@@ -448,13 +444,13 @@
 	.extra_opts	= opts
 };
 
-static struct iptables_match multiport_v1 = { 
-	.next		= NULL,
+static struct xtables_match multiport_v1 = { 
 	.name		= "multiport",
 	.version	= IPTABLES_VERSION,
+	.pf 		= PF_INET,
 	.revision	= 1,
-	.size		= IPT_ALIGN(sizeof(struct ipt_multiport_v1)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_multiport_v1)),
+	.size		= XT_ALIGN(sizeof(struct ipt_multiport_v1)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_multiport_v1)),
 	.help		= &help_v1,
 	.init		= &init,
 	.parse		= &parse_v1,

Modified: branches/iptables/iptables-1.4/extensions/libipt_nth.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_nth.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_nth.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -61,10 +61,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_nth_info *nthinfo = (struct ipt_nth_info *)(*match)->data;
+	struct ipt_nth_info *nthinfo = matchinfo;
 	unsigned int num;
 
 	switch (c) {
@@ -175,12 +174,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_nth_info *nthinfo
-		= (const struct ipt_nth_info *)match->data;
+	const struct ipt_nth_info *nthinfo = matchinfo;
 
 	if (nthinfo->not == 1)
 		printf(" !");
@@ -195,10 +191,9 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_nth_info *nthinfo
-		= (const struct ipt_nth_info *)match->data;
+	const struct ipt_nth_info *nthinfo = matchinfo;
 
 	if (nthinfo->not == 1)
 		printf("! ");
@@ -210,12 +205,12 @@
                 printf("--packet %u ", nthinfo->packet );
 }
 
-static struct iptables_match nth = { 
-	.next		= NULL,
+static struct xtables_match nth = { 
 	.name		= "nth",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_nth_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_nth_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_nth_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_nth_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_osf.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_osf.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_osf.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -67,10 +67,9 @@
 
 static int parse(int c, char **argv, int invert, unsigned int *flags,
       			const struct ipt_entry *entry,
-      			unsigned int *nfcache,
-      			struct ipt_entry_match **match)
+      			unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_osf_info *info = (struct ipt_osf_info *)(*match)->data;
+	struct ipt_osf_info *info = matchinfo;
 	
 	switch(c) 
 	{
@@ -122,26 +121,26 @@
 		exit_error(PARAMETER_PROBLEM, "OS fingerprint match: You must specify `--genre'");
 }
 
-static void print(const struct ipt_ip *ip, const struct ipt_entry_match *match, int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_osf_info *info = (const struct ipt_osf_info*) match->data;
+	const struct ipt_osf_info *info = matchinfo;
 
 	printf("OS fingerprint match %s%s ", (info->invert) ? "!" : "", info->genre);
 }
 
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_osf_info *info = (const struct ipt_osf_info*) match->data;
+	const struct ipt_osf_info *info = matchinfo;
 
 	printf("--genre %s%s ", (info->invert) ? "! ": "", info->genre);
 }
 
 
-static struct iptables_match osf_match = {
+static struct xtables_match osf_match = {
     .name          = "osf",
     .version       = IPTABLES_VERSION,
-    .size          = IPT_ALIGN(sizeof(struct ipt_osf_info)),
-    .userspacesize = IPT_ALIGN(sizeof(struct ipt_osf_info)),
+    .size          = XT_ALIGN(sizeof(struct ipt_osf_info)),
+    .userspacesize = XT_ALIGN(sizeof(struct ipt_osf_info)),
     .help          = &help,
     .parse         = &parse,
     .final_check   = &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_owner.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_owner.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_owner.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -54,10 +54,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_owner_info *ownerinfo = (struct ipt_owner_info *)(*match)->data;
+	struct ipt_owner_info *ownerinfo = matchinfo;
 
 	switch (c) {
 		char *end;
@@ -200,11 +199,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, void *matchinfo, int numeric)
 {
-	struct ipt_owner_info *info = (struct ipt_owner_info *)match->data;
+	const struct ipt_owner_info *info = matchinfo;
 
 	print_item(info, IPT_OWNER_UID, numeric, "OWNER UID match ");
 	print_item(info, IPT_OWNER_GID, numeric, "OWNER GID match ");
@@ -217,9 +214,9 @@
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_owner_info *info = (struct ipt_owner_info *)match->data;
+	const struct ipt_owner_info *info = matchinfo;
 
 	print_item(info, IPT_OWNER_UID, 0, "--uid-owner ");
 	print_item(info, IPT_OWNER_GID, 0, "--gid-owner ");
@@ -230,12 +227,12 @@
 #endif
 }
 
-static struct iptables_match owner = { 
-	.next		= NULL,
+static struct xtables_match owner = { 
 	.name		= "owner",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_owner_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_owner_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_owner_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_owner_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_physdev.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_physdev.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_physdev.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -35,18 +35,16 @@
 };
 
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
 }
 
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_physdev_info *info =
-		(struct ipt_physdev_info*)(*match)->data;
+	struct ipt_physdev_info *info = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -121,12 +119,9 @@
 }
 
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_physdev_info *info =
-		(struct ipt_physdev_info*)match->data;
+	const struct ipt_physdev_info *info = matchinfo;
 
 	printf("PHYSDEV match");
 	if (info->bitmask & IPT_PHYSDEV_OP_ISIN)
@@ -148,10 +143,9 @@
 	printf(" ");
 }
 
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_physdev_info *info =
-		(struct ipt_physdev_info*)match->data;
+	const struct ipt_physdev_info *info = matchinfo;
 
 	if (info->bitmask & IPT_PHYSDEV_OP_ISIN)
 		printf("%s --physdev-is-in",
@@ -172,12 +166,12 @@
 	printf(" ");
 }
 
-static struct iptables_match physdev = { 
-	.next		= NULL,
+static struct xtables_match physdev = { 
 	.name		= "physdev",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_physdev_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_physdev_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_physdev_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_physdev_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_pkttype.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_pkttype.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_pkttype.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -87,10 +87,9 @@
 
 static int parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_pkttype_info *info = (struct ipt_pkttype_info *)(*match)->data;
+	struct ipt_pkttype_info *info = matchinfo;
 	
 	switch(c)
 	{
@@ -131,28 +130,28 @@
 	printf("%d ", info->pkttype);	/* in case we didn't find an entry in named-packtes */
 }
 
-static void print(const struct ipt_ip *ip, const struct ipt_entry_match *match, int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_pkttype_info *info = (struct ipt_pkttype_info *)match->data;
+	const struct ipt_pkttype_info *info = matchinfo;
 	
 	printf("PKTTYPE %s= ", info->invert?"!":"");
 	print_pkttype(info);
 }
 
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_pkttype_info *info = (struct ipt_pkttype_info *)match->data;
+	const struct ipt_pkttype_info *info = matchinfo;
 	
 	printf("--pkt-type %s", info->invert?"! ":"");
 	print_pkttype(info);
 }
 
-static struct iptables_match pkttype = {
-	.next		= NULL,
+static struct xtables_match pkttype = {
 	.name		= "pkttype",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_pkttype_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_pkttype_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_pkttype_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_pkttype_info)),
 	.help		= &help,
 	.parse		= &parse, 
 	.final_check	= &final_check, 

Modified: branches/iptables/iptables-1.4/extensions/libipt_policy.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_policy.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_policy.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -127,8 +127,7 @@
 
 static int parse(int c, char **argv, int invert, unsigned int *flags,
                  const struct ipt_entry *entry,
-                 unsigned int *nfcache,
-                 struct ipt_entry_match **match)
+                 unsigned int *nfcache, void *matchinfo)
 {
 	struct ipt_policy_info *info = (void *)(*match)->data;
 	struct ipt_policy_elem *e = &info->pol[info->len];
@@ -386,11 +385,9 @@
 		printf("%sstrict ", prefix);
 }
 
-static void print(const struct ipt_ip *ip,
-                  const struct ipt_entry_match *match,
-		  int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_policy_info *info = (void *)match->data;
+	const struct ipt_policy_info *info = matchinfo;
 	unsigned int i;
 
 	printf("policy match ");
@@ -402,9 +399,9 @@
 	}
 }
 
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_policy_info *info = (void *)match->data;
+	const struct ipt_policy_info *info = matchinfo;
 	unsigned int i;
 
 	print_flags("--", info);
@@ -415,11 +412,12 @@
 	}
 }
 
-struct iptables_match policy = {
+struct xtables_match policy = {
 	.name		= "policy",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_policy_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_policy_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_policy_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_policy_info)),
 	.help		= help,
 	.init		= init,
 	.parse		= parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_pool.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_pool.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_pool.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -35,10 +35,9 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *match, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_pool_info *info =
-		(struct ipt_pool_info *)match->data;
+	struct ipt_pool_info *info = matchinfo;
 
 	info->src = IP_POOL_NONE;
 	info->dst = IP_POOL_NONE;
@@ -49,11 +48,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_pool_info *info =
-		(struct ipt_pool_info *)(*match)->data;
+	struct ipt_pool_info *info = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -85,13 +82,10 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, void *matchinfo, int numeric)
 {
 	char buf[256];
-	struct ipt_pool_info *info =
-		(struct ipt_pool_info *)match->data;
+	const struct ipt_pool_info *info = matchinfo;
 
 	if (info->src != IP_POOL_NONE)
 		printf("%ssrcpool %s ",
@@ -104,11 +98,10 @@
 }
 
 /* Saves the matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
 	char buf[256];
-	struct ipt_pool_info *info =
-		(struct ipt_pool_info *)match->data;
+	const struct ipt_pool_info *info = matchinfo;
 
 	if (info->src != IP_POOL_NONE)
 		printf("%s--srcpool %s ",
@@ -120,12 +113,12 @@
 			ip_pool_get_name(buf, sizeof(buf), info->dst, 0));
 }
 
-static struct iptables_match pool = { 
-	.next		= NULL,
+static struct xtables_match pool = { 
 	.name		= "pool",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_pool_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_pool_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_pool_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_pool_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_psd.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_psd.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_psd.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -48,9 +48,9 @@
 
 /* Initialize the target. */
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_psd_info *psdinfo = (struct ipt_psd_info *)m->data;
+	struct ipt_psd_info *psdinfo = matchinfo;
 
 	psdinfo->weight_threshold = SCAN_WEIGHT_THRESHOLD;  
 	psdinfo->delay_threshold = SCAN_DELAY_THRESHOLD;
@@ -76,10 +76,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_psd_info *psdinfo = (struct ipt_psd_info *)(*match)->data;
+	struct ipt_psd_info *psdinfo = matchinfo;
 	unsigned int num;
 	
 	switch (c) {
@@ -146,12 +145,9 @@
 
 /* Prints out the targinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_psd_info *psdinfo
-		= (const struct ipt_psd_info *)match->data;
+	const struct ipt_psd_info *psdinfo = matchinfo;
 
 	printf("psd ");
 	printf("weight-threshold: %u ", psdinfo->weight_threshold);
@@ -162,10 +158,9 @@
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, void *matchinfo)
 {
-	const struct ipt_psd_info *psdinfo
-		= (const struct ipt_psd_info *)match->data;
+	const struct ipt_psd_info *psdinfo = matchinfo;
 
 	printf("--psd-weight-threshold %u ", psdinfo->weight_threshold);
 	printf("--psd-delay-threshold %u ", psdinfo->delay_threshold);
@@ -173,12 +168,12 @@
 	printf("--psd-hi-ports-weight %u ", psdinfo->hi_ports_weight);
 }
 
-static struct iptables_match psd = { 
-	.next		= NULL,
+static struct xtables_match psd = { 
 	.name		= "psd",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_psd_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_psd_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_psd_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_psd_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_realm.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_realm.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_realm.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -33,10 +33,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_realm_info *realminfo = (struct ipt_realm_info *)(*match)->data;
+	struct ipt_realm_info *realminfo = matchinfo;
 
 	switch (c) {
 		char *end;
@@ -72,11 +71,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_realm_info *ri = (struct ipt_realm_info *) match->data;
+	const struct ipt_realm_info *ri = matchinfo;
 
 	if (ri->invert)
 		printf("! ");
@@ -88,9 +85,9 @@
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_realm_info *ri = (struct ipt_realm_info *) match->data;
+	const struct ipt_realm_info *ri = matchinfo;
 
 	if (ri->invert)
 		printf("! ");
@@ -108,11 +105,12 @@
 			   "REALM match: You must specify `--realm'");
 }
 
-static struct iptables_match realm = { NULL,
+static struct xtables_match realm = {
 	.name		= "realm",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_realm_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_realm_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_realm_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_realm_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_rpc.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_rpc.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_rpc.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -175,12 +175,10 @@
 };
 
 
-static void init(struct ipt_entry_match *match, unsigned int *nfcache)
+static void init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_rpc_info *rpcinfo = ((struct ipt_rpc_info *)match->data);
+	struct ipt_rpc_info *rpcinfo = matchinfo;
 
-
-
 	/* initialise those funky user vars */
 	rpcinfo->i_procs = -1;
 	rpcinfo->strict  =  0;
@@ -188,7 +186,7 @@
 }
 
 
-static void parse_rpcs_string(char *string, struct ipt_entry_match **match)
+static void parse_rpcs_string(char *string, struct ipt_rpc_info *rpcinfo)
 {
 	char err1[64] = "%s invalid --rpcs option-set: `%s' (at character %i)";
 	char err2[64] = "%s unable to resolve rpc name entry: `%s'";
@@ -200,7 +198,6 @@
 	char *src, *dst;
 	char *c_procs;
 	struct rpcent *rpcent_ptr;
-	struct ipt_rpc_info *rpcinfo = (struct ipt_rpc_info *)(*match)->data;
 
 
 	memset(buf, 0, sizeof(buf));
@@ -260,10 +257,9 @@
 
 static int parse(int c, char **argv, int invert, unsigned int *flags,
 		const struct ipt_entry *entry,
-		unsigned int *nfcache,
-		struct ipt_entry_match **match)
+		unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_rpc_info *rpcinfo = (struct ipt_rpc_info *)(*match)->data;
+	struct ipt_rpc_info *rpcinfo = matchinfo;
 
 
 	switch (c)
@@ -275,7 +271,7 @@
 		if (*flags & IPT_RPC_RPCS)
                         exit_error(PARAMETER_PROBLEM,
                                    "%s repeated use of --rpcs\n", preerr);
-		parse_rpcs_string(optarg, match);
+		parse_rpcs_string(optarg, rpcinfo);
 
 		*flags |= IPT_RPC_RPCS;
 		break;
@@ -309,13 +305,10 @@
 }
 
 
-static void print(const struct ipt_ip *ip,
-		const struct ipt_entry_match *match,
-		int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_rpc_info *rpcinfo = ((struct ipt_rpc_info *)match->data);
+	const struct ipt_rpc_info *rpcinfo = matchinfo;
 
-
 	printf("RPCs");
 	if(rpcinfo->strict == 1)
 		printf("[strict]");
@@ -333,11 +326,10 @@
 }
 
 
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_rpc_info *rpcinfo = ((struct ipt_rpc_info *)match->data);
+	const struct ipt_rpc_info *rpcinfo = matchinfo;
 
-
 	if(rpcinfo->i_procs > -1) {
 		printf("--rpcs ");
 		print_rpcs((char *)&rpcinfo->c_procs, rpcinfo->i_procs, IPT_RPC_INT_NUM);
@@ -350,12 +342,11 @@
 }
 
 
-static struct iptables_match rpcstruct = { 
-	.next		= NULL,
+static struct xtables_match rpcstruct = { 
 	.name		= "rpc",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_rpc_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_rpc_info)),
+	.size		= XT_ALIGN(sizeof(struct ipt_rpc_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_rpc_info)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_sctp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_sctp.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_sctp.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -30,11 +30,10 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *m, 
-     unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
 	int i;
-	struct ipt_sctp_info *einfo = (struct ipt_sctp_info *)m->data;
+	struct ipt_sctp_info *einfo = matchinfo;
 
 	memset(einfo, 0, sizeof(struct ipt_sctp_info));
 
@@ -276,11 +275,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_sctp_info *einfo
-		= (struct ipt_sctp_info *)(*match)->data;
+	struct ipt_sctp_info *einfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -468,12 +465,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_sctp_info *einfo =
-		(const struct ipt_sctp_info *)match->data;
+	const struct ipt_sctp_info *einfo = matchinfo;
 
 	printf("sctp ");
 
@@ -502,11 +496,9 @@
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, 
-     const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_sctp_info *einfo =
-		(const struct ipt_sctp_info *)match->data;
+	const struct ipt_sctp_info *einfo = matchinfo;
 
 	if (einfo->flags & IPT_SCTP_SRC_PORTS) {
 		if (einfo->invflags & IPT_SCTP_SRC_PORTS)
@@ -538,12 +530,12 @@
 	}
 }
 
-static
-struct iptables_match sctp
-= { .name          = "sctp",
+static struct xtables_match sctp = { 
+    .name          = "sctp",
     .version       = IPTABLES_VERSION,
-    .size          = IPT_ALIGN(sizeof(struct ipt_sctp_info)),
-    .userspacesize = IPT_ALIGN(sizeof(struct ipt_sctp_info)),
+    .pf		   = PF_INET,
+    .size          = XT_ALIGN(sizeof(struct ipt_sctp_info)),
+    .userspacesize = XT_ALIGN(sizeof(struct ipt_sctp_info)),
     .help          = &help,
     .init          = &init,
     .parse         = &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_standard.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_standard.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_standard.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -22,7 +22,7 @@
 
 /* Initialize the target. */
 static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
 }
 
@@ -30,8 +30,7 @@
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
-      const struct ipt_entry *entry,
-      struct ipt_entry_target **target)
+      const struct ipt_entry *entry, void *matchinfo)
 {
 	return 0;
 }
@@ -43,17 +42,17 @@
 
 /* Saves the targinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
 }
 
 static
-struct iptables_target standard = { 
-	.next		= NULL,
+struct xtables_target standard = { 
 	.name		= "standard",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(int)),
-	.userspacesize	= IPT_ALIGN(sizeof(int)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(int)),
+	.userspacesize	= XT_ALIGN(sizeof(int)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_state.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_state.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_state.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -143,12 +143,12 @@
 	print_state(sinfo->statemask);
 }
 
-static struct iptables_match state = { 
-	.next		= NULL,
+static struct xtables_match state = { 
+	.pf		= PF_INET,
 	.name		= "state",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_state_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_state_info)),
+	.size		= XT_ALIGN(sizeof(struct ipt_state_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_state_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,
@@ -157,7 +157,22 @@
 	.extra_opts	= opts
 };
 
+static struct xtables_match state6 = { 
+	.pf		= PF_INET6,
+	.name		= "state",
+	.version	= IPTABLES_VERSION,
+	.size		= XT_ALIGN(sizeof(struct ipt_state_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_state_info)),
+	.help		= &help,
+	.parse		= &parse,
+	.final_check	= &final_check,
+	.print		= &print,
+	.save		= &save,
+	.extra_opts	= opts
+};
+
 void _init(void)
 {
 	register_match(&state);
+	register_match(&state6);
 }

Modified: branches/iptables/iptables-1.4/extensions/libipt_tcp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_tcp.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_tcp.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -155,9 +155,9 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_tcp *tcpinfo = (struct ipt_tcp *)m->data;
+	struct ipt_tcp *tcpinfo = matchinfo;
 
 	tcpinfo->spts[1] = tcpinfo->dpts[1] = 0xFFFF;
 }
@@ -172,10 +172,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_tcp *tcpinfo = (struct ipt_tcp *)(*match)->data;
+	struct ipt_tcp *tcpinfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -341,10 +340,9 @@
 
 /* Prints out the union ipt_matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match, int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_tcp *tcp = (struct ipt_tcp *)match->data;
+	const struct ipt_tcp *tcp = matchinfo;
 
 	printf("tcp ");
 	print_ports("spt", tcp->spts[0], tcp->spts[1],
@@ -365,9 +363,9 @@
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_tcp *tcpinfo = (struct ipt_tcp *)match->data;
+	const struct ipt_tcp *tcpinfo = matchinfo;
 
 	if (tcpinfo->spts[0] != 0
 	    || tcpinfo->spts[1] != 0xFFFF) {
@@ -418,12 +416,12 @@
 	}
 }
 
-static struct iptables_match tcp = { 
-	.next		= NULL,
+static struct xtables_match tcp = { 
 	.name		= "tcp",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_tcp)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_tcp)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_tcp)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_tcp)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_tcpmss.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_tcpmss.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_tcpmss.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -61,11 +61,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_tcpmss_match_info *mssinfo =
-		(struct ipt_tcpmss_match_info *)(*match)->data;
+	struct ipt_tcpmss_match_info *mssinfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -108,12 +106,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_tcpmss_match_info *mssinfo =
-		(const struct ipt_tcpmss_match_info *)match->data;
+	const struct ipt_tcpmss_match_info *mssinfo = matchinfo;
 
 	printf("tcpmss match ");
 	print_tcpmss(mssinfo->mss_min, mssinfo->mss_max,
@@ -122,22 +117,21 @@
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_tcpmss_match_info *mssinfo =
-		(const struct ipt_tcpmss_match_info *)match->data;
+	const struct ipt_tcpmss_match_info *mssinfo = matchinfo;
 
 	printf("--mss ");
 	print_tcpmss(mssinfo->mss_min, mssinfo->mss_max,
 		     mssinfo->invert, 0);
 }
 
-static struct iptables_match tcpmss = {
-	.next		= NULL,
+static struct xtables_match tcpmss = {
 	.name		= "tcpmss",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_time.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_time.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_time.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -467,11 +467,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	struct ipt_time_info *time = ((struct ipt_time_info *)match->data);
+	struct ipt_time_info *time = matchinfo;
 	int hour_start, hour_stop, minute_start, minute_stop;
 
 	divide_time(time->time_start, &hour_start, &minute_start);
@@ -500,9 +498,9 @@
 
 /* Saves the data in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	struct ipt_time_info *time = ((struct ipt_time_info *)match->data);
+	const struct ipt_time_info *time = matchinfo;
 	int hour_start, hour_stop, minute_start, minute_stop;
 
 	divide_time(time->time_start, &hour_start, &minute_start);
@@ -528,11 +526,11 @@
 /* have to use offsetof() instead of IPT_ALIGN(), since kerneltime must not
  * be compared when user deletes rule with '-D' */
 static
-struct iptables_match timestruct = {
-	.next		= NULL,
+struct xtables_match timestruct = {
 	.name		= "time",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_time_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_time_info)),
 	.userspacesize	= offsetof(struct ipt_time_info, kerneltime),
 	.help		= &help,
 	.init		= &init,

Modified: branches/iptables/iptables-1.4/extensions/libipt_tos.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_tos.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_tos.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -77,10 +77,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_tos_info *tosinfo = (struct ipt_tos_info *)(*match)->data;
+	struct ipt_tos_info *tosinfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -128,11 +127,9 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_tos_info *info = (const struct ipt_tos_info *)match->data;
+	const struct ipt_tos_info *info = matchinfo;
     
 	printf("TOS match ");
 	if (info->invert)
@@ -142,9 +139,9 @@
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_tos_info *info = (const struct ipt_tos_info *)match->data;
+	const struct ipt_tos_info *info = matchinfo;
     
 	if (info->invert)
 		printf("! ");
@@ -152,12 +149,12 @@
 	print_tos(info->tos, 0);
 }
 
-static struct iptables_match tos = { 
-	.next		= NULL,
+static struct xtables_match tos = { 
 	.name		= "tos",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_tos_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_tos_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_tos_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_tos_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_ttl.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ttl.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ttl.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,9 +26,9 @@
 
 static int parse(int c, char **argv, int invert, unsigned int *flags,
 		const struct ipt_entry *entry, unsigned int *nfcache,
-		struct ipt_entry_match **match)
+		void *matchinfo)
 {
-	struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data;
+	struct ipt_ttl_info *info = matchinfo;
 	unsigned int value;
 
 	check_inverse(optarg, &invert, &optind, 0);
@@ -92,12 +92,9 @@
 			"`--ttl-eq', `--ttl-lt', `--ttl-gt");
 }
 
-static void print(const struct ipt_ip *ip, 
-		const struct ipt_entry_match *match,
-		int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_ttl_info *info = 
-		(struct ipt_ttl_info *) match->data;
+	const struct ipt_ttl_info *info = matchinfo;
 
 	printf("TTL match ");
 	switch (info->mode) {
@@ -117,11 +114,9 @@
 	printf("%u ", info->ttl);
 }
 
-static void save(const struct ipt_ip *ip, 
-		const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip,  const void *matchinfo)
 {
-	const struct ipt_ttl_info *info =
-		(struct ipt_ttl_info *) match->data;
+	const struct ipt_ttl_info *info = matchinfo;
 
 	switch (info->mode) {
 		case IPT_TTL_EQ:
@@ -151,12 +146,12 @@
 	{ 0 }
 };
 
-static struct iptables_match ttl = {
-	.next		= NULL,
+static struct xtables_match ttl = {
 	.name		= "ttl",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_ttl_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_ttl_info)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_ttl_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_ttl_info)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_u32.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_u32.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_u32.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -93,10 +93,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_u32 *data = (struct ipt_u32 *)(*match)->data;
+	struct ipt_u32 *data = matchinfo;
 	char *arg = argv[optind-1]; /* the argument string */
 	char *start = arg;
 	int state=0, testind=0, locind=0, valind=0;
@@ -228,27 +227,29 @@
 
 /* Prints out the matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match,
-      int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
+	const struct ipt_u32 *info = matchinfo;
+
 	printf("u32 ");
-	print_u32((struct ipt_u32 *)match->data);
+	print_u32(info);
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
+	const struct ipt_u32 *info = matchinfo;
+
 	printf("--u32 ");
-	print_u32((struct ipt_u32 *)match->data);
+	print_u32(info);
 }
 
-struct iptables_match u32 = {
-	.next		= NULL,
+static struct xtables_match u32 = {
 	.name		= "u32",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_u32)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_u32)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_u32)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_u32)),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/extensions/libipt_udp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_udp.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_udp.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -79,9 +79,9 @@
 
 /* Initialize the match. */
 static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
 {
-	struct ipt_udp *udpinfo = (struct ipt_udp *)m->data;
+	struct ipt_udp *udpinfo = matchinfo;
 
 	udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
 }
@@ -94,10 +94,9 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
-	struct ipt_udp *udpinfo = (struct ipt_udp *)(*match)->data;
+	struct ipt_udp *udpinfo = matchinfo;
 
 	switch (c) {
 	case '1':
@@ -180,10 +179,9 @@
 
 /* Prints out the union ipt_matchinfo. */
 static void
-print(const struct ipt_ip *ip,
-      const struct ipt_entry_match *match, int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
 {
-	const struct ipt_udp *udp = (struct ipt_udp *)match->data;
+	const struct ipt_udp *udp = matchinfo;
 
 	printf("udp ");
 	print_ports("spt", udp->spts[0], udp->spts[1],
@@ -198,9 +196,9 @@
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
 {
-	const struct ipt_udp *udpinfo = (struct ipt_udp *)match->data;
+	const struct ipt_udp *udpinfo = matchinfo;
 
 	if (udpinfo->spts[0] != 0
 	    || udpinfo->spts[1] != 0xFFFF) {
@@ -233,11 +231,11 @@
 
 static
 struct iptables_match udp = { 
-	.next		= NULL,
 	.name		= "udp",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_udp)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_udp)),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(sizeof(struct ipt_udp)),
+	.userspacesize	= XT_ALIGN(sizeof(struct ipt_udp)),
 	.help		= &help,
 	.init		= &init,
 	.parse		= &parse,

Modified: branches/iptables/iptables-1.4/extensions/libipt_unclean.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_unclean.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_unclean.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -22,8 +22,7 @@
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
-      unsigned int *nfcache,
-      struct ipt_entry_match **match)
+      unsigned int *nfcache, void *matchinfo)
 {
 	return 0;
 }
@@ -34,12 +33,12 @@
 }
 
 static
-struct iptables_match unclean = { 
-	.next		= NULL,
+struct xtables_match unclean = { 
 	.name		= "unclean",
 	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(0),
-	.userspacesize	= IPT_ALIGN(0),
+	.pf		= PF_INET,
+	.size		= XT_ALIGN(0),
+	.userspacesize	= XT_ALIGN(0),
 	.help		= &help,
 	.parse		= &parse,
 	.final_check	= &final_check,

Modified: branches/iptables/iptables-1.4/include/ip6tables.h
===================================================================
--- branches/iptables/iptables-1.4/include/ip6tables.h	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/ip6tables.h	2006-01-23 17:24:41 UTC (rev 6431)
@@ -12,115 +12,15 @@
 {
 	struct ip6tables_rule_match *next;
 
-	struct ip6tables_match *match;
+	struct xtables_match *match;
 };
 
-/* Include file for additions: new matches and targets. */
-struct ip6tables_match
-{
-	struct ip6tables_match *next;
+#define ip6tables_match xtables_match
+#define ip6tables_target xtables_target
 
-	ip6t_chainlabel name;
-
-	const char *version;
-
-	/* Size of match data. */
-	size_t size;
-
-	/* Size of match data relevent for userspace comparison purposes */
-	size_t userspacesize;
-
-	/* Function which prints out usage message. */
-	void (*help)(void);
-
-	/* Initialize the match. */
-	void (*init)(struct ip6t_entry_match *m, unsigned int *nfcache);
-
-	/* Function which parses command options; returns true if it
-	   ate an option */
-	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
-		     const struct ip6t_entry *entry,
-		     unsigned int *nfcache,
-		     struct ip6t_entry_match **match);
-
-	/* Final check; exit if not ok. */
-	void (*final_check)(unsigned int flags);
-
-	/* Prints out the match iff non-NULL: put space at end */
-	void (*print)(const struct ip6t_ip6 *ip,
-		      const struct ip6t_entry_match *match, int numeric);
-
-	/* Saves the union ipt_matchinfo in parsable form to stdout. */
-	void (*save)(const struct ip6t_ip6 *ip,
-		     const struct ip6t_entry_match *match);
-
-	/* Pointer to list of extra command-line options */
-	const struct option *extra_opts;
-
-	/* Ignore these men behind the curtain: */
-	unsigned int option_offset;
-	struct ip6t_entry_match *m;
-	unsigned int mflags;
-#ifdef NO_SHARED_LIBS
-	unsigned int loaded; /* simulate loading so options are merged properly */
-#endif
-};
-
-struct ip6tables_target
-{
-	struct ip6tables_target *next;
-	
-	ip6t_chainlabel name;
-
-	const char *version;
-
-	/* Size of target data. */
-	size_t size;
-
-	/* Size of target data relevent for userspace comparison purposes */
-	size_t userspacesize;
-
-	/* Function which prints out usage message. */
-	void (*help)(void);
-
-	/* Initialize the target. */
-	void (*init)(struct ip6t_entry_target *t, unsigned int *nfcache);
-
-	/* Function which parses command options; returns true if it
-	   ate an option */
-	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
-		     const struct ip6t_entry *entry,
-		     struct ip6t_entry_target **target);
-	
-	/* Final check; exit if not ok. */
-	void (*final_check)(unsigned int flags);
-
-	/* Prints out the target iff non-NULL: put space at end */
-	void (*print)(const struct ip6t_ip6 *ip,
-		      const struct ip6t_entry_target *target, int numeric);
-
-	/* Saves the targinfo in parsable form to stdout. */
-	void (*save)(const struct ip6t_ip6 *ip,
-		     const struct ip6t_entry_target *target);
-
-	/* Pointer to list of extra command-line options */
-	struct option *extra_opts;
-
-	/* Ignore these men behind the curtain: */
-	unsigned int option_offset;
-	struct ip6t_entry_target *t;
-	unsigned int tflags;
-	unsigned int used;
-#ifdef NO_SHARED_LIBS
-	unsigned int loaded; /* simulate loading so options are merged properly */
-#endif
-};
-
-extern int line;
-
 /* Your shared library should call one of these. */
-extern void register_match6(struct ip6tables_match *me);
-extern void register_target6(struct ip6tables_target *me);
+#define register_match6 register_match
+#define register_target6 register_target
 
 extern int do_command6(int argc, char *argv[], char **table,
 		       ip6tc_handle_t *handle);
@@ -128,16 +28,9 @@
 extern struct ip6tables_match *ip6tables_matches;
 extern struct ip6tables_target *ip6tables_targets;
 
-enum ip6t_tryload {
-	DONT_LOAD,
-	DURING_LOAD,
-	TRY_LOAD,
-	LOAD_MUST_SUCCEED
-};
+extern struct ip6tables_target *find_target(const char *name, enum xt_tryload);
+extern struct ip6tables_match *find_match(const char *name, enum xt_tryload, struct ip6tables_rule_match **match);
 
-extern struct ip6tables_target *find_target(const char *name, enum ip6t_tryload);
-extern struct ip6tables_match *find_match(const char *name, enum ip6t_tryload, struct ip6tables_rule_match **match);
-
 extern void parse_interface(const char *arg, char *vianame, unsigned char *mask);
 
 extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle);

Modified: branches/iptables/iptables-1.4/include/iptables.h
===================================================================
--- branches/iptables/iptables-1.4/include/iptables.h	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/iptables.h	2006-01-23 17:24:41 UTC (rev 6431)
@@ -12,138 +12,9 @@
 #define IPPROTO_SCTP 132
 #endif
 
-#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */
-#define IPT_SO_GET_REVISION_MATCH	(IPT_BASE_CTL + 2)
-#define IPT_SO_GET_REVISION_TARGET	(IPT_BASE_CTL + 3)
+#define iptables_match xtables_match
+#define iptables_target xtables_target
 
-struct ipt_get_revision
-{
-	char name[IPT_FUNCTION_MAXNAMELEN-1];
-
-	u_int8_t revision;
-};
-#endif /* IPT_SO_GET_REVISION_MATCH   Old kernel source */
-
-struct iptables_rule_match
-{
-	struct iptables_rule_match *next;
-
-	struct iptables_match *match;
-};
-
-/* Include file for additions: new matches and targets. */
-struct iptables_match
-{
-	struct iptables_match *next;
-
-	ipt_chainlabel name;
-
-	/* Revision of match (0 by default). */
-	u_int8_t revision;
-
-	const char *version;
-
-	/* Size of match data. */
-	size_t size;
-
-	/* Size of match data relevent for userspace comparison purposes */
-	size_t userspacesize;
-
-	/* Function which prints out usage message. */
-	void (*help)(void);
-
-	/* Initialize the match. */
-	void (*init)(struct ipt_entry_match *m, unsigned int *nfcache);
-
-	/* Function which parses command options; returns true if it
-           ate an option */
-	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
-		     const struct ipt_entry *entry,
-		     unsigned int *nfcache,
-		     struct ipt_entry_match **match);
-
-	/* Final check; exit if not ok. */
-	void (*final_check)(unsigned int flags);
-
-	/* Prints out the match iff non-NULL: put space at end */
-	void (*print)(const struct ipt_ip *ip,
-		      const struct ipt_entry_match *match, int numeric);
-
-	/* Saves the match info in parsable form to stdout. */
-	void (*save)(const struct ipt_ip *ip,
-		     const struct ipt_entry_match *match);
-
-	/* Pointer to list of extra command-line options */
-	const struct option *extra_opts;
-
-	/* Ignore these men behind the curtain: */
-	unsigned int option_offset;
-	struct ipt_entry_match *m;
-	unsigned int mflags;
-#ifdef NO_SHARED_LIBS
-	unsigned int loaded; /* simulate loading so options are merged properly */
-#endif
-};
-
-struct iptables_target
-{
-	struct iptables_target *next;
-
-	ipt_chainlabel name;
-
-	/* Revision of target (0 by default). */
-	u_int8_t revision;
-
-	const char *version;
-
-	/* Size of target data. */
-	size_t size;
-
-	/* Size of target data relevent for userspace comparison purposes */
-	size_t userspacesize;
-
-	/* Function which prints out usage message. */
-	void (*help)(void);
-
-	/* Initialize the target. */
-	void (*init)(struct ipt_entry_target *t, unsigned int *nfcache);
-
-	/* Function which parses command options; returns true if it
-           ate an option */
-	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
-		     const struct ipt_entry *entry,
-		     struct ipt_entry_target **target);
-
-	/* Final check; exit if not ok. */
-	void (*final_check)(unsigned int flags);
-
-	/* Prints out the target iff non-NULL: put space at end */
-	void (*print)(const struct ipt_ip *ip,
-		      const struct ipt_entry_target *target, int numeric);
-
-	/* Saves the targinfo in parsable form to stdout. */
-	void (*save)(const struct ipt_ip *ip,
-		     const struct ipt_entry_target *target);
-
-	/* Pointer to list of extra command-line options */
-	struct option *extra_opts;
-
-	/* Ignore these men behind the curtain: */
-	unsigned int option_offset;
-	struct ipt_entry_target *t;
-	unsigned int tflags;
-	unsigned int used;
-#ifdef NO_SHARED_LIBS
-	unsigned int loaded; /* simulate loading so options are merged properly */
-#endif
-};
-
-extern int line;
-
-/* Your shared library should call one of these. */
-extern void register_match(struct iptables_match *me);
-extern void register_target(struct iptables_target *me);
-
 extern struct in_addr *dotted_to_addr(const char *dotted);
 extern char *addr_to_dotted(const struct in_addr *addrp);
 extern char *addr_to_anyname(const struct in_addr *addr);
@@ -160,16 +31,6 @@
 extern struct iptables_match *iptables_matches;
 extern struct iptables_target *iptables_targets;
 
-enum ipt_tryload {
-	DONT_LOAD,
-	DURING_LOAD,
-	TRY_LOAD,
-	LOAD_MUST_SUCCEED
-};
-
-extern struct iptables_target *find_target(const char *name, enum ipt_tryload);
-extern struct iptables_match *find_match(const char *name, enum ipt_tryload, struct iptables_rule_match **match);
-
 extern int delete_chain(const ipt_chainlabel chain, int verbose,
 			iptc_handle_t *handle);
 extern int flush_entries(const ipt_chainlabel chain, int verbose, 
@@ -177,12 +38,4 @@
 extern int for_each_chain(int (*fn)(const ipt_chainlabel, int, iptc_handle_t *),
 		int verbose, int builtinstoo, iptc_handle_t *handle);
 
-/* kernel revision handling */
-extern int kernel_version;
-extern void get_kernel_version(void);
-#define LINUX_VERSION(x,y,z)	(0x10000*(x) + 0x100*(y) + z)
-#define LINUX_VERSION_MAJOR(x)	(((x)>>16) & 0xFF)
-#define LINUX_VERSION_MINOR(x)	(((x)>> 8) & 0xFF)
-#define LINUX_VERSION_PATCH(x)	( (x)      & 0xFF)
-
 #endif /*_IPTABLES_USER_H*/

Modified: branches/iptables/iptables-1.4/include/iptables_common.h
===================================================================
--- branches/iptables/iptables-1.4/include/iptables_common.h	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/iptables_common.h	2006-01-23 17:24:41 UTC (rev 6431)
@@ -2,6 +2,10 @@
 #define _IPTABLES_COMMON_H
 /* Shared definitions between ipv4 and ipv6. */
 
+#include "xtables.h"
+
+extern int line;
+
 enum exittype {
 	OTHER_PROBLEM = 1,
 	PARAMETER_PROBLEM,

Modified: branches/iptables/iptables-1.4/include/libiptc/libip6tc.h
===================================================================
--- branches/iptables/iptables-1.4/include/libiptc/libip6tc.h	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/libiptc/libip6tc.h	2006-01-23 17:24:41 UTC (rev 6431)
@@ -4,19 +4,8 @@
 
 #include <libiptc/ipt_kernel_headers.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
+#include <libiptc/libxtc.h>
 
-#ifndef IP6T_MIN_ALIGN
-#define IP6T_MIN_ALIGN (__alignof__(struct ip6t_entry))
-#endif
-#define IP6T_ALIGN(s) (((s) + (IP6T_MIN_ALIGN-1)) & ~(IP6T_MIN_ALIGN-1))
-
-typedef char ip6t_chainlabel[32];
-
-#define IP6TC_LABEL_ACCEPT "ACCEPT"
-#define IP6TC_LABEL_DROP "DROP"
-#define IP6TC_LABEL_QUEUE   "QUEUE"
-#define IP6TC_LABEL_RETURN "RETURN"
-
 /* Transparent handle type. */
 typedef struct ip6tc_handle *ip6tc_handle_t;
 
@@ -58,83 +47,83 @@
 /* Rule numbers start at 1 for the first rule. */
 
 /* Insert the entry `fw' in chain `chain' into position `rulenum'. */
-int ip6tc_insert_entry(const ip6t_chainlabel chain,
+int ip6tc_insert_entry(const xt_chainlabel chain,
 		       const struct ip6t_entry *e,
 		       unsigned int rulenum,
 		       ip6tc_handle_t *handle);
 
 /* Atomically replace rule `rulenum' in `chain' with `fw'. */
-int ip6tc_replace_entry(const ip6t_chainlabel chain,
+int ip6tc_replace_entry(const xt_chainlabel chain,
 			const struct ip6t_entry *e,
 			unsigned int rulenum,
 			ip6tc_handle_t *handle);
 
 /* Append entry `fw' to chain `chain'. Equivalent to insert with
    rulenum = length of chain. */
-int ip6tc_append_entry(const ip6t_chainlabel chain,
+int ip6tc_append_entry(const xt_chainlabel chain,
 		       const struct ip6t_entry *e,
 		       ip6tc_handle_t *handle);
 
 /* Delete the first rule in `chain' which matches `fw'. */
-int ip6tc_delete_entry(const ip6t_chainlabel chain,
+int ip6tc_delete_entry(const xt_chainlabel chain,
 		       const struct ip6t_entry *origfw,
 		       unsigned char *matchmask,
 		       ip6tc_handle_t *handle);
 
 /* Delete the rule in position `rulenum' in `chain'. */
-int ip6tc_delete_num_entry(const ip6t_chainlabel chain,
+int ip6tc_delete_num_entry(const xt_chainlabel chain,
 			   unsigned int rulenum,
 			   ip6tc_handle_t *handle);
 
 /* Check the packet `fw' on chain `chain'. Returns the verdict, or
    NULL and sets errno. */
-const char *ip6tc_check_packet(const ip6t_chainlabel chain,
+const char *ip6tc_check_packet(const xt_chainlabel chain,
 			       struct ip6t_entry *,
 			       ip6tc_handle_t *handle);
 
 /* Flushes the entries in the given chain (ie. empties chain). */
-int ip6tc_flush_entries(const ip6t_chainlabel chain,
+int ip6tc_flush_entries(const xt_chainlabel chain,
 			ip6tc_handle_t *handle);
 
 /* Zeroes the counters in a chain. */
-int ip6tc_zero_entries(const ip6t_chainlabel chain,
+int ip6tc_zero_entries(const xt_chainlabel chain,
 		       ip6tc_handle_t *handle);
 
 /* Creates a new chain. */
-int ip6tc_create_chain(const ip6t_chainlabel chain,
+int ip6tc_create_chain(const xt_chainlabel chain,
 		       ip6tc_handle_t *handle);
 
 /* Deletes a chain. */
-int ip6tc_delete_chain(const ip6t_chainlabel chain,
+int ip6tc_delete_chain(const xt_chainlabel chain,
 		       ip6tc_handle_t *handle);
 
 /* Renames a chain. */
-int ip6tc_rename_chain(const ip6t_chainlabel oldname,
-		       const ip6t_chainlabel newname,
+int ip6tc_rename_chain(const xt_chainlabel oldname,
+		       const xt_chainlabel newname,
 		       ip6tc_handle_t *handle);
 
 /* Sets the policy on a built-in chain. */
-int ip6tc_set_policy(const ip6t_chainlabel chain,
-		     const ip6t_chainlabel policy,
+int ip6tc_set_policy(const xt_chainlabel chain,
+		     const xt_chainlabel policy,
 		     struct ip6t_counters *counters,
 		     ip6tc_handle_t *handle);
 
 /* Get the number of references to this chain */
-int ip6tc_get_references(unsigned int *ref, const ip6t_chainlabel chain,
+int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain,
 			 ip6tc_handle_t *handle);
 
 /* read packet and byte counters for a specific rule */
-struct ip6t_counters *ip6tc_read_counter(const ip6t_chainlabel chain,
+struct ip6t_counters *ip6tc_read_counter(const xt_chainlabel chain,
 					unsigned int rulenum,
 					ip6tc_handle_t *handle);
 
 /* zero packet and byte counters for a specific rule */
-int ip6tc_zero_counter(const ip6t_chainlabel chain,
+int ip6tc_zero_counter(const xt_chainlabel chain,
 		       unsigned int rulenum,
 		       ip6tc_handle_t *handle);
 
 /* set packet and byte counters for a specific rule */
-int ip6tc_set_counter(const ip6t_chainlabel chain,
+int ip6tc_set_counter(const xt_chainlabel chain,
 		      unsigned int rulenum,
 		      struct ip6t_counters *counters,
 		      ip6tc_handle_t *handle);

Modified: branches/iptables/iptables-1.4/include/libiptc/libiptc.h
===================================================================
--- branches/iptables/iptables-1.4/include/libiptc/libiptc.h	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/libiptc/libiptc.h	2006-01-23 17:24:41 UTC (rev 6431)
@@ -4,27 +4,14 @@
 
 #include <libiptc/ipt_kernel_headers.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
+#include <libiptc/libxtc.h>
 
+#define ipt_chainlabel xt_chainlabel
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#ifndef IPT_MIN_ALIGN
-/* ipt_entry has pointers and u_int64_t's in it, so if you align to
-   it, you'll also align to any crazy matches and targets someone
-   might write */
-#define IPT_MIN_ALIGN (__alignof__(struct ipt_entry))
-#endif
-
-#define IPT_ALIGN(s) (((s) + ((IPT_MIN_ALIGN)-1)) & ~((IPT_MIN_ALIGN)-1))
-
-typedef char ipt_chainlabel[32];
-
-#define IPTC_LABEL_ACCEPT  "ACCEPT"
-#define IPTC_LABEL_DROP    "DROP"
-#define IPTC_LABEL_QUEUE   "QUEUE"
-#define IPTC_LABEL_RETURN  "RETURN"
-
 /* Transparent handle type. */
 typedef struct iptc_handle *iptc_handle_t;
 

Added: branches/iptables/iptables-1.4/include/libiptc/libxtc.h
===================================================================
--- branches/iptables/iptables-1.4/include/libiptc/libxtc.h	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/libiptc/libxtc.h	2006-01-23 17:24:41 UTC (rev 6431)
@@ -0,0 +1,37 @@
+#ifndef _LIBXTC_H
+#define _LIBXTC_H
+/* Library which manipulates filtering rules. */
+
+#include <libiptc/ipt_kernel_headers.h>
+#include <linux/netfilter/x_tables.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if 0
+#ifndef XT_MIN_ALIGN
+/* ipt_entry has pointers and u_int64_t's in it, so if you align to
+   it, you'll also align to any crazy matches and targets someone
+   might write */
+#define XT_MIN_ALIGN (__alignof__(struct ipt_entry))
+#endif
+
+#ifndef XT_ALIGN
+#define XT_ALIGN(s) (((s) + ((XT_MIN_ALIGN)-1)) & ~((XT_MIN_ALIGN)-1))
+#endif
+#endif
+
+typedef char xt_chainlabel[32];
+
+#define XTC_LABEL_ACCEPT  "ACCEPT"
+#define XTC_LABEL_DROP    "DROP"
+#define XTC_LABEL_QUEUE   "QUEUE"
+#define XTC_LABEL_RETURN  "RETURN"
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _LIBXTC_H */

Added: branches/iptables/iptables-1.4/include/xtables.h
===================================================================
--- branches/iptables/iptables-1.4/include/xtables.h	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/xtables.h	2006-01-23 17:24:41 UTC (rev 6431)
@@ -0,0 +1,143 @@
+#ifndef _XTABLES_H
+#define _XTABLES_H
+
+#include <linux/netfilter/x_tables.h>
+#include <libiptc/libxtc.h>
+
+enum xt_tryload {
+	DONT_LOAD,
+	DURING_LOAD,
+	TRY_LOAD,
+	LOAD_MUST_SUCCEED
+};
+
+
+struct xtables_rule_match
+{
+	struct xtables_rule_match *next;
+	struct xtables_match *match;
+};
+
+/* Include file for additions: new matches and targets. */
+struct xtables_match
+{
+	struct xtables_match *next;
+
+	xt_chainlabel name;
+
+	/* Revision of match (0 by default). */
+	u_int8_t revision;
+
+	u_int16_t pf;
+
+	const char *version;
+
+	/* Size of match data. */
+	size_t size;
+
+	/* Size of match data relevent for userspace comparison purposes */
+	size_t userspacesize;
+
+	/* Function which prints out usage message. */
+	void (*help)(void);
+
+	/* Initialize the match. */
+	void (*init)(void *matchinfo, unsigned int *nfcache);
+
+	/* Function which parses command options; returns true if it
+           ate an option */
+	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
+		     const struct ipt_entry *entry,
+		     unsigned int *nfcache, void *matchinfo);
+
+	/* Final check; exit if not ok. */
+	void (*final_check)(unsigned int flags);
+
+	/* Prints out the match iff non-NULL: put space at end */
+	void (*print)(const struct ipt_ip *ip,
+		      const void *matchinfo, int numeric);
+
+	/* Saves the match info in parsable form to stdout. */
+	void (*save)(const struct ipt_ip *ip, const void *matchinfo);
+
+	/* Pointer to list of extra command-line options */
+	const struct option *extra_opts;
+
+	/* Ignore these men behind the curtain: */
+	unsigned int option_offset;
+	struct ipt_entry_match *m;
+	unsigned int mflags;
+#ifdef NO_SHARED_LIBS
+	unsigned int loaded; /* simulate loading so options are merged properly */
+#endif
+};
+
+struct xtables_target
+{
+	struct xtables_target *next;
+
+	xt_chainlabel name;
+
+	/* Revision of target (0 by default). */
+	u_int8_t revision;
+
+	u_int16_t pf;
+
+	const char *version;
+
+	/* Size of target data. */
+	size_t size;
+
+	/* Size of target data relevent for userspace comparison purposes */
+	size_t userspacesize;
+
+	/* Function which prints out usage message. */
+	void (*help)(void);
+
+	/* Initialize the target. */
+	void (*init)(void *targetinfo, unsigned int *nfcache);
+
+	/* Function which parses command options; returns true if it
+           ate an option */
+	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
+		     const struct ipt_entry *entry, void *targetinfo);
+
+	/* Final check; exit if not ok. */
+	void (*final_check)(unsigned int flags);
+
+	/* Prints out the target iff non-NULL: put space at end */
+	void (*print)(const struct ipt_ip *ip, const void *targetinfo,
+		      int numeric);
+
+	/* Saves the targinfo in parsable form to stdout. */
+	void (*save)(const struct ipt_ip *ip, const void *targetinfo);
+
+	/* Pointer to list of extra command-line options */
+	struct option *extra_opts;
+
+	/* Ignore these men behind the curtain: */
+	unsigned int option_offset;
+	struct ipt_entry_target *t;
+	unsigned int tflags;
+	unsigned int used;
+#ifdef NO_SHARED_LIBS
+	unsigned int loaded; /* simulate loading so options are merged properly */
+#endif
+};
+
+/* Your shared library should call one of these. */
+extern void register_match(struct xtables_match *me);
+extern void register_target(struct xtables_target *me);
+
+extern struct xtables_target *find_target(int pf, const char *name, enum xt_tryload);
+extern struct xtables_match *find_match(int pf, const char *name, enum xt_tryload, struct xtables_rule_match **match);
+
+/* kernel revision handling */
+extern int kernel_version;
+extern void get_kernel_version(void);
+#define LINUX_VERSION(x,y,z)	(0x10000*(x) + 0x100*(y) + z)
+#define LINUX_VERSION_MAJOR(x)	(((x)>>16) & 0xFF)
+#define LINUX_VERSION_MINOR(x)	(((x)>> 8) & 0xFF)
+#define LINUX_VERSION_PATCH(x)	( (x)      & 0xFF)
+
+#endif /* _XTABLES_H */

Modified: branches/iptables/iptables-1.4/ip6tables.c
===================================================================
--- branches/iptables/iptables-1.4/ip6tables.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/ip6tables.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -710,7 +710,7 @@
 }
 
 struct ip6tables_match *
-find_match(const char *name, enum ip6t_tryload tryload, struct ip6tables_rule_match **matches)
+find_match(const char *name, enum xt_tryload tryload, struct ip6tables_rule_match **matches)
 {
 	struct ip6tables_match *ptr;
  	int icmphack = 0;
@@ -785,7 +785,7 @@
 
 /* Christophe Burki wants `-p 6' to imply `-m tcp'.  */
 static struct ip6tables_match *
-find_proto(const char *pname, enum ip6t_tryload tryload, int nolookup, struct ip6tables_rule_match **matches)
+find_proto(const char *pname, enum xt_tryload tryload, int nolookup, struct ip6tables_rule_match **matches)
 {
 	unsigned int proto;
 
@@ -968,7 +968,7 @@
 }
 
 struct ip6tables_target *
-find_target(const char *name, enum ip6t_tryload tryload)
+find_target(const char *name, enum xt_tryload tryload)
 {
 	struct ip6tables_target *ptr;
 

Modified: branches/iptables/iptables-1.4/iptables.c
===================================================================
--- branches/iptables/iptables-1.4/iptables.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/iptables.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -197,10 +197,6 @@
 
 int kernel_version;
 
-/* Keeping track of external matches and targets: linked lists.  */
-struct iptables_match *iptables_matches = NULL;
-struct iptables_target *iptables_targets = NULL;
-
 /* Extra debugging from libiptc */
 extern void dump_entries(const iptc_handle_t handle);
 
@@ -352,10 +348,10 @@
 }
 
 void
-exit_printhelp(struct iptables_rule_match *matches)
+exit_printhelp(struct xtables_rule_match *matches)
 {
-	struct iptables_rule_match *matchp = NULL;
-	struct iptables_target *t = NULL;
+	struct xtables_rule_match *matchp = NULL;
+	struct xtables_target *t = NULL;
 
 	printf("%s v%s\n\n"
 "Usage: %s -[AD] chain rule-specification [options]\n"
@@ -424,7 +420,7 @@
 	/* Print out any special helps. A user might like to be able
 	   to add a --help to the commandline, and see expected
 	   results. So we call help for all specified matches & targets */
-	for (t = iptables_targets; t ;t = t->next) {
+	for (t = iptables_targets[AF_INET]; t; t = t->next) {
 		if (t->used) {
 			printf("\n");
 			t->help();
@@ -674,66 +670,9 @@
 	}
 }
 
-struct iptables_match *
-find_match(const char *name, enum ipt_tryload tryload, struct iptables_rule_match **matches)
-{
-	struct iptables_match *ptr;
-
-	for (ptr = iptables_matches; ptr; ptr = ptr->next) {
-		if (strcmp(name, ptr->name) == 0)
-			break;
-	}
-
-#ifndef NO_SHARED_LIBS
-	if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
-		char path[strlen(lib_dir) + sizeof("/libipt_.so")
-			 + strlen(name)];
-		sprintf(path, "%s/libipt_%s.so", lib_dir, name);
-		if (dlopen(path, RTLD_NOW)) {
-			/* Found library.  If it didn't register itself,
-			   maybe they specified target as match. */
-			ptr = find_match(name, DONT_LOAD, NULL);
-
-			if (!ptr)
-				exit_error(PARAMETER_PROBLEM,
-					   "Couldn't load match `%s'\n",
-					   name);
-		} else if (tryload == LOAD_MUST_SUCCEED)
-			exit_error(PARAMETER_PROBLEM,
-				   "Couldn't load match `%s':%s\n",
-				   name, dlerror());
-	}
-#else
-	if (ptr && !ptr->loaded) {
-		if (tryload != DONT_LOAD)
-			ptr->loaded = 1;
-		else
-			ptr = NULL;
-	}
-	if(!ptr && (tryload == LOAD_MUST_SUCCEED)) {
-		exit_error(PARAMETER_PROBLEM,
-			   "Couldn't find match `%s'\n", name);
-	}
-#endif
-
-	if (ptr && matches) {
-		struct iptables_rule_match **i;
-		struct iptables_rule_match *newentry;
-
-		newentry = fw_malloc(sizeof(struct iptables_rule_match));
-
-		for (i = matches; *i; i = &(*i)->next);
-		newentry->match = ptr;
-		newentry->next = NULL;
-		*i = newentry;
-	}
-
-	return ptr;
-}
-
 /* Christophe Burki wants `-p 6' to imply `-m tcp'.  */
 static struct iptables_match *
-find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct iptables_rule_match **matches)
+find_proto(const char *pname, enum xt_tryload tryload, int nolookup, struct xtables_rule_match **matches)
 {
 	unsigned int proto;
 
@@ -975,61 +914,6 @@
 	}
 }
 
-struct iptables_target *
-find_target(const char *name, enum ipt_tryload tryload)
-{
-	struct iptables_target *ptr;
-
-	/* Standard target? */
-	if (strcmp(name, "") == 0
-	    || strcmp(name, IPTC_LABEL_ACCEPT) == 0
-	    || strcmp(name, IPTC_LABEL_DROP) == 0
-	    || strcmp(name, IPTC_LABEL_QUEUE) == 0
-	    || strcmp(name, IPTC_LABEL_RETURN) == 0)
-		name = "standard";
-
-	for (ptr = iptables_targets; ptr; ptr = ptr->next) {
-		if (strcmp(name, ptr->name) == 0)
-			break;
-	}
-
-#ifndef NO_SHARED_LIBS
-	if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
-		char path[strlen(lib_dir) + sizeof("/libipt_.so")
-			 + strlen(name)];
-		sprintf(path, "%s/libipt_%s.so", lib_dir, name);
-		if (dlopen(path, RTLD_NOW)) {
-			/* Found library.  If it didn't register itself,
-			   maybe they specified match as a target. */
-			ptr = find_target(name, DONT_LOAD);
-			if (!ptr)
-				exit_error(PARAMETER_PROBLEM,
-					   "Couldn't load target `%s'\n",
-					   name);
-		} else if (tryload == LOAD_MUST_SUCCEED)
-			exit_error(PARAMETER_PROBLEM,
-				   "Couldn't load target `%s':%s\n",
-				   name, dlerror());
-	}
-#else
-	if (ptr && !ptr->loaded) {
-		if (tryload != DONT_LOAD)
-			ptr->loaded = 1;
-		else
-			ptr = NULL;
-	}
-	if(!ptr && (tryload == LOAD_MUST_SUCCEED)) {
-		exit_error(PARAMETER_PROBLEM,
-			   "Couldn't find target `%s'\n", name);
-	}
-#endif
-
-	if (ptr)
-		ptr->used = 1;
-
-	return ptr;
-}
-
 static struct option *
 merge_options(struct option *oldopts, const struct option *newopts,
 	      unsigned int *option_offset)
@@ -1055,164 +939,6 @@
 	return merge;
 }
 
-static int compatible_revision(const char *name, u_int8_t revision, int opt)
-{
-	struct ipt_get_revision rev;
-	socklen_t s = sizeof(rev);
-	int max_rev, sockfd;
-
-	sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
-	if (sockfd < 0) {
-		fprintf(stderr, "Could not open socket to kernel: %s\n",
-			strerror(errno));
-		exit(1);
-	}
-
-	strcpy(rev.name, name);
-	rev.revision = revision;
-
-	max_rev = getsockopt(sockfd, IPPROTO_IP, opt, &rev, &s);
-	if (max_rev < 0) {
-		/* Definitely don't support this? */
-		if (errno == EPROTONOSUPPORT) {
-			close(sockfd);
-			return 0;
-		} else if (errno == ENOPROTOOPT) {
-			close(sockfd);
-			/* Assume only revision 0 support (old kernel) */
-			return (revision == 0);
-		} else {
-			fprintf(stderr, "getsockopt failed strangely: %s\n",
-				strerror(errno));
-			exit(1);
-		}
-	}
-	close(sockfd);
-	return 1;
-}
-
-static int compatible_match_revision(const char *name, u_int8_t revision)
-{
-	return compatible_revision(name, revision, IPT_SO_GET_REVISION_MATCH);
-}
-
-static int compatible_target_revision(const char *name, u_int8_t revision)
-{
-	return compatible_revision(name, revision, IPT_SO_GET_REVISION_TARGET);
-}
-
-void
-register_match(struct iptables_match *me)
-{
-	struct iptables_match **i, *old;
-
-	if (strcmp(me->version, program_version) != 0) {
-		fprintf(stderr, "%s: match `%s' v%s (I'm v%s).\n",
-			program_name, me->name, me->version, program_version);
-		exit(1);
-	}
-
-	/* Revision field stole a char from name. */
-	if (strlen(me->name) >= IPT_FUNCTION_MAXNAMELEN-1) {
-		fprintf(stderr, "%s: target `%s' has invalid name\n",
-			program_name, me->name);
-		exit(1);
-	}
-
-	old = find_match(me->name, DURING_LOAD, NULL);
-	if (old) {
-		if (old->revision == me->revision) {
-			fprintf(stderr,
-				"%s: match `%s' already registered.\n",
-				program_name, me->name);
-			exit(1);
-		}
-
-		/* Now we have two (or more) options, check compatibility. */
-		if (compatible_match_revision(old->name, old->revision)
-		    && old->revision > me->revision)
-			return;
-
-		/* Replace if compatible. */
-		if (!compatible_match_revision(me->name, me->revision))
-			return;
-
-		/* Delete old one. */
-		for (i = &iptables_matches; *i!=old; i = &(*i)->next);
-		*i = old->next;
-	}
-
-	if (me->size != IPT_ALIGN(me->size)) {
-		fprintf(stderr, "%s: match `%s' has invalid size %u.\n",
-			program_name, me->name, (unsigned int)me->size);
-		exit(1);
-	}
-
-	/* Append to list. */
-	for (i = &iptables_matches; *i; i = &(*i)->next);
-	me->next = NULL;
-	*i = me;
-
-	me->m = NULL;
-	me->mflags = 0;
-}
-
-void
-register_target(struct iptables_target *me)
-{
-	struct iptables_target *old;
-
-	if (strcmp(me->version, program_version) != 0) {
-		fprintf(stderr, "%s: target `%s' v%s (I'm v%s).\n",
-			program_name, me->name, me->version, program_version);
-		exit(1);
-	}
-
-	/* Revision field stole a char from name. */
-	if (strlen(me->name) >= IPT_FUNCTION_MAXNAMELEN-1) {
-		fprintf(stderr, "%s: target `%s' has invalid name\n",
-			program_name, me->name);
-		exit(1);
-	}
-
-	old = find_target(me->name, DURING_LOAD);
-	if (old) {
-		struct iptables_target **i;
-
-		if (old->revision == me->revision) {
-			fprintf(stderr,
-				"%s: target `%s' already registered.\n",
-				program_name, me->name);
-			exit(1);
-		}
-
-		/* Now we have two (or more) options, check compatibility. */
-		if (compatible_target_revision(old->name, old->revision)
-		    && old->revision > me->revision)
-			return;
-
-		/* Replace if compatible. */
-		if (!compatible_target_revision(me->name, me->revision))
-			return;
-
-		/* Delete old one. */
-		for (i = &iptables_targets; *i!=old; i = &(*i)->next);
-		*i = old->next;
-	}
-
-	if (me->size != IPT_ALIGN(me->size)) {
-		fprintf(stderr, "%s: target `%s' has invalid size %u.\n",
-			program_name, me->name, (unsigned int)me->size);
-		exit(1);
-	}
-
-	/* Prepend to list. */
-	me->next = iptables_targets;
-	iptables_targets = me;
-	me->t = NULL;
-	me->tflags = 0;
-}
-
 static void
 print_num(u_int64_t number, unsigned int format)
 {
@@ -1298,7 +1024,7 @@
 
 	if (match) {
 		if (match->print)
-			match->print(ip, m, numeric);
+			match->print(ip, m->data, numeric);
 		else
 			printf("%s ", match->name);
 	} else {
@@ -1425,7 +1151,7 @@
 	if (target) {
 		if (target->print)
 			/* Print the target information. */
-			target->print(&fw->ip, t, format & FMT_NUMERIC);
+			target->print(&fw->ip, t->data, format & FMT_NUMERIC);
 	} else if (t->u.target_size != sizeof(*t))
 		printf("[%u bytes of unknown target data] ",
 		       (unsigned int)(t->u.target_size - sizeof(*t)));
@@ -1515,11 +1241,11 @@
 }
 
 static unsigned char *
-make_delete_mask(struct ipt_entry *fw, struct iptables_rule_match *matches)
+make_delete_mask(struct ipt_entry *fw, struct xtables_rule_match *matches)
 {
 	/* Establish mask for comparison */
 	unsigned int size;
-	struct iptables_rule_match *matchp;
+	struct xtables_rule_match *matchp;
 	unsigned char *mask, *mptr;
 
 	size = sizeof(struct ipt_entry);
@@ -1556,7 +1282,7 @@
 	     const struct in_addr daddrs[],
 	     int verbose,
 	     iptc_handle_t *handle,
-	     struct iptables_rule_match *matches)
+	     struct xtables_rule_match *matches)
 {
 	unsigned int i, j;
 	int ret = 1;
@@ -1768,11 +1494,11 @@
 
 static struct ipt_entry *
 generate_entry(const struct ipt_entry *fw,
-	       struct iptables_rule_match *matches,
+	       struct xtables_rule_match *matches,
 	       struct ipt_entry_target *target)
 {
 	unsigned int size;
-	struct iptables_rule_match *matchp;
+	struct xtables_rule_match *matchp;
 	struct ipt_entry *e;
 
 	size = sizeof(struct ipt_entry);
@@ -1794,9 +1520,9 @@
 	return e;
 }
 
-void clear_rule_matches(struct iptables_rule_match **matches)
+void clear_rule_matches(struct xtables_rule_match **matches)
 {
-	struct iptables_rule_match *matchp, *tmp;
+	struct xtables_rule_match *matchp, *tmp;
 
 	for (matchp = *matches; matchp;) {
 		tmp = matchp->next;
@@ -1846,11 +1572,11 @@
 	unsigned int rulenum = 0, options = 0, command = 0;
 	const char *pcnt = NULL, *bcnt = NULL;
 	int ret = 1;
-	struct iptables_match *m;
-	struct iptables_rule_match *matches = NULL;
-	struct iptables_rule_match *matchp;
-	struct iptables_target *target = NULL;
-	struct iptables_target *t;
+	struct xtables_match *m;
+	struct xtables_rule_match *matches = NULL;
+	struct xtables_rule_match *matchp;
+	struct xtables_target *target = NULL;
+	struct xtables_target *t;
 	const char *jumpto = "";
 	char *protocol = NULL;
 	const char *modprobe = NULL;
@@ -1864,10 +1590,10 @@
 
 	/* clear mflags in case do_command gets called a second time
 	 * (we clear the global list of all matches for security)*/
-	for (m = iptables_matches; m; m = m->next)
+	for (m = iptables_matches[PF_INET]; m; m = m->next)
 		m->mflags = 0;
 
-	for (t = iptables_targets; t; t = t->next) {
+	for (t = iptables_targets[PF_INET]; t; t = t->next) {
 		t->tflags = 0;
 		t->used = 0;
 	}
@@ -2118,14 +1844,14 @@
 					   "unexpected ! flag before --match");
 
 			m = find_match(optarg, LOAD_MUST_SUCCEED, &matches);
-			size = IPT_ALIGN(sizeof(struct ipt_entry_match))
+			size = XT_ALIGN(sizeof(struct ipt_entry_match))
 					 + m->size;
 			m->m = fw_calloc(1, size);
 			m->m->u.match_size = size;
 			strcpy(m->m->u.user.name, m->name);
 			set_revision(m->m->u.user.name, m->revision);
 			if (m->init != NULL)
-				m->init(m->m, &fw.nfcache);
+				m->init(&m->m->data, &fw.nfcache);
 			opts = merge_options(opts, m->extra_opts, &m->option_offset);
 		}
 		break;
@@ -2210,14 +1936,14 @@
 			    || !(target->parse(c - target->option_offset,
 					       argv, invert,
 					       &target->tflags,
-					       &fw, &target->t))) {
+					       &fw, &target->t.data))) {
 				for (matchp = matches; matchp; matchp = matchp->next) {
 					if (matchp->match->parse(c - matchp->match->option_offset,
 						     argv, invert,
 						     &matchp->match->mflags,
 						     &fw,
 						     &fw.nfcache,
-						     &matchp->match->m))
+						     &matchp->match->m.data))
 						break;
 				}
 				m = matchp ? matchp->match : NULL;

Modified: branches/iptables/iptables-1.4/libiptc/libip4tc.c
===================================================================
--- branches/iptables/iptables-1.4/libiptc/libip4tc.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/libiptc/libip4tc.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -62,8 +62,6 @@
 #define ERROR_TARGET		IPT_ERROR_TARGET
 #define NUMHOOKS		NF_IP_NUMHOOKS
 
-#define IPT_CHAINLABEL		ipt_chainlabel
-
 #define TC_DUMP_ENTRIES		dump_entries
 #define TC_IS_CHAIN		iptc_is_chain
 #define TC_FIRST_CHAIN		iptc_first_chain
@@ -98,19 +96,14 @@
 #define TC_AF			AF_INET
 #define TC_IPPROTO		IPPROTO_IP
 
-#define SO_SET_REPLACE		IPT_SO_SET_REPLACE
-#define SO_SET_ADD_COUNTERS	IPT_SO_SET_ADD_COUNTERS
-#define SO_GET_INFO		IPT_SO_GET_INFO
-#define SO_GET_ENTRIES		IPT_SO_GET_ENTRIES
-#define SO_GET_VERSION		IPT_SO_GET_VERSION
+#define SO_SET_REPLACE		XT_SO_SET_REPLACE
+#define SO_SET_ADD_COUNTERS	XT_SO_SET_ADD_COUNTERS
+#define SO_GET_INFO		XT_SO_GET_INFO
+#define SO_GET_ENTRIES		XT_SO_GET_ENTRIES
+#define SO_GET_VERSION		XT_SO_GET_VERSION
 
 #define STANDARD_TARGET		IPT_STANDARD_TARGET
-#define LABEL_RETURN		IPTC_LABEL_RETURN
-#define LABEL_ACCEPT		IPTC_LABEL_ACCEPT
-#define LABEL_DROP		IPTC_LABEL_DROP
-#define LABEL_QUEUE		IPTC_LABEL_QUEUE
 
-#define ALIGN			IPT_ALIGN
 #define RETURN			IPT_RETURN
 
 #include "libiptc.c"
@@ -210,7 +203,7 @@
 	mptr = matchmask + sizeof(STRUCT_ENTRY);
 	if (IPT_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
 		return NULL;
-	mptr += IPT_ALIGN(sizeof(struct ipt_entry_target));
+	mptr += XT_ALIGN(sizeof(struct ipt_entry_target));
 
 	return mptr;
 }

Modified: branches/iptables/iptables-1.4/libiptc/libip6tc.c
===================================================================
--- branches/iptables/iptables-1.4/libiptc/libip6tc.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/libiptc/libip6tc.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -93,19 +93,14 @@
 #define TC_AF			AF_INET6
 #define TC_IPPROTO		IPPROTO_IPV6
 
-#define SO_SET_REPLACE		IP6T_SO_SET_REPLACE
-#define SO_SET_ADD_COUNTERS	IP6T_SO_SET_ADD_COUNTERS
-#define SO_GET_INFO		IP6T_SO_GET_INFO
-#define SO_GET_ENTRIES		IP6T_SO_GET_ENTRIES
-#define SO_GET_VERSION		IP6T_SO_GET_VERSION
+#define SO_SET_REPLACE		XT_SO_SET_REPLACE
+#define SO_SET_ADD_COUNTERS	XT_SO_SET_ADD_COUNTERS
+#define SO_GET_INFO		XT_SO_GET_INFO
+#define SO_GET_ENTRIES		XT_SO_GET_ENTRIES
+#define SO_GET_VERSION		XT_SO_GET_VERSION
 
 #define STANDARD_TARGET		IP6T_STANDARD_TARGET
-#define LABEL_RETURN		IP6TC_LABEL_RETURN
-#define LABEL_ACCEPT		IP6TC_LABEL_ACCEPT
-#define LABEL_DROP		IP6TC_LABEL_DROP
-#define LABEL_QUEUE		IP6TC_LABEL_QUEUE
 
-#define ALIGN			IP6T_ALIGN
 #define RETURN			IP6T_RETURN
 
 #include "libiptc.c"
@@ -242,7 +237,7 @@
 	mptr = matchmask + sizeof(STRUCT_ENTRY);
 	if (IP6T_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
 		return NULL;
-	mptr += IP6T_ALIGN(sizeof(struct ip6t_entry_target));
+	mptr += XT_ALIGN(sizeof(struct ip6t_entry_target));
 
 	return mptr;
 }
@@ -397,9 +392,9 @@
 		assert(e->target_offset == sizeof(*e));
 		t = (STRUCT_STANDARD_TARGET *)GET_TARGET(e);
 		printf("target_size=%u, align=%u\n",
-			t->target.u.target_size, ALIGN(sizeof(*t)));
-		assert(t->target.u.target_size == ALIGN(sizeof(*t)));
-		assert(e->next_offset == sizeof(*e) + ALIGN(sizeof(*t)));
+			t->target.u.target_size, XT_ALIGN(sizeof(*t)));
+		assert(t->target.u.target_size == XT_ALIGN(sizeof(*t)));
+		assert(e->next_offset == sizeof(*e) + XT_ALIGN(sizeof(*t)));
 
 		assert(strcmp(t->target.u.user.name, STANDARD_TARGET)==0);
 		assert(t->verdict == -NF_DROP-1 || t->verdict == -NF_ACCEPT-1);

Modified: branches/iptables/iptables-1.4/libiptc/libiptc.c
===================================================================
--- branches/iptables/iptables-1.4/libiptc/libiptc.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/libiptc/libiptc.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -503,7 +503,7 @@
 
 			t = (STRUCT_STANDARD_TARGET *)GET_TARGET(e);
 			if (t->target.u.target_size
-			    != ALIGN(sizeof(STRUCT_STANDARD_TARGET))) {
+			    != XT_ALIGN(sizeof(STRUCT_STANDARD_TARGET))) {
 				errno = EINVAL;
 				return -1;
 			}
@@ -581,21 +581,21 @@
 	struct ipt_error_target name;
 };
 #define IPTCB_CHAIN_START_SIZE	(sizeof(STRUCT_ENTRY) +			\
-				 ALIGN(sizeof(struct ipt_error_target)))
+				 XT_ALIGN(sizeof(struct ipt_error_target)))
 
 struct iptcb_chain_foot {
 	STRUCT_ENTRY e;
 	STRUCT_STANDARD_TARGET target;
 };
 #define IPTCB_CHAIN_FOOT_SIZE	(sizeof(STRUCT_ENTRY) +			\
-				 ALIGN(sizeof(STRUCT_STANDARD_TARGET)))
+				 XT_ALIGN(sizeof(STRUCT_STANDARD_TARGET)))
 
 struct iptcb_chain_error {
 	STRUCT_ENTRY entry;
 	struct ipt_error_target target;
 };
 #define IPTCB_CHAIN_ERROR_SIZE	(sizeof(STRUCT_ENTRY) +			\
-				 ALIGN(sizeof(struct ipt_error_target)))
+				 XT_ALIGN(sizeof(struct ipt_error_target)))
 
 
 
@@ -640,7 +640,7 @@
 		head->e.next_offset = IPTCB_CHAIN_START_SIZE;
 		strcpy(head->name.t.u.user.name, ERROR_TARGET);
 		head->name.t.u.target_size = 
-				ALIGN(sizeof(struct ipt_error_target));
+				XT_ALIGN(sizeof(struct ipt_error_target));
 		strcpy(head->name.error, c->name);
 	} else {
 		repl->hook_entry[c->hooknum-1] = c->head_offset;	
@@ -660,7 +660,7 @@
 	foot->e.next_offset = IPTCB_CHAIN_FOOT_SIZE;
 	strcpy(foot->target.target.u.user.name, STANDARD_TARGET);
 	foot->target.target.u.target_size =
-				ALIGN(sizeof(STRUCT_STANDARD_TARGET));
+				XT_ALIGN(sizeof(STRUCT_STANDARD_TARGET));
 	/* builtin targets have verdict, others return */
 	if (iptcc_is_builtin(c))
 		foot->target.verdict = c->verdict;
@@ -684,7 +684,7 @@
 	if (!iptcc_is_builtin(c))  {
 		/* Chain has header */
 		*offset += sizeof(STRUCT_ENTRY) 
-			     + ALIGN(sizeof(struct ipt_error_target));
+			     + XT_ALIGN(sizeof(struct ipt_error_target));
 		(*num)++;
 	}
 
@@ -701,7 +701,7 @@
 	c->foot_offset = *offset;
 	c->foot_index = *num;
 	*offset += sizeof(STRUCT_ENTRY)
-		   + ALIGN(sizeof(STRUCT_STANDARD_TARGET));
+		   + XT_ALIGN(sizeof(STRUCT_STANDARD_TARGET));
 	(*num)++;
 
 	return 1;
@@ -724,7 +724,7 @@
 	/* Append one error rule at end of chain */
 	num++;
 	offset += sizeof(STRUCT_ENTRY)
-		  + ALIGN(sizeof(struct ipt_error_target));
+		  + XT_ALIGN(sizeof(struct ipt_error_target));
 
 	/* ruleset size is now in offset */
 	*size = offset;
@@ -748,7 +748,7 @@
 	error->entry.target_offset = sizeof(STRUCT_ENTRY);
 	error->entry.next_offset = IPTCB_CHAIN_ERROR_SIZE;
 	error->target.t.u.user.target_size = 
-		ALIGN(sizeof(struct ipt_error_target));
+		XT_ALIGN(sizeof(struct ipt_error_target));
 	strcpy((char *)&error->target.t.u.user.name, ERROR_TARGET);
 	strcpy((char *)&error->target.error, "ERROR");
 
@@ -1106,16 +1106,16 @@
 {
 	switch (verdict) {
 		case RETURN:
-			return LABEL_RETURN;
+			return XTC_LABEL_RETURN;
 			break;
 		case -NF_ACCEPT-1:
-			return LABEL_ACCEPT;
+			return XTC_LABEL_ACCEPT;
 			break;
 		case -NF_DROP-1:
-			return LABEL_DROP;
+			return XTC_LABEL_DROP;
 			break;
 		case -NF_QUEUE-1:
-			return LABEL_QUEUE;
+			return XTC_LABEL_QUEUE;
 			break;
 		default:
 			fprintf(stderr, "ERROR: %d not a valid target)\n",
@@ -1208,7 +1208,7 @@
 	t = (STRUCT_STANDARD_TARGET *)GET_TARGET(e);
 
 	if (t->target.u.target_size
-	    != ALIGN(sizeof(STRUCT_STANDARD_TARGET))) {
+	    != XT_ALIGN(sizeof(STRUCT_STANDARD_TARGET))) {
 		errno = EINVAL;
 		return 0;
 	}
@@ -1235,13 +1235,13 @@
 		return 1;
 	}
 	/* Maybe it's a standard target name... */
-	else if (strcmp(t->u.user.name, LABEL_ACCEPT) == 0)
+	else if (strcmp(t->u.user.name, XTC_LABEL_ACCEPT) == 0)
 		return iptcc_standard_map(r, -NF_ACCEPT - 1);
-	else if (strcmp(t->u.user.name, LABEL_DROP) == 0)
+	else if (strcmp(t->u.user.name, XTC_LABEL_DROP) == 0)
 		return iptcc_standard_map(r, -NF_DROP - 1);
-	else if (strcmp(t->u.user.name, LABEL_QUEUE) == 0)
+	else if (strcmp(t->u.user.name, XTC_LABEL_QUEUE) == 0)
 		return iptcc_standard_map(r, -NF_QUEUE - 1);
-	else if (strcmp(t->u.user.name, LABEL_RETURN) == 0)
+	else if (strcmp(t->u.user.name, XTC_LABEL_RETURN) == 0)
 		return iptcc_standard_map(r, RETURN);
 	else if (TC_BUILTIN(t->u.user.name, handle)) {
 		/* Can't jump to builtins. */
@@ -1275,7 +1275,7 @@
 
 /* Insert the entry `fw' in chain `chain' into position `rulenum'. */
 int
-TC_INSERT_ENTRY(const IPT_CHAINLABEL chain,
+TC_INSERT_ENTRY(const xt_chainlabel chain,
 		const STRUCT_ENTRY *e,
 		unsigned int rulenum,
 		TC_HANDLE_T *handle)
@@ -1334,7 +1334,7 @@
 
 /* Atomically replace rule `rulenum' in `chain' with `fw'. */
 int
-TC_REPLACE_ENTRY(const IPT_CHAINLABEL chain,
+TC_REPLACE_ENTRY(const xt_chainlabel chain,
 		 const STRUCT_ENTRY *e,
 		 unsigned int rulenum,
 		 TC_HANDLE_T *handle)
@@ -1385,7 +1385,7 @@
 /* Append entry `fw' to chain `chain'.  Equivalent to insert with
    rulenum = length of chain. */
 int
-TC_APPEND_ENTRY(const IPT_CHAINLABEL chain,
+TC_APPEND_ENTRY(const xt_chainlabel chain,
 		const STRUCT_ENTRY *e,
 		TC_HANDLE_T *handle)
 {
@@ -1440,9 +1440,9 @@
 	if (strcmp(a->u.user.name, b->u.user.name) != 0)
 		return 1;
 
-	*maskptr += ALIGN(sizeof(*a));
+	*maskptr += XT_ALIGN(sizeof(*a));
 
-	for (i = 0; i < a->u.match_size - ALIGN(sizeof(*a)); i++)
+	for (i = 0; i < a->u.match_size - XT_ALIGN(sizeof(*a)); i++)
 		if (((a->data[i] ^ b->data[i]) & (*maskptr)[i]) != 0)
 			return 1;
 	*maskptr += i;
@@ -1492,7 +1492,7 @@
 
 /* Delete the first rule in `chain' which matches `fw'. */
 int
-TC_DELETE_ENTRY(const IPT_CHAINLABEL chain,
+TC_DELETE_ENTRY(const xt_chainlabel chain,
 		const STRUCT_ENTRY *origfw,
 		unsigned char *matchmask,
 		TC_HANDLE_T *handle)
@@ -1556,7 +1556,7 @@
 
 /* Delete the rule in position `rulenum' in `chain'. */
 int
-TC_DELETE_NUM_ENTRY(const IPT_CHAINLABEL chain,
+TC_DELETE_NUM_ENTRY(const xt_chainlabel chain,
 		    unsigned int rulenum,
 		    TC_HANDLE_T *handle)
 {
@@ -1602,7 +1602,7 @@
 /* Check the packet `fw' on chain `chain'.  Returns the verdict, or
    NULL and sets errno. */
 const char *
-TC_CHECK_PACKET(const IPT_CHAINLABEL chain,
+TC_CHECK_PACKET(const xt_chainlabel chain,
 		STRUCT_ENTRY *entry,
 		TC_HANDLE_T *handle)
 {
@@ -1613,7 +1613,7 @@
 
 /* Flushes the entries in the given chain (ie. empties chain). */
 int
-TC_FLUSH_ENTRIES(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
+TC_FLUSH_ENTRIES(const xt_chainlabel chain, TC_HANDLE_T *handle)
 {
 	struct chain_head *c;
 	struct rule_head *r, *tmp;
@@ -1637,7 +1637,7 @@
 
 /* Zeroes the counters in a chain. */
 int
-TC_ZERO_ENTRIES(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
+TC_ZERO_ENTRIES(const xt_chainlabel chain, TC_HANDLE_T *handle)
 {
 	struct chain_head *c;
 	struct rule_head *r;
@@ -1659,7 +1659,7 @@
 }
 
 STRUCT_COUNTERS *
-TC_READ_COUNTER(const IPT_CHAINLABEL chain,
+TC_READ_COUNTER(const xt_chainlabel chain,
 		unsigned int rulenum,
 		TC_HANDLE_T *handle)
 {
@@ -1683,7 +1683,7 @@
 }
 
 int
-TC_ZERO_COUNTER(const IPT_CHAINLABEL chain,
+TC_ZERO_COUNTER(const xt_chainlabel chain,
 		unsigned int rulenum,
 		TC_HANDLE_T *handle)
 {
@@ -1712,7 +1712,7 @@
 }
 
 int 
-TC_SET_COUNTER(const IPT_CHAINLABEL chain,
+TC_SET_COUNTER(const xt_chainlabel chain,
 	       unsigned int rulenum,
 	       STRUCT_COUNTERS *counters,
 	       TC_HANDLE_T *handle)
@@ -1748,7 +1748,7 @@
 /* To create a chain, create two rules: error node and unconditional
  * return. */
 int
-TC_CREATE_CHAIN(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
+TC_CREATE_CHAIN(const xt_chainlabel chain, TC_HANDLE_T *handle)
 {
 	static struct chain_head *c;
 
@@ -1757,16 +1757,16 @@
 	/* find_label doesn't cover built-in targets: DROP, ACCEPT,
            QUEUE, RETURN. */
 	if (iptcc_find_label(chain, *handle)
-	    || strcmp(chain, LABEL_DROP) == 0
-	    || strcmp(chain, LABEL_ACCEPT) == 0
-	    || strcmp(chain, LABEL_QUEUE) == 0
-	    || strcmp(chain, LABEL_RETURN) == 0) {
+	    || strcmp(chain, XTC_LABEL_DROP) == 0
+	    || strcmp(chain, XTC_LABEL_ACCEPT) == 0
+	    || strcmp(chain, XTC_LABEL_QUEUE) == 0
+	    || strcmp(chain, XTC_LABEL_RETURN) == 0) {
 		DEBUGP("Chain `%s' already exists\n", chain);
 		errno = EEXIST;
 		return 0;
 	}
 
-	if (strlen(chain)+1 > sizeof(IPT_CHAINLABEL)) {
+	if (strlen(chain)+1 > sizeof(xt_chainlabel)) {
 		DEBUGP("Chain name `%s' too long\n", chain);
 		errno = EINVAL;
 		return 0;
@@ -1790,7 +1790,7 @@
 
 /* Get the number of references to this chain. */
 int
-TC_GET_REFERENCES(unsigned int *ref, const IPT_CHAINLABEL chain,
+TC_GET_REFERENCES(unsigned int *ref, const xt_chainlabel chain,
 		  TC_HANDLE_T *handle)
 {
 	struct chain_head *c;
@@ -1808,7 +1808,7 @@
 
 /* Deletes a chain. */
 int
-TC_DELETE_CHAIN(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
+TC_DELETE_CHAIN(const xt_chainlabel chain, TC_HANDLE_T *handle)
 {
 	unsigned int references;
 	struct chain_head *c;
@@ -1860,8 +1860,8 @@
 }
 
 /* Renames a chain. */
-int TC_RENAME_CHAIN(const IPT_CHAINLABEL oldname,
-		    const IPT_CHAINLABEL newname,
+int TC_RENAME_CHAIN(const xt_chainlabel oldname,
+		    const xt_chainlabel newname,
 		    TC_HANDLE_T *handle)
 {
 	struct chain_head *c;
@@ -1870,10 +1870,10 @@
 	/* find_label doesn't cover built-in targets: DROP, ACCEPT,
            QUEUE, RETURN. */
 	if (iptcc_find_label(newname, *handle)
-	    || strcmp(newname, LABEL_DROP) == 0
-	    || strcmp(newname, LABEL_ACCEPT) == 0
-	    || strcmp(newname, LABEL_QUEUE) == 0
-	    || strcmp(newname, LABEL_RETURN) == 0) {
+	    || strcmp(newname, XTC_LABEL_DROP) == 0
+	    || strcmp(newname, XTC_LABEL_ACCEPT) == 0
+	    || strcmp(newname, XTC_LABEL_QUEUE) == 0
+	    || strcmp(newname, XTC_LABEL_RETURN) == 0) {
 		errno = EEXIST;
 		return 0;
 	}
@@ -1884,12 +1884,12 @@
 		return 0;
 	}
 
-	if (strlen(newname)+1 > sizeof(IPT_CHAINLABEL)) {
+	if (strlen(newname)+1 > sizeof(xt_chainlabel)) {
 		errno = EINVAL;
 		return 0;
 	}
 
-	strncpy(c->name, newname, sizeof(IPT_CHAINLABEL));
+	strncpy(c->name, newname, sizeof(xt_chainlabel));
 	
 	set_changed(*handle);
 
@@ -1898,8 +1898,8 @@
 
 /* Sets the policy on a built-in chain. */
 int
-TC_SET_POLICY(const IPT_CHAINLABEL chain,
-	      const IPT_CHAINLABEL policy,
+TC_SET_POLICY(const xt_chainlabel chain,
+	      const xt_chainlabel policy,
 	      STRUCT_COUNTERS *counters,
 	      TC_HANDLE_T *handle)
 {
@@ -1919,9 +1919,9 @@
 		return 0;
 	}
 
-	if (strcmp(policy, LABEL_ACCEPT) == 0)
+	if (strcmp(policy, XTC_LABEL_ACCEPT) == 0)
 		c->verdict = -NF_ACCEPT - 1;
-	else if (strcmp(policy, LABEL_DROP) == 0)
+	else if (strcmp(policy, XTC_LABEL_DROP) == 0)
 		c->verdict = -NF_DROP - 1;
 	else {
 		errno = EINVAL;

Added: branches/iptables/iptables-1.4/xtables.c
===================================================================
--- branches/iptables/iptables-1.4/xtables.c	2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/xtables.c	2006-01-23 17:24:41 UTC (rev 6431)
@@ -0,0 +1,287 @@
+
+/* Keeping track of external matches and targets: linked lists.  */
+struct xtables_match *iptables_matches[NPROTO];
+struct xtables_target *iptables_targets[NPROTO];
+
+struct xtables_match *
+find_match(int pf, const char *name, enum xt_tryload tryload, struct iptables_rule_match **matches)
+{
+	struct xtables_match *ptr;
+
+	if (pf >= NPROTO)
+		return NULL;
+
+	for (ptr = iptables_matches[pf]; ptr; ptr = ptr->next) {
+		if (strcmp(name, ptr->name) == 0)
+			break;
+	}
+
+#ifndef NO_SHARED_LIBS
+	if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
+		char path[strlen(lib_dir) + sizeof("/libipt_.so")
+			 + strlen(name)];
+		sprintf(path, "%s/libipt_%s.so", lib_dir, name);
+		if (dlopen(path, RTLD_NOW)) {
+			/* Found library.  If it didn't register itself,
+			   maybe they specified target as match. */
+			ptr = find_match(name, DONT_LOAD, NULL);
+
+			if (!ptr)
+				exit_error(PARAMETER_PROBLEM,
+					   "Couldn't load match `%s'\n",
+					   name);
+		} else if (tryload == LOAD_MUST_SUCCEED)
+			exit_error(PARAMETER_PROBLEM,
+				   "Couldn't load match `%s':%s\n",
+				   name, dlerror());
+	}
+#else
+	if (ptr && !ptr->loaded) {
+		if (tryload != DONT_LOAD)
+			ptr->loaded = 1;
+		else
+			ptr = NULL;
+	}
+	if(!ptr && (tryload == LOAD_MUST_SUCCEED)) {
+		exit_error(PARAMETER_PROBLEM,
+			   "Couldn't find match `%s'\n", name);
+	}
+#endif
+
+	if (ptr && matches) {
+		struct iptables_rule_match **i;
+		struct iptables_rule_match *newentry;
+
+		newentry = fw_malloc(sizeof(struct iptables_rule_match));
+
+		for (i = matches; *i; i = &(*i)->next);
+		newentry->match = ptr;
+		newentry->next = NULL;
+		*i = newentry;
+	}
+
+	return ptr;
+}
+
+
+struct xtables_target *
+find_target(int pf, const char *name, enum xt_tryload tryload)
+{
+	struct xtables_target *ptr;
+
+	/* Standard target? */
+	if (strcmp(name, "") == 0
+	    || strcmp(name, IPTC_LABEL_ACCEPT) == 0
+	    || strcmp(name, IPTC_LABEL_DROP) == 0
+	    || strcmp(name, IPTC_LABEL_QUEUE) == 0
+	    || strcmp(name, IPTC_LABEL_RETURN) == 0)
+		name = "standard";
+
+	if (pf >= NPROTO)
+		return NULL;
+
+	for (ptr = iptables_targets[pf]; ptr; ptr = ptr->next) {
+		if (strcmp(name, ptr->name) == 0)
+			break;
+	}
+
+#ifndef NO_SHARED_LIBS
+	if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
+		char path[strlen(lib_dir) + sizeof("/libipt_.so")
+			 + strlen(name)];
+		sprintf(path, "%s/libipt_%s.so", lib_dir, name);
+		if (dlopen(path, RTLD_NOW)) {
+			/* Found library.  If it didn't register itself,
+			   maybe they specified match as a target. */
+			ptr = find_target(name, DONT_LOAD);
+			if (!ptr)
+				exit_error(PARAMETER_PROBLEM,
+					   "Couldn't load target `%s'\n",
+					   name);
+		} else if (tryload == LOAD_MUST_SUCCEED)
+			exit_error(PARAMETER_PROBLEM,
+				   "Couldn't load target `%s':%s\n",
+				   name, dlerror());
+	}
+#else
+	if (ptr && !ptr->loaded) {
+		if (tryload != DONT_LOAD)
+			ptr->loaded = 1;
+		else
+			ptr = NULL;
+	}
+	if(!ptr && (tryload == LOAD_MUST_SUCCEED)) {
+		exit_error(PARAMETER_PROBLEM,
+			   "Couldn't find target `%s'\n", name);
+	}
+#endif
+
+	if (ptr)
+		ptr->used = 1;
+
+	return ptr;
+}
+
+static int compatible_revision(int pf, const char *name, u_int8_t revision, int opt)
+{
+	struct xt_get_revision rev;
+	socklen_t s = sizeof(rev);
+	int max_rev, sockfd;
+
+	sockfd = socket(pf, SOCK_RAW, IPPROTO_RAW);
+	if (sockfd < 0) {
+		fprintf(stderr, "Could not open socket to kernel: %s\n",
+			strerror(errno));
+		exit(1);
+	}
+
+	strcpy(rev.name, name);
+	rev.revision = revision;
+
+	max_rev = getsockopt(sockfd, FIXME_IPPROTO_IP, opt, &rev, &s);
+	if (max_rev < 0) {
+		/* Definitely don't support this? */
+		if (errno == EPROTONOSUPPORT) {
+			close(sockfd);
+			return 0;
+		} else if (errno == ENOPROTOOPT) {
+			close(sockfd);
+			/* Assume only revision 0 support (old kernel) */
+			return (revision == 0);
+		} else {
+			fprintf(stderr, "getsockopt failed strangely: %s\n",
+				strerror(errno));
+			exit(1);
+		}
+	}
+	close(sockfd);
+	return 1;
+}
+
+
+static int compatible_match_revision(const char *name, u_int8_t revision)
+{
+	return compatible_revision(name, revision, XT_SO_GET_REVISION_MATCH);
+}
+
+static int compatible_target_revision(const char *name, u_int8_t revision)
+{
+	return compatible_revision(name, revision, XT_SO_GET_REVISION_TARGET);
+}
+
+void
+register_match(struct xtables_match *me)
+{
+	struct xtables_match **i, *old;
+
+	if (strcmp(me->version, program_version) != 0) {
+		fprintf(stderr, "%s: match `%s' v%s (I'm v%s).\n",
+			program_name, me->name, me->version, program_version);
+		exit(1);
+	}
+
+	/* Revision field stole a char from name. */
+	if (strlen(me->name) >= XT_FUNCTION_MAXNAMELEN-1) {
+		fprintf(stderr, "%s: target `%s' has invalid name\n",
+			program_name, me->name);
+		exit(1);
+	}
+
+	if (me->pf >= NPROTO)
+		exit(1);
+
+	old = find_match(me->name, DURING_LOAD, NULL);
+	if (old) {
+		if (old->revision == me->revision) {
+			fprintf(stderr,
+				"%s: match `%s' already registered.\n",
+				program_name, me->name);
+			exit(1);
+		}
+
+		/* Now we have two (or more) options, check compatibility. */
+		if (compatible_match_revision(old->name, old->revision)
+		    && old->revision > me->revision)
+			return;
+
+		/* Replace if compatible. */
+		if (!compatible_match_revision(me->name, me->revision))
+			return;
+
+		/* Delete old one. */
+		for (i = &iptables_matches; *i!=old; i = &(*i)->next);
+		*i = old->next;
+	}
+
+	if (me->size != IPT_ALIGN(me->size)) {
+		fprintf(stderr, "%s: match `%s' has invalid size %u.\n",
+			program_name, me->name, (unsigned int)me->size);
+		exit(1);
+	}
+
+	/* Append to list. */
+	for (i = &iptables_matches[me->pf]; *i; i = &(*i)->next);
+	me->next = NULL;
+	*i = me;
+
+	me->m = NULL;
+	me->mflags = 0;
+}
+
+void
+register_target(struct xtables_target *me)
+{
+	struct xtables_target *old;
+
+	if (strcmp(me->version, program_version) != 0) {
+		fprintf(stderr, "%s: target `%s' v%s (I'm v%s).\n",
+			program_name, me->name, me->version, program_version);
+		exit(1);
+	}
+
+	/* Revision field stole a char from name. */
+	if (strlen(me->name) >= IPT_FUNCTION_MAXNAMELEN-1) {
+		fprintf(stderr, "%s: target `%s' has invalid name\n",
+			program_name, me->name);
+		exit(1);
+	}
+
+	old = find_target(me->name, DURING_LOAD);
+	if (old) {
+		struct iptables_target **i;
+
+		if (old->revision == me->revision) {
+			fprintf(stderr,
+				"%s: target `%s' already registered.\n",
+				program_name, me->name);
+			exit(1);
+		}
+
+		/* Now we have two (or more) options, check compatibility. */
+		if (compatible_target_revision(old->name, old->revision)
+		    && old->revision > me->revision)
+			return;
+
+		/* Replace if compatible. */
+		if (!compatible_target_revision(me->name, me->revision))
+			return;
+
+		/* Delete old one. */
+		for (i = &iptables_targets; *i!=old; i = &(*i)->next);
+		*i = old->next;
+	}
+
+	if (me->size != IPT_ALIGN(me->size)) {
+		fprintf(stderr, "%s: target `%s' has invalid size %u.\n",
+			program_name, me->name, (unsigned int)me->size);
+		exit(1);
+	}
+
+	/* Prepend to list. */
+	me->next = iptables_targets;
+	iptables_targets = me;
+	me->t = NULL;
+	me->tflags = 0;
+}
+
+




More information about the netfilter-cvslog mailing list