summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjk7744.park <jk7744.park@samsung.com>2015-09-08 21:56:24 +0900
committerjk7744.park <jk7744.park@samsung.com>2015-09-08 21:56:24 +0900
commit427e21006a01f98c92434008442bba504c9d2e6c (patch)
tree8d3cdcc6e535016586023d74b9816ef339ddb31f
parentf5589e19420a83ca978348cbcfbc4c83b310bd3b (diff)
downloadiptables-427e21006a01f98c92434008442bba504c9d2e6c.tar.gz
iptables-427e21006a01f98c92434008442bba504c9d2e6c.tar.bz2
iptables-427e21006a01f98c92434008442bba504c9d2e6c.zip
-rw-r--r--.gitignore27
-rw-r--r--COPYING42
-rw-r--r--INSTALL4
-rw-r--r--Makefile.am85
-rw-r--r--Makefile.in897
-rw-r--r--aclocal.m4462
-rwxr-xr-xautogen.sh2
-rwxr-xr-xbuild-aux/ar-lib270
-rwxr-xr-xbuild-aux/compile343
-rwxr-xr-xbuild-aux/config.guess1530
-rwxr-xr-xbuild-aux/config.sub1782
-rwxr-xr-xbuild-aux/depcomp (renamed from depcomp)265
-rwxr-xr-xbuild-aux/install-sh (renamed from install-sh)32
-rw-r--r--build-aux/ltmain.sh (renamed from ltmain.sh)3924
-rwxr-xr-xbuild-aux/missing (renamed from missing)94
-rwxr-xr-xcompile142
-rw-r--r--config.h.in21
-rwxr-xr-xconfigure10674
-rw-r--r--configure.ac130
-rw-r--r--debian/changelog13
-rw-r--r--debian/compat1
-rw-r--r--debian/control32
-rw-r--r--debian/iptables-dev.install3
-rw-r--r--debian/iptables.install5
-rwxr-xr-xdebian/rules119
-rw-r--r--extensions/.gitignore9
-rw-r--r--extensions/GNUmakefile.in158
-rw-r--r--extensions/libip6t_DNAT.c252
-rw-r--r--extensions/libip6t_DNPT.c94
-rw-r--r--extensions/libip6t_DNPT.man30
-rw-r--r--extensions/libip6t_HL.c132
-rw-r--r--extensions/libip6t_LOG.c228
-rw-r--r--extensions/libip6t_MASQUERADE.c150
-rw-r--r--extensions/libip6t_NETMAP.c93
-rw-r--r--extensions/libip6t_REDIRECT.c151
-rw-r--r--extensions/libip6t_REJECT.c54
-rw-r--r--extensions/libip6t_REJECT.man7
-rw-r--r--extensions/libip6t_SNAT.c252
-rw-r--r--extensions/libip6t_SNPT.c94
-rw-r--r--extensions/libip6t_SNPT.man30
-rw-r--r--extensions/libip6t_ah.c157
-rw-r--r--extensions/libip6t_dst.c113
-rw-r--r--extensions/libip6t_frag.c204
-rw-r--r--extensions/libip6t_hbh.c112
-rw-r--r--extensions/libip6t_hl.c112
-rw-r--r--extensions/libip6t_icmp6.c88
-rw-r--r--extensions/libip6t_ipv6header.c129
-rw-r--r--extensions/libip6t_mh.c68
-rw-r--r--extensions/libip6t_mh.man2
-rw-r--r--extensions/libip6t_rt.c226
-rw-r--r--extensions/libipt_CLUSTERIP.c176
-rw-r--r--extensions/libipt_DNAT.c147
-rw-r--r--extensions/libipt_ECN.c118
-rw-r--r--extensions/libipt_LOG.c224
-rw-r--r--extensions/libipt_LOG.man31
-rw-r--r--extensions/libipt_MASQUERADE.c89
-rw-r--r--extensions/libipt_NETMAP.c128
-rw-r--r--extensions/libipt_REDIRECT.c106
-rw-r--r--extensions/libipt_REJECT.c63
-rw-r--r--extensions/libipt_REJECT.man6
-rw-r--r--extensions/libipt_SAME.c145
-rw-r--r--extensions/libipt_SNAT.c147
-rw-r--r--extensions/libipt_TTL.c133
-rw-r--r--extensions/libipt_TTL.man6
-rw-r--r--extensions/libipt_ULOG.c150
-rw-r--r--extensions/libipt_ULOG.man3
-rw-r--r--extensions/libipt_addrtype.c360
-rw-r--r--extensions/libipt_ah.c115
-rw-r--r--extensions/libipt_ecn.c160
-rw-r--r--extensions/libipt_icmp.c84
-rw-r--r--extensions/libipt_realm.c226
-rw-r--r--extensions/libipt_ttl.c138
-rw-r--r--extensions/libipt_ttl.man2
-rw-r--r--extensions/libxt_AUDIT.c101
-rw-r--r--extensions/libxt_AUDIT.man14
-rw-r--r--extensions/libxt_CHECKSUM.c77
-rw-r--r--extensions/libxt_CHECKSUM.man8
-rw-r--r--extensions/libxt_CLASSIFY.c67
-rw-r--r--extensions/libxt_CONNMARK.c329
-rw-r--r--extensions/libxt_CONNMARK.man26
-rw-r--r--extensions/libxt_CONNSECMARK.c69
-rw-r--r--extensions/libxt_CONNSECMARK.man7
-rw-r--r--extensions/libxt_CT.c308
-rw-r--r--extensions/libxt_CT.man5
-rw-r--r--extensions/libxt_DNAT.man (renamed from extensions/libipt_DNAT.man)17
-rw-r--r--extensions/libxt_DSCP.c97
-rw-r--r--extensions/libxt_HMARK.c450
-rw-r--r--extensions/libxt_HMARK.man60
-rw-r--r--extensions/libxt_IDLETIMER.c89
-rw-r--r--extensions/libxt_IDLETIMER.man20
-rw-r--r--extensions/libxt_LED.c108
-rw-r--r--extensions/libxt_LOG.man (renamed from extensions/libip6t_LOG.man)15
-rw-r--r--extensions/libxt_MARK.c241
-rw-r--r--extensions/libxt_MARK.man20
-rw-r--r--extensions/libxt_MASQUERADE.man (renamed from extensions/libipt_MASQUERADE.man)12
-rw-r--r--extensions/libxt_NETMAP.man (renamed from extensions/libipt_NETMAP.man)2
-rw-r--r--extensions/libxt_NFLOG.c110
-rw-r--r--extensions/libxt_NFLOG.man2
-rw-r--r--extensions/libxt_NFQUEUE.c239
-rw-r--r--extensions/libxt_NFQUEUE.man27
-rw-r--r--extensions/libxt_NOTRACK.c15
-rw-r--r--extensions/libxt_NOTRACK.man8
-rw-r--r--extensions/libxt_RATEEST.c135
-rw-r--r--extensions/libxt_REDIRECT.man (renamed from extensions/libipt_REDIRECT.man)13
-rw-r--r--extensions/libxt_SECMARK.c61
-rw-r--r--extensions/libxt_SECMARK.man7
-rw-r--r--extensions/libxt_SET.c230
-rw-r--r--extensions/libxt_SET.man21
-rw-r--r--extensions/libxt_SNAT.man (renamed from extensions/libipt_SNAT.man)30
-rw-r--r--extensions/libxt_SYNPROXY.c127
-rw-r--r--extensions/libxt_TCPMSS.c150
-rw-r--r--extensions/libxt_TCPMSS.man14
-rw-r--r--extensions/libxt_TCPOPTSTRIP.c61
-rw-r--r--extensions/libxt_TEE.c171
-rw-r--r--extensions/libxt_TOS.c165
-rw-r--r--extensions/libxt_TOS.man31
-rw-r--r--extensions/libxt_TPROXY.c243
-rw-r--r--extensions/libxt_TPROXY.man2
-rw-r--r--extensions/libxt_TRACE.man10
-rw-r--r--extensions/libxt_addrtype.c302
-rw-r--r--extensions/libxt_addrtype.man (renamed from extensions/libipt_addrtype.man)0
-rw-r--r--extensions/libxt_bpf.c152
-rw-r--r--extensions/libxt_bpf.man34
-rw-r--r--extensions/libxt_cgroup.c74
-rw-r--r--extensions/libxt_cgroup.man15
-rw-r--r--extensions/libxt_cluster.c208
-rw-r--r--extensions/libxt_cluster.man5
-rw-r--r--extensions/libxt_comment.c69
-rw-r--r--extensions/libxt_connbytes.c172
-rw-r--r--extensions/libxt_connlabel.c124
-rw-r--r--extensions/libxt_connlabel.man33
-rw-r--r--extensions/libxt_connlimit.c248
-rw-r--r--extensions/libxt_connlimit.man27
-rw-r--r--extensions/libxt_connmark.c120
-rw-r--r--extensions/libxt_connmark.man2
-rw-r--r--extensions/libxt_conntrack.c1205
-rw-r--r--extensions/libxt_conntrack.man73
-rw-r--r--extensions/libxt_cpu.c63
-rw-r--r--extensions/libxt_cpu.man15
-rw-r--r--extensions/libxt_dccp.c196
-rw-r--r--extensions/libxt_dccp.man2
-rw-r--r--extensions/libxt_devgroup.c172
-rw-r--r--extensions/libxt_devgroup.man7
-rw-r--r--extensions/libxt_dscp.c101
-rw-r--r--extensions/libxt_ecn.c138
-rw-r--r--extensions/libxt_ecn.man (renamed from extensions/libipt_ecn.man)4
-rw-r--r--extensions/libxt_esp.c124
-rw-r--r--extensions/libxt_hashlimit.c721
-rw-r--r--extensions/libxt_hashlimit.man53
-rw-r--r--extensions/libxt_helper.c60
-rw-r--r--extensions/libxt_iprange.c226
-rw-r--r--extensions/libxt_iprange.man4
-rw-r--r--extensions/libxt_ipvs.c285
-rw-r--r--extensions/libxt_ipvs.man24
-rw-r--r--extensions/libxt_length.c108
-rw-r--r--extensions/libxt_limit.c95
-rw-r--r--extensions/libxt_limit.man7
-rw-r--r--extensions/libxt_mac.c93
-rw-r--r--extensions/libxt_mark.c120
-rw-r--r--extensions/libxt_multiport.c237
-rw-r--r--extensions/libxt_multiport.man7
-rw-r--r--extensions/libxt_nfacct.c89
-rw-r--r--extensions/libxt_nfacct.man30
-rw-r--r--extensions/libxt_osf.c110
-rw-r--r--extensions/libxt_owner.c379
-rw-r--r--extensions/libxt_physdev.c139
-rw-r--r--extensions/libxt_pkttype.c63
-rw-r--r--extensions/libxt_policy.c350
-rw-r--r--extensions/libxt_policy.man7
-rw-r--r--extensions/libxt_quota.c69
-rw-r--r--extensions/libxt_quota.man4
-rw-r--r--extensions/libxt_rateest.c172
-rw-r--r--extensions/libxt_rateest.man75
-rw-r--r--extensions/libxt_recent.c424
-rw-r--r--extensions/libxt_recent.man47
-rw-r--r--extensions/libxt_rpfilter.c96
-rw-r--r--extensions/libxt_rpfilter.man39
-rw-r--r--extensions/libxt_sctp.c82
-rw-r--r--extensions/libxt_set.c394
-rw-r--r--extensions/libxt_set.h66
-rw-r--r--extensions/libxt_set.man50
-rw-r--r--extensions/libxt_socket.c139
-rw-r--r--extensions/libxt_socket.man24
-rw-r--r--extensions/libxt_state.c158
-rw-r--r--extensions/libxt_state.man28
-rw-r--r--extensions/libxt_statistic.c171
-rw-r--r--extensions/libxt_statistic.man11
-rw-r--r--extensions/libxt_string.c191
-rw-r--r--extensions/libxt_string.man10
-rw-r--r--extensions/libxt_tcp.c84
-rw-r--r--extensions/libxt_tcpmss.c105
-rw-r--r--extensions/libxt_time.c238
-rw-r--r--extensions/libxt_time.man71
-rw-r--r--extensions/libxt_tos.c108
-rw-r--r--extensions/libxt_u32.c63
-rw-r--r--extensions/libxt_u32.man36
-rw-r--r--extensions/libxt_udp.c126
-rw-r--r--extensions/tos_values.c61
-rw-r--r--include/Makefile.am4
-rw-r--r--include/Makefile.in215
-rw-r--r--include/ip6tables.h10
-rw-r--r--include/iptables.h28
-rw-r--r--include/libiptc/libip6tc.h118
-rw-r--r--include/libiptc/libiptc.h121
-rw-r--r--include/libiptc/xtcshared.h20
-rw-r--r--include/linux/kernel.h33
-rw-r--r--include/linux/netfilter.h18
-rw-r--r--include/linux/netfilter/ipset/ip_set.h268
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h14
-rw-r--r--include/linux/netfilter/nf_conntrack_tuple_common.h30
-rw-r--r--include/linux/netfilter/nf_nat.h33
-rw-r--r--include/linux/netfilter/x_tables.h5
-rw-r--r--include/linux/netfilter/xt_AUDIT.h30
-rw-r--r--include/linux/netfilter/xt_CHECKSUM.h20
-rw-r--r--include/linux/netfilter/xt_CT.h29
-rw-r--r--include/linux/netfilter/xt_HMARK.h50
-rw-r--r--include/linux/netfilter/xt_IDLETIMER.h45
-rw-r--r--include/linux/netfilter/xt_NFQUEUE.h15
-rw-r--r--include/linux/netfilter/xt_SECMARK.h12
-rw-r--r--include/linux/netfilter/xt_SYNPROXY.h16
-rw-r--r--include/linux/netfilter/xt_TCPOPTSTRIP.h4
-rw-r--r--include/linux/netfilter/xt_TPROXY.h19
-rw-r--r--include/linux/netfilter/xt_addrtype.h44
-rw-r--r--include/linux/netfilter/xt_bpf.h17
-rw-r--r--include/linux/netfilter/xt_cgroup.h11
-rw-r--r--include/linux/netfilter/xt_cluster.h10
-rw-r--r--include/linux/netfilter/xt_comment.h2
-rw-r--r--include/linux/netfilter/xt_connbytes.h4
-rw-r--r--include/linux/netfilter/xt_connlabel.h12
-rw-r--r--include/linux/netfilter/xt_connlimit.h16
-rw-r--r--include/linux/netfilter/xt_conntrack.h16
-rw-r--r--include/linux/netfilter/xt_cpu.h11
-rw-r--r--include/linux/netfilter/xt_devgroup.h21
-rw-r--r--include/linux/netfilter/xt_ecn.h33
-rw-r--r--include/linux/netfilter/xt_hashlimit.h6
-rw-r--r--include/linux/netfilter/xt_ipvs.h29
-rw-r--r--include/linux/netfilter/xt_nfacct.h17
-rw-r--r--include/linux/netfilter/xt_quota.h8
-rw-r--r--include/linux/netfilter/xt_recent.h10
-rw-r--r--include/linux/netfilter/xt_rpfilter.h17
-rw-r--r--include/linux/netfilter/xt_set.h94
-rw-r--r--include/linux/netfilter/xt_socket.h21
-rw-r--r--include/linux/netfilter/xt_time.h17
-rw-r--r--include/linux/netfilter/xt_u32.h18
-rw-r--r--include/linux/netfilter_ipv4/ip_queue.h72
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h82
-rw-r--r--include/linux/netfilter_ipv4/ipt_CLUSTERIP.h16
-rw-r--r--include/linux/netfilter_ipv4/ipt_ECN.h8
-rw-r--r--include/linux/netfilter_ipv4/ipt_LOG.h3
-rw-r--r--include/linux/netfilter_ipv4/ipt_SAME.h10
-rw-r--r--include/linux/netfilter_ipv4/ipt_TTL.h6
-rw-r--r--include/linux/netfilter_ipv4/ipt_addrtype.h16
-rw-r--r--include/linux/netfilter_ipv4/ipt_ah.h6
-rw-r--r--include/linux/netfilter_ipv4/ipt_ecn.h33
-rw-r--r--include/linux/netfilter_ipv4/ipt_ttl.h6
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h100
-rw-r--r--include/linux/netfilter_ipv6/ip6t_HL.h6
-rw-r--r--include/linux/netfilter_ipv6/ip6t_LOG.h3
-rw-r--r--include/linux/netfilter_ipv6/ip6t_NPT.h16
-rw-r--r--include/linux/netfilter_ipv6/ip6t_REJECT.h4
-rw-r--r--include/linux/netfilter_ipv6/ip6t_ah.h10
-rw-r--r--include/linux/netfilter_ipv6/ip6t_frag.h10
-rw-r--r--include/linux/netfilter_ipv6/ip6t_hl.h6
-rw-r--r--include/linux/netfilter_ipv6/ip6t_ipv6header.h8
-rw-r--r--include/linux/netfilter_ipv6/ip6t_mh.h6
-rw-r--r--include/linux/netfilter_ipv6/ip6t_opts.h12
-rw-r--r--include/linux/netfilter_ipv6/ip6t_rt.h13
-rw-r--r--include/linux/types.h13
-rw-r--r--include/net/netfilter/nf_conntrack_tuple.h114
-rw-r--r--include/net/netfilter/nf_nat.h55
-rw-r--r--include/xtables-version.h.in2
-rw-r--r--include/xtables.h564
-rw-r--r--include/xtables.h.in308
-rw-r--r--ip6tables-multi.c45
-rw-r--r--ip6tables-restore.850
-rw-r--r--ip6tables-save.853
-rw-r--r--ip6tables.8.in421
-rw-r--r--iptables-multi.c50
-rw-r--r--iptables.manifest9
-rw-r--r--iptables/.gitignore15
-rw-r--r--iptables/Makefile.am54
-rw-r--r--iptables/Makefile.in968
-rw-r--r--iptables/ip6tables-multi.h (renamed from ip6tables-multi.h)0
-rw-r--r--iptables/ip6tables-restore.81
-rw-r--r--iptables/ip6tables-restore.c (renamed from ip6tables-restore.c)230
-rw-r--r--iptables/ip6tables-save.81
-rw-r--r--iptables/ip6tables-save.c (renamed from ip6tables-save.c)91
-rw-r--r--iptables/ip6tables-standalone.c (renamed from ip6tables-standalone.c)12
-rw-r--r--iptables/ip6tables.81
-rw-r--r--iptables/ip6tables.c (renamed from ip6tables.c)938
-rwxr-xr-xiptables/iptables-apply (renamed from iptables-apply)25
-rw-r--r--iptables/iptables-apply.8.in (renamed from iptables-apply.8)4
-rw-r--r--iptables/iptables-extensions.8.tmpl.in28
-rw-r--r--iptables/iptables-multi.h (renamed from iptables-multi.h)1
-rw-r--r--iptables/iptables-restore.8.in (renamed from iptables-restore.8)43
-rw-r--r--iptables/iptables-restore.c (renamed from iptables-restore.c)219
-rw-r--r--iptables/iptables-save.8.in (renamed from iptables-save.8)17
-rw-r--r--iptables/iptables-save.c (renamed from iptables-save.c)92
-rw-r--r--iptables/iptables-standalone.c (renamed from iptables-standalone.c)10
-rw-r--r--iptables/iptables-xml.1.in (renamed from iptables-xml.8)2
-rw-r--r--iptables/iptables-xml.c (renamed from iptables-xml.c)84
-rw-r--r--iptables/iptables.8.in (renamed from iptables.8.in)132
-rw-r--r--iptables/iptables.c (renamed from iptables.c)989
-rw-r--r--iptables/iptables.xslt (renamed from iptables.xslt)0
-rw-r--r--iptables/xshared.c271
-rw-r--r--iptables/xshared.h91
-rw-r--r--iptables/xtables-multi.c41
-rw-r--r--iptables/xtables-multi.h6
-rw-r--r--iptables/xtables.pc.in (renamed from xtables.pc.in)1
-rw-r--r--libipq/.gitignore1
-rw-r--r--libipq/Makefile.am5
-rw-r--r--libipq/Makefile.in334
-rw-r--r--libipq/ipq_create_handle.32
-rw-r--r--libipq/ipq_errstr.32
-rw-r--r--libipq/ipq_message_type.32
-rw-r--r--libipq/ipq_read.32
-rw-r--r--libipq/ipq_set_mode.32
-rw-r--r--libipq/ipq_set_verdict.32
-rw-r--r--libipq/libipq.32
-rw-r--r--libipq/libipq.c5
-rw-r--r--libipq/libipq.pc.in (renamed from libiptc.pc.in)6
-rw-r--r--libiptc/.gitignore1
-rw-r--r--libiptc/Makefile.am15
-rw-r--r--libiptc/Makefile.in635
-rw-r--r--libiptc/libip4tc.c63
-rw-r--r--libiptc/libip4tc.pc.in10
-rw-r--r--libiptc/libip6tc.c43
-rw-r--r--libiptc/libip6tc.pc.in10
-rw-r--r--libiptc/libiptc.c108
-rw-r--r--libiptc/libiptc.pc.in10
-rw-r--r--libxtables/Makefile.am20
-rw-r--r--libxtables/Makefile.in603
-rw-r--r--libxtables/xtables.c (renamed from xtables.c)737
-rw-r--r--libxtables/xtoptions.c1204
-rw-r--r--m4/.gitignore2
-rw-r--r--m4/ax_check_linker_flags.m478
-rw-r--r--m4/libtool.m42388
-rw-r--r--m4/ltoptions.m432
-rw-r--r--m4/ltsugar.m420
-rw-r--r--m4/ltversion.m412
-rw-r--r--m4/lt~obsolete.m412
-rw-r--r--packaging/iptables.spec145
-rw-r--r--tests/options-ipv4.rules52
-rw-r--r--tests/options-most.rules214
-rw-r--r--utils/.gitignore2
-rw-r--r--utils/Makefile.am25
-rw-r--r--utils/Makefile.in285
-rw-r--r--utils/nfbpf_compile.c55
-rw-r--r--utils/nfsynproxy.c228
-rw-r--r--xshared.c31
-rw-r--r--xshared.h10
351 files changed, 35128 insertions, 21030 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..21873cd
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,27 @@
+*.a
+*.la
+*.lo
+*.so
+*.o
+*.oo
+*.d
+*.dd
+.deps/
+.dirstamp
+.libs/
+Makefile
+Makefile.in
+
+/include/xtables-version.h
+/include/iptables/internal.h
+
+/aclocal.m4
+/autom4te.cache/
+/build-aux/
+/config.*
+/configure
+/libtool
+/stamp-h1
+
+.project
+.cproject
diff --git a/COPYING b/COPYING
index a43ea21..d159169 100644
--- a/COPYING
+++ b/COPYING
@@ -1,12 +1,12 @@
- GNU GENERAL PUBLIC LICENSE
- Version 2, June 1991
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
- 675 Mass Ave, Cambridge, MA 02139, USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
- Preamble
+ Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
@@ -15,7 +15,7 @@ software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.) You can apply it to
+the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
@@ -55,8 +55,8 @@ patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
-
- GNU GENERAL PUBLIC LICENSE
+
+ GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
@@ -110,7 +110,7 @@ above, provided that you also meet all of these conditions:
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
-
+
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
@@ -168,7 +168,7 @@ access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
-
+
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
@@ -225,7 +225,7 @@ impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
-
+
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
@@ -255,7 +255,7 @@ make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
- NO WARRANTY
+ NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
@@ -277,9 +277,9 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
- END OF TERMS AND CONDITIONS
-
- Appendix: How to Apply These Terms to Your New Programs
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
@@ -291,7 +291,7 @@ convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
- Copyright (C) 19yy <name of author>
+ Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -303,16 +303,16 @@ the "copyright" line and a pointer to where the full notice is found.
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
- Gnomovision version 69, Copyright (C) 19yy name of author
+ Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
@@ -335,5 +335,5 @@ necessary. Here is a sample; alter the names:
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
-library. If this is what you want to do, use the GNU Library General
+library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
diff --git a/INSTALL b/INSTALL
index acb56cd..d62b428 100644
--- a/INSTALL
+++ b/INSTALL
@@ -31,7 +31,7 @@ Configuring and compiling
--with-xtlibdir=
The path to where Xtables extensions should be installed to. It
- defaults to ${prefix}/libexec/xtables.
+ defaults to ${libdir}/xtables.
--enable-devel (or --disable-devel)
@@ -70,6 +70,8 @@ If you want to enable debugging, use
(-O0 is used to turn off instruction reordering, which makes debugging
much easier.)
+To show debug traces you can add -DDEBUG to CFLAGS option
+
Other notes
===========
diff --git a/Makefile.am b/Makefile.am
index 2a63cc7..c38d360 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3,83 +3,18 @@
ACLOCAL_AMFLAGS = -I m4
AUTOMAKE_OPTIONS = foreign subdir-objects
-AM_CFLAGS = ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include ${kinclude_CFLAGS}
-SUBDIRS = extensions
+SUBDIRS = libiptc libxtables
if ENABLE_DEVEL
SUBDIRS += include
endif
if ENABLE_LIBIPQ
SUBDIRS += libipq
endif
-if HAVE_LIBNFNETLINK
SUBDIRS += utils
-endif
-lib_LTLIBRARIES =
-
-# libiptc
-lib_LTLIBRARIES += libiptc/libip4tc.la libiptc/libip6tc.la libiptc/libiptc.la
-libiptc_libiptc_la_SOURCES =
-libiptc_libiptc_la_LIBADD = libiptc/libip4tc.la libiptc/libip6tc.la
-libiptc_libiptc_la_LDFLAGS = -version-info 0:0:0
-libiptc_libip4tc_la_SOURCES = libiptc/libip4tc.c
-libiptc_libip4tc_la_LDFLAGS = -version-info 0:0:0
-libiptc_libip6tc_la_SOURCES = libiptc/libip6tc.c
-libiptc_libip6tc_la_LDFLAGS = -version-info 0:0:0
-
-lib_LTLIBRARIES += libxtables.la
-libxtables_la_SOURCES = xtables.c
-libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage}
-if ENABLE_SHARED
-libxtables_la_CFLAGS = ${AM_CFLAGS}
-libxtables_la_LIBADD = -ldl
-else
-libxtables_la_CFLAGS = ${AM_CFLAGS} -DNO_SHARED_LIBS=1
-libxtables_la_LIBADD =
-endif
-
-iptables_multi_SOURCES = iptables-multi.c iptables-save.c \
- iptables-restore.c iptables-xml.c \
- iptables-standalone.c iptables.c xshared.c
-iptables_multi_CFLAGS = ${AM_CFLAGS} -DIPTABLES_MULTI
-if ENABLE_STATIC
-iptables_multi_CFLAGS += -DALL_INCLUSIVE
-endif
-iptables_multi_LDFLAGS = -rdynamic
-iptables_multi_LDADD = libiptc/libip4tc.la extensions/libext4.a libxtables.la -lm
-
-ip6tables_multi_SOURCES = ip6tables-multi.c ip6tables-save.c \
- ip6tables-restore.c ip6tables-standalone.c \
- ip6tables.c xshared.c
-ip6tables_multi_CFLAGS = ${AM_CFLAGS} -DIPTABLES_MULTI
-if ENABLE_STATIC
-ip6tables_multi_CFLAGS += -DALL_INCLUSIVE
-endif
-ip6tables_multi_LDFLAGS = -rdynamic
-ip6tables_multi_LDADD = libiptc/libip6tc.la extensions/libext6.a libxtables.la -lm
-
-sbin_PROGRAMS =
-man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \
- iptables-xml.8 ip6tables.8 ip6tables-restore.8 \
- ip6tables-save.8
-CLEANFILES = iptables.8 ip6tables.8
-
-if ENABLE_IPV4
-sbin_PROGRAMS += iptables-multi
-v4_bin_links = iptables-xml
-v4_sbin_links = iptables iptables-restore iptables-save
-endif
-if ENABLE_IPV6
-sbin_PROGRAMS += ip6tables-multi
-v6_sbin_links = ip6tables ip6tables-restore ip6tables-save
-endif
-
-iptables.8: ${srcdir}/iptables.8.in extensions/matches4.man extensions/targets4.man
- ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches4.man' -e '/@TARGET@/ r extensions/targets4.man' $< >$@;
-
-ip6tables.8: ${srcdir}/ip6tables.8.in extensions/matches6.man extensions/targets6.man
- ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches6.man' -e '/@TARGET@/ r extensions/targets6.man' $< >$@;
-
-pkgconfig_DATA = libiptc.pc xtables.pc
+# Depends on libxtables:
+SUBDIRS += extensions
+# Depends on extensions/libext.a:
+SUBDIRS += iptables
.PHONY: tarball
tarball:
@@ -90,12 +25,4 @@ tarball:
rm -Rf /tmp/${PACKAGE_TARNAME}-${PACKAGE_VERSION};
config.status: extensions/GNUmakefile.in \
- include/xtables.h.in include/iptables/internal.h.in
-
-# Using if..fi avoids an ugly "error (ignored)" message :)
-install-exec-hook:
- -if test -z "${DESTDIR}"; then /sbin/ldconfig; fi;
- ${INSTALL} -dm0755 "${DESTDIR}${bindir}";
- for i in ${v4_bin_links}; do ${LN_S} -f "${sbindir}/iptables-multi" "${DESTDIR}${bindir}/$$i"; done;
- for i in ${v4_sbin_links}; do ${LN_S} -f iptables-multi "${DESTDIR}${sbindir}/$$i"; done;
- for i in ${v6_sbin_links}; do ${LN_S} -f ip6tables-multi "${DESTDIR}${sbindir}/$$i"; done;
+ include/xtables-version.h.in include/iptables/internal.h.in
diff --git a/Makefile.in b/Makefile.in
index 83897a5..082d8e9 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,8 +1,9 @@
-# Makefile.in generated by automake 1.10.2 from Makefile.am.
+# Makefile.in generated by automake 1.11.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -15,12 +16,27 @@
@SET_MAKE@
# -*- Makefile -*-
-
-
-
VPATH = @srcdir@
-pkglibdir = $(libdir)/@PACKAGE@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
@@ -37,26 +53,20 @@ build_triplet = @build@
host_triplet = @host@
@ENABLE_DEVEL_TRUE@am__append_1 = include
@ENABLE_LIBIPQ_TRUE@am__append_2 = libipq
-@HAVE_LIBNFNETLINK_TRUE@am__append_3 = utils
-@ENABLE_STATIC_TRUE@am__append_4 = -DALL_INCLUSIVE
-@ENABLE_STATIC_TRUE@am__append_5 = -DALL_INCLUSIVE
-sbin_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2)
-@ENABLE_IPV4_TRUE@am__append_6 = iptables-multi
-@ENABLE_IPV6_TRUE@am__append_7 = ip6tables-multi
subdir = .
DIST_COMMON = $(am__configure_deps) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in $(srcdir)/config.h.in \
- $(srcdir)/libiptc.pc.in $(srcdir)/xtables.pc.in \
$(top_srcdir)/configure \
$(top_srcdir)/extensions/GNUmakefile.in \
$(top_srcdir)/include/iptables/internal.h.in COPYING INSTALL \
- compile config.guess config.sub depcomp install-sh ltmain.sh \
- missing
+ build-aux/ar-lib build-aux/compile build-aux/config.guess \
+ build-aux/config.sub build-aux/depcomp build-aux/install-sh \
+ build-aux/ltmain.sh build-aux/missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/configure.ac
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_linker_flags.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
@@ -64,93 +74,10 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES = extensions/GNUmakefile \
- include/iptables/internal.h libiptc.pc xtables.pc
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(sbindir)" \
- "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgconfigdir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-libiptc_libip4tc_la_LIBADD =
-am__dirstamp = $(am__leading_dot)dirstamp
-am_libiptc_libip4tc_la_OBJECTS = libiptc/libip4tc.lo
-libiptc_libip4tc_la_OBJECTS = $(am_libiptc_libip4tc_la_OBJECTS)
-libiptc_libip4tc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(libiptc_libip4tc_la_LDFLAGS) $(LDFLAGS) -o $@
-libiptc_libip6tc_la_LIBADD =
-am_libiptc_libip6tc_la_OBJECTS = libiptc/libip6tc.lo
-libiptc_libip6tc_la_OBJECTS = $(am_libiptc_libip6tc_la_OBJECTS)
-libiptc_libip6tc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(libiptc_libip6tc_la_LDFLAGS) $(LDFLAGS) -o $@
-libiptc_libiptc_la_DEPENDENCIES = libiptc/libip4tc.la \
- libiptc/libip6tc.la
-am_libiptc_libiptc_la_OBJECTS =
-libiptc_libiptc_la_OBJECTS = $(am_libiptc_libiptc_la_OBJECTS)
-libiptc_libiptc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(libiptc_libiptc_la_LDFLAGS) $(LDFLAGS) -o $@
-libxtables_la_DEPENDENCIES =
-am_libxtables_la_OBJECTS = libxtables_la-xtables.lo
-libxtables_la_OBJECTS = $(am_libxtables_la_OBJECTS)
-libxtables_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libxtables_la_CFLAGS) \
- $(CFLAGS) $(libxtables_la_LDFLAGS) $(LDFLAGS) -o $@
-@ENABLE_IPV4_TRUE@am__EXEEXT_1 = iptables-multi$(EXEEXT)
-@ENABLE_IPV6_TRUE@am__EXEEXT_2 = ip6tables-multi$(EXEEXT)
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(sbin_PROGRAMS)
-am_ip6tables_multi_OBJECTS = \
- ip6tables_multi-ip6tables-multi.$(OBJEXT) \
- ip6tables_multi-ip6tables-save.$(OBJEXT) \
- ip6tables_multi-ip6tables-restore.$(OBJEXT) \
- ip6tables_multi-ip6tables-standalone.$(OBJEXT) \
- ip6tables_multi-ip6tables.$(OBJEXT) \
- ip6tables_multi-xshared.$(OBJEXT)
-ip6tables_multi_OBJECTS = $(am_ip6tables_multi_OBJECTS)
-ip6tables_multi_DEPENDENCIES = libiptc/libip6tc.la \
- extensions/libext6.a libxtables.la
-ip6tables_multi_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(ip6tables_multi_CFLAGS) \
- $(CFLAGS) $(ip6tables_multi_LDFLAGS) $(LDFLAGS) -o $@
-am_iptables_multi_OBJECTS = iptables_multi-iptables-multi.$(OBJEXT) \
- iptables_multi-iptables-save.$(OBJEXT) \
- iptables_multi-iptables-restore.$(OBJEXT) \
- iptables_multi-iptables-xml.$(OBJEXT) \
- iptables_multi-iptables-standalone.$(OBJEXT) \
- iptables_multi-iptables.$(OBJEXT) \
- iptables_multi-xshared.$(OBJEXT)
-iptables_multi_OBJECTS = $(am_iptables_multi_OBJECTS)
-iptables_multi_DEPENDENCIES = libiptc/libip4tc.la extensions/libext4.a \
- libxtables.la
-iptables_multi_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(iptables_multi_CFLAGS) \
- $(CFLAGS) $(iptables_multi_LDFLAGS) $(LDFLAGS) -o $@
-DEFAULT_INCLUDES = -I.@am__isrc@
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
-SOURCES = $(libiptc_libip4tc_la_SOURCES) \
- $(libiptc_libip6tc_la_SOURCES) $(libiptc_libiptc_la_SOURCES) \
- $(libxtables_la_SOURCES) $(ip6tables_multi_SOURCES) \
- $(iptables_multi_SOURCES)
-DIST_SOURCES = $(libiptc_libip4tc_la_SOURCES) \
- $(libiptc_libip6tc_la_SOURCES) $(libiptc_libiptc_la_SOURCES) \
- $(libxtables_la_SOURCES) $(ip6tables_multi_SOURCES) \
- $(iptables_multi_SOURCES)
+ include/iptables/internal.h
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
html-recursive info-recursive install-data-recursive \
install-dvi-recursive install-exec-recursive \
@@ -158,26 +85,59 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
install-pdf-recursive install-ps-recursive install-recursive \
installcheck-recursive installdirs-recursive pdf-recursive \
ps-recursive uninstall-recursive
-man8dir = $(mandir)/man8
-NROFF = nroff
-MANS = $(man_MANS)
-pkgconfigDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(pkgconfig_DATA)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir dist dist-all distcheck
ETAGS = etags
CTAGS = ctags
-DIST_SUBDIRS = extensions include libipq utils
+DIST_SUBDIRS = libiptc libxtables include libipq utils extensions \
+ iptables
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
am__remove_distdir = \
- { test ! -d $(distdir) \
- || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
- && rm -fr $(distdir); }; }
+ if test -d "$(distdir)"; then \
+ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+ && rm -rf "$(distdir)" \
+ || { sleep 5 && rm -rf "$(distdir)"; }; \
+ else :; fi
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
DIST_ARCHIVES = $(distdir).tar.gz
GZIP_ENV = --best
distuninstallcheck_listfiles = find . -type f -print
+am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
+ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
distcleancheck_listfiles = find . -type f -print
pkgdatadir = @pkgdatadir@
ACLOCAL = @ACLOCAL@
@@ -195,6 +155,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -218,9 +179,11 @@ LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -229,9 +192,12 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -242,6 +208,7 @@ abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
@@ -272,10 +239,13 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
kbuilddir = @kbuilddir@
-kinclude_CFLAGS = @kinclude_CFLAGS@
+kinclude_CPPFLAGS = @kinclude_CPPFLAGS@
ksourcedir = @ksourcedir@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_LDFLAGS2 = @libiptc_LDFLAGS2@
+libnetfilter_conntrack_CFLAGS = @libnetfilter_conntrack_CFLAGS@
+libnetfilter_conntrack_LIBS = @libnetfilter_conntrack_LIBS@
libnfnetlink_CFLAGS = @libnfnetlink_CFLAGS@
libnfnetlink_LIBS = @libnfnetlink_LIBS@
libxtables_vage = @libxtables_vage@
@@ -283,9 +253,9 @@ libxtables_vcurrent = @libxtables_vcurrent@
libxtables_vmajor = @libxtables_vmajor@
localedir = @localedir@
localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
+noundef_LDFLAGS = @noundef_LDFLAGS@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgconfigdir = @pkgconfigdir@
@@ -293,78 +263,41 @@ prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
regular_CFLAGS = @regular_CFLAGS@
+regular_CPPFLAGS = @regular_CPPFLAGS@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xtlibdir = @xtlibdir@
ACLOCAL_AMFLAGS = -I m4
AUTOMAKE_OPTIONS = foreign subdir-objects
-AM_CFLAGS = ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include ${kinclude_CFLAGS}
-SUBDIRS = extensions $(am__append_1) $(am__append_2) $(am__append_3)
-
-# libiptc
-lib_LTLIBRARIES = libiptc/libip4tc.la libiptc/libip6tc.la \
- libiptc/libiptc.la libxtables.la
-libiptc_libiptc_la_SOURCES =
-libiptc_libiptc_la_LIBADD = libiptc/libip4tc.la libiptc/libip6tc.la
-libiptc_libiptc_la_LDFLAGS = -version-info 0:0:0
-libiptc_libip4tc_la_SOURCES = libiptc/libip4tc.c
-libiptc_libip4tc_la_LDFLAGS = -version-info 0:0:0
-libiptc_libip6tc_la_SOURCES = libiptc/libip6tc.c
-libiptc_libip6tc_la_LDFLAGS = -version-info 0:0:0
-libxtables_la_SOURCES = xtables.c
-libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage}
-@ENABLE_SHARED_FALSE@libxtables_la_CFLAGS = ${AM_CFLAGS} -DNO_SHARED_LIBS=1
-@ENABLE_SHARED_TRUE@libxtables_la_CFLAGS = ${AM_CFLAGS}
-@ENABLE_SHARED_FALSE@libxtables_la_LIBADD =
-@ENABLE_SHARED_TRUE@libxtables_la_LIBADD = -ldl
-iptables_multi_SOURCES = iptables-multi.c iptables-save.c \
- iptables-restore.c iptables-xml.c \
- iptables-standalone.c iptables.c xshared.c
-
-iptables_multi_CFLAGS = ${AM_CFLAGS} -DIPTABLES_MULTI $(am__append_4)
-iptables_multi_LDFLAGS = -rdynamic
-iptables_multi_LDADD = libiptc/libip4tc.la extensions/libext4.a libxtables.la -lm
-ip6tables_multi_SOURCES = ip6tables-multi.c ip6tables-save.c \
- ip6tables-restore.c ip6tables-standalone.c \
- ip6tables.c xshared.c
-
-ip6tables_multi_CFLAGS = ${AM_CFLAGS} -DIPTABLES_MULTI $(am__append_5)
-ip6tables_multi_LDFLAGS = -rdynamic
-ip6tables_multi_LDADD = libiptc/libip6tc.la extensions/libext6.a libxtables.la -lm
-man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \
- iptables-xml.8 ip6tables.8 ip6tables-restore.8 \
- ip6tables-save.8
-
-CLEANFILES = iptables.8 ip6tables.8
-@ENABLE_IPV4_TRUE@v4_bin_links = iptables-xml
-@ENABLE_IPV4_TRUE@v4_sbin_links = iptables iptables-restore iptables-save
-@ENABLE_IPV6_TRUE@v6_sbin_links = ip6tables ip6tables-restore ip6tables-save
-pkgconfig_DATA = libiptc.pc xtables.pc
+# Depends on libxtables:
+# Depends on extensions/libext.a:
+SUBDIRS = libiptc libxtables $(am__append_1) $(am__append_2) utils \
+ extensions iptables
all: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive
.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-am--refresh:
+am--refresh: Makefile
@:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- echo ' cd $(srcdir) && $(AUTOMAKE) --foreign '; \
- cd $(srcdir) && $(AUTOMAKE) --foreign \
+ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \
+ $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \
&& exit 0; \
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
- cd $(top_srcdir) && \
- $(AUTOMAKE) --foreign Makefile
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -380,21 +313,20 @@ $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENC
$(SHELL) ./config.status --recheck
$(top_srcdir)/configure: $(am__configure_deps)
- cd $(srcdir) && $(AUTOCONF)
+ $(am__cd) $(srcdir) && $(AUTOCONF)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+ $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
config.h: stamp-h1
- @if test ! -f $@; then \
- rm -f stamp-h1; \
- $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
- else :; fi
+ @if test ! -f $@; then rm -f stamp-h1; else :; fi
+ @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi
stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
@rm -f stamp-h1
cd $(top_builddir) && $(SHELL) ./config.status config.h
$(srcdir)/config.h.in: $(am__configure_deps)
- cd $(top_srcdir) && $(AUTOHEADER)
+ ($(am__cd) $(top_srcdir) && $(AUTOHEADER))
rm -f stamp-h1
touch $@
@@ -404,401 +336,15 @@ extensions/GNUmakefile: $(top_builddir)/config.status $(top_srcdir)/extensions/G
cd $(top_builddir) && $(SHELL) ./config.status $@
include/iptables/internal.h: $(top_builddir)/config.status $(top_srcdir)/include/iptables/internal.h.in
cd $(top_builddir) && $(SHELL) ./config.status $@
-libiptc.pc: $(top_builddir)/config.status $(srcdir)/libiptc.pc.in
- cd $(top_builddir) && $(SHELL) ./config.status $@
-xtables.pc: $(top_builddir)/config.status $(srcdir)/xtables.pc.in
- cd $(top_builddir) && $(SHELL) ./config.status $@
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
- @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
- if test -f $$p; then \
- f=$(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
- else :; fi; \
- done
-
-uninstall-libLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
- p=$(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
- done
-
-clean-libLTLIBRARIES:
- -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
- @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
- test "$$dir" != "$$p" || dir=.; \
- echo "rm -f \"$${dir}/so_locations\""; \
- rm -f "$${dir}/so_locations"; \
- done
-libiptc/$(am__dirstamp):
- @$(MKDIR_P) libiptc
- @: > libiptc/$(am__dirstamp)
-libiptc/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) libiptc/$(DEPDIR)
- @: > libiptc/$(DEPDIR)/$(am__dirstamp)
-libiptc/libip4tc.lo: libiptc/$(am__dirstamp) \
- libiptc/$(DEPDIR)/$(am__dirstamp)
-libiptc/libip4tc.la: $(libiptc_libip4tc_la_OBJECTS) $(libiptc_libip4tc_la_DEPENDENCIES) libiptc/$(am__dirstamp)
- $(libiptc_libip4tc_la_LINK) -rpath $(libdir) $(libiptc_libip4tc_la_OBJECTS) $(libiptc_libip4tc_la_LIBADD) $(LIBS)
-libiptc/libip6tc.lo: libiptc/$(am__dirstamp) \
- libiptc/$(DEPDIR)/$(am__dirstamp)
-libiptc/libip6tc.la: $(libiptc_libip6tc_la_OBJECTS) $(libiptc_libip6tc_la_DEPENDENCIES) libiptc/$(am__dirstamp)
- $(libiptc_libip6tc_la_LINK) -rpath $(libdir) $(libiptc_libip6tc_la_OBJECTS) $(libiptc_libip6tc_la_LIBADD) $(LIBS)
-libiptc/libiptc.la: $(libiptc_libiptc_la_OBJECTS) $(libiptc_libiptc_la_DEPENDENCIES) libiptc/$(am__dirstamp)
- $(libiptc_libiptc_la_LINK) -rpath $(libdir) $(libiptc_libiptc_la_OBJECTS) $(libiptc_libiptc_la_LIBADD) $(LIBS)
-libxtables.la: $(libxtables_la_OBJECTS) $(libxtables_la_DEPENDENCIES)
- $(libxtables_la_LINK) -rpath $(libdir) $(libxtables_la_OBJECTS) $(libxtables_la_LIBADD) $(LIBS)
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
- @$(NORMAL_INSTALL)
- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
- @list='$(sbin_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
- else :; fi; \
- done
-
-uninstall-sbinPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(sbin_PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
- rm -f "$(DESTDIR)$(sbindir)/$$f"; \
- done
-
-clean-sbinPROGRAMS:
- @list='$(sbin_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
-ip6tables-multi$(EXEEXT): $(ip6tables_multi_OBJECTS) $(ip6tables_multi_DEPENDENCIES)
- @rm -f ip6tables-multi$(EXEEXT)
- $(ip6tables_multi_LINK) $(ip6tables_multi_OBJECTS) $(ip6tables_multi_LDADD) $(LIBS)
-iptables-multi$(EXEEXT): $(iptables_multi_OBJECTS) $(iptables_multi_DEPENDENCIES)
- @rm -f iptables-multi$(EXEEXT)
- $(iptables_multi_LINK) $(iptables_multi_OBJECTS) $(iptables_multi_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
- -rm -f libiptc/libip4tc.$(OBJEXT)
- -rm -f libiptc/libip4tc.lo
- -rm -f libiptc/libip6tc.$(OBJEXT)
- -rm -f libiptc/libip6tc.lo
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ip6tables_multi-ip6tables-multi.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ip6tables_multi-ip6tables-restore.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ip6tables_multi-ip6tables-save.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ip6tables_multi-ip6tables-standalone.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ip6tables_multi-ip6tables.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ip6tables_multi-xshared.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iptables_multi-iptables-multi.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iptables_multi-iptables-restore.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iptables_multi-iptables-save.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iptables_multi-iptables-standalone.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iptables_multi-iptables-xml.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iptables_multi-iptables.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iptables_multi-xshared.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxtables_la-xtables.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@libiptc/$(DEPDIR)/libip4tc.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@libiptc/$(DEPDIR)/libip6tc.Plo@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ mv -f $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ mv -f $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ mv -f $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
-
-libxtables_la-xtables.lo: xtables.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libxtables_la_CFLAGS) $(CFLAGS) -MT libxtables_la-xtables.lo -MD -MP -MF $(DEPDIR)/libxtables_la-xtables.Tpo -c -o libxtables_la-xtables.lo `test -f 'xtables.c' || echo '$(srcdir)/'`xtables.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/libxtables_la-xtables.Tpo $(DEPDIR)/libxtables_la-xtables.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xtables.c' object='libxtables_la-xtables.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libxtables_la_CFLAGS) $(CFLAGS) -c -o libxtables_la-xtables.lo `test -f 'xtables.c' || echo '$(srcdir)/'`xtables.c
-
-ip6tables_multi-ip6tables-multi.o: ip6tables-multi.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-ip6tables-multi.o -MD -MP -MF $(DEPDIR)/ip6tables_multi-ip6tables-multi.Tpo -c -o ip6tables_multi-ip6tables-multi.o `test -f 'ip6tables-multi.c' || echo '$(srcdir)/'`ip6tables-multi.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-ip6tables-multi.Tpo $(DEPDIR)/ip6tables_multi-ip6tables-multi.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-multi.c' object='ip6tables_multi-ip6tables-multi.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-ip6tables-multi.o `test -f 'ip6tables-multi.c' || echo '$(srcdir)/'`ip6tables-multi.c
-
-ip6tables_multi-ip6tables-multi.obj: ip6tables-multi.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-ip6tables-multi.obj -MD -MP -MF $(DEPDIR)/ip6tables_multi-ip6tables-multi.Tpo -c -o ip6tables_multi-ip6tables-multi.obj `if test -f 'ip6tables-multi.c'; then $(CYGPATH_W) 'ip6tables-multi.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-multi.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-ip6tables-multi.Tpo $(DEPDIR)/ip6tables_multi-ip6tables-multi.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-multi.c' object='ip6tables_multi-ip6tables-multi.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-ip6tables-multi.obj `if test -f 'ip6tables-multi.c'; then $(CYGPATH_W) 'ip6tables-multi.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-multi.c'; fi`
-
-ip6tables_multi-ip6tables-save.o: ip6tables-save.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-ip6tables-save.o -MD -MP -MF $(DEPDIR)/ip6tables_multi-ip6tables-save.Tpo -c -o ip6tables_multi-ip6tables-save.o `test -f 'ip6tables-save.c' || echo '$(srcdir)/'`ip6tables-save.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-ip6tables-save.Tpo $(DEPDIR)/ip6tables_multi-ip6tables-save.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-save.c' object='ip6tables_multi-ip6tables-save.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-ip6tables-save.o `test -f 'ip6tables-save.c' || echo '$(srcdir)/'`ip6tables-save.c
-
-ip6tables_multi-ip6tables-save.obj: ip6tables-save.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-ip6tables-save.obj -MD -MP -MF $(DEPDIR)/ip6tables_multi-ip6tables-save.Tpo -c -o ip6tables_multi-ip6tables-save.obj `if test -f 'ip6tables-save.c'; then $(CYGPATH_W) 'ip6tables-save.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-save.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-ip6tables-save.Tpo $(DEPDIR)/ip6tables_multi-ip6tables-save.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-save.c' object='ip6tables_multi-ip6tables-save.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-ip6tables-save.obj `if test -f 'ip6tables-save.c'; then $(CYGPATH_W) 'ip6tables-save.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-save.c'; fi`
-
-ip6tables_multi-ip6tables-restore.o: ip6tables-restore.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-ip6tables-restore.o -MD -MP -MF $(DEPDIR)/ip6tables_multi-ip6tables-restore.Tpo -c -o ip6tables_multi-ip6tables-restore.o `test -f 'ip6tables-restore.c' || echo '$(srcdir)/'`ip6tables-restore.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-ip6tables-restore.Tpo $(DEPDIR)/ip6tables_multi-ip6tables-restore.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-restore.c' object='ip6tables_multi-ip6tables-restore.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-ip6tables-restore.o `test -f 'ip6tables-restore.c' || echo '$(srcdir)/'`ip6tables-restore.c
-
-ip6tables_multi-ip6tables-restore.obj: ip6tables-restore.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-ip6tables-restore.obj -MD -MP -MF $(DEPDIR)/ip6tables_multi-ip6tables-restore.Tpo -c -o ip6tables_multi-ip6tables-restore.obj `if test -f 'ip6tables-restore.c'; then $(CYGPATH_W) 'ip6tables-restore.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-restore.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-ip6tables-restore.Tpo $(DEPDIR)/ip6tables_multi-ip6tables-restore.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-restore.c' object='ip6tables_multi-ip6tables-restore.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-ip6tables-restore.obj `if test -f 'ip6tables-restore.c'; then $(CYGPATH_W) 'ip6tables-restore.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-restore.c'; fi`
-
-ip6tables_multi-ip6tables-standalone.o: ip6tables-standalone.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-ip6tables-standalone.o -MD -MP -MF $(DEPDIR)/ip6tables_multi-ip6tables-standalone.Tpo -c -o ip6tables_multi-ip6tables-standalone.o `test -f 'ip6tables-standalone.c' || echo '$(srcdir)/'`ip6tables-standalone.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-ip6tables-standalone.Tpo $(DEPDIR)/ip6tables_multi-ip6tables-standalone.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-standalone.c' object='ip6tables_multi-ip6tables-standalone.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-ip6tables-standalone.o `test -f 'ip6tables-standalone.c' || echo '$(srcdir)/'`ip6tables-standalone.c
-
-ip6tables_multi-ip6tables-standalone.obj: ip6tables-standalone.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-ip6tables-standalone.obj -MD -MP -MF $(DEPDIR)/ip6tables_multi-ip6tables-standalone.Tpo -c -o ip6tables_multi-ip6tables-standalone.obj `if test -f 'ip6tables-standalone.c'; then $(CYGPATH_W) 'ip6tables-standalone.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-standalone.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-ip6tables-standalone.Tpo $(DEPDIR)/ip6tables_multi-ip6tables-standalone.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-standalone.c' object='ip6tables_multi-ip6tables-standalone.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-ip6tables-standalone.obj `if test -f 'ip6tables-standalone.c'; then $(CYGPATH_W) 'ip6tables-standalone.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-standalone.c'; fi`
-
-ip6tables_multi-ip6tables.o: ip6tables.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-ip6tables.o -MD -MP -MF $(DEPDIR)/ip6tables_multi-ip6tables.Tpo -c -o ip6tables_multi-ip6tables.o `test -f 'ip6tables.c' || echo '$(srcdir)/'`ip6tables.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-ip6tables.Tpo $(DEPDIR)/ip6tables_multi-ip6tables.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables.c' object='ip6tables_multi-ip6tables.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-ip6tables.o `test -f 'ip6tables.c' || echo '$(srcdir)/'`ip6tables.c
-
-ip6tables_multi-ip6tables.obj: ip6tables.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-ip6tables.obj -MD -MP -MF $(DEPDIR)/ip6tables_multi-ip6tables.Tpo -c -o ip6tables_multi-ip6tables.obj `if test -f 'ip6tables.c'; then $(CYGPATH_W) 'ip6tables.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-ip6tables.Tpo $(DEPDIR)/ip6tables_multi-ip6tables.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables.c' object='ip6tables_multi-ip6tables.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-ip6tables.obj `if test -f 'ip6tables.c'; then $(CYGPATH_W) 'ip6tables.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables.c'; fi`
-
-ip6tables_multi-xshared.o: xshared.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-xshared.o -MD -MP -MF $(DEPDIR)/ip6tables_multi-xshared.Tpo -c -o ip6tables_multi-xshared.o `test -f 'xshared.c' || echo '$(srcdir)/'`xshared.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-xshared.Tpo $(DEPDIR)/ip6tables_multi-xshared.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xshared.c' object='ip6tables_multi-xshared.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-xshared.o `test -f 'xshared.c' || echo '$(srcdir)/'`xshared.c
-
-ip6tables_multi-xshared.obj: xshared.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -MT ip6tables_multi-xshared.obj -MD -MP -MF $(DEPDIR)/ip6tables_multi-xshared.Tpo -c -o ip6tables_multi-xshared.obj `if test -f 'xshared.c'; then $(CYGPATH_W) 'xshared.c'; else $(CYGPATH_W) '$(srcdir)/xshared.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ip6tables_multi-xshared.Tpo $(DEPDIR)/ip6tables_multi-xshared.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xshared.c' object='ip6tables_multi-xshared.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ip6tables_multi_CFLAGS) $(CFLAGS) -c -o ip6tables_multi-xshared.obj `if test -f 'xshared.c'; then $(CYGPATH_W) 'xshared.c'; else $(CYGPATH_W) '$(srcdir)/xshared.c'; fi`
-
-iptables_multi-iptables-multi.o: iptables-multi.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables-multi.o -MD -MP -MF $(DEPDIR)/iptables_multi-iptables-multi.Tpo -c -o iptables_multi-iptables-multi.o `test -f 'iptables-multi.c' || echo '$(srcdir)/'`iptables-multi.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables-multi.Tpo $(DEPDIR)/iptables_multi-iptables-multi.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-multi.c' object='iptables_multi-iptables-multi.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables-multi.o `test -f 'iptables-multi.c' || echo '$(srcdir)/'`iptables-multi.c
-
-iptables_multi-iptables-multi.obj: iptables-multi.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables-multi.obj -MD -MP -MF $(DEPDIR)/iptables_multi-iptables-multi.Tpo -c -o iptables_multi-iptables-multi.obj `if test -f 'iptables-multi.c'; then $(CYGPATH_W) 'iptables-multi.c'; else $(CYGPATH_W) '$(srcdir)/iptables-multi.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables-multi.Tpo $(DEPDIR)/iptables_multi-iptables-multi.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-multi.c' object='iptables_multi-iptables-multi.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables-multi.obj `if test -f 'iptables-multi.c'; then $(CYGPATH_W) 'iptables-multi.c'; else $(CYGPATH_W) '$(srcdir)/iptables-multi.c'; fi`
-
-iptables_multi-iptables-save.o: iptables-save.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables-save.o -MD -MP -MF $(DEPDIR)/iptables_multi-iptables-save.Tpo -c -o iptables_multi-iptables-save.o `test -f 'iptables-save.c' || echo '$(srcdir)/'`iptables-save.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables-save.Tpo $(DEPDIR)/iptables_multi-iptables-save.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-save.c' object='iptables_multi-iptables-save.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables-save.o `test -f 'iptables-save.c' || echo '$(srcdir)/'`iptables-save.c
-
-iptables_multi-iptables-save.obj: iptables-save.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables-save.obj -MD -MP -MF $(DEPDIR)/iptables_multi-iptables-save.Tpo -c -o iptables_multi-iptables-save.obj `if test -f 'iptables-save.c'; then $(CYGPATH_W) 'iptables-save.c'; else $(CYGPATH_W) '$(srcdir)/iptables-save.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables-save.Tpo $(DEPDIR)/iptables_multi-iptables-save.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-save.c' object='iptables_multi-iptables-save.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables-save.obj `if test -f 'iptables-save.c'; then $(CYGPATH_W) 'iptables-save.c'; else $(CYGPATH_W) '$(srcdir)/iptables-save.c'; fi`
-
-iptables_multi-iptables-restore.o: iptables-restore.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables-restore.o -MD -MP -MF $(DEPDIR)/iptables_multi-iptables-restore.Tpo -c -o iptables_multi-iptables-restore.o `test -f 'iptables-restore.c' || echo '$(srcdir)/'`iptables-restore.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables-restore.Tpo $(DEPDIR)/iptables_multi-iptables-restore.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-restore.c' object='iptables_multi-iptables-restore.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables-restore.o `test -f 'iptables-restore.c' || echo '$(srcdir)/'`iptables-restore.c
-
-iptables_multi-iptables-restore.obj: iptables-restore.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables-restore.obj -MD -MP -MF $(DEPDIR)/iptables_multi-iptables-restore.Tpo -c -o iptables_multi-iptables-restore.obj `if test -f 'iptables-restore.c'; then $(CYGPATH_W) 'iptables-restore.c'; else $(CYGPATH_W) '$(srcdir)/iptables-restore.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables-restore.Tpo $(DEPDIR)/iptables_multi-iptables-restore.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-restore.c' object='iptables_multi-iptables-restore.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables-restore.obj `if test -f 'iptables-restore.c'; then $(CYGPATH_W) 'iptables-restore.c'; else $(CYGPATH_W) '$(srcdir)/iptables-restore.c'; fi`
-
-iptables_multi-iptables-xml.o: iptables-xml.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables-xml.o -MD -MP -MF $(DEPDIR)/iptables_multi-iptables-xml.Tpo -c -o iptables_multi-iptables-xml.o `test -f 'iptables-xml.c' || echo '$(srcdir)/'`iptables-xml.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables-xml.Tpo $(DEPDIR)/iptables_multi-iptables-xml.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-xml.c' object='iptables_multi-iptables-xml.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables-xml.o `test -f 'iptables-xml.c' || echo '$(srcdir)/'`iptables-xml.c
-
-iptables_multi-iptables-xml.obj: iptables-xml.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables-xml.obj -MD -MP -MF $(DEPDIR)/iptables_multi-iptables-xml.Tpo -c -o iptables_multi-iptables-xml.obj `if test -f 'iptables-xml.c'; then $(CYGPATH_W) 'iptables-xml.c'; else $(CYGPATH_W) '$(srcdir)/iptables-xml.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables-xml.Tpo $(DEPDIR)/iptables_multi-iptables-xml.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-xml.c' object='iptables_multi-iptables-xml.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables-xml.obj `if test -f 'iptables-xml.c'; then $(CYGPATH_W) 'iptables-xml.c'; else $(CYGPATH_W) '$(srcdir)/iptables-xml.c'; fi`
-
-iptables_multi-iptables-standalone.o: iptables-standalone.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables-standalone.o -MD -MP -MF $(DEPDIR)/iptables_multi-iptables-standalone.Tpo -c -o iptables_multi-iptables-standalone.o `test -f 'iptables-standalone.c' || echo '$(srcdir)/'`iptables-standalone.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables-standalone.Tpo $(DEPDIR)/iptables_multi-iptables-standalone.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-standalone.c' object='iptables_multi-iptables-standalone.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables-standalone.o `test -f 'iptables-standalone.c' || echo '$(srcdir)/'`iptables-standalone.c
-
-iptables_multi-iptables-standalone.obj: iptables-standalone.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables-standalone.obj -MD -MP -MF $(DEPDIR)/iptables_multi-iptables-standalone.Tpo -c -o iptables_multi-iptables-standalone.obj `if test -f 'iptables-standalone.c'; then $(CYGPATH_W) 'iptables-standalone.c'; else $(CYGPATH_W) '$(srcdir)/iptables-standalone.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables-standalone.Tpo $(DEPDIR)/iptables_multi-iptables-standalone.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-standalone.c' object='iptables_multi-iptables-standalone.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables-standalone.obj `if test -f 'iptables-standalone.c'; then $(CYGPATH_W) 'iptables-standalone.c'; else $(CYGPATH_W) '$(srcdir)/iptables-standalone.c'; fi`
-
-iptables_multi-iptables.o: iptables.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables.o -MD -MP -MF $(DEPDIR)/iptables_multi-iptables.Tpo -c -o iptables_multi-iptables.o `test -f 'iptables.c' || echo '$(srcdir)/'`iptables.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables.Tpo $(DEPDIR)/iptables_multi-iptables.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables.c' object='iptables_multi-iptables.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables.o `test -f 'iptables.c' || echo '$(srcdir)/'`iptables.c
-
-iptables_multi-iptables.obj: iptables.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-iptables.obj -MD -MP -MF $(DEPDIR)/iptables_multi-iptables.Tpo -c -o iptables_multi-iptables.obj `if test -f 'iptables.c'; then $(CYGPATH_W) 'iptables.c'; else $(CYGPATH_W) '$(srcdir)/iptables.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-iptables.Tpo $(DEPDIR)/iptables_multi-iptables.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables.c' object='iptables_multi-iptables.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-iptables.obj `if test -f 'iptables.c'; then $(CYGPATH_W) 'iptables.c'; else $(CYGPATH_W) '$(srcdir)/iptables.c'; fi`
-
-iptables_multi-xshared.o: xshared.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-xshared.o -MD -MP -MF $(DEPDIR)/iptables_multi-xshared.Tpo -c -o iptables_multi-xshared.o `test -f 'xshared.c' || echo '$(srcdir)/'`xshared.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-xshared.Tpo $(DEPDIR)/iptables_multi-xshared.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xshared.c' object='iptables_multi-xshared.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-xshared.o `test -f 'xshared.c' || echo '$(srcdir)/'`xshared.c
-
-iptables_multi-xshared.obj: xshared.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -MT iptables_multi-xshared.obj -MD -MP -MF $(DEPDIR)/iptables_multi-xshared.Tpo -c -o iptables_multi-xshared.obj `if test -f 'xshared.c'; then $(CYGPATH_W) 'xshared.c'; else $(CYGPATH_W) '$(srcdir)/xshared.c'; fi`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/iptables_multi-xshared.Tpo $(DEPDIR)/iptables_multi-xshared.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xshared.c' object='iptables_multi-xshared.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iptables_multi_CFLAGS) $(CFLAGS) -c -o iptables_multi-xshared.obj `if test -f 'xshared.c'; then $(CYGPATH_W) 'xshared.c'; else $(CYGPATH_W) '$(srcdir)/xshared.c'; fi`
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
- -rm -rf libiptc/.libs libiptc/_libs
distclean-libtool:
-rm -f libtool config.lt
-install-man8: $(man8_MANS) $(man_MANS)
- @$(NORMAL_INSTALL)
- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
- @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.8*) list="$$list $$i" ;; \
- esac; \
- done; \
- for i in $$list; do \
- if test -f $$i; then file=$$i; \
- else file=$(srcdir)/$$i; fi; \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 8*) ;; \
- *) ext='8' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
- done
-uninstall-man8:
- @$(NORMAL_UNINSTALL)
- @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.8*) list="$$list $$i" ;; \
- esac; \
- done; \
- for i in $$list; do \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 8*) ;; \
- *) ext='8' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
- rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
- done
-install-pkgconfigDATA: $(pkgconfig_DATA)
- @$(NORMAL_INSTALL)
- test -z "$(pkgconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)"
- @list='$(pkgconfig_DATA)'; for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(pkgconfigDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgconfigdir)/$$f'"; \
- $(pkgconfigDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgconfigdir)/$$f"; \
- done
-
-uninstall-pkgconfigDATA:
- @$(NORMAL_UNINSTALL)
- @list='$(pkgconfig_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(pkgconfigdir)/$$f'"; \
- rm -f "$(DESTDIR)$(pkgconfigdir)/$$f"; \
- done
# This directory's subdirectories are mostly independent; you can cd
# into them and run `make' without going through this Makefile.
@@ -807,7 +353,7 @@ uninstall-pkgconfigDATA:
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
$(RECURSIVE_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@@ -824,7 +370,7 @@ $(RECURSIVE_TARGETS):
else \
local_target="$$target"; \
fi; \
- (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done; \
if test "$$dot_seen" = "no"; then \
@@ -832,7 +378,7 @@ $(RECURSIVE_TARGETS):
fi; test -z "$$fail"
$(RECURSIVE_CLEAN_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@@ -858,16 +404,16 @@ $(RECURSIVE_CLEAN_TARGETS):
else \
local_target="$$target"; \
fi; \
- (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done && test -z "$$fail"
tags-recursive:
list='$(SUBDIRS)'; for subdir in $$list; do \
- test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
done
ctags-recursive:
list='$(SUBDIRS)'; for subdir in $$list; do \
- test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
done
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
@@ -882,7 +428,7 @@ tags: TAGS
TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
+ set x; \
here=`pwd`; \
if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
include_option=--etags-include; \
@@ -894,7 +440,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test ! -f $$subdir/TAGS || \
- tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
fi; \
done; \
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
@@ -903,36 +449,41 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$tags $$unique; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
fi
ctags: CTAGS
CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$tags $$unique
+ $$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
- && cd $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) $$here
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
$(am__remove_distdir)
- test -d $(distdir) || mkdir $(distdir)
+ test -d "$(distdir)" || mkdir "$(distdir)"
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -948,50 +499,72 @@ distdir: $(DISTFILES)
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
- cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
- test -f $(distdir)/$$file \
- || cp -p $$d/$$file $(distdir)/$$file \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
- list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
- test -d "$(distdir)/$$subdir" \
- || $(MKDIR_P) "$(distdir)/$$subdir" \
- || exit 1; \
- distdir=`$(am__cd) $(distdir) && pwd`; \
- top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
- (cd $$subdir && \
+ $(am__make_dryrun) \
+ || test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
$(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$$top_distdir" \
- distdir="$$distdir/$$subdir" \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
am__remove_distdir=: \
am__skip_length_check=: \
+ am__skip_mode_fix=: \
distdir) \
|| exit 1; \
fi; \
done
- -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+ -test -n "$(am__skip_mode_fix)" \
+ || find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
- || chmod -R a+r $(distdir)
+ || chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
$(am__remove_distdir)
dist-bzip2: distdir
- tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+ tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
+ $(am__remove_distdir)
+
+dist-lzip: distdir
+ tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
$(am__remove_distdir)
dist-lzma: distdir
tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
$(am__remove_distdir)
+dist-xz: distdir
+ tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
+ $(am__remove_distdir)
+
dist-tarZ: distdir
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__remove_distdir)
@@ -1015,26 +588,33 @@ dist dist-all: distdir
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
- GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
- bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lzma*) \
- unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+ lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
+ *.tar.lz*) \
+ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
+ *.tar.xz*) \
+ xz -dc $(distdir).tar.xz | $(am__untar) ;;\
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
- GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac
- chmod -R a-w $(distdir); chmod a+w $(distdir)
+ chmod -R a-w $(distdir); chmod u+w $(distdir)
mkdir $(distdir)/_build
mkdir $(distdir)/_inst
chmod a-w $(distdir)
+ test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
- && cd $(distdir)/_build \
+ && am__cwd=`pwd` \
+ && $(am__cd) $(distdir)/_build \
&& ../configure --srcdir=.. --prefix="$$dc_install_base" \
+ $(AM_DISTCHECK_CONFIGURE_FLAGS) \
$(DISTCHECK_CONFIGURE_FLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
@@ -1055,14 +635,24 @@ distcheck: dist
&& rm -rf "$$dc_destdir" \
&& $(MAKE) $(AM_MAKEFLAGS) dist \
&& rm -rf $(DIST_ARCHIVES) \
- && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
+ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+ && cd "$$am__cwd" \
+ || exit 1
$(am__remove_distdir)
@(echo "$(distdir) archives ready for distribution: "; \
list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
distuninstallcheck:
- @cd $(distuninstallcheck_dir) \
- && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+ @test -n '$(distuninstallcheck_dir)' || { \
+ echo 'ERROR: trying to run $@ with an empty' \
+ '$$(distuninstallcheck_dir)' >&2; \
+ exit 1; \
+ }; \
+ $(am__cd) '$(distuninstallcheck_dir)' || { \
+ echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \
+ exit 1; \
+ }; \
+ test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \
|| { echo "ERROR: files left after uninstall:" ; \
if test -n "$(DESTDIR)"; then \
echo " (check DESTDIR support)"; \
@@ -1080,12 +670,9 @@ distcleancheck: distclean
exit 1; } >&2
check-am: all-am
check: check-recursive
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(DATA) config.h
+all-am: Makefile config.h
installdirs: installdirs-recursive
installdirs-am:
- for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgconfigdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
install: install-recursive
install-exec: install-exec-recursive
install-data: install-data-recursive
@@ -1096,34 +683,35 @@ install-am: all-am
installcheck: installcheck-recursive
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -rm -f libiptc/$(DEPDIR)/$(am__dirstamp)
- -rm -f libiptc/$(am__dirstamp)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-recursive
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
- clean-sbinPROGRAMS mostlyclean-am
+clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
- -rm -rf ./$(DEPDIR) libiptc/$(DEPDIR)
-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-hdr distclean-libtool distclean-tags
+distclean-am: clean-am distclean-generic distclean-hdr \
+ distclean-libtool distclean-tags
dvi: dvi-recursive
@@ -1131,41 +719,49 @@ dvi-am:
html: html-recursive
+html-am:
+
info: info-recursive
info-am:
-install-data-am: install-man install-pkgconfigDATA
+install-data-am:
install-dvi: install-dvi-recursive
-install-exec-am: install-libLTLIBRARIES install-sbinPROGRAMS
- @$(NORMAL_INSTALL)
- $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-dvi-am:
+
+install-exec-am:
install-html: install-html-recursive
+install-html-am:
+
install-info: install-info-recursive
-install-man: install-man8
+install-info-am:
+
+install-man:
install-pdf: install-pdf-recursive
+install-pdf-am:
+
install-ps: install-ps-recursive
+install-ps-am:
+
installcheck-am:
maintainer-clean: maintainer-clean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -rf $(top_srcdir)/autom4te.cache
- -rm -rf ./$(DEPDIR) libiptc/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-recursive
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-recursive
@@ -1175,42 +771,28 @@ ps: ps-recursive
ps-am:
-uninstall-am: uninstall-libLTLIBRARIES uninstall-man \
- uninstall-pkgconfigDATA uninstall-sbinPROGRAMS
-
-uninstall-man: uninstall-man8
+uninstall-am:
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
- install-exec-am install-strip
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+ ctags-recursive install-am install-strip tags-recursive
.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
all all-am am--refresh check check-am clean clean-generic \
- clean-libLTLIBRARIES clean-libtool clean-sbinPROGRAMS ctags \
- ctags-recursive dist dist-all dist-bzip2 dist-gzip dist-lzma \
- dist-shar dist-tarZ dist-zip distcheck distclean \
- distclean-compile distclean-generic distclean-hdr \
+ clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \
+ dist-gzip dist-lzip dist-lzma dist-shar dist-tarZ dist-xz \
+ dist-zip distcheck distclean distclean-generic distclean-hdr \
distclean-libtool distclean-tags distcleancheck distdir \
distuninstallcheck dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-exec-hook \
- install-html install-html-am install-info install-info-am \
- install-libLTLIBRARIES install-man install-man8 install-pdf \
- install-pdf-am install-pkgconfigDATA install-ps install-ps-am \
- install-sbinPROGRAMS install-strip installcheck \
- installcheck-am installdirs installdirs-am maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-recursive uninstall uninstall-am \
- uninstall-libLTLIBRARIES uninstall-man uninstall-man8 \
- uninstall-pkgconfigDATA uninstall-sbinPROGRAMS
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ installdirs-am maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags tags-recursive uninstall uninstall-am
-iptables.8: ${srcdir}/iptables.8.in extensions/matches4.man extensions/targets4.man
- ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches4.man' -e '/@TARGET@/ r extensions/targets4.man' $< >$@;
-
-ip6tables.8: ${srcdir}/ip6tables.8.in extensions/matches6.man extensions/targets6.man
- ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches6.man' -e '/@TARGET@/ r extensions/targets6.man' $< >$@;
-
.PHONY: tarball
tarball:
rm -Rf /tmp/${PACKAGE_TARNAME}-${PACKAGE_VERSION};
@@ -1220,15 +802,8 @@ tarball:
rm -Rf /tmp/${PACKAGE_TARNAME}-${PACKAGE_VERSION};
config.status: extensions/GNUmakefile.in \
- include/xtables.h.in include/iptables/internal.h.in
-
-# Using if..fi avoids an ugly "error (ignored)" message :)
-install-exec-hook:
- -if test -z "${DESTDIR}"; then /sbin/ldconfig; fi;
- ${INSTALL} -dm0755 "${DESTDIR}${bindir}";
- for i in ${v4_bin_links}; do ${LN_S} -f "${sbindir}/iptables-multi" "${DESTDIR}${bindir}/$$i"; done;
- for i in ${v4_sbin_links}; do ${LN_S} -f iptables-multi "${DESTDIR}${sbindir}/$$i"; done;
- for i in ${v6_sbin_links}; do ${LN_S} -f ip6tables-multi "${DESTDIR}${sbindir}/$$i"; done;
+ include/xtables-version.h.in include/iptables/internal.h.in
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/aclocal.m4 b/aclocal.m4
index 0403544..dbde882 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -1,7 +1,8 @@
-# generated automatically by aclocal 1.10.2 -*- Autoconf -*-
+# generated automatically by aclocal 1.11.6 -*- Autoconf -*-
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-# 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation,
+# Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -13,13 +14,14 @@
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.61],,
-[m4_warning([this file was generated for autoconf 2.61.
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],,
+[m4_warning([this file was generated for autoconf 2.69.
You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically `autoreconf'.])])
# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
+# serial 1 (pkg-config-0.24)
#
# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
#
@@ -46,8 +48,12 @@ To do so, use the procedure documented by the package, typically `autoreconf'.])
# ----------------------------------
AC_DEFUN([PKG_PROG_PKG_CONFIG],
[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4_pattern_allow([^PKG_CONFIG(_PATH)?$])
-AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+
if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
fi
@@ -60,7 +66,6 @@ if test -n "$PKG_CONFIG"; then
AC_MSG_RESULT([no])
PKG_CONFIG=""
fi
-
fi[]dnl
])# PKG_PROG_PKG_CONFIG
@@ -69,34 +74,32 @@ fi[]dnl
# Check to see whether a particular set of modules exists. Similar
# to PKG_CHECK_MODULES(), but does not set variables or print errors.
#
-#
-# Similar to PKG_CHECK_MODULES, make sure that the first instance of
-# this or PKG_CHECK_MODULES is called, or make sure to call
-# PKG_CHECK_EXISTS manually
+# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+# only at the first occurence in configure.ac, so if the first place
+# it's called might be skipped (such as if it is within an "if", you
+# have to call PKG_CHECK_EXISTS manually
# --------------------------------------------------------------
AC_DEFUN([PKG_CHECK_EXISTS],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
if test -n "$PKG_CONFIG" && \
AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
- m4_ifval([$2], [$2], [:])
+ m4_default([$2], [:])
m4_ifvaln([$3], [else
$3])dnl
fi])
-
# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
# ---------------------------------------------
m4_define([_PKG_CONFIG],
-[if test -n "$PKG_CONFIG"; then
- if test -n "$$1"; then
- pkg_cv_[]$1="$$1"
- else
- PKG_CHECK_EXISTS([$3],
- [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`],
- [pkg_failed=yes])
- fi
-else
- pkg_failed=untried
+[if test -n "$$1"; then
+ pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+ PKG_CHECK_EXISTS([$3],
+ [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes ],
+ [pkg_failed=yes])
+ else
+ pkg_failed=untried
fi[]dnl
])# _PKG_CONFIG
@@ -138,16 +141,17 @@ and $1[]_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.])
if test $pkg_failed = yes; then
+ AC_MSG_RESULT([no])
_PKG_SHORT_ERRORS_SUPPORTED
if test $_pkg_short_errors_supported = yes; then
- $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"`
+ $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
else
- $1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"`
+ $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
- ifelse([$4], , [AC_MSG_ERROR(dnl
+ m4_default([$4], [AC_MSG_ERROR(
[Package requirements ($2) were not met:
$$1_PKG_ERRORS
@@ -155,44 +159,46 @@ $$1_PKG_ERRORS
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
-_PKG_TEXT
-])],
- [AC_MSG_RESULT([no])
- $4])
+_PKG_TEXT])[]dnl
+ ])
elif test $pkg_failed = untried; then
- ifelse([$4], , [AC_MSG_FAILURE(dnl
+ AC_MSG_RESULT([no])
+ m4_default([$4], [AC_MSG_FAILURE(
[The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
_PKG_TEXT
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.])],
- [$4])
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
+ ])
else
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
AC_MSG_RESULT([yes])
- ifelse([$3], , :, [$3])
+ $3
fi[]dnl
])# PKG_CHECK_MODULES
-# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008, 2011 Free Software
+# Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
+# serial 1
+
# AM_AUTOMAKE_VERSION(VERSION)
# ----------------------------
# Automake X.Y traces this macro to ensure aclocal.m4 has been
# generated from the m4 files accompanying Automake X.Y.
# (This private macro should not be called outside this file.)
AC_DEFUN([AM_AUTOMAKE_VERSION],
-[am__api_version='1.10'
+[am__api_version='1.11'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
-m4_if([$1], [1.10.2], [],
+m4_if([$1], [1.11.6], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@@ -208,19 +214,82 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.10.2])dnl
+[AM_AUTOMAKE_VERSION([1.11.6])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+# Copyright (C) 2011 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 1
+
+# AM_PROG_AR([ACT-IF-FAIL])
+# -------------------------
+# Try to determine the archiver interface, and trigger the ar-lib wrapper
+# if it is needed. If the detection of archiver interface fails, run
+# ACT-IF-FAIL (default is to abort configure with a proper error message).
+AC_DEFUN([AM_PROG_AR],
+[AC_BEFORE([$0], [LT_INIT])dnl
+AC_BEFORE([$0], [AC_PROG_LIBTOOL])dnl
+AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([ar-lib])dnl
+AC_CHECK_TOOLS([AR], [ar lib "link -lib"], [false])
+: ${AR=ar}
+
+AC_CACHE_CHECK([the archiver ($AR) interface], [am_cv_ar_interface],
+ [am_cv_ar_interface=ar
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int some_variable = 0;]])],
+ [am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&AS_MESSAGE_LOG_FD'
+ AC_TRY_EVAL([am_ar_try])
+ if test "$ac_status" -eq 0; then
+ am_cv_ar_interface=ar
+ else
+ am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&AS_MESSAGE_LOG_FD'
+ AC_TRY_EVAL([am_ar_try])
+ if test "$ac_status" -eq 0; then
+ am_cv_ar_interface=lib
+ else
+ am_cv_ar_interface=unknown
+ fi
+ fi
+ rm -f conftest.lib libconftest.a
+ ])
+ ])
+
+case $am_cv_ar_interface in
+ar)
+ ;;
+lib)
+ # Microsoft lib, so override with the ar-lib wrapper script.
+ # FIXME: It is wrong to rewrite AR.
+ # But if we don't then we get into trouble of one sort or another.
+ # A longer-term fix would be to have automake use am__AR in this case,
+ # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something
+ # similar.
+ AR="$am_aux_dir/ar-lib $AR"
+ ;;
+unknown)
+ m4_default([$1],
+ [AC_MSG_ERROR([could not determine $AR interface])])
+ ;;
+esac
+AC_SUBST([AR])dnl
+])
+
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
-# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
+# serial 1
+
# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
@@ -268,14 +337,14 @@ am_aux_dir=`cd $ac_aux_dir && pwd`
# AM_CONDITIONAL -*- Autoconf -*-
-# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
# Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 8
+# serial 9
# AM_CONDITIONAL(NAME, SHELL-CONDITION)
# -------------------------------------
@@ -288,6 +357,7 @@ AC_SUBST([$1_TRUE])dnl
AC_SUBST([$1_FALSE])dnl
_AM_SUBST_NOTMAKE([$1_TRUE])dnl
_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
if $2; then
$1_TRUE=
$1_FALSE='#'
@@ -301,14 +371,14 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
-# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-# Free Software Foundation, Inc.
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009,
+# 2010, 2011 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 9
+# serial 12
# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
# written in clear, in which case automake, when reading aclocal.m4,
@@ -348,6 +418,7 @@ AC_CACHE_CHECK([dependency style of $depcc],
# instance it was reported that on HP-UX the gcc test will end up
# making a dummy file named `D' -- because `-MD' means `put the output
# in D'.
+ rm -rf conftest.dir
mkdir conftest.dir
# Copy depcomp to subdir because otherwise we won't find it if we're
# using a relative directory.
@@ -365,6 +436,16 @@ AC_CACHE_CHECK([dependency style of $depcc],
if test "$am_compiler_list" = ""; then
am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
fi
+ am__universal=false
+ m4_case([$1], [CC],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac],
+ [CXX],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac])
+
for depmode in $am_compiler_list; do
# Setup a source with many dependencies, because some compilers
# like to wrap large dependency lists on column 80 (with \), and
@@ -382,7 +463,17 @@ AC_CACHE_CHECK([dependency style of $depcc],
done
echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
nosideeffect)
# after this tag, mechanisms are not by side-effect, so they'll
# only be used when explicitly requested
@@ -392,19 +483,23 @@ AC_CACHE_CHECK([dependency style of $depcc],
break
fi
;;
+ msvc7 | msvc7msys | msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
none) break ;;
esac
- # We check with `-c' and `-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle `-M -o', and we need to detect this.
if depmode=$depmode \
- source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+ source=sub/conftest.c object=$am__obj \
depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
>/dev/null 2>conftest.err &&
grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
${MAKE-make} -s -f confmf > /dev/null 2>&1; then
# icc doesn't choke on unknown options, it will just issue warnings
# or remarks (even with -Werror). So we grep stderr for any message
@@ -453,10 +548,13 @@ AC_DEFUN([AM_DEP_TRACK],
if test "x$enable_dependency_tracking" != xno; then
am_depcomp="$ac_aux_dir/depcomp"
AMDEPBACKSLASH='\'
+ am__nodep='_no'
fi
AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
AC_SUBST([AMDEPBACKSLASH])dnl
_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+AC_SUBST([am__nodep])dnl
+_AM_SUBST_NOTMAKE([am__nodep])dnl
])
# Generate code to set up dependency tracking. -*- Autoconf -*-
@@ -468,59 +566,61 @@ _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-#serial 4
+#serial 5
# _AM_OUTPUT_DEPENDENCY_COMMANDS
# ------------------------------
AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
-[# Autoconf 2.62 quotes --file arguments for eval, but not when files
-# are listed without --file. Let's play safe and only enable the eval
-# if we detect the quoting.
-case $CONFIG_FILES in
-*\'*) eval set x "$CONFIG_FILES" ;;
-*) set x $CONFIG_FILES ;;
-esac
-shift
-for mf
-do
- # Strip MF so we end up with the name of the file.
- mf=`echo "$mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile or not.
- # We used to match only the files named `Makefile.in', but
- # some people rename them; so instead we look at the file content.
- # Grep'ing the first line is not enough: some people post-process
- # each Makefile.in and add a new line on top of each file to say so.
- # Grep'ing the whole file is not good either: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
- dirpart=`AS_DIRNAME("$mf")`
- else
- continue
- fi
- # Extract the definition of DEPDIR, am__include, and am__quote
- # from the Makefile without running `make'.
- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
- test -z "$DEPDIR" && continue
- am__include=`sed -n 's/^am__include = //p' < "$mf"`
- test -z "am__include" && continue
- am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
- # When using ansi2knr, U may be empty or an underscore; expand it
- U=`sed -n 's/^U = //p' < "$mf"`
- # Find all dependency output files, they are included files with
- # $(DEPDIR) in their names. We invoke sed twice because it is the
- # simplest approach to changing $(DEPDIR) to its actual value in the
- # expansion.
- for file in `sed -n "
- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
- # Make sure the directory exists.
- test -f "$dirpart/$file" && continue
- fdir=`AS_DIRNAME(["$file"])`
- AS_MKDIR_P([$dirpart/$fdir])
- # echo "creating $dirpart/$file"
- echo '# dummy' > "$dirpart/$file"
+[{
+ # Autoconf 2.62 quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ case $CONFIG_FILES in
+ *\'*) eval set x "$CONFIG_FILES" ;;
+ *) set x $CONFIG_FILES ;;
+ esac
+ shift
+ for mf
+ do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # Grep'ing the whole file is not good either: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.
+ if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+ dirpart=`AS_DIRNAME("$mf")`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`AS_DIRNAME(["$file"])`
+ AS_MKDIR_P([$dirpart/$fdir])
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
done
-done
+}
])# _AM_OUTPUT_DEPENDENCY_COMMANDS
@@ -540,13 +640,13 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-# 2005, 2006, 2008 Free Software Foundation, Inc.
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 13
+# serial 16
# This macro actually does too much. Some checks are only needed if
# your package does certain things. But this isn't really a big deal.
@@ -563,7 +663,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
# arguments mandatory, and then we can depend on a new Autoconf
# release and drop the old call support.
AC_DEFUN([AM_INIT_AUTOMAKE],
-[AC_PREREQ([2.60])dnl
+[AC_PREREQ([2.62])dnl
dnl Autoconf wants to disallow AM_ names. We explicitly allow
dnl the ones we care about.
m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
@@ -614,8 +714,8 @@ AM_MISSING_PROG(AUTOCONF, autoconf)
AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
AM_MISSING_PROG(AUTOHEADER, autoheader)
AM_MISSING_PROG(MAKEINFO, makeinfo)
-AM_PROG_INSTALL_SH
-AM_PROG_INSTALL_STRIP
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
AC_REQUIRE([AM_PROG_MKDIR_P])dnl
# We need awk for the "check" target. The system "awk" is bad on
# some platforms.
@@ -623,24 +723,37 @@ AC_REQUIRE([AC_PROG_AWK])dnl
AC_REQUIRE([AC_PROG_MAKE_SET])dnl
AC_REQUIRE([AM_SET_LEADING_DOT])dnl
_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
- [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
- [_AM_PROG_TAR([v7])])])
+ [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+ [_AM_PROG_TAR([v7])])])
_AM_IF_OPTION([no-dependencies],,
[AC_PROVIDE_IFELSE([AC_PROG_CC],
- [_AM_DEPENDENCIES(CC)],
- [define([AC_PROG_CC],
- defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+ [_AM_DEPENDENCIES(CC)],
+ [define([AC_PROG_CC],
+ defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
AC_PROVIDE_IFELSE([AC_PROG_CXX],
- [_AM_DEPENDENCIES(CXX)],
- [define([AC_PROG_CXX],
- defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+ [_AM_DEPENDENCIES(CXX)],
+ [define([AC_PROG_CXX],
+ defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
AC_PROVIDE_IFELSE([AC_PROG_OBJC],
- [_AM_DEPENDENCIES(OBJC)],
- [define([AC_PROG_OBJC],
- defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+ [_AM_DEPENDENCIES(OBJC)],
+ [define([AC_PROG_OBJC],
+ defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+ [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
])
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
# When config.status generates a header, we must update the stamp-h file.
# This file resides in the same directory as the config header
@@ -663,18 +776,28 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
-# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+# Copyright (C) 2001, 2003, 2005, 2008, 2011 Free Software Foundation,
+# Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
+# serial 1
+
# AM_PROG_INSTALL_SH
# ------------------
# Define $install_sh.
AC_DEFUN([AM_PROG_INSTALL_SH],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"}
+if test x"${install_sh}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+ *)
+ install_sh="\${SHELL} $am_aux_dir/install-sh"
+ esac
+fi
AC_SUBST(install_sh)])
# Copyright (C) 2003, 2005 Free Software Foundation, Inc.
@@ -700,13 +823,13 @@ AC_SUBST([am__leading_dot])])
# Check to see how 'make' treats includes. -*- Autoconf -*-
-# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
+# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 3
+# serial 4
# AM_MAKE_INCLUDE()
# -----------------
@@ -715,7 +838,7 @@ AC_DEFUN([AM_MAKE_INCLUDE],
[am_make=${MAKE-make}
cat > confinc << 'END'
am__doit:
- @echo done
+ @echo this is the am__doit target
.PHONY: am__doit
END
# If we don't find an include directive, just comment out the code.
@@ -725,24 +848,24 @@ am__quote=
_am_result=none
# First try GNU make style include.
echo "include confinc" > confmf
-# We grep out `Entering directory' and `Leaving directory'
-# messages which can occur if `w' ends up in MAKEFLAGS.
-# In particular we don't look at `^make:' because GNU make might
-# be invoked under some other name (usually "gmake"), in which
-# case it prints its new name instead of `make'.
-if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
- am__include=include
- am__quote=
- _am_result=GNU
-fi
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+ am__include=include
+ am__quote=
+ _am_result=GNU
+ ;;
+esac
# Now try BSD make style include.
if test "$am__include" = "#"; then
echo '.include "confinc"' > confmf
- if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
- am__include=.include
- am__quote="\""
- _am_result=BSD
- fi
+ case `$am_make -s -f confmf 2> /dev/null` in #(
+ *the\ am__doit\ target*)
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ ;;
+ esac
fi
AC_SUBST([am__include])
AC_SUBST([am__quote])
@@ -787,14 +910,14 @@ m4_define([AC_PROG_CC],
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
-# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
# Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 5
+# serial 6
# AM_MISSING_PROG(NAME, PROGRAM)
# ------------------------------
@@ -811,7 +934,14 @@ AC_SUBST($1)])
AC_DEFUN([AM_MISSING_HAS_RUN],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
AC_REQUIRE_AUX_FILE([missing])dnl
-test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
+if test x"${MISSING+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+ *)
+ MISSING="\${SHELL} $am_aux_dir/missing" ;;
+ esac
+fi
# Use eval to expand $SHELL
if eval "$MISSING --run true"; then
am_missing_run="$MISSING --run "
@@ -821,12 +951,15 @@ else
fi
])
-# Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# Copyright (C) 2003, 2004, 2005, 2006, 2011 Free Software Foundation,
+# Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
+# serial 1
+
# AM_PROG_MKDIR_P
# ---------------
# Check for `mkdir -p'.
@@ -849,13 +982,14 @@ esac
# Helper functions for option handling. -*- Autoconf -*-
-# Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc.
+# Copyright (C) 2001, 2002, 2003, 2005, 2008, 2010 Free Software
+# Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 4
+# serial 5
# _AM_MANGLE_OPTION(NAME)
# -----------------------
@@ -863,13 +997,13 @@ AC_DEFUN([_AM_MANGLE_OPTION],
[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
# _AM_SET_OPTION(NAME)
-# ------------------------------
+# --------------------
# Set option NAME. Presently that only means defining a flag for this option.
AC_DEFUN([_AM_SET_OPTION],
[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
# _AM_SET_OPTIONS(OPTIONS)
-# ----------------------------------
+# ------------------------
# OPTIONS is a space-separated list of Automake options.
AC_DEFUN([_AM_SET_OPTIONS],
[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
@@ -882,14 +1016,14 @@ AC_DEFUN([_AM_IF_OPTION],
# Check to make sure that the build environment is sane. -*- Autoconf -*-
-# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
# Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 4
+# serial 5
# AM_SANITY_CHECK
# ---------------
@@ -898,16 +1032,29 @@ AC_DEFUN([AM_SANITY_CHECK],
# Just in case
sleep 1
echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[[\\\"\#\$\&\'\`$am_lf]]*)
+ AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+ *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*)
+ AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
# Do `set' in a subshell so we don't clobber the current shell's
# arguments. Must try -L first in case configure is actually a
# symlink; some systems play weird games with the mod time of symlinks
# (eg FreeBSD returns the mod time of the symlink's containing
# directory).
if (
- set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
if test "$[*]" = "X"; then
# -L didn't work.
- set X `ls -t $srcdir/configure conftest.file`
+ set X `ls -t "$srcdir/configure" conftest.file`
fi
rm -f conftest.file
if test "$[*]" != "X $srcdir/configure conftest.file" \
@@ -932,12 +1079,14 @@ Check your system clock])
fi
AC_MSG_RESULT(yes)])
-# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
+# serial 1
+
# AM_PROG_INSTALL_STRIP
# ---------------------
# One issue with vendor `install' (even GNU) is that you can't
@@ -960,21 +1109,28 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
-# Copyright (C) 2006 Free Software Foundation, Inc.
+# Copyright (C) 2006, 2008, 2010 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
+# serial 3
+
# _AM_SUBST_NOTMAKE(VARIABLE)
# ---------------------------
# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
# This macro is traced by Automake.
AC_DEFUN([_AM_SUBST_NOTMAKE])
+# AM_SUBST_NOTMAKE(VARIABLE)
+# --------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
# Check how to create a tarball. -*- Autoconf -*-
-# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+# Copyright (C) 2004, 2005, 2012 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -996,10 +1152,11 @@ AC_DEFUN([_AM_SUBST_NOTMAKE])
# a tarball read from stdin.
# $(am__untar) < result.tar
AC_DEFUN([_AM_PROG_TAR],
-[# Always define AMTAR for backward compatibility.
-AM_MISSING_PROG([AMTAR], [tar])
+[# Always define AMTAR for backward compatibility. Yes, it's still used
+# in the wild :-( We should find a proper way to deprecate it ...
+AC_SUBST([AMTAR], ['$${TAR-tar}'])
m4_if([$1], [v7],
- [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+ [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'],
[m4_case([$1], [ustar],, [pax],,
[m4_fatal([Unknown tar format])])
AC_MSG_CHECKING([how to create a $1 tar archive])
@@ -1068,6 +1225,7 @@ AC_SUBST([am__tar])
AC_SUBST([am__untar])
]) # _AM_PROG_TAR
+m4_include([m4/ax_check_linker_flags.m4])
m4_include([m4/libtool.m4])
m4_include([m4/ltoptions.m4])
m4_include([m4/ltsugar.m4])
diff --git a/autogen.sh b/autogen.sh
index 62a89e1..a0c4395 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh -e
autoreconf -fi;
rm -Rf autom4te*.cache;
diff --git a/build-aux/ar-lib b/build-aux/ar-lib
new file mode 100755
index 0000000..0f62c6f
--- /dev/null
+++ b/build-aux/ar-lib
@@ -0,0 +1,270 @@
+#! /bin/sh
+# Wrapper for Microsoft lib.exe
+
+me=ar-lib
+scriptversion=2012-03-01.08; # UTC
+
+# Copyright (C) 2010, 2012 Free Software Foundation, Inc.
+# Written by Peter Rosin <peda@lysator.liu.se>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+
+# func_error message
+func_error ()
+{
+ echo "$me: $1" 1>&2
+ exit 1
+}
+
+file_conv=
+
+# func_file_conv build_file
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts.
+func_file_conv ()
+{
+ file=$1
+ case $file in
+ / | /[!/]*) # absolute file, and not a UNC file
+ if test -z "$file_conv"; then
+ # lazily determine how to convert abs files
+ case `uname -s` in
+ MINGW*)
+ file_conv=mingw
+ ;;
+ CYGWIN*)
+ file_conv=cygwin
+ ;;
+ *)
+ file_conv=wine
+ ;;
+ esac
+ fi
+ case $file_conv in
+ mingw)
+ file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+ ;;
+ cygwin)
+ file=`cygpath -m "$file" || echo "$file"`
+ ;;
+ wine)
+ file=`winepath -w "$file" || echo "$file"`
+ ;;
+ esac
+ ;;
+ esac
+}
+
+# func_at_file at_file operation archive
+# Iterate over all members in AT_FILE performing OPERATION on ARCHIVE
+# for each of them.
+# When interpreting the content of the @FILE, do NOT use func_file_conv,
+# since the user would need to supply preconverted file names to
+# binutils ar, at least for MinGW.
+func_at_file ()
+{
+ operation=$2
+ archive=$3
+ at_file_contents=`cat "$1"`
+ eval set x "$at_file_contents"
+ shift
+
+ for member
+ do
+ $AR -NOLOGO $operation:"$member" "$archive" || exit $?
+ done
+}
+
+case $1 in
+ '')
+ func_error "no command. Try '$0 --help' for more information."
+ ;;
+ -h | --h*)
+ cat <<EOF
+Usage: $me [--help] [--version] PROGRAM ACTION ARCHIVE [MEMBER...]
+
+Members may be specified in a file named with @FILE.
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "$me, version $scriptversion"
+ exit $?
+ ;;
+esac
+
+if test $# -lt 3; then
+ func_error "you must specify a program, an action and an archive"
+fi
+
+AR=$1
+shift
+while :
+do
+ if test $# -lt 2; then
+ func_error "you must specify a program, an action and an archive"
+ fi
+ case $1 in
+ -lib | -LIB \
+ | -ltcg | -LTCG \
+ | -machine* | -MACHINE* \
+ | -subsystem* | -SUBSYSTEM* \
+ | -verbose | -VERBOSE \
+ | -wx* | -WX* )
+ AR="$AR $1"
+ shift
+ ;;
+ *)
+ action=$1
+ shift
+ break
+ ;;
+ esac
+done
+orig_archive=$1
+shift
+func_file_conv "$orig_archive"
+archive=$file
+
+# strip leading dash in $action
+action=${action#-}
+
+delete=
+extract=
+list=
+quick=
+replace=
+index=
+create=
+
+while test -n "$action"
+do
+ case $action in
+ d*) delete=yes ;;
+ x*) extract=yes ;;
+ t*) list=yes ;;
+ q*) quick=yes ;;
+ r*) replace=yes ;;
+ s*) index=yes ;;
+ S*) ;; # the index is always updated implicitly
+ c*) create=yes ;;
+ u*) ;; # TODO: don't ignore the update modifier
+ v*) ;; # TODO: don't ignore the verbose modifier
+ *)
+ func_error "unknown action specified"
+ ;;
+ esac
+ action=${action#?}
+done
+
+case $delete$extract$list$quick$replace,$index in
+ yes,* | ,yes)
+ ;;
+ yesyes*)
+ func_error "more than one action specified"
+ ;;
+ *)
+ func_error "no action specified"
+ ;;
+esac
+
+if test -n "$delete"; then
+ if test ! -f "$orig_archive"; then
+ func_error "archive not found"
+ fi
+ for member
+ do
+ case $1 in
+ @*)
+ func_at_file "${1#@}" -REMOVE "$archive"
+ ;;
+ *)
+ func_file_conv "$1"
+ $AR -NOLOGO -REMOVE:"$file" "$archive" || exit $?
+ ;;
+ esac
+ done
+
+elif test -n "$extract"; then
+ if test ! -f "$orig_archive"; then
+ func_error "archive not found"
+ fi
+ if test $# -gt 0; then
+ for member
+ do
+ case $1 in
+ @*)
+ func_at_file "${1#@}" -EXTRACT "$archive"
+ ;;
+ *)
+ func_file_conv "$1"
+ $AR -NOLOGO -EXTRACT:"$file" "$archive" || exit $?
+ ;;
+ esac
+ done
+ else
+ $AR -NOLOGO -LIST "$archive" | sed -e 's/\\/\\\\/g' | while read member
+ do
+ $AR -NOLOGO -EXTRACT:"$member" "$archive" || exit $?
+ done
+ fi
+
+elif test -n "$quick$replace"; then
+ if test ! -f "$orig_archive"; then
+ if test -z "$create"; then
+ echo "$me: creating $orig_archive"
+ fi
+ orig_archive=
+ else
+ orig_archive=$archive
+ fi
+
+ for member
+ do
+ case $1 in
+ @*)
+ func_file_conv "${1#@}"
+ set x "$@" "@$file"
+ ;;
+ *)
+ func_file_conv "$1"
+ set x "$@" "$file"
+ ;;
+ esac
+ shift
+ shift
+ done
+
+ if test -n "$orig_archive"; then
+ $AR -NOLOGO -OUT:"$archive" "$orig_archive" "$@" || exit $?
+ else
+ $AR -NOLOGO -OUT:"$archive" "$@" || exit $?
+ fi
+
+elif test -n "$list"; then
+ if test ! -f "$orig_archive"; then
+ func_error "archive not found"
+ fi
+ $AR -NOLOGO -LIST "$archive" || exit $?
+fi
diff --git a/build-aux/compile b/build-aux/compile
new file mode 100755
index 0000000..862a14e
--- /dev/null
+++ b/build-aux/compile
@@ -0,0 +1,343 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand '-c -o'.
+
+scriptversion=2012-03-05.13; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009, 2010, 2012 Free
+# Software Foundation, Inc.
+# Written by Tom Tromey <tromey@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+nl='
+'
+
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent tools from complaining about whitespace usage.
+IFS=" "" $nl"
+
+file_conv=
+
+# func_file_conv build_file lazy
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts. If the determined conversion
+# type is listed in (the comma separated) LAZY, no conversion will
+# take place.
+func_file_conv ()
+{
+ file=$1
+ case $file in
+ / | /[!/]*) # absolute file, and not a UNC file
+ if test -z "$file_conv"; then
+ # lazily determine how to convert abs files
+ case `uname -s` in
+ MINGW*)
+ file_conv=mingw
+ ;;
+ CYGWIN*)
+ file_conv=cygwin
+ ;;
+ *)
+ file_conv=wine
+ ;;
+ esac
+ fi
+ case $file_conv/,$2, in
+ *,$file_conv,*)
+ ;;
+ mingw/*)
+ file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+ ;;
+ cygwin/*)
+ file=`cygpath -m "$file" || echo "$file"`
+ ;;
+ wine/*)
+ file=`winepath -w "$file" || echo "$file"`
+ ;;
+ esac
+ ;;
+ esac
+}
+
+# func_cl_dashL linkdir
+# Make cl look for libraries in LINKDIR
+func_cl_dashL ()
+{
+ func_file_conv "$1"
+ if test -z "$lib_path"; then
+ lib_path=$file
+ else
+ lib_path="$lib_path;$file"
+ fi
+ linker_opts="$linker_opts -LIBPATH:$file"
+}
+
+# func_cl_dashl library
+# Do a library search-path lookup for cl
+func_cl_dashl ()
+{
+ lib=$1
+ found=no
+ save_IFS=$IFS
+ IFS=';'
+ for dir in $lib_path $LIB
+ do
+ IFS=$save_IFS
+ if $shared && test -f "$dir/$lib.dll.lib"; then
+ found=yes
+ lib=$dir/$lib.dll.lib
+ break
+ fi
+ if test -f "$dir/$lib.lib"; then
+ found=yes
+ lib=$dir/$lib.lib
+ break
+ fi
+ done
+ IFS=$save_IFS
+
+ if test "$found" != yes; then
+ lib=$lib.lib
+ fi
+}
+
+# func_cl_wrapper cl arg...
+# Adjust compile command to suit cl
+func_cl_wrapper ()
+{
+ # Assume a capable shell
+ lib_path=
+ shared=:
+ linker_opts=
+ for arg
+ do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ eat=1
+ case $2 in
+ *.o | *.[oO][bB][jJ])
+ func_file_conv "$2"
+ set x "$@" -Fo"$file"
+ shift
+ ;;
+ *)
+ func_file_conv "$2"
+ set x "$@" -Fe"$file"
+ shift
+ ;;
+ esac
+ ;;
+ -I)
+ eat=1
+ func_file_conv "$2" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -I*)
+ func_file_conv "${1#-I}" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -l)
+ eat=1
+ func_cl_dashl "$2"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -l*)
+ func_cl_dashl "${1#-l}"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -L)
+ eat=1
+ func_cl_dashL "$2"
+ ;;
+ -L*)
+ func_cl_dashL "${1#-L}"
+ ;;
+ -static)
+ shared=false
+ ;;
+ -Wl,*)
+ arg=${1#-Wl,}
+ save_ifs="$IFS"; IFS=','
+ for flag in $arg; do
+ IFS="$save_ifs"
+ linker_opts="$linker_opts $flag"
+ done
+ IFS="$save_ifs"
+ ;;
+ -Xlinker)
+ eat=1
+ linker_opts="$linker_opts $2"
+ ;;
+ -*)
+ set x "$@" "$1"
+ shift
+ ;;
+ *.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
+ func_file_conv "$1"
+ set x "$@" -Tp"$file"
+ shift
+ ;;
+ *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
+ func_file_conv "$1" mingw
+ set x "$@" "$file"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+ done
+ if test -n "$linker_opts"; then
+ linker_opts="-link$linker_opts"
+ fi
+ exec "$@" $linker_opts
+ exit 1
+}
+
+eat=
+
+case $1 in
+ '')
+ echo "$0: No command. Try '$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand '-c -o'.
+Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file 'INSTALL'.
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "compile $scriptversion"
+ exit $?
+ ;;
+ cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+ func_cl_wrapper "$@" # Doesn't return...
+ ;;
+esac
+
+ofile=
+cfile=
+
+for arg
+do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ # So we strip '-o arg' only if arg is an object.
+ eat=1
+ case $2 in
+ *.o | *.obj)
+ ofile=$2
+ ;;
+ *)
+ set x "$@" -o "$2"
+ shift
+ ;;
+ esac
+ ;;
+ *.c)
+ cfile=$1
+ set x "$@" "$1"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+ # If no '-o' option was seen then we might have been invoked from a
+ # pattern rule where we don't need one. That is ok -- this is a
+ # normal compilation that the losing compiler can handle. If no
+ # '.c' file was seen then we are probably linking. That is also
+ # ok.
+ exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use '[/\\:.-]' here to ensure that we don't use the same name
+# that we are using for the .o file. Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
+while true; do
+ if mkdir "$lockdir" >/dev/null 2>&1; then
+ break
+ fi
+ sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+ test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+ test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/build-aux/config.guess b/build-aux/config.guess
new file mode 100755
index 0000000..d622a44
--- /dev/null
+++ b/build-aux/config.guess
@@ -0,0 +1,1530 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012 Free Software Foundation, Inc.
+
+timestamp='2012-02-10'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner. Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub. If it succeeds, it prints the system name on stdout, and
+# exits with 0. Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help" >&2
+ exit 1 ;;
+ * )
+ break ;;
+ esac
+done
+
+if test $# != 0; then
+ echo "$me: too many arguments$help" >&2
+ exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,) echo "int x;" > $dummy.c ;
+ for c in cc gcc c89 c99 ; do
+ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+ CC_FOR_BUILD="$c"; break ;
+ fi ;
+ done ;
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found ;
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+ *:NetBSD:*:*)
+ # NetBSD (nbsd) targets should (where applicable) match one or
+ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
+ # switched to ELF, *-*-netbsd* would select the old
+ # object file format. This provides both forward
+ # compatibility and a consistent mechanism for selecting the
+ # object file format.
+ #
+ # Note: NetBSD doesn't particularly care about the vendor
+ # portion of the name. We always set it to "unknown".
+ sysctl="sysctl -n hw.machine_arch"
+ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ case "${UNAME_MACHINE_ARCH}" in
+ armeb) machine=armeb-unknown ;;
+ arm*) machine=arm-unknown ;;
+ sh3el) machine=shl-unknown ;;
+ sh3eb) machine=sh-unknown ;;
+ sh5el) machine=sh5le-unknown ;;
+ *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+ esac
+ # The Operating System including object format, if it has switched
+ # to ELF recently, or will in the future.
+ case "${UNAME_MACHINE_ARCH}" in
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ eval $set_cc_for_build
+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ELF__
+ then
+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+ # Return netbsd for either. FIX?
+ os=netbsd
+ else
+ os=netbsdelf
+ fi
+ ;;
+ *)
+ os=netbsd
+ ;;
+ esac
+ # The OS release
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case "${UNAME_VERSION}" in
+ Debian*)
+ release='-gnu'
+ ;;
+ *)
+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ ;;
+ esac
+ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+ # contains redundant information, the shorter form:
+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+ echo "${machine}-${os}${release}"
+ exit ;;
+ *:OpenBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ exit ;;
+ *:ekkoBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ exit ;;
+ *:SolidBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+ exit ;;
+ macppc:MirBSD:*:*)
+ echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ *:MirBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ alpha:OSF1:*:*)
+ case $UNAME_RELEASE in
+ *4.0)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+ ;;
+ *5.*)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ ;;
+ esac
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
+ # A Pn.n version is a patched version.
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+ exitcode=$?
+ trap '' 0
+ exit $exitcode ;;
+ Alpha\ *:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # Should we change UNAME_MACHINE based on the output of uname instead
+ # of the specific Alpha model?
+ echo alpha-pc-interix
+ exit ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+ exit ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-unknown-sysv4
+ exit ;;
+ *:[Aa]miga[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-amigaos
+ exit ;;
+ *:[Mm]orph[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-morphos
+ exit ;;
+ *:OS/390:*:*)
+ echo i370-ibm-openedition
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
+ *:OS400:*:*)
+ echo powerpc-ibm-os400
+ exit ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+ echo hppa1.1-hitachi-hiuxmpp
+ exit ;;
+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+ echo pyramid-pyramid-sysv3
+ else
+ echo pyramid-pyramid-bsd
+ fi
+ exit ;;
+ NILE*:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+ exit ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+ case `/usr/bin/uname -p` in
+ sparc) echo sparc-icl-nx7; exit ;;
+ esac ;;
+ s390x:SunOS:*:*)
+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4H:SunOS:5.*:*)
+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+ echo i386-pc-auroraux${UNAME_RELEASE}
+ exit ;;
+ i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+ eval $set_cc_for_build
+ SUN_ARCH="i386"
+ # If there is a compiler, see if it is configured for 64-bit objects.
+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+ # This test works for both compilers.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ SUN_ARCH="x86_64"
+ fi
+ fi
+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+ UNAME_RELEASE=`uname -v`
+ ;;
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ exit ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ exit ;;
+ sun*:*:4.2BSD:*)
+ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ case "`/bin/arch`" in
+ sun3)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ ;;
+ sun4)
+ echo sparc-sun-sunos${UNAME_RELEASE}
+ ;;
+ esac
+ exit ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+ exit ;;
+ # The situation for MiNT is a little confusing. The machine name
+ # can be virtually everything (everything which is not
+ # "atarist" or "atariste" at least should have a processor
+ # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
+ # to the lowercase version "mint" (or "freemint"). Finally
+ # the system name "TOS" denotes a system which is actually not
+ # MiNT. But MiNT is downward compatible to TOS, so this should
+ # be no problem.
+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
+ m68k:machten:*:*)
+ echo m68k-apple-machten${UNAME_RELEASE}
+ exit ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+ exit ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+ exit ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ 2020:CLIX:*:* | 2430:CLIX:*:*)
+ echo clipper-intergraph-clix${UNAME_RELEASE}
+ exit ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h> /* for printf() prototype */
+ int main (int argc, char *argv[]) {
+#else
+ int main (argc, argv) int argc; char *argv[]; {
+#endif
+ #if defined (host_mips) && defined (MIPSEB)
+ #if defined (SYSTYPE_SYSV)
+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_SVR4)
+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+ #endif
+ #endif
+ exit (-1);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo mips-mips-riscos${UNAME_RELEASE}
+ exit ;;
+ Motorola:PowerMAX_OS:*:*)
+ echo powerpc-motorola-powermax
+ exit ;;
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+ exit ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+ exit ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+ exit ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+ exit ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+ then
+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+ [ ${TARGET_BINARY_INTERFACE}x = x ]
+ then
+ echo m88k-dg-dgux${UNAME_RELEASE}
+ else
+ echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ fi
+ else
+ echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+ exit ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+ exit ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+ exit ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+ exit ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+ exit ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ exit ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i*86:AIX:*:*)
+ echo i386-ibm-aix
+ exit ;;
+ ia64:AIX:*:*)
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <sys/systemcfg.h>
+
+ main()
+ {
+ if (!__power_pc())
+ exit(1);
+ puts("powerpc-ibm-aix3.2.5");
+ exit(0);
+ }
+EOF
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+ exit ;;
+ *:AIX:*:[4567])
+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+ IBM_ARCH=rs6000
+ else
+ IBM_ARCH=powerpc
+ fi
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+ exit ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+ exit ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ exit ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+ exit ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+ exit ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+ exit ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+ exit ;;
+ 9000/[34678]??:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "${UNAME_MACHINE}" in
+ 9000/31? ) HP_ARCH=m68000 ;;
+ 9000/[34]?? ) HP_ARCH=m68k ;;
+ 9000/[678][0-9][0-9])
+ if [ -x /usr/bin/getconf ]; then
+ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
+ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ esac ;;
+ esac
+ fi
+ if [ "${HP_ARCH}" = "" ]; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
+
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
+
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
+EOF
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ test -z "$HP_ARCH" && HP_ARCH=hppa
+ fi ;;
+ esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep -q __LP64__
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ exit ;;
+ ia64:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux${HPUX_REV}
+ exit ;;
+ 3050*:HI-UX:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <unistd.h>
+ int
+ main ()
+ {
+ long cpu = sysconf (_SC_CPU_VERSION);
+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
+ results, however. */
+ if (CPU_IS_PA_RISC (cpu))
+ {
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+ default: puts ("hppa-hitachi-hiuxwe2"); break;
+ }
+ }
+ else if (CPU_IS_HP_MC68K (cpu))
+ puts ("m68k-hitachi-hiuxwe2");
+ else puts ("unknown-hitachi-hiuxwe2");
+ exit (0);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo unknown-hitachi-hiuxwe2
+ exit ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+ exit ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+ exit ;;
+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+ echo hppa1.0-hp-mpeix
+ exit ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+ exit ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+ exit ;;
+ i*86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+ exit ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+ exit ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+ exit ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+ exit ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+ exit ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+ exit ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+ -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*T3E:*:*:*)
+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*SV1:*:*:*)
+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ *:UNICOS/mp:*:*)
+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ 5000:UNIX_System_V:4.*:*)
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ exit ;;
+ sparc*:BSD/OS:*:*)
+ echo sparc-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:FreeBSD:*:*)
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ case ${UNAME_PROCESSOR} in
+ amd64)
+ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ *)
+ echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ esac
+ exit ;;
+ i*:CYGWIN*:*)
+ echo ${UNAME_MACHINE}-pc-cygwin
+ exit ;;
+ *:MINGW*:*)
+ echo ${UNAME_MACHINE}-pc-mingw32
+ exit ;;
+ i*:MSYS*:*)
+ echo ${UNAME_MACHINE}-pc-msys
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
+ i*:PW*:*)
+ echo ${UNAME_MACHINE}-pc-pw32
+ exit ;;
+ *:Interix*:*)
+ case ${UNAME_MACHINE} in
+ x86)
+ echo i586-pc-interix${UNAME_RELEASE}
+ exit ;;
+ authenticamd | genuineintel | EM64T)
+ echo x86_64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ IA64)
+ echo ia64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ esac ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
+ exit ;;
+ 8664:Windows_NT:*)
+ echo x86_64-pc-mks
+ exit ;;
+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+ # UNAME_MACHINE based on the output of uname instead of i386?
+ echo i586-pc-interix
+ exit ;;
+ i*:UWIN*:*)
+ echo ${UNAME_MACHINE}-pc-uwin
+ exit ;;
+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin
+ exit ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ *:GNU:*:*)
+ # the GNU system
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ exit ;;
+ *:GNU/*:*:*)
+ # other systems with GNU libc and userland
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+ exit ;;
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+ exit ;;
+ aarch64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ aarch64_be:Linux:*:*)
+ UNAME_MACHINE=aarch64_be
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit ;;
+ arm*:Linux:*:*)
+ eval $set_cc_for_build
+ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_EABI__
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ else
+ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_PCS_VFP
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ else
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
+ fi
+ fi
+ exit ;;
+ avr32*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ cris:Linux:*:*)
+ echo ${UNAME_MACHINE}-axis-linux-gnu
+ exit ;;
+ crisv32:Linux:*:*)
+ echo ${UNAME_MACHINE}-axis-linux-gnu
+ exit ;;
+ frv:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ hexagon:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ i*86:Linux:*:*)
+ LIBC=gnu
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ exit ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m32r*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ mips:Linux:*:* | mips64:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef ${UNAME_MACHINE}
+ #undef ${UNAME_MACHINE}el
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=${UNAME_MACHINE}el
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=${UNAME_MACHINE}
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
+ or32:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ padre:Linux:*:*)
+ echo sparc-unknown-linux-gnu
+ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+ exit ;;
+ parisc:Linux:*:* | hppa:Linux:*:*)
+ # Look for CPU level
+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+ PA7*) echo hppa1.1-unknown-linux-gnu ;;
+ PA8*) echo hppa2.0-unknown-linux-gnu ;;
+ *) echo hppa-unknown-linux-gnu ;;
+ esac
+ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+ exit ;;
+ s390:Linux:*:* | s390x:Linux:*:*)
+ echo ${UNAME_MACHINE}-ibm-linux
+ exit ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sh*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sparc:Linux:*:* | sparc64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ tile*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ vax:Linux:*:*)
+ echo ${UNAME_MACHINE}-dec-linux-gnu
+ exit ;;
+ x86_64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ xtensa*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ i*86:DYNIX/ptx:4*:*)
+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+ # earlier versions are messed up and put the nodename in both
+ # sysname and nodename.
+ echo i386-sequent-sysv4
+ exit ;;
+ i*86:UNIX_SV:4.2MP:2.*)
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
+ # I just have to hope. -- rms.
+ # Use sysv4.2uw... so that sysv4* matches it.
+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+ exit ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+ exit ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+ exit ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+ exit ;;
+ i*86:syllable:*:*)
+ echo ${UNAME_MACHINE}-pc-syllable
+ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ exit ;;
+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ fi
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ case `/bin/uname -X | grep "^Machine"` in
+ *486*) UNAME_MACHINE=i486 ;;
+ *Pentium) UNAME_MACHINE=i586 ;;
+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+ esac
+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ exit ;;
+ i*86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ elif /bin/uname -X 2>/dev/null >/dev/null ; then
+ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+ && UNAME_MACHINE=i586
+ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+ && UNAME_MACHINE=i686
+ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+ && UNAME_MACHINE=i686
+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+ exit ;;
+ pc:*:*:*)
+ # Left here for compatibility:
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i586.
+ # Note: whatever this is, it MUST be the same as what config.sub
+ # prints for the "djgpp" host, or else GDB configury will decide that
+ # this is a cross-build.
+ echo i586-pc-msdosdjgpp
+ exit ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+ exit ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+ exit ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+ exit ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+ exit ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+ exit ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+ exit ;;
+ M68*:*:R3V[5678]*:*)
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+ OS_REL='.3'
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+ exit ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ rs6000:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+ echo powerpc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+ exit ;;
+ RM*:ReliantUNIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ echo ${UNAME_MACHINE}-sni-sysv4
+ else
+ echo ns32k-sni-sysv
+ fi
+ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes@openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+ exit ;;
+ *:*:*:FTX*)
+ # From seanf@swdc.stratus.com.
+ echo i860-stratus-sysv4
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
+ *:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo hppa1.1-stratus-vos
+ exit ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+ exit ;;
+ news*:NEWS-OS:6*:*)
+ echo mips-sony-newsos6
+ exit ;;
+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+ exit ;;
+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
+ echo powerpc-be-beos
+ exit ;;
+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
+ echo powerpc-apple-beos
+ exit ;;
+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
+ echo i586-pc-beos
+ exit ;;
+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
+ echo i586-pc-haiku
+ exit ;;
+ SX-4:SUPER-UX:*:*)
+ echo sx4-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-5:SUPER-UX:*:*)
+ echo sx5-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-7:SUPER-UX:*:*)
+ echo sx7-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8:SUPER-UX:*:*)
+ echo sx8-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8R:SUPER-UX:*:*)
+ echo sx8r-nec-superux${UNAME_RELEASE}
+ exit ;;
+ Power*:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Rhapsody:*:*)
+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Darwin:*:*)
+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+ case $UNAME_PROCESSOR in
+ i386)
+ eval $set_cc_for_build
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ UNAME_PROCESSOR="x86_64"
+ fi
+ fi ;;
+ unknown) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ exit ;;
+ *:procnto*:*:* | *:QNX:[0123456789]*:*)
+ UNAME_PROCESSOR=`uname -p`
+ if test "$UNAME_PROCESSOR" = "x86"; then
+ UNAME_PROCESSOR=i386
+ UNAME_MACHINE=pc
+ fi
+ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+ exit ;;
+ *:QNX:*:4*)
+ echo i386-pc-qnx
+ exit ;;
+ NEO-?:NONSTOP_KERNEL:*:*)
+ echo neo-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSR-?:NONSTOP_KERNEL:*:*)
+ echo nsr-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ *:NonStop-UX:*:*)
+ echo mips-compaq-nonstopux
+ exit ;;
+ BS2000:POSIX*:*:*)
+ echo bs2000-siemens-sysv
+ exit ;;
+ DS/*:UNIX_System_V:*:*)
+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+ exit ;;
+ *:Plan9:*:*)
+ # "uname -m" is not consistent, so use $cputype instead. 386
+ # is converted to i386 for consistency with other x86
+ # operating systems.
+ if test "$cputype" = "386"; then
+ UNAME_MACHINE=i386
+ else
+ UNAME_MACHINE="$cputype"
+ fi
+ echo ${UNAME_MACHINE}-unknown-plan9
+ exit ;;
+ *:TOPS-10:*:*)
+ echo pdp10-unknown-tops10
+ exit ;;
+ *:TENEX:*:*)
+ echo pdp10-unknown-tenex
+ exit ;;
+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+ echo pdp10-dec-tops20
+ exit ;;
+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+ echo pdp10-xkl-tops20
+ exit ;;
+ *:TOPS-20:*:*)
+ echo pdp10-unknown-tops20
+ exit ;;
+ *:ITS:*:*)
+ echo pdp10-unknown-its
+ exit ;;
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
+ *:DragonFly:*:*)
+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ *:*VMS:*:*)
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ case "${UNAME_MACHINE}" in
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+ i*86:rdos:*:*)
+ echo ${UNAME_MACHINE}-pc-rdos
+ exit ;;
+ i*86:AROS:*:*)
+ echo ${UNAME_MACHINE}-pc-aros
+ exit ;;
+ x86_64:VMkernel:*:*)
+ echo ${UNAME_MACHINE}-unknown-esx
+ exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+ printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+ printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ if (version < 4)
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ else
+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+# include <sys/param.h>
+# if defined (BSD)
+# if BSD == 43
+ printf ("vax-dec-bsd4.3\n"); exit (0);
+# else
+# if BSD == 199006
+ printf ("vax-dec-bsd4.3reno\n"); exit (0);
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# endif
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# else
+ printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+ exit ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ c34*)
+ echo c34-convex-bsd
+ exit ;;
+ c38*)
+ echo c38-convex-bsd
+ exit ;;
+ c4*)
+ echo c4-convex-bsd
+ exit ;;
+ esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo = `(hostinfo) 2>/dev/null`
+/bin/universe = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/build-aux/config.sub b/build-aux/config.sub
new file mode 100755
index 0000000..6205f84
--- /dev/null
+++ b/build-aux/config.sub
@@ -0,0 +1,1782 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012 Free Software Foundation, Inc.
+
+timestamp='2012-04-18'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>. Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+ $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help"
+ exit 1 ;;
+
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+ exit ;;
+
+ * )
+ break ;;
+ esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+ exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+ exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
+ linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
+ storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ android-linux)
+ os=-linux-android
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple | -axis | -knuth | -cray | -microblaze)
+ os=
+ basic_machine=$1
+ ;;
+ -bluegene*)
+ os=-cnk
+ ;;
+ -sim | -cisco | -oki | -wec | -winbond)
+ os=
+ basic_machine=$1
+ ;;
+ -scout)
+ ;;
+ -wrs)
+ os=-vxworks
+ basic_machine=$1
+ ;;
+ -chorusos*)
+ os=-chorusos
+ basic_machine=$1
+ ;;
+ -chorusrdb)
+ os=-chorusrdb
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco6)
+ os=-sco5v6
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5)
+ os=-sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -udk*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*178)
+ os=-lynxos178
+ ;;
+ -lynx*5)
+ os=-lynxos5
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+ -mint | -mint[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
+ | aarch64 | aarch64_be \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+ | be32 | be64 \
+ | bfin \
+ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | epiphany \
+ | fido | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | hexagon \
+ | i370 | i860 | i960 | ia64 \
+ | ip2k | iq2000 \
+ | le32 | le64 \
+ | lm32 \
+ | m32c | m32r | m32rle | m68000 | m68k | m88k \
+ | maxq | mb | microblaze | mcore | mep | metag \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64octeon | mips64octeonel \
+ | mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
+ | moxie \
+ | mt \
+ | msp430 \
+ | nds32 | nds32le | nds32be \
+ | nios | nios2 \
+ | ns16k | ns32k \
+ | open8 \
+ | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle \
+ | pyramid \
+ | rl78 | rx \
+ | score \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+ | spu \
+ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
+ | ubicom32 \
+ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
+ | we32k \
+ | x86 | xc16x | xstormy16 | xtensa \
+ | z8k | z80)
+ basic_machine=$basic_machine-unknown
+ ;;
+ c54x)
+ basic_machine=tic54x-unknown
+ ;;
+ c55x)
+ basic_machine=tic55x-unknown
+ ;;
+ c6x)
+ basic_machine=tic6x-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ ;;
+ ms1)
+ basic_machine=mt-unknown
+ ;;
+
+ strongarm | thumb | xscale)
+ basic_machine=arm-unknown
+ ;;
+ xgate)
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ xscaleeb)
+ basic_machine=armeb-unknown
+ ;;
+
+ xscaleel)
+ basic_machine=armel-unknown
+ ;;
+
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ 580-* \
+ | a29k-* \
+ | aarch64-* | aarch64_be-* \
+ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* | avr32-* \
+ | be32-* | be64-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* \
+ | clipper-* | craynv-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | hexagon-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+ | ip2k-* | iq2000-* \
+ | le32-* | le64-* \
+ | lm32-* \
+ | m32c-* | m32r-* | m32rle-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+ | mips64octeon-* | mips64octeonel-* \
+ | mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
+ | mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | mt-* \
+ | msp430-* \
+ | nds32-* | nds32le-* | nds32be-* \
+ | nios-* | nios2-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | open8-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
+ | pyramid-* \
+ | rl78-* | romp-* | rs6000-* | rx-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | tahoe-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tile*-* \
+ | tron-* \
+ | ubicom32-* \
+ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
+ | vax-* \
+ | we32k-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* \
+ | xstormy16-* | xtensa*-* \
+ | ymp-* \
+ | z8k-* | z80-*)
+ ;;
+ # Recognize the basic CPU types without company name, with glob match.
+ xtensa*)
+ basic_machine=$basic_machine-unknown
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+ basic_machine=i386-unknown
+ os=-bsd
+ ;;
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ abacus)
+ basic_machine=abacus-unknown
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
+ amd64-*)
+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-unknown
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=-amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=-bsd
+ ;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ blackfin)
+ basic_machine=bfin-unknown
+ os=-linux
+ ;;
+ blackfin-*)
+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ bluegene*)
+ basic_machine=powerpc-ibm
+ os=-cnk
+ ;;
+ c54x-*)
+ basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c55x-*)
+ basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c6x-*)
+ basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c90)
+ basic_machine=c90-cray
+ os=-unicos
+ ;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | j90)
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16 | cr16-*)
+ basic_machine=cr16-unknown
+ os=-elf
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
+ crx)
+ basic_machine=crx-unknown
+ os=-elf
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ decsystem10* | dec10*)
+ basic_machine=pdp10-dec
+ os=-tops10
+ ;;
+ decsystem20* | dec20*)
+ basic_machine=pdp10-dec
+ os=-tops20
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=-ose
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=-go32
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=-xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp3k9[0-9][0-9] | hp9[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k6[0-9][0-9] | hp6[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k7[0-79][0-9] | hp7[0-79][0-9])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k78[0-9] | hp78[0-9])
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][13679] | hp8[0-9][13679])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=-osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=-proelf
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ ;;
+ i*86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i*86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i*86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i*86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=-mach
+ ;;
+ i386-vsta | vsta)
+ basic_machine=i386-unknown
+ os=-vsta
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ os=-linux
+ ;;
+ m68knommu-*)
+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ microblaze)
+ basic_machine=microblaze-xilinx
+ ;;
+ mingw32)
+ basic_machine=i386-pc
+ os=-mingw32
+ ;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ os=-mingw32ce
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=-morphos
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=-msdos
+ ;;
+ ms1-*)
+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+ ;;
+ msys)
+ basic_machine=i386-pc
+ os=-msys
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+ nacl)
+ basic_machine=le32-unknown
+ os=-nacl
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-unknown
+ os=-netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=-linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=-sysv
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=-mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=-nonstopux
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ neo-tandem)
+ basic_machine=neo-tandem
+ ;;
+ nse-tandem)
+ basic_machine=nse-tandem
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
+ ;;
+ op50n-* | op60c-*)
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+ openrisc | openrisc-*)
+ basic_machine=or32-unknown
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=-os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=-ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=-os68k
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ parisc)
+ basic_machine=hppa-unknown
+ os=-linux
+ ;;
+ parisc-*)
+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pc98)
+ basic_machine=i386-pc
+ ;;
+ pc98-*)
+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium | p5 | k5 | k6 | nexgen | viac3)
+ basic_machine=i586-pc
+ ;;
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=power-ibm
+ ;;
+ ppc | ppcbe) basic_machine=powerpc-unknown
+ ;;
+ ppc-* | ppcbe-*)
+ basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64) basic_machine=powerpc64-unknown
+ ;;
+ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+ basic_machine=powerpc64le-unknown
+ ;;
+ ppc64le-* | powerpc64little-*)
+ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=-pw32
+ ;;
+ rdos)
+ basic_machine=i386-pc
+ os=-rdos
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ s390 | s390-*)
+ basic_machine=s390-ibm
+ ;;
+ s390x | s390x-*)
+ basic_machine=s390x-ibm
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sde)
+ basic_machine=mipsisa32-sde
+ os=-elf
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sh5el)
+ basic_machine=sh5le-unknown
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=-sysv4
+ ;;
+ strongarm-* | thumb-*)
+ basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=-unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+ tile*)
+ basic_machine=$basic_machine-unknown
+ os=-linux-gnu
+ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+ tx39el)
+ basic_machine=mipstx39el-unknown
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=-tops20
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=-tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=-none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ w65*)
+ basic_machine=w65-wdc
+ os=-none
+ ;;
+ w89k-*)
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ xscale-* | xscalee[bl]-*)
+ basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ z8k-*-coff)
+ basic_machine=z8k-unknown
+ os=-sim
+ ;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ basic_machine=hppa1.1-winbond
+ ;;
+ op50n)
+ basic_machine=hppa1.1-oki
+ ;;
+ op60c)
+ basic_machine=hppa1.1-oki
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp10)
+ # there are many clones, so DEC is not a safe bet
+ basic_machine=pdp10-unknown
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ mac | mpw | mac-mpw)
+ basic_machine=m68k-apple
+ ;;
+ pmac | pmac-mpw)
+ basic_machine=powerpc-apple
+ ;;
+ *-unknown)
+ # Make sure to match an already-canonicalized machine name.
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -auroraux)
+ os=-auroraux
+ ;;
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -svr4*)
+ os=-sysv4
+ ;;
+ -unixware*)
+ os=-sysv4.2uw
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+ | -sym* | -kopensolaris* \
+ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+ | -aos* | -aros* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+ | -openbsd* | -solidbsd* \
+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
+ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -linux-gnu* | -linux-android* \
+ | -linux-newlib* | -linux-uclibc* \
+ | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+ case $basic_machine in
+ x86-* | i*86-*)
+ ;;
+ *)
+ os=-nto$os
+ ;;
+ esac
+ ;;
+ -nto-qnx*)
+ ;;
+ -nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -opened*)
+ os=-openedition
+ ;;
+ -os400*)
+ os=-os400
+ ;;
+ -wince*)
+ os=-wince
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -atheos*)
+ os=-atheos
+ ;;
+ -syllable*)
+ os=-syllable
+ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -nova*)
+ os=-rtmk-nova
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ -nsk*)
+ os=-nsk
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -tpf*)
+ os=-tpf
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -ose*)
+ os=-ose
+ ;;
+ -es1800*)
+ os=-ose
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -dicos*)
+ os=-dicos
+ ;;
+ -nacl*)
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ score-*)
+ os=-elf
+ ;;
+ spu-*)
+ os=-elf
+ ;;
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-rebel)
+ os=-linux
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ hexagon-*)
+ os=-elf
+ ;;
+ tic54x-*)
+ os=-coff
+ ;;
+ tic55x-*)
+ os=-coff
+ ;;
+ tic6x-*)
+ os=-coff
+ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ ;;
+ m68*-cisco)
+ os=-aout
+ ;;
+ mep-*)
+ os=-elf
+ ;;
+ mips*-cisco)
+ os=-elf
+ ;;
+ mips*-*)
+ os=-elf
+ ;;
+ or32-*)
+ os=-coff
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-be)
+ os=-beos
+ ;;
+ *-haiku)
+ os=-haiku
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-knuth)
+ os=-mmixware
+ ;;
+ *-wec)
+ os=-proelf
+ ;;
+ *-winbond)
+ os=-proelf
+ ;;
+ *-oki)
+ os=-proelf
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigaos
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f30[01]-fujitsu | f700-fujitsu)
+ os=-uxpv
+ ;;
+ *-rom68k)
+ os=-coff
+ ;;
+ *-*bug)
+ os=-coff
+ ;;
+ *-apple)
+ os=-macos
+ ;;
+ *-atari*)
+ os=-mint
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -cnk*|-aix*)
+ vendor=ibm
+ ;;
+ -beos*)
+ vendor=be
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -mpeix*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
+ -os400*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -tpf*)
+ vendor=ibm
+ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ -hms*)
+ vendor=hitachi
+ ;;
+ -mpw* | -macos*)
+ vendor=apple
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ vendor=atari
+ ;;
+ -vos*)
+ vendor=stratus
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/depcomp b/build-aux/depcomp
index e5f9736..25a39e6 100755
--- a/depcomp
+++ b/build-aux/depcomp
@@ -1,10 +1,10 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
-scriptversion=2007-03-29.01
+scriptversion=2012-03-27.16; # UTC
-# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007 Free Software
-# Foundation, Inc.
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009, 2010,
+# 2011, 2012 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,9 +17,7 @@ scriptversion=2007-03-29.01
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-# 02110-1301, USA.
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -30,7 +28,7 @@ scriptversion=2007-03-29.01
case $1 in
'')
- echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
@@ -42,11 +40,11 @@ as side-effects.
Environment variables:
depmode Dependency tracking mode.
- source Source file read by `PROGRAMS ARGS'.
- object Object file output by `PROGRAMS ARGS'.
+ source Source file read by 'PROGRAMS ARGS'.
+ object Object file output by 'PROGRAMS ARGS'.
DEPDIR directory where to store dependencies.
depfile Dependency file to output.
- tmpdepfile Temporary file to use when outputing dependencies.
+ tmpdepfile Temporary file to use when outputting dependencies.
libtool Whether libtool is used (yes/no).
Report bugs to <bug-automake@gnu.org>.
@@ -59,6 +57,12 @@ EOF
;;
esac
+# A tabulation character.
+tab=' '
+# A newline character.
+nl='
+'
+
if test -z "$depmode" || test -z "$source" || test -z "$object"; then
echo "depcomp: Variables source, object and depmode must be set" 1>&2
exit 1
@@ -87,6 +91,29 @@ if test "$depmode" = dashXmstdout; then
depmode=dashmstdout
fi
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+ # This is just like msvisualcpp but w/o cygpath translation.
+ # Just convert the backslash-escaped backslashes to single forward
+ # slashes to satisfy depend.m4
+ cygpath_u='sed s,\\\\,/,g'
+ depmode=msvisualcpp
+fi
+
+if test "$depmode" = msvc7msys; then
+ # This is just like msvc7 but w/o cygpath translation.
+ # Just convert the backslash-escaped backslashes to single forward
+ # slashes to satisfy depend.m4
+ cygpath_u='sed s,\\\\,/,g'
+ depmode=msvc7
+fi
+
+if test "$depmode" = xlc; then
+ # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency informations.
+ gccflag=-qmakedep=gcc,-MF
+ depmode=gcc
+fi
+
case "$depmode" in
gcc3)
## gcc 3 implements dependency tracking that does exactly what
@@ -141,20 +168,21 @@ gcc)
## The second -e expression handles DOS-style file names with drive letters.
sed -e 's/^[^:]*: / /' \
-e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
-## This next piece of magic avoids the `deleted header file' problem.
+## This next piece of magic avoids the "deleted header file" problem.
## The problem is that when a header file which appears in a .P file
## is deleted, the dependency causes make to die (because there is
## typically no way to rebuild the header). We avoid this by adding
## dummy dependencies for each header file. Too bad gcc doesn't do
## this for us directly.
- tr ' ' '
-' < "$tmpdepfile" |
-## Some versions of gcc put a space before the `:'. On the theory
+ tr ' ' "$nl" < "$tmpdepfile" |
+## Some versions of gcc put a space before the ':'. On the theory
## that the space means something, we add a space to the output as
-## well.
+## well. hp depmode also adds that space, but also prefixes the VPATH
+## to the object. Take care to not repeat it in the output.
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
- sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
+ | sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
@@ -186,20 +214,17 @@ sgi)
# clever and replace this with sed code, as IRIX sed won't handle
# lines with more than a fixed number of characters (4096 in
# IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
- # the IRIX cc adds comments like `#:fec' to the end of the
+ # the IRIX cc adds comments like '#:fec' to the end of the
# dependency line.
- tr ' ' '
-' < "$tmpdepfile" \
+ tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
- tr '
-' ' ' >> $depfile
- echo >> $depfile
+ tr "$nl" ' ' >> "$depfile"
+ echo >> "$depfile"
# The second pass generates a dummy entry for each header file.
- tr ' ' '
-' < "$tmpdepfile" \
+ tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
- >> $depfile
+ >> "$depfile"
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile
@@ -209,10 +234,17 @@ sgi)
rm -f "$tmpdepfile"
;;
+xlc)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
aix)
# The C for AIX Compiler uses -M and outputs the dependencies
# in a .u file. In older versions, this file always lives in the
- # current directory. Also, the AIX compiler puts `$object:' at the
+ # current directory. Also, the AIX compiler puts '$object:' at the
# start of each line; $object doesn't have directory information.
# Version 6 uses the directory in both cases.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
@@ -242,12 +274,11 @@ aix)
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
- # Each line is of the form `foo.o: dependent.h'.
+ # Each line is of the form 'foo.o: dependent.h'.
# Do two passes, one to just change these to
- # `$object: dependent.h' and one to simply `dependent.h:'.
+ # '$object: dependent.h' and one to simply 'dependent.h:'.
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
- # That's a tab and a space in the [].
- sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile
@@ -258,23 +289,26 @@ aix)
;;
icc)
- # Intel's C compiler understands `-MD -MF file'. However on
- # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+ # Intel's C compiler anf tcc (Tiny C Compiler) understand '-MD -MF file'.
+ # However on
+ # $CC -MD -MF foo.d -c -o sub/foo.o sub/foo.c
# ICC 7.0 will fill foo.d with something like
# foo.o: sub/foo.c
# foo.o: sub/foo.h
- # which is wrong. We want:
+ # which is wrong. We want
# sub/foo.o: sub/foo.c
# sub/foo.o: sub/foo.h
# sub/foo.c:
# sub/foo.h:
# ICC 7.1 will output
# foo.o: sub/foo.c sub/foo.h
- # and will wrap long lines using \ :
+ # and will wrap long lines using '\':
# foo.o: sub/foo.c ... \
# sub/foo.h ... \
# ...
-
+ # tcc 0.9.26 (FIXME still under development at the moment of writing)
+ # will emit a similar output, but also prepend the continuation lines
+ # with horizontal tabulation characters.
"$@" -MD -MF "$tmpdepfile"
stat=$?
if test $stat -eq 0; then :
@@ -283,15 +317,21 @@ icc)
exit $stat
fi
rm -f "$depfile"
- # Each line is of the form `foo.o: dependent.h',
- # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+ # Each line is of the form 'foo.o: dependent.h',
+ # or 'foo.o: dep1.h dep2.h \', or ' dep3.h dep4.h \'.
# Do two passes, one to just change these to
- # `$object: dependent.h' and one to simply `dependent.h:'.
- sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
- # Some versions of the HPUX 10.20 sed can't process this invocation
- # correctly. Breaking it into two sed invocations is a workaround.
- sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
- sed -e 's/$/ :/' >> "$depfile"
+ # '$object: dependent.h' and one to simply 'dependent.h:'.
+ sed -e "s/^[ $tab][ $tab]*/ /" -e "s,^[^:]*:,$object :," \
+ < "$tmpdepfile" > "$depfile"
+ sed '
+ s/[ '"$tab"'][ '"$tab"']*/ /g
+ s/^ *//
+ s/ *\\*$//
+ s/^[^:]*: *//
+ /^$/d
+ /:$/d
+ s/$/ :/
+ ' < "$tmpdepfile" >> "$depfile"
rm -f "$tmpdepfile"
;;
@@ -327,8 +367,13 @@ hp2)
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
- # Add `dependent.h:' lines.
- sed -ne '2,${; s/^ *//; s/ \\*$//; s/$/:/; p;}' "$tmpdepfile" >> "$depfile"
+ # Add 'dependent.h:' lines.
+ sed -ne '2,${
+ s/^ *//
+ s/ \\*$//
+ s/$/:/
+ p
+ }' "$tmpdepfile" >> "$depfile"
else
echo "#dummy" > "$depfile"
fi
@@ -337,9 +382,9 @@ hp2)
tru64)
# The Tru64 compiler uses -MD to generate dependencies as a side
- # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+ # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
- # dependencies in `foo.d' instead, so we check for that too.
+ # dependencies in 'foo.d' instead, so we check for that too.
# Subdirectories are respected.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
test "x$dir" = "x$object" && dir=
@@ -385,14 +430,59 @@ tru64)
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
- # That's a tab and a space in the [].
- sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
echo "#dummy" > "$depfile"
fi
rm -f "$tmpdepfile"
;;
+msvc7)
+ if test "$libtool" = yes; then
+ showIncludes=-Wc,-showIncludes
+ else
+ showIncludes=-showIncludes
+ fi
+ "$@" $showIncludes > "$tmpdepfile"
+ stat=$?
+ grep -v '^Note: including file: ' "$tmpdepfile"
+ if test "$stat" = 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ # The first sed program below extracts the file names and escapes
+ # backslashes for cygpath. The second sed program outputs the file
+ # name when reading, but also accumulates all include files in the
+ # hold buffer in order to output them again at the end. This only
+ # works with sed implementations that can handle large buffers.
+ sed < "$tmpdepfile" -n '
+/^Note: including file: *\(.*\)/ {
+ s//\1/
+ s/\\/\\\\/g
+ p
+}' | $cygpath_u | sort -u | sed -n '
+s/ /\\ /g
+s/\(.*\)/'"$tab"'\1 \\/p
+s/.\(.*\) \\/\1:/
+H
+$ {
+ s/.*/'"$tab"'/
+ G
+ p
+}' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+msvc7msys)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
#nosideeffect)
# This comment above is used by automake to tell side-effect
# dependency tracking mechanisms from slower ones.
@@ -404,13 +494,13 @@ dashmstdout)
# Remove the call to Libtool.
if test "$libtool" = yes; then
- while test $1 != '--mode=compile'; do
+ while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
- # Remove `-o $object'.
+ # Remove '-o $object'.
IFS=" "
for arg
do
@@ -430,15 +520,14 @@ dashmstdout)
done
test -z "$dashmflag" && dashmflag=-M
- # Require at least two characters before searching for `:'
+ # Require at least two characters before searching for ':'
# in the target name. This is to cope with DOS-style filenames:
- # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+ # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
"$@" $dashmflag |
- sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
+ sed 's:^['"$tab"' ]*[^:'"$tab"' ][^:][^:]*\:['"$tab"' ]*:'"$object"'\: :' > "$tmpdepfile"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
- tr ' ' '
-' < "$tmpdepfile" | \
+ tr ' ' "$nl" < "$tmpdepfile" | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
@@ -455,38 +544,46 @@ makedepend)
"$@" || exit $?
# Remove any Libtool call
if test "$libtool" = yes; then
- while test $1 != '--mode=compile'; do
+ while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# X makedepend
shift
- cleared=no
- for arg in "$@"; do
+ cleared=no eat=no
+ for arg
+ do
case $cleared in
no)
set ""; shift
cleared=yes ;;
esac
+ if test $eat = yes; then
+ eat=no
+ continue
+ fi
case "$arg" in
-D*|-I*)
set fnord "$@" "$arg"; shift ;;
# Strip any option that makedepend may not understand. Remove
# the object too, otherwise makedepend will parse it as a source file.
+ -arch)
+ eat=yes ;;
-*|$object)
;;
*)
set fnord "$@" "$arg"; shift ;;
esac
done
- obj_suffix="`echo $object | sed 's/^.*\././'`"
+ obj_suffix=`echo "$object" | sed 's/^.*\././'`
touch "$tmpdepfile"
${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
rm -f "$depfile"
- cat < "$tmpdepfile" > "$depfile"
- sed '1,2d' "$tmpdepfile" | tr ' ' '
-' | \
+ # makedepend may prepend the VPATH from the source file name to the object.
+ # No need to regex-escape $object, excess matching of '.' is harmless.
+ sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
+ sed '1,2d' "$tmpdepfile" | tr ' ' "$nl" | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
@@ -500,13 +597,13 @@ cpp)
# Remove the call to Libtool.
if test "$libtool" = yes; then
- while test $1 != '--mode=compile'; do
+ while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
- # Remove `-o $object'.
+ # Remove '-o $object'.
IFS=" "
for arg
do
@@ -538,13 +635,27 @@ cpp)
msvisualcpp)
# Important note: in order to support this mode, a compiler *must*
- # always write the preprocessed file to stdout, regardless of -o,
- # because we must use -o when running libtool.
+ # always write the preprocessed file to stdout.
"$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
IFS=" "
for arg
do
case "$arg" in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
"-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
set fnord "$@"
shift
@@ -557,16 +668,23 @@ msvisualcpp)
;;
esac
done
- "$@" -E |
- sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile"
+ "$@" -E 2>/dev/null |
+ sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
- . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
- echo " " >> "$depfile"
- . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+ sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
+ echo "$tab" >> "$depfile"
+ sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
rm -f "$tmpdepfile"
;;
+msvcmsys)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
none)
exec "$@"
;;
@@ -585,5 +703,6 @@ exit 0
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
# End:
diff --git a/install-sh b/build-aux/install-sh
index a5897de..a9244eb 100755
--- a/install-sh
+++ b/build-aux/install-sh
@@ -1,7 +1,7 @@
#!/bin/sh
# install - install a program, script, or datafile
-scriptversion=2006-12-25.00
+scriptversion=2011-01-19.21; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@@ -156,6 +156,10 @@ while test $# -ne 0; do
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
+ # Protect names problematic for `test' and other utilities.
+ case $dst_arg in
+ -* | [=\(\)!]) dst_arg=./$dst_arg;;
+ esac
shift;;
-T) no_target_directory=true;;
@@ -186,6 +190,10 @@ if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
fi
shift # arg
dst_arg=$arg
+ # Protect names problematic for `test' and other utilities.
+ case $dst_arg in
+ -* | [=\(\)!]) dst_arg=./$dst_arg;;
+ esac
done
fi
@@ -200,7 +208,11 @@ if test $# -eq 0; then
fi
if test -z "$dir_arg"; then
- trap '(exit $?); exit' 1 2 13 15
+ do_exit='(exit $ret); exit $ret'
+ trap "ret=129; $do_exit" 1
+ trap "ret=130; $do_exit" 2
+ trap "ret=141; $do_exit" 13
+ trap "ret=143; $do_exit" 15
# Set umask so as not to create temps with too-generous modes.
# However, 'strip' requires both read and write access to temps.
@@ -228,9 +240,9 @@ fi
for src
do
- # Protect names starting with `-'.
+ # Protect names problematic for `test' and other utilities.
case $src in
- -*) src=./$src;;
+ -* | [=\(\)!]) src=./$src;;
esac
if test -n "$dir_arg"; then
@@ -252,12 +264,7 @@ do
echo "$0: no destination specified." >&2
exit 1
fi
-
dst=$dst_arg
- # Protect names starting with `-'.
- case $dst in
- -*) dst=./$dst;;
- esac
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
@@ -385,7 +392,7 @@ do
case $dstdir in
/*) prefix='/';;
- -*) prefix='./';;
+ [-=\(\)!]*) prefix='./';;
*) prefix='';;
esac
@@ -403,7 +410,7 @@ do
for d
do
- test -z "$d" && continue
+ test X"$d" = X && continue
prefix=$prefix$d
if test -d "$prefix"; then
@@ -515,5 +522,6 @@ done
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
# End:
diff --git a/ltmain.sh b/build-aux/ltmain.sh
index c8485ab..499e473 100644
--- a/ltmain.sh
+++ b/build-aux/ltmain.sh
@@ -1,9 +1,9 @@
-# Generated from ltmain.m4sh.
-# ltmain.sh (GNU libtool) 2.2.4
+# libtool (GNU libtool) 2.4.2
# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc.
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
+# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
# This is free software; see the source for copying conditions. There is NO
# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@@ -32,50 +32,57 @@
#
# Provide generalized library-building support services.
#
-# --config show all configuration variables
-# --debug enable verbose shell tracing
-# -n, --dry-run display commands without modifying any files
-# --features display basic configuration information and exit
-# --mode=MODE use operation mode MODE
-# --preserve-dup-deps don't remove duplicate dependency libraries
-# --quiet, --silent don't print informational messages
-# --tag=TAG use configuration variables from tag TAG
-# -v, --verbose print informational messages (default)
-# --version print version information
-# -h, --help print short or long help message
+# --config show all configuration variables
+# --debug enable verbose shell tracing
+# -n, --dry-run display commands without modifying any files
+# --features display basic configuration information and exit
+# --mode=MODE use operation mode MODE
+# --preserve-dup-deps don't remove duplicate dependency libraries
+# --quiet, --silent don't print informational messages
+# --no-quiet, --no-silent
+# print informational messages (default)
+# --no-warn don't display warning messages
+# --tag=TAG use configuration variables from tag TAG
+# -v, --verbose print more informational messages than default
+# --no-verbose don't print the extra informational messages
+# --version print version information
+# -h, --help, --help-all print short, long, or detailed help message
#
# MODE must be one of the following:
#
-# clean remove files from the build directory
-# compile compile a source file into a libtool object
-# execute automatically set library path, then run a program
-# finish complete the installation of libtool libraries
-# install install libraries or executables
-# link create a library or an executable
-# uninstall remove libraries from an installed directory
+# clean remove files from the build directory
+# compile compile a source file into a libtool object
+# execute automatically set library path, then run a program
+# finish complete the installation of libtool libraries
+# install install libraries or executables
+# link create a library or an executable
+# uninstall remove libraries from an installed directory
#
-# MODE-ARGS vary depending on the MODE.
+# MODE-ARGS vary depending on the MODE. When passed as first option,
+# `--mode=MODE' may be abbreviated as `MODE' or a unique abbreviation of that.
# Try `$progname --help --mode=MODE' for a more detailed description of MODE.
#
# When reporting a bug, please describe a test case to reproduce it and
# include the following information:
#
-# host-triplet: $host
-# shell: $SHELL
-# compiler: $LTCC
-# compiler flags: $LTCFLAGS
-# linker: $LD (gnu? $with_gnu_ld)
-# $progname: (GNU libtool) 2.2.4
-# automake: $automake_version
-# autoconf: $autoconf_version
+# host-triplet: $host
+# shell: $SHELL
+# compiler: $LTCC
+# compiler flags: $LTCFLAGS
+# linker: $LD (gnu? $with_gnu_ld)
+# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1.2
+# automake: $automake_version
+# autoconf: $autoconf_version
#
# Report bugs to <bug-libtool@gnu.org>.
+# GNU libtool home page: <http://www.gnu.org/software/libtool/>.
+# General help using GNU software: <http://www.gnu.org/gethelp/>.
-PROGRAM=ltmain.sh
+PROGRAM=libtool
PACKAGE=libtool
-VERSION=2.2.4
+VERSION="2.4.2 Debian-2.4.2-1.2"
TIMESTAMP=""
-package_revision=1.2976
+package_revision=1.3337
# Be Bourne compatible
if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
@@ -91,10 +98,15 @@ fi
BIN_SH=xpg4; export BIN_SH # for Tru64
DUALCASE=1; export DUALCASE # for MKS sh
+# A function that is used when there is no print builtin or printf.
+func_fallback_echo ()
+{
+ eval 'cat <<_LTECHO_EOF
+$1
+_LTECHO_EOF'
+}
+
# NLS nuisances: We save the old values to restore during execute mode.
-# Only set LANG and LC_ALL to C if already set.
-# These must not be set unconditionally because not all systems understand
-# e.g. LANG=C (notably SCO).
lt_user_locale=
lt_safe_locale=
for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
@@ -107,24 +119,28 @@ do
lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\"
fi"
done
+LC_ALL=C
+LANGUAGE=C
+export LANGUAGE LC_ALL
$lt_unset CDPATH
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
: ${CP="cp -f"}
-: ${ECHO="echo"}
-: ${EGREP="/usr/bin/grep -E"}
-: ${FGREP="/usr/bin/grep -F"}
-: ${GREP="/usr/bin/grep"}
-: ${LN_S="ln -s"}
+test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'}
: ${MAKE="make"}
: ${MKDIR="mkdir"}
: ${MV="mv -f"}
: ${RM="rm -f"}
-: ${SED="/opt/local/bin/gsed"}
: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
: ${Xsed="$SED -e 1s/^X//"}
@@ -144,6 +160,27 @@ IFS=" $lt_nl"
dirname="s,/[^/]*$,,"
basename="s,^.*/,,"
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ func_dirname_result=`$ECHO "${1}" | $SED "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+} # func_dirname may be replaced by extended shell implementation
+
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result=`$ECHO "${1}" | $SED "$basename"`
+} # func_basename may be replaced by extended shell implementation
+
+
# func_dirname_and_basename file append nondir_replacement
# perform func_basename and func_dirname in a single function
# call:
@@ -158,33 +195,183 @@ basename="s,^.*/,,"
# those functions but instead duplicate the functionality here.
func_dirname_and_basename ()
{
- # Extract subdirectory from the argument.
- func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
- if test "X$func_dirname_result" = "X${1}"; then
- func_dirname_result="${3}"
- else
- func_dirname_result="$func_dirname_result${2}"
- fi
- func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "${1}" | $SED -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+ func_basename_result=`$ECHO "${1}" | $SED -e "$basename"`
+} # func_dirname_and_basename may be replaced by extended shell implementation
+
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+# func_strip_suffix prefix name
+func_stripname ()
+{
+ case ${2} in
+ .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;;
+ *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;;
+ esac
+} # func_stripname may be replaced by extended shell implementation
+
+
+# These SED scripts presuppose an absolute path with a trailing slash.
+pathcar='s,^/\([^/]*\).*$,\1,'
+pathcdr='s,^/[^/]*,,'
+removedotparts=':dotsl
+ s@/\./@/@g
+ t dotsl
+ s,/\.$,/,'
+collapseslashes='s@/\{1,\}@/@g'
+finalslash='s,/*$,/,'
+
+# func_normal_abspath PATH
+# Remove doubled-up and trailing slashes, "." path components,
+# and cancel out any ".." path components in PATH after making
+# it an absolute path.
+# value returned in "$func_normal_abspath_result"
+func_normal_abspath ()
+{
+ # Start from root dir and reassemble the path.
+ func_normal_abspath_result=
+ func_normal_abspath_tpath=$1
+ func_normal_abspath_altnamespace=
+ case $func_normal_abspath_tpath in
+ "")
+ # Empty path, that just means $cwd.
+ func_stripname '' '/' "`pwd`"
+ func_normal_abspath_result=$func_stripname_result
+ return
+ ;;
+ # The next three entries are used to spot a run of precisely
+ # two leading slashes without using negated character classes;
+ # we take advantage of case's first-match behaviour.
+ ///*)
+ # Unusual form of absolute path, do nothing.
+ ;;
+ //*)
+ # Not necessarily an ordinary path; POSIX reserves leading '//'
+ # and for example Cygwin uses it to access remote file shares
+ # over CIFS/SMB, so we conserve a leading double slash if found.
+ func_normal_abspath_altnamespace=/
+ ;;
+ /*)
+ # Absolute path, do nothing.
+ ;;
+ *)
+ # Relative path, prepend $cwd.
+ func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath
+ ;;
+ esac
+ # Cancel out all the simple stuff to save iterations. We also want
+ # the path to end with a slash for ease of parsing, so make sure
+ # there is one (and only one) here.
+ func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
+ -e "$removedotparts" -e "$collapseslashes" -e "$finalslash"`
+ while :; do
+ # Processed it all yet?
+ if test "$func_normal_abspath_tpath" = / ; then
+ # If we ascended to the root using ".." the result may be empty now.
+ if test -z "$func_normal_abspath_result" ; then
+ func_normal_abspath_result=/
+ fi
+ break
+ fi
+ func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \
+ -e "$pathcar"`
+ func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
+ -e "$pathcdr"`
+ # Figure out what to do with it
+ case $func_normal_abspath_tcomponent in
+ "")
+ # Trailing empty path component, ignore it.
+ ;;
+ ..)
+ # Parent dir; strip last assembled component from result.
+ func_dirname "$func_normal_abspath_result"
+ func_normal_abspath_result=$func_dirname_result
+ ;;
+ *)
+ # Actual path component, append it.
+ func_normal_abspath_result=$func_normal_abspath_result/$func_normal_abspath_tcomponent
+ ;;
+ esac
+ done
+ # Restore leading double-slash if one was found on entry.
+ func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result
}
-# Generated shell functions inserted here.
+# func_relative_path SRCDIR DSTDIR
+# generates a relative path from SRCDIR to DSTDIR, with a trailing
+# slash if non-empty, suitable for immediately appending a filename
+# without needing to append a separator.
+# value returned in "$func_relative_path_result"
+func_relative_path ()
+{
+ func_relative_path_result=
+ func_normal_abspath "$1"
+ func_relative_path_tlibdir=$func_normal_abspath_result
+ func_normal_abspath "$2"
+ func_relative_path_tbindir=$func_normal_abspath_result
+
+ # Ascend the tree starting from libdir
+ while :; do
+ # check if we have found a prefix of bindir
+ case $func_relative_path_tbindir in
+ $func_relative_path_tlibdir)
+ # found an exact match
+ func_relative_path_tcancelled=
+ break
+ ;;
+ $func_relative_path_tlibdir*)
+ # found a matching prefix
+ func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir"
+ func_relative_path_tcancelled=$func_stripname_result
+ if test -z "$func_relative_path_result"; then
+ func_relative_path_result=.
+ fi
+ break
+ ;;
+ *)
+ func_dirname $func_relative_path_tlibdir
+ func_relative_path_tlibdir=${func_dirname_result}
+ if test "x$func_relative_path_tlibdir" = x ; then
+ # Have to descend all the way to the root!
+ func_relative_path_result=../$func_relative_path_result
+ func_relative_path_tcancelled=$func_relative_path_tbindir
+ break
+ fi
+ func_relative_path_result=../$func_relative_path_result
+ ;;
+ esac
+ done
-# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
-# is ksh but when the shell is invoked as "sh" and the current value of
-# the _XPG environment variable is not equal to 1 (one), the special
-# positional parameter $0, within a function call, is the name of the
-# function.
-progpath="$0"
+ # Now calculate path; take care to avoid doubling-up slashes.
+ func_stripname '' '/' "$func_relative_path_result"
+ func_relative_path_result=$func_stripname_result
+ func_stripname '/' '/' "$func_relative_path_tcancelled"
+ if test "x$func_stripname_result" != x ; then
+ func_relative_path_result=${func_relative_path_result}/${func_stripname_result}
+ fi
+
+ # Normalisation. If bindir is libdir, return empty string,
+ # else relative path ending with a slash; either way, target
+ # file name can be directly appended.
+ if test ! -z "$func_relative_path_result"; then
+ func_stripname './' '' "$func_relative_path_result/"
+ func_relative_path_result=$func_stripname_result
+ fi
+}
# The name of this program:
-# In the unlikely event $progname began with a '-', it would play havoc with
-# func_echo (imagine progname=-n), so we prepend ./ in that case:
func_dirname_and_basename "$progpath"
progname=$func_basename_result
-case $progname in
- -*) progname=./$progname ;;
-esac
# Make sure we have an absolute path for reexecution:
case $progpath in
@@ -196,7 +383,7 @@ case $progpath in
;;
*)
save_IFS="$IFS"
- IFS=:
+ IFS=${PATH_SEPARATOR-:}
for progdir in $PATH; do
IFS="$save_IFS"
test -x "$progdir/$progname" && break
@@ -215,6 +402,15 @@ sed_quote_subst='s/\([`"$\\]\)/\\\1/g'
# Same as above, but do not quote variable references.
double_quote_subst='s/\(["`\\]\)/\\\1/g'
+# Sed substitution that turns a string into a regex matching for the
+# string literally.
+sed_make_literal_regex='s,[].[^$\\*\/],\\&,g'
+
+# Sed substitution that converts a w32 file name or path
+# which contains forward slashes, into one that contains
+# (escaped) backslashes. A very naive implementation.
+lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+
# Re-`\' parameter expansions in output of double_quote_subst that were
# `\'-ed in input to the same. If an odd number of `\' preceded a '$'
# in input to double_quote_subst, that '$' was protected from expansion.
@@ -243,7 +439,7 @@ opt_warning=:
# name if it has been set yet.
func_echo ()
{
- $ECHO "$progname${mode+: }$mode: $*"
+ $ECHO "$progname: ${opt_mode+$opt_mode: }$*"
}
# func_verbose arg...
@@ -258,18 +454,25 @@ func_verbose ()
:
}
+# func_echo_all arg...
+# Invoke $ECHO with all args, space-separated.
+func_echo_all ()
+{
+ $ECHO "$*"
+}
+
# func_error arg...
# Echo program name prefixed message to standard error.
func_error ()
{
- $ECHO "$progname${mode+: }$mode: "${1+"$@"} 1>&2
+ $ECHO "$progname: ${opt_mode+$opt_mode: }"${1+"$@"} 1>&2
}
# func_warning arg...
# Echo program name prefixed warning message to standard error.
func_warning ()
{
- $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2
+ $opt_warning && $ECHO "$progname: ${opt_mode+$opt_mode: }warning: "${1+"$@"} 1>&2
# bash bug again:
:
@@ -326,9 +529,9 @@ func_mkdir_p ()
case $my_directory_path in */*) ;; *) break ;; esac
# ...otherwise throw away the child directory and loop
- my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"`
+ my_directory_path=`$ECHO "$my_directory_path" | $SED -e "$dirname"`
done
- my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'`
+ my_dir_list=`$ECHO "$my_dir_list" | $SED 's,:*$,,'`
save_mkdir_p_IFS="$IFS"; IFS=':'
for my_dir in $my_dir_list; do
@@ -378,7 +581,7 @@ func_mktempdir ()
func_fatal_error "cannot create temporary directory \`$my_tmpdir'"
fi
- $ECHO "X$my_tmpdir" | $Xsed
+ $ECHO "$my_tmpdir"
}
@@ -392,7 +595,7 @@ func_quote_for_eval ()
{
case $1 in
*[\\\`\"\$]*)
- func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;;
+ func_quote_for_eval_unquoted_result=`$ECHO "$1" | $SED "$sed_quote_subst"` ;;
*)
func_quote_for_eval_unquoted_result="$1" ;;
esac
@@ -419,7 +622,7 @@ func_quote_for_expand ()
{
case $1 in
*[\\\`\"]*)
- my_arg=`$ECHO "X$1" | $Xsed \
+ my_arg=`$ECHO "$1" | $SED \
-e "$double_quote_subst" -e "$sed_double_backslash"` ;;
*)
my_arg="$1" ;;
@@ -488,15 +691,39 @@ func_show_eval_locale ()
fi
}
-
-
+# func_tr_sh
+# Turn $1 into a string suitable for a shell variable name.
+# Result is stored in $func_tr_sh_result. All characters
+# not in the set a-zA-Z0-9_ are replaced with '_'. Further,
+# if $1 begins with a digit, a '_' is prepended as well.
+func_tr_sh ()
+{
+ case $1 in
+ [0-9]* | *[!a-zA-Z0-9_]*)
+ func_tr_sh_result=`$ECHO "$1" | $SED 's/^\([0-9]\)/_\1/; s/[^a-zA-Z0-9_]/_/g'`
+ ;;
+ * )
+ func_tr_sh_result=$1
+ ;;
+ esac
+}
# func_version
# Echo version message to standard output and exit.
func_version ()
{
- $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / {
+ $opt_debug
+
+ $SED -n '/(C)/!b go
+ :more
+ /\./!{
+ N
+ s/\n# / /
+ b more
+ }
+ :go
+ /^# '$PROGRAM' (GNU /,/# warranty; / {
s/^# //
s/^# *$//
s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/
@@ -509,22 +736,28 @@ func_version ()
# Echo short help message to standard output and exit.
func_usage ()
{
- $SED -n '/^# Usage:/,/# -h/ {
+ $opt_debug
+
+ $SED -n '/^# Usage:/,/^# *.*--help/ {
s/^# //
s/^# *$//
s/\$progname/'$progname'/
p
}' < "$progpath"
- $ECHO
+ echo
$ECHO "run \`$progname --help | more' for full usage"
exit $?
}
-# func_help
-# Echo long help message to standard output and exit.
+# func_help [NOEXIT]
+# Echo long help message to standard output and exit,
+# unless 'noexit' is passed as argument.
func_help ()
{
+ $opt_debug
+
$SED -n '/^# Usage:/,/# Report bugs to/ {
+ :print
s/^# //
s/^# *$//
s*\$progname*'$progname'*
@@ -534,11 +767,18 @@ func_help ()
s*\$LTCFLAGS*'"$LTCFLAGS"'*
s*\$LD*'"$LD"'*
s/\$with_gnu_ld/'"$with_gnu_ld"'/
- s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
- s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
+ s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/
+ s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/
p
- }' < "$progpath"
- exit $?
+ d
+ }
+ /^# .* home page:/b print
+ /^# General help using/b print
+ ' < "$progpath"
+ ret=$?
+ if test -z "$1"; then
+ exit $ret
+ fi
}
# func_missing_arg argname
@@ -546,63 +786,106 @@ func_help ()
# exit_cmd.
func_missing_arg ()
{
- func_error "missing argument for $1"
+ $opt_debug
+
+ func_error "missing argument for $1."
exit_cmd=exit
}
-exit_cmd=:
+# func_split_short_opt shortopt
+# Set func_split_short_opt_name and func_split_short_opt_arg shell
+# variables after splitting SHORTOPT after the 2nd character.
+func_split_short_opt ()
+{
+ my_sed_short_opt='1s/^\(..\).*$/\1/;q'
+ my_sed_short_rest='1s/^..\(.*\)$/\1/;q'
+ func_split_short_opt_name=`$ECHO "$1" | $SED "$my_sed_short_opt"`
+ func_split_short_opt_arg=`$ECHO "$1" | $SED "$my_sed_short_rest"`
+} # func_split_short_opt may be replaced by extended shell implementation
+
+
+# func_split_long_opt longopt
+# Set func_split_long_opt_name and func_split_long_opt_arg shell
+# variables after splitting LONGOPT at the `=' sign.
+func_split_long_opt ()
+{
+ my_sed_long_opt='1s/^\(--[^=]*\)=.*/\1/;q'
+ my_sed_long_arg='1s/^--[^=]*=//'
+
+ func_split_long_opt_name=`$ECHO "$1" | $SED "$my_sed_long_opt"`
+ func_split_long_opt_arg=`$ECHO "$1" | $SED "$my_sed_long_arg"`
+} # func_split_long_opt may be replaced by extended shell implementation
+
+exit_cmd=:
-# Check that we have a working $ECHO.
-if test "X$1" = X--no-reexec; then
- # Discard the --no-reexec flag, and continue.
- shift
-elif test "X$1" = X--fallback-echo; then
- # Avoid inline document here, it may be left over
- :
-elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then
- # Yippee, $ECHO works!
- :
-else
- # Restart under the correct shell, and then maybe $ECHO will work.
- exec $SHELL "$progpath" --no-reexec ${1+"$@"}
-fi
-if test "X$1" = X--fallback-echo; then
- # used as fallback echo
- shift
- cat <<EOF
-$*
-EOF
- exit $EXIT_SUCCESS
-fi
magic="%%%MAGIC variable%%%"
magic_exe="%%%MAGIC EXE variable%%%"
# Global variables.
-# $mode is unset
nonopt=
-execute_dlfiles=
preserve_args=
lo2o="s/\\.lo\$/.${objext}/"
o2lo="s/\\.${objext}\$/.lo/"
extracted_archives=
extracted_serial=0
-opt_dry_run=false
-opt_duplicate_deps=false
-opt_silent=false
-opt_debug=:
-
# If this variable is set in any of the actions, the command in it
# will be execed at the end. This prevents here-documents from being
# left over by shells.
exec_cmd=
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "${1}=\$${1}\${2}"
+} # func_append may be replaced by extended shell implementation
+
+# func_append_quoted var value
+# Quote VALUE and append to the end of shell variable VAR, separated
+# by a space.
+func_append_quoted ()
+{
+ func_quote_for_eval "${2}"
+ eval "${1}=\$${1}\\ \$func_quote_for_eval_result"
+} # func_append_quoted may be replaced by extended shell implementation
+
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=`expr "${@}"`
+} # func_arith may be replaced by extended shell implementation
+
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=`expr "${1}" : ".*" 2>/dev/null || echo $max_cmd_len`
+} # func_len may be replaced by extended shell implementation
+
+
+# func_lo2o object
+func_lo2o ()
+{
+ func_lo2o_result=`$ECHO "${1}" | $SED "$lo2o"`
+} # func_lo2o may be replaced by extended shell implementation
+
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=`$ECHO "${1}" | $SED 's/\.[^.]*$/.lo/'`
+} # func_xform may be replaced by extended shell implementation
+
+
# func_fatal_configuration arg...
# Echo program name prefixed message to standard error, followed by
# a configuration failure hint, and exit.
@@ -636,16 +919,16 @@ func_config ()
# Display the features supported by this script.
func_features ()
{
- $ECHO "host: $host"
+ echo "host: $host"
if test "$build_libtool_libs" = yes; then
- $ECHO "enable shared libraries"
+ echo "enable shared libraries"
else
- $ECHO "disable shared libraries"
+ echo "disable shared libraries"
fi
if test "$build_old_libs" = yes; then
- $ECHO "enable static libraries"
+ echo "enable static libraries"
else
- $ECHO "disable static libraries"
+ echo "disable static libraries"
fi
exit $?
@@ -692,133 +975,6 @@ func_enable_tag ()
esac
}
-# Parse options once, thoroughly. This comes as soon as possible in
-# the script to make things like `libtool --version' happen quickly.
-{
-
- # Shorthand for --mode=foo, only valid as the first argument
- case $1 in
- clean|clea|cle|cl)
- shift; set dummy --mode clean ${1+"$@"}; shift
- ;;
- compile|compil|compi|comp|com|co|c)
- shift; set dummy --mode compile ${1+"$@"}; shift
- ;;
- execute|execut|execu|exec|exe|ex|e)
- shift; set dummy --mode execute ${1+"$@"}; shift
- ;;
- finish|finis|fini|fin|fi|f)
- shift; set dummy --mode finish ${1+"$@"}; shift
- ;;
- install|instal|insta|inst|ins|in|i)
- shift; set dummy --mode install ${1+"$@"}; shift
- ;;
- link|lin|li|l)
- shift; set dummy --mode link ${1+"$@"}; shift
- ;;
- uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
- shift; set dummy --mode uninstall ${1+"$@"}; shift
- ;;
- esac
-
- # Parse non-mode specific arguments:
- while test "$#" -gt 0; do
- opt="$1"
- shift
-
- case $opt in
- --config) func_config ;;
-
- --debug) preserve_args="$preserve_args $opt"
- func_echo "enabling shell trace mode"
- opt_debug='set -x'
- $opt_debug
- ;;
-
- -dlopen) test "$#" -eq 0 && func_missing_arg "$opt" && break
- execute_dlfiles="$execute_dlfiles $1"
- shift
- ;;
-
- --dry-run | -n) opt_dry_run=: ;;
- --features) func_features ;;
- --finish) mode="finish" ;;
-
- --mode) test "$#" -eq 0 && func_missing_arg "$opt" && break
- case $1 in
- # Valid mode arguments:
- clean) ;;
- compile) ;;
- execute) ;;
- finish) ;;
- install) ;;
- link) ;;
- relink) ;;
- uninstall) ;;
-
- # Catch anything else as an error
- *) func_error "invalid argument for $opt"
- exit_cmd=exit
- break
- ;;
- esac
-
- mode="$1"
- shift
- ;;
-
- --preserve-dup-deps)
- opt_duplicate_deps=: ;;
-
- --quiet|--silent) preserve_args="$preserve_args $opt"
- opt_silent=:
- ;;
-
- --verbose| -v) preserve_args="$preserve_args $opt"
- opt_silent=false
- ;;
-
- --tag) test "$#" -eq 0 && func_missing_arg "$opt" && break
- preserve_args="$preserve_args $opt $1"
- func_enable_tag "$1" # tagname is set here
- shift
- ;;
-
- # Separate optargs to long options:
- -dlopen=*|--mode=*|--tag=*)
- func_opt_split "$opt"
- set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"}
- shift
- ;;
-
- -\?|-h) func_usage ;;
- --help) opt_help=: ;;
- --version) func_version ;;
-
- -*) func_fatal_help "unrecognized option \`$opt'" ;;
-
- *) nonopt="$opt"
- break
- ;;
- esac
- done
-
-
- case $host in
- *cygwin* | *mingw* | *pw32*)
- # don't eliminate duplications in $postdeps and $predeps
- opt_duplicate_compiler_generated_deps=:
- ;;
- *)
- opt_duplicate_compiler_generated_deps=$opt_duplicate_deps
- ;;
- esac
-
- # Having warned about all mis-specified options, bail out if
- # anything was wrong.
- $exit_cmd $EXIT_FAILURE
-}
-
# func_check_version_match
# Ensure that we are using m4 macros, and libtool script from the same
# release of libtool.
@@ -855,46 +1011,228 @@ _LT_EOF
}
-## ----------- ##
-## Main. ##
-## ----------- ##
+# Shorthand for --mode=foo, only valid as the first argument
+case $1 in
+clean|clea|cle|cl)
+ shift; set dummy --mode clean ${1+"$@"}; shift
+ ;;
+compile|compil|compi|comp|com|co|c)
+ shift; set dummy --mode compile ${1+"$@"}; shift
+ ;;
+execute|execut|execu|exec|exe|ex|e)
+ shift; set dummy --mode execute ${1+"$@"}; shift
+ ;;
+finish|finis|fini|fin|fi|f)
+ shift; set dummy --mode finish ${1+"$@"}; shift
+ ;;
+install|instal|insta|inst|ins|in|i)
+ shift; set dummy --mode install ${1+"$@"}; shift
+ ;;
+link|lin|li|l)
+ shift; set dummy --mode link ${1+"$@"}; shift
+ ;;
+uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
+ shift; set dummy --mode uninstall ${1+"$@"}; shift
+ ;;
+esac
-$opt_help || {
- # Sanity checks first:
- func_check_version_match
- if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
- func_fatal_configuration "not configured to build any kind of library"
- fi
- test -z "$mode" && func_fatal_error "error: you must specify a MODE."
+# Option defaults:
+opt_debug=:
+opt_dry_run=false
+opt_config=false
+opt_preserve_dup_deps=false
+opt_features=false
+opt_finish=false
+opt_help=false
+opt_help_all=false
+opt_silent=:
+opt_warning=:
+opt_verbose=:
+opt_silent=false
+opt_verbose=false
- # Darwin sucks
- eval std_shrext=\"$shrext_cmds\"
+# Parse options once, thoroughly. This comes as soon as possible in the
+# script to make things like `--version' happen as quickly as we can.
+{
+ # this just eases exit handling
+ while test $# -gt 0; do
+ opt="$1"
+ shift
+ case $opt in
+ --debug|-x) opt_debug='set -x'
+ func_echo "enabling shell trace mode"
+ $opt_debug
+ ;;
+ --dry-run|--dryrun|-n)
+ opt_dry_run=:
+ ;;
+ --config)
+ opt_config=:
+func_config
+ ;;
+ --dlopen|-dlopen)
+ optarg="$1"
+ opt_dlopen="${opt_dlopen+$opt_dlopen
+}$optarg"
+ shift
+ ;;
+ --preserve-dup-deps)
+ opt_preserve_dup_deps=:
+ ;;
+ --features)
+ opt_features=:
+func_features
+ ;;
+ --finish)
+ opt_finish=:
+set dummy --mode finish ${1+"$@"}; shift
+ ;;
+ --help)
+ opt_help=:
+ ;;
+ --help-all)
+ opt_help_all=:
+opt_help=': help-all'
+ ;;
+ --mode)
+ test $# = 0 && func_missing_arg $opt && break
+ optarg="$1"
+ opt_mode="$optarg"
+case $optarg in
+ # Valid mode arguments:
+ clean|compile|execute|finish|install|link|relink|uninstall) ;;
+
+ # Catch anything else as an error
+ *) func_error "invalid argument for $opt"
+ exit_cmd=exit
+ break
+ ;;
+esac
+ shift
+ ;;
+ --no-silent|--no-quiet)
+ opt_silent=false
+func_append preserve_args " $opt"
+ ;;
+ --no-warning|--no-warn)
+ opt_warning=false
+func_append preserve_args " $opt"
+ ;;
+ --no-verbose)
+ opt_verbose=false
+func_append preserve_args " $opt"
+ ;;
+ --silent|--quiet)
+ opt_silent=:
+func_append preserve_args " $opt"
+ opt_verbose=false
+ ;;
+ --verbose|-v)
+ opt_verbose=:
+func_append preserve_args " $opt"
+opt_silent=false
+ ;;
+ --tag)
+ test $# = 0 && func_missing_arg $opt && break
+ optarg="$1"
+ opt_tag="$optarg"
+func_append preserve_args " $opt $optarg"
+func_enable_tag "$optarg"
+ shift
+ ;;
+ -\?|-h) func_usage ;;
+ --help) func_help ;;
+ --version) func_version ;;
- # Only execute mode is allowed to have -dlopen flags.
- if test -n "$execute_dlfiles" && test "$mode" != execute; then
- func_error "unrecognized option \`-dlopen'"
- $ECHO "$help" 1>&2
- exit $EXIT_FAILURE
+ # Separate optargs to long options:
+ --*=*)
+ func_split_long_opt "$opt"
+ set dummy "$func_split_long_opt_name" "$func_split_long_opt_arg" ${1+"$@"}
+ shift
+ ;;
+
+ # Separate non-argument short options:
+ -\?*|-h*|-n*|-v*)
+ func_split_short_opt "$opt"
+ set dummy "$func_split_short_opt_name" "-$func_split_short_opt_arg" ${1+"$@"}
+ shift
+ ;;
+
+ --) break ;;
+ -*) func_fatal_help "unrecognized option \`$opt'" ;;
+ *) set dummy "$opt" ${1+"$@"}; shift; break ;;
+ esac
+ done
+
+ # Validate options:
+
+ # save first non-option argument
+ if test "$#" -gt 0; then
+ nonopt="$opt"
+ shift
fi
- # Change the help message to a mode-specific one.
- generic_help="$help"
- help="Try \`$progname --help --mode=$mode' for more information."
+ # preserve --debug
+ test "$opt_debug" = : || func_append preserve_args " --debug"
+
+ case $host in
+ *cygwin* | *mingw* | *pw32* | *cegcc*)
+ # don't eliminate duplications in $postdeps and $predeps
+ opt_duplicate_compiler_generated_deps=:
+ ;;
+ *)
+ opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps
+ ;;
+ esac
+
+ $opt_help || {
+ # Sanity checks first:
+ func_check_version_match
+
+ if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+ func_fatal_configuration "not configured to build any kind of library"
+ fi
+
+ # Darwin sucks
+ eval std_shrext=\"$shrext_cmds\"
+
+ # Only execute mode is allowed to have -dlopen flags.
+ if test -n "$opt_dlopen" && test "$opt_mode" != execute; then
+ func_error "unrecognized option \`-dlopen'"
+ $ECHO "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Change the help message to a mode-specific one.
+ generic_help="$help"
+ help="Try \`$progname --help --mode=$opt_mode' for more information."
+ }
+
+
+ # Bail if the options were screwed
+ $exit_cmd $EXIT_FAILURE
}
+
+
+## ----------- ##
+## Main. ##
+## ----------- ##
+
# func_lalib_p file
# True iff FILE is a libtool `.la' library or `.lo' object file.
# This function is only a basic sanity check; it will hardly flush out
# determined imposters.
func_lalib_p ()
{
- $SED -e 4q "$1" 2>/dev/null \
- | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
+ test -f "$1" &&
+ $SED -e 4q "$1" 2>/dev/null \
+ | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
}
# func_lalib_unsafe_p file
@@ -907,7 +1245,7 @@ func_lalib_p ()
func_lalib_unsafe_p ()
{
lalib_p=no
- if test -r "$1" && exec 5<&0 <"$1"; then
+ if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then
for lalib_p_l in 1 2 3 4
do
read lalib_p_line
@@ -949,12 +1287,9 @@ func_ltwrapper_executable_p ()
# temporary ltwrapper_script.
func_ltwrapper_scriptname ()
{
- func_ltwrapper_scriptname_result=""
- if func_ltwrapper_executable_p "$1"; then
- func_dirname_and_basename "$1" "" "."
- func_stripname '' '.exe' "$func_basename_result"
- func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper"
- fi
+ func_dirname_and_basename "$1" "" "."
+ func_stripname '' '.exe' "$func_basename_result"
+ func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper"
}
# func_ltwrapper_p file
@@ -1000,6 +1335,37 @@ func_source ()
}
+# func_resolve_sysroot PATH
+# Replace a leading = in PATH with a sysroot. Store the result into
+# func_resolve_sysroot_result
+func_resolve_sysroot ()
+{
+ func_resolve_sysroot_result=$1
+ case $func_resolve_sysroot_result in
+ =*)
+ func_stripname '=' '' "$func_resolve_sysroot_result"
+ func_resolve_sysroot_result=$lt_sysroot$func_stripname_result
+ ;;
+ esac
+}
+
+# func_replace_sysroot PATH
+# If PATH begins with the sysroot, replace it with = and
+# store the result into func_replace_sysroot_result.
+func_replace_sysroot ()
+{
+ case "$lt_sysroot:$1" in
+ ?*:"$lt_sysroot"*)
+ func_stripname "$lt_sysroot" '' "$1"
+ func_replace_sysroot_result="=$func_stripname_result"
+ ;;
+ *)
+ # Including no sysroot.
+ func_replace_sysroot_result=$1
+ ;;
+ esac
+}
+
# func_infer_tag arg
# Infer tagged configuration to use if any are available and
# if one wasn't chosen via the "--tag" command line option.
@@ -1012,13 +1378,15 @@ func_infer_tag ()
if test -n "$available_tags" && test -z "$tagname"; then
CC_quoted=
for arg in $CC; do
- func_quote_for_eval "$arg"
- CC_quoted="$CC_quoted $func_quote_for_eval_result"
+ func_append_quoted CC_quoted "$arg"
done
+ CC_expanded=`func_echo_all $CC`
+ CC_quoted_expanded=`func_echo_all $CC_quoted`
case $@ in
# Blanks in the command may have been stripped by the calling shell,
# but not from the CC environment variable when configure was run.
- " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;;
+ " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \
+ " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;;
# Blanks at the start of $base_compile will cause this to fail
# if we don't check for them as well.
*)
@@ -1029,11 +1397,13 @@ func_infer_tag ()
CC_quoted=
for arg in $CC; do
# Double-quote args containing other shell metacharacters.
- func_quote_for_eval "$arg"
- CC_quoted="$CC_quoted $func_quote_for_eval_result"
+ func_append_quoted CC_quoted "$arg"
done
+ CC_expanded=`func_echo_all $CC`
+ CC_quoted_expanded=`func_echo_all $CC_quoted`
case "$@ " in
- " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*)
+ " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \
+ " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*)
# The compiler in the base compile command matches
# the one in the tagged configuration.
# Assume this is the tagged configuration we want.
@@ -1096,6 +1466,486 @@ EOF
}
}
+
+##################################################
+# FILE NAME AND PATH CONVERSION HELPER FUNCTIONS #
+##################################################
+
+# func_convert_core_file_wine_to_w32 ARG
+# Helper function used by file name conversion functions when $build is *nix,
+# and $host is mingw, cygwin, or some other w32 environment. Relies on a
+# correctly configured wine environment available, with the winepath program
+# in $build's $PATH.
+#
+# ARG is the $build file name to be converted to w32 format.
+# Result is available in $func_convert_core_file_wine_to_w32_result, and will
+# be empty on error (or when ARG is empty)
+func_convert_core_file_wine_to_w32 ()
+{
+ $opt_debug
+ func_convert_core_file_wine_to_w32_result="$1"
+ if test -n "$1"; then
+ # Unfortunately, winepath does not exit with a non-zero error code, so we
+ # are forced to check the contents of stdout. On the other hand, if the
+ # command is not found, the shell will set an exit code of 127 and print
+ # *an error message* to stdout. So we must check for both error code of
+ # zero AND non-empty stdout, which explains the odd construction:
+ func_convert_core_file_wine_to_w32_tmp=`winepath -w "$1" 2>/dev/null`
+ if test "$?" -eq 0 && test -n "${func_convert_core_file_wine_to_w32_tmp}"; then
+ func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" |
+ $SED -e "$lt_sed_naive_backslashify"`
+ else
+ func_convert_core_file_wine_to_w32_result=
+ fi
+ fi
+}
+# end: func_convert_core_file_wine_to_w32
+
+
+# func_convert_core_path_wine_to_w32 ARG
+# Helper function used by path conversion functions when $build is *nix, and
+# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly
+# configured wine environment available, with the winepath program in $build's
+# $PATH. Assumes ARG has no leading or trailing path separator characters.
+#
+# ARG is path to be converted from $build format to win32.
+# Result is available in $func_convert_core_path_wine_to_w32_result.
+# Unconvertible file (directory) names in ARG are skipped; if no directory names
+# are convertible, then the result may be empty.
+func_convert_core_path_wine_to_w32 ()
+{
+ $opt_debug
+ # unfortunately, winepath doesn't convert paths, only file names
+ func_convert_core_path_wine_to_w32_result=""
+ if test -n "$1"; then
+ oldIFS=$IFS
+ IFS=:
+ for func_convert_core_path_wine_to_w32_f in $1; do
+ IFS=$oldIFS
+ func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f"
+ if test -n "$func_convert_core_file_wine_to_w32_result" ; then
+ if test -z "$func_convert_core_path_wine_to_w32_result"; then
+ func_convert_core_path_wine_to_w32_result="$func_convert_core_file_wine_to_w32_result"
+ else
+ func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result"
+ fi
+ fi
+ done
+ IFS=$oldIFS
+ fi
+}
+# end: func_convert_core_path_wine_to_w32
+
+
+# func_cygpath ARGS...
+# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when
+# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2)
+# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or
+# (2), returns the Cygwin file name or path in func_cygpath_result (input
+# file name or path is assumed to be in w32 format, as previously converted
+# from $build's *nix or MSYS format). In case (3), returns the w32 file name
+# or path in func_cygpath_result (input file name or path is assumed to be in
+# Cygwin format). Returns an empty string on error.
+#
+# ARGS are passed to cygpath, with the last one being the file name or path to
+# be converted.
+#
+# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH
+# environment variable; do not put it in $PATH.
+func_cygpath ()
+{
+ $opt_debug
+ if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then
+ func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null`
+ if test "$?" -ne 0; then
+ # on failure, ensure result is empty
+ func_cygpath_result=
+ fi
+ else
+ func_cygpath_result=
+ func_error "LT_CYGPATH is empty or specifies non-existent file: \`$LT_CYGPATH'"
+ fi
+}
+#end: func_cygpath
+
+
+# func_convert_core_msys_to_w32 ARG
+# Convert file name or path ARG from MSYS format to w32 format. Return
+# result in func_convert_core_msys_to_w32_result.
+func_convert_core_msys_to_w32 ()
+{
+ $opt_debug
+ # awkward: cmd appends spaces to result
+ func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null |
+ $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"`
+}
+#end: func_convert_core_msys_to_w32
+
+
+# func_convert_file_check ARG1 ARG2
+# Verify that ARG1 (a file name in $build format) was converted to $host
+# format in ARG2. Otherwise, emit an error message, but continue (resetting
+# func_to_host_file_result to ARG1).
+func_convert_file_check ()
+{
+ $opt_debug
+ if test -z "$2" && test -n "$1" ; then
+ func_error "Could not determine host file name corresponding to"
+ func_error " \`$1'"
+ func_error "Continuing, but uninstalled executables may not work."
+ # Fallback:
+ func_to_host_file_result="$1"
+ fi
+}
+# end func_convert_file_check
+
+
+# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH
+# Verify that FROM_PATH (a path in $build format) was converted to $host
+# format in TO_PATH. Otherwise, emit an error message, but continue, resetting
+# func_to_host_file_result to a simplistic fallback value (see below).
+func_convert_path_check ()
+{
+ $opt_debug
+ if test -z "$4" && test -n "$3"; then
+ func_error "Could not determine the host path corresponding to"
+ func_error " \`$3'"
+ func_error "Continuing, but uninstalled executables may not work."
+ # Fallback. This is a deliberately simplistic "conversion" and
+ # should not be "improved". See libtool.info.
+ if test "x$1" != "x$2"; then
+ lt_replace_pathsep_chars="s|$1|$2|g"
+ func_to_host_path_result=`echo "$3" |
+ $SED -e "$lt_replace_pathsep_chars"`
+ else
+ func_to_host_path_result="$3"
+ fi
+ fi
+}
+# end func_convert_path_check
+
+
+# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG
+# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT
+# and appending REPL if ORIG matches BACKPAT.
+func_convert_path_front_back_pathsep ()
+{
+ $opt_debug
+ case $4 in
+ $1 ) func_to_host_path_result="$3$func_to_host_path_result"
+ ;;
+ esac
+ case $4 in
+ $2 ) func_append func_to_host_path_result "$3"
+ ;;
+ esac
+}
+# end func_convert_path_front_back_pathsep
+
+
+##################################################
+# $build to $host FILE NAME CONVERSION FUNCTIONS #
+##################################################
+# invoked via `$to_host_file_cmd ARG'
+#
+# In each case, ARG is the path to be converted from $build to $host format.
+# Result will be available in $func_to_host_file_result.
+
+
+# func_to_host_file ARG
+# Converts the file name ARG from $build format to $host format. Return result
+# in func_to_host_file_result.
+func_to_host_file ()
+{
+ $opt_debug
+ $to_host_file_cmd "$1"
+}
+# end func_to_host_file
+
+
+# func_to_tool_file ARG LAZY
+# converts the file name ARG from $build format to toolchain format. Return
+# result in func_to_tool_file_result. If the conversion in use is listed
+# in (the comma separated) LAZY, no conversion takes place.
+func_to_tool_file ()
+{
+ $opt_debug
+ case ,$2, in
+ *,"$to_tool_file_cmd",*)
+ func_to_tool_file_result=$1
+ ;;
+ *)
+ $to_tool_file_cmd "$1"
+ func_to_tool_file_result=$func_to_host_file_result
+ ;;
+ esac
+}
+# end func_to_tool_file
+
+
+# func_convert_file_noop ARG
+# Copy ARG to func_to_host_file_result.
+func_convert_file_noop ()
+{
+ func_to_host_file_result="$1"
+}
+# end func_convert_file_noop
+
+
+# func_convert_file_msys_to_w32 ARG
+# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic
+# conversion to w32 is not available inside the cwrapper. Returns result in
+# func_to_host_file_result.
+func_convert_file_msys_to_w32 ()
+{
+ $opt_debug
+ func_to_host_file_result="$1"
+ if test -n "$1"; then
+ func_convert_core_msys_to_w32 "$1"
+ func_to_host_file_result="$func_convert_core_msys_to_w32_result"
+ fi
+ func_convert_file_check "$1" "$func_to_host_file_result"
+}
+# end func_convert_file_msys_to_w32
+
+
+# func_convert_file_cygwin_to_w32 ARG
+# Convert file name ARG from Cygwin to w32 format. Returns result in
+# func_to_host_file_result.
+func_convert_file_cygwin_to_w32 ()
+{
+ $opt_debug
+ func_to_host_file_result="$1"
+ if test -n "$1"; then
+ # because $build is cygwin, we call "the" cygpath in $PATH; no need to use
+ # LT_CYGPATH in this case.
+ func_to_host_file_result=`cygpath -m "$1"`
+ fi
+ func_convert_file_check "$1" "$func_to_host_file_result"
+}
+# end func_convert_file_cygwin_to_w32
+
+
+# func_convert_file_nix_to_w32 ARG
+# Convert file name ARG from *nix to w32 format. Requires a wine environment
+# and a working winepath. Returns result in func_to_host_file_result.
+func_convert_file_nix_to_w32 ()
+{
+ $opt_debug
+ func_to_host_file_result="$1"
+ if test -n "$1"; then
+ func_convert_core_file_wine_to_w32 "$1"
+ func_to_host_file_result="$func_convert_core_file_wine_to_w32_result"
+ fi
+ func_convert_file_check "$1" "$func_to_host_file_result"
+}
+# end func_convert_file_nix_to_w32
+
+
+# func_convert_file_msys_to_cygwin ARG
+# Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set.
+# Returns result in func_to_host_file_result.
+func_convert_file_msys_to_cygwin ()
+{
+ $opt_debug
+ func_to_host_file_result="$1"
+ if test -n "$1"; then
+ func_convert_core_msys_to_w32 "$1"
+ func_cygpath -u "$func_convert_core_msys_to_w32_result"
+ func_to_host_file_result="$func_cygpath_result"
+ fi
+ func_convert_file_check "$1" "$func_to_host_file_result"
+}
+# end func_convert_file_msys_to_cygwin
+
+
+# func_convert_file_nix_to_cygwin ARG
+# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed
+# in a wine environment, working winepath, and LT_CYGPATH set. Returns result
+# in func_to_host_file_result.
+func_convert_file_nix_to_cygwin ()
+{
+ $opt_debug
+ func_to_host_file_result="$1"
+ if test -n "$1"; then
+ # convert from *nix to w32, then use cygpath to convert from w32 to cygwin.
+ func_convert_core_file_wine_to_w32 "$1"
+ func_cygpath -u "$func_convert_core_file_wine_to_w32_result"
+ func_to_host_file_result="$func_cygpath_result"
+ fi
+ func_convert_file_check "$1" "$func_to_host_file_result"
+}
+# end func_convert_file_nix_to_cygwin
+
+
+#############################################
+# $build to $host PATH CONVERSION FUNCTIONS #
+#############################################
+# invoked via `$to_host_path_cmd ARG'
+#
+# In each case, ARG is the path to be converted from $build to $host format.
+# The result will be available in $func_to_host_path_result.
+#
+# Path separators are also converted from $build format to $host format. If
+# ARG begins or ends with a path separator character, it is preserved (but
+# converted to $host format) on output.
+#
+# All path conversion functions are named using the following convention:
+# file name conversion function : func_convert_file_X_to_Y ()
+# path conversion function : func_convert_path_X_to_Y ()
+# where, for any given $build/$host combination the 'X_to_Y' value is the
+# same. If conversion functions are added for new $build/$host combinations,
+# the two new functions must follow this pattern, or func_init_to_host_path_cmd
+# will break.
+
+
+# func_init_to_host_path_cmd
+# Ensures that function "pointer" variable $to_host_path_cmd is set to the
+# appropriate value, based on the value of $to_host_file_cmd.
+to_host_path_cmd=
+func_init_to_host_path_cmd ()
+{
+ $opt_debug
+ if test -z "$to_host_path_cmd"; then
+ func_stripname 'func_convert_file_' '' "$to_host_file_cmd"
+ to_host_path_cmd="func_convert_path_${func_stripname_result}"
+ fi
+}
+
+
+# func_to_host_path ARG
+# Converts the path ARG from $build format to $host format. Return result
+# in func_to_host_path_result.
+func_to_host_path ()
+{
+ $opt_debug
+ func_init_to_host_path_cmd
+ $to_host_path_cmd "$1"
+}
+# end func_to_host_path
+
+
+# func_convert_path_noop ARG
+# Copy ARG to func_to_host_path_result.
+func_convert_path_noop ()
+{
+ func_to_host_path_result="$1"
+}
+# end func_convert_path_noop
+
+
+# func_convert_path_msys_to_w32 ARG
+# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic
+# conversion to w32 is not available inside the cwrapper. Returns result in
+# func_to_host_path_result.
+func_convert_path_msys_to_w32 ()
+{
+ $opt_debug
+ func_to_host_path_result="$1"
+ if test -n "$1"; then
+ # Remove leading and trailing path separator characters from ARG. MSYS
+ # behavior is inconsistent here; cygpath turns them into '.;' and ';.';
+ # and winepath ignores them completely.
+ func_stripname : : "$1"
+ func_to_host_path_tmp1=$func_stripname_result
+ func_convert_core_msys_to_w32 "$func_to_host_path_tmp1"
+ func_to_host_path_result="$func_convert_core_msys_to_w32_result"
+ func_convert_path_check : ";" \
+ "$func_to_host_path_tmp1" "$func_to_host_path_result"
+ func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
+ fi
+}
+# end func_convert_path_msys_to_w32
+
+
+# func_convert_path_cygwin_to_w32 ARG
+# Convert path ARG from Cygwin to w32 format. Returns result in
+# func_to_host_file_result.
+func_convert_path_cygwin_to_w32 ()
+{
+ $opt_debug
+ func_to_host_path_result="$1"
+ if test -n "$1"; then
+ # See func_convert_path_msys_to_w32:
+ func_stripname : : "$1"
+ func_to_host_path_tmp1=$func_stripname_result
+ func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"`
+ func_convert_path_check : ";" \
+ "$func_to_host_path_tmp1" "$func_to_host_path_result"
+ func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
+ fi
+}
+# end func_convert_path_cygwin_to_w32
+
+
+# func_convert_path_nix_to_w32 ARG
+# Convert path ARG from *nix to w32 format. Requires a wine environment and
+# a working winepath. Returns result in func_to_host_file_result.
+func_convert_path_nix_to_w32 ()
+{
+ $opt_debug
+ func_to_host_path_result="$1"
+ if test -n "$1"; then
+ # See func_convert_path_msys_to_w32:
+ func_stripname : : "$1"
+ func_to_host_path_tmp1=$func_stripname_result
+ func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1"
+ func_to_host_path_result="$func_convert_core_path_wine_to_w32_result"
+ func_convert_path_check : ";" \
+ "$func_to_host_path_tmp1" "$func_to_host_path_result"
+ func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
+ fi
+}
+# end func_convert_path_nix_to_w32
+
+
+# func_convert_path_msys_to_cygwin ARG
+# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set.
+# Returns result in func_to_host_file_result.
+func_convert_path_msys_to_cygwin ()
+{
+ $opt_debug
+ func_to_host_path_result="$1"
+ if test -n "$1"; then
+ # See func_convert_path_msys_to_w32:
+ func_stripname : : "$1"
+ func_to_host_path_tmp1=$func_stripname_result
+ func_convert_core_msys_to_w32 "$func_to_host_path_tmp1"
+ func_cygpath -u -p "$func_convert_core_msys_to_w32_result"
+ func_to_host_path_result="$func_cygpath_result"
+ func_convert_path_check : : \
+ "$func_to_host_path_tmp1" "$func_to_host_path_result"
+ func_convert_path_front_back_pathsep ":*" "*:" : "$1"
+ fi
+}
+# end func_convert_path_msys_to_cygwin
+
+
+# func_convert_path_nix_to_cygwin ARG
+# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a
+# a wine environment, working winepath, and LT_CYGPATH set. Returns result in
+# func_to_host_file_result.
+func_convert_path_nix_to_cygwin ()
+{
+ $opt_debug
+ func_to_host_path_result="$1"
+ if test -n "$1"; then
+ # Remove leading and trailing path separator characters from
+ # ARG. msys behavior is inconsistent here, cygpath turns them
+ # into '.;' and ';.', and winepath ignores them completely.
+ func_stripname : : "$1"
+ func_to_host_path_tmp1=$func_stripname_result
+ func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1"
+ func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result"
+ func_to_host_path_result="$func_cygpath_result"
+ func_convert_path_check : : \
+ "$func_to_host_path_tmp1" "$func_to_host_path_result"
+ func_convert_path_front_back_pathsep ":*" "*:" : "$1"
+ fi
+}
+# end func_convert_path_nix_to_cygwin
+
+
# func_mode_compile arg...
func_mode_compile ()
{
@@ -1136,12 +1986,12 @@ func_mode_compile ()
;;
-pie | -fpie | -fPIE)
- pie_flag="$pie_flag $arg"
+ func_append pie_flag " $arg"
continue
;;
-shared | -static | -prefer-pic | -prefer-non-pic)
- later="$later $arg"
+ func_append later " $arg"
continue
;;
@@ -1162,15 +2012,14 @@ func_mode_compile ()
save_ifs="$IFS"; IFS=','
for arg in $args; do
IFS="$save_ifs"
- func_quote_for_eval "$arg"
- lastarg="$lastarg $func_quote_for_eval_result"
+ func_append_quoted lastarg "$arg"
done
IFS="$save_ifs"
func_stripname ' ' '' "$lastarg"
lastarg=$func_stripname_result
# Add the arguments to base_compile.
- base_compile="$base_compile $lastarg"
+ func_append base_compile " $lastarg"
continue
;;
@@ -1186,8 +2035,7 @@ func_mode_compile ()
esac # case $arg_mode
# Aesthetically quote the previous argument.
- func_quote_for_eval "$lastarg"
- base_compile="$base_compile $func_quote_for_eval_result"
+ func_append_quoted base_compile "$lastarg"
done # for arg
case $arg_mode in
@@ -1212,7 +2060,7 @@ func_mode_compile ()
*.[cCFSifmso] | \
*.ada | *.adb | *.ads | *.asm | \
*.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
- *.[fF][09]? | *.for | *.java | *.obj | *.sx)
+ *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup)
func_xform "$libobj"
libobj=$func_xform_result
;;
@@ -1275,7 +2123,7 @@ func_mode_compile ()
# On Cygwin there's no "real" PIC flag so we must build both object types
case $host_os in
- cygwin* | mingw* | pw32* | os2*)
+ cygwin* | mingw* | pw32* | os2* | cegcc*)
pic_mode=default
;;
esac
@@ -1287,7 +2135,7 @@ func_mode_compile ()
# Calculate the filename of the output object if compiler does
# not support -o with -c
if test "$compiler_c_o" = no; then
- output_obj=`$ECHO "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+ output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.${objext}
lockfile="$output_obj.lock"
else
output_obj=
@@ -1318,17 +2166,16 @@ compiler."
$opt_dry_run || $RM $removelist
exit $EXIT_FAILURE
fi
- removelist="$removelist $output_obj"
+ func_append removelist " $output_obj"
$ECHO "$srcfile" > "$lockfile"
fi
$opt_dry_run || $RM $removelist
- removelist="$removelist $lockfile"
+ func_append removelist " $lockfile"
trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15
- if test -n "$fix_srcfile_path"; then
- eval srcfile=\"$fix_srcfile_path\"
- fi
+ func_to_tool_file "$srcfile" func_convert_file_msys_to_w32
+ srcfile=$func_to_tool_file_result
func_quote_for_eval "$srcfile"
qsrcfile=$func_quote_for_eval_result
@@ -1348,7 +2195,7 @@ compiler."
if test -z "$output_obj"; then
# Place PIC objects in $objdir
- command="$command -o $lobj"
+ func_append command " -o $lobj"
fi
func_show_eval_locale "$command" \
@@ -1395,11 +2242,11 @@ compiler."
command="$base_compile $qsrcfile $pic_flag"
fi
if test "$compiler_c_o" = yes; then
- command="$command -o $obj"
+ func_append command " -o $obj"
fi
# Suppress compiler output if we already did a PIC compilation.
- command="$command$suppress_output"
+ func_append command "$suppress_output"
func_show_eval_locale "$command" \
'$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE'
@@ -1444,13 +2291,13 @@ compiler."
}
$opt_help || {
-test "$mode" = compile && func_mode_compile ${1+"$@"}
+ test "$opt_mode" = compile && func_mode_compile ${1+"$@"}
}
func_mode_help ()
{
# We need to display help for each of the modes.
- case $mode in
+ case $opt_mode in
"")
# Generic help is extracted from the usage comments
# at the start of this file.
@@ -1481,10 +2328,11 @@ This mode accepts the following additional options:
-o OUTPUT-FILE set the output file name to OUTPUT-FILE
-no-suppress do not suppress compiler output for multiple passes
- -prefer-pic try to building PIC objects only
- -prefer-non-pic try to building non-PIC objects only
+ -prefer-pic try to build PIC objects only
+ -prefer-non-pic try to build non-PIC objects only
-shared do not build a \`.o' file suitable for static linking
-static only build a \`.o' file suitable for static linking
+ -Wc,FLAG pass FLAG directly to the compiler
COMPILE-COMMAND is a command to be used in creating a \`standard' object file
from the given SOURCEFILE.
@@ -1537,7 +2385,7 @@ either the \`install' or \`cp' program.
The following components of INSTALL-COMMAND are treated specially:
- -inst-prefix PREFIX-DIR Use PREFIX-DIR as a staging area for installation
+ -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation
The rest of the components are interpreted as arguments to that command (only
BSD-compatible install options are recognized)."
@@ -1557,6 +2405,8 @@ The following components of LINK-COMMAND are treated specially:
-all-static do not do any dynamic linking at all
-avoid-version do not add a version suffix if possible
+ -bindir BINDIR specify path to binaries directory (for systems where
+ libraries must be found in the PATH setting at runtime)
-dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime
-dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols
-export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
@@ -1585,6 +2435,11 @@ The following components of LINK-COMMAND are treated specially:
-version-info CURRENT[:REVISION[:AGE]]
specify library version info [each variable defaults to 0]
-weak LIBNAME declare that the target provides the LIBNAME interface
+ -Wc,FLAG
+ -Xcompiler FLAG pass linker-specific FLAG directly to the compiler
+ -Wl,FLAG
+ -Xlinker FLAG pass linker-specific FLAG directly to the linker
+ -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC)
All other options (arguments beginning with \`-') are ignored.
@@ -1618,18 +2473,44 @@ Otherwise, only FILE itself is deleted using RM."
;;
*)
- func_fatal_help "invalid operation mode \`$mode'"
+ func_fatal_help "invalid operation mode \`$opt_mode'"
;;
esac
- $ECHO
+ echo
$ECHO "Try \`$progname --help' for more information about other modes."
-
- exit $?
}
- # Now that we've collected a possible --mode arg, show help if necessary
- $opt_help && func_mode_help
+# Now that we've collected a possible --mode arg, show help if necessary
+if $opt_help; then
+ if test "$opt_help" = :; then
+ func_mode_help
+ else
+ {
+ func_help noexit
+ for opt_mode in compile link execute install finish uninstall clean; do
+ func_mode_help
+ done
+ } | sed -n '1p; 2,$s/^Usage:/ or: /p'
+ {
+ func_help noexit
+ for opt_mode in compile link execute install finish uninstall clean; do
+ echo
+ func_mode_help
+ done
+ } |
+ sed '1d
+ /^When reporting/,/^Report/{
+ H
+ d
+ }
+ $x
+ /information about other modes/d
+ /more detailed .*MODE/d
+ s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/'
+ fi
+ exit $?
+fi
# func_mode_execute arg...
@@ -1642,13 +2523,16 @@ func_mode_execute ()
func_fatal_help "you must specify a COMMAND"
# Handle -dlopen flags immediately.
- for file in $execute_dlfiles; do
+ for file in $opt_dlopen; do
test -f "$file" \
|| func_fatal_help "\`$file' is not a file"
dir=
case $file in
*.la)
+ func_resolve_sysroot "$file"
+ file=$func_resolve_sysroot_result
+
# Check to see that this really is a libtool archive.
func_lalib_unsafe_p "$file" \
|| func_fatal_help "\`$lib' is not a valid libtool archive"
@@ -1670,7 +2554,7 @@ func_mode_execute ()
dir="$func_dirname_result"
if test -f "$dir/$objdir/$dlname"; then
- dir="$dir/$objdir"
+ func_append dir "/$objdir"
else
if test ! -f "$dir/$dlname"; then
func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'"
@@ -1711,7 +2595,7 @@ func_mode_execute ()
for file
do
case $file in
- -*) ;;
+ -* | *.la | *.lo ) ;;
*)
# Do a test to see if this is really a libtool program.
if func_ltwrapper_script_p "$file"; then
@@ -1727,8 +2611,7 @@ func_mode_execute ()
;;
esac
# Quote arguments (to preserve shell metacharacters).
- func_quote_for_eval "$file"
- args="$args $func_quote_for_eval_result"
+ func_append_quoted args "$file"
done
if test "X$opt_dry_run" = Xfalse; then
@@ -1753,29 +2636,66 @@ func_mode_execute ()
# Display what would be done.
if test -n "$shlibpath_var"; then
eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
- $ECHO "export $shlibpath_var"
+ echo "export $shlibpath_var"
fi
$ECHO "$cmd$args"
exit $EXIT_SUCCESS
fi
}
-test "$mode" = execute && func_mode_execute ${1+"$@"}
+test "$opt_mode" = execute && func_mode_execute ${1+"$@"}
# func_mode_finish arg...
func_mode_finish ()
{
$opt_debug
- libdirs="$nonopt"
+ libs=
+ libdirs=
admincmds=
- if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
- for dir
- do
- libdirs="$libdirs $dir"
- done
+ for opt in "$nonopt" ${1+"$@"}
+ do
+ if test -d "$opt"; then
+ func_append libdirs " $opt"
+
+ elif test -f "$opt"; then
+ if func_lalib_unsafe_p "$opt"; then
+ func_append libs " $opt"
+ else
+ func_warning "\`$opt' is not a valid libtool archive"
+ fi
+
+ else
+ func_fatal_error "invalid argument \`$opt'"
+ fi
+ done
+ if test -n "$libs"; then
+ if test -n "$lt_sysroot"; then
+ sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"`
+ sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;"
+ else
+ sysroot_cmd=
+ fi
+
+ # Remove sysroot references
+ if $opt_dry_run; then
+ for lib in $libs; do
+ echo "removing references to $lt_sysroot and \`=' prefixes from $lib"
+ done
+ else
+ tmpdir=`func_mktempdir`
+ for lib in $libs; do
+ sed -e "${sysroot_cmd} s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \
+ > $tmpdir/tmp-la
+ mv -f $tmpdir/tmp-la $lib
+ done
+ ${RM}r "$tmpdir"
+ fi
+ fi
+
+ if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
for libdir in $libdirs; do
if test -n "$finish_cmds"; then
# Do each command in the finish commands.
@@ -1785,7 +2705,7 @@ func_mode_finish ()
if test -n "$finish_eval"; then
# Do the single finish_eval.
eval cmds=\"$finish_eval\"
- $opt_dry_run || eval "$cmds" || admincmds="$admincmds
+ $opt_dry_run || eval "$cmds" || func_append admincmds "
$cmds"
fi
done
@@ -1794,53 +2714,55 @@ func_mode_finish ()
# Exit here if they wanted silent mode.
$opt_silent && exit $EXIT_SUCCESS
- $ECHO "X----------------------------------------------------------------------" | $Xsed
- $ECHO "Libraries have been installed in:"
- for libdir in $libdirs; do
- $ECHO " $libdir"
- done
- $ECHO
- $ECHO "If you ever happen to want to link against installed libraries"
- $ECHO "in a given directory, LIBDIR, you must either use libtool, and"
- $ECHO "specify the full pathname of the library, or use the \`-LLIBDIR'"
- $ECHO "flag during linking and do at least one of the following:"
- if test -n "$shlibpath_var"; then
- $ECHO " - add LIBDIR to the \`$shlibpath_var' environment variable"
- $ECHO " during execution"
- fi
- if test -n "$runpath_var"; then
- $ECHO " - add LIBDIR to the \`$runpath_var' environment variable"
- $ECHO " during linking"
- fi
- if test -n "$hardcode_libdir_flag_spec"; then
- libdir=LIBDIR
- eval flag=\"$hardcode_libdir_flag_spec\"
+ if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+ echo "----------------------------------------------------------------------"
+ echo "Libraries have been installed in:"
+ for libdir in $libdirs; do
+ $ECHO " $libdir"
+ done
+ echo
+ echo "If you ever happen to want to link against installed libraries"
+ echo "in a given directory, LIBDIR, you must either use libtool, and"
+ echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
+ echo "flag during linking and do at least one of the following:"
+ if test -n "$shlibpath_var"; then
+ echo " - add LIBDIR to the \`$shlibpath_var' environment variable"
+ echo " during execution"
+ fi
+ if test -n "$runpath_var"; then
+ echo " - add LIBDIR to the \`$runpath_var' environment variable"
+ echo " during linking"
+ fi
+ if test -n "$hardcode_libdir_flag_spec"; then
+ libdir=LIBDIR
+ eval flag=\"$hardcode_libdir_flag_spec\"
- $ECHO " - use the \`$flag' linker flag"
- fi
- if test -n "$admincmds"; then
- $ECHO " - have your system administrator run these commands:$admincmds"
- fi
- if test -f /etc/ld.so.conf; then
- $ECHO " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
- fi
- $ECHO
+ $ECHO " - use the \`$flag' linker flag"
+ fi
+ if test -n "$admincmds"; then
+ $ECHO " - have your system administrator run these commands:$admincmds"
+ fi
+ if test -f /etc/ld.so.conf; then
+ echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+ fi
+ echo
- $ECHO "See any operating system documentation about shared libraries for"
- case $host in
- solaris2.[6789]|solaris2.1[0-9])
- $ECHO "more information, such as the ld(1), crle(1) and ld.so(8) manual"
- $ECHO "pages."
- ;;
- *)
- $ECHO "more information, such as the ld(1) and ld.so(8) manual pages."
- ;;
- esac
- $ECHO "X----------------------------------------------------------------------" | $Xsed
+ echo "See any operating system documentation about shared libraries for"
+ case $host in
+ solaris2.[6789]|solaris2.1[0-9])
+ echo "more information, such as the ld(1), crle(1) and ld.so(8) manual"
+ echo "pages."
+ ;;
+ *)
+ echo "more information, such as the ld(1) and ld.so(8) manual pages."
+ ;;
+ esac
+ echo "----------------------------------------------------------------------"
+ fi
exit $EXIT_SUCCESS
}
-test "$mode" = finish && func_mode_finish ${1+"$@"}
+test "$opt_mode" = finish && func_mode_finish ${1+"$@"}
# func_mode_install arg...
@@ -1851,7 +2773,7 @@ func_mode_install ()
# install_prog (especially on Windows NT).
if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
# Allow the use of GNU shtool's install command.
- $ECHO "X$nonopt" | $GREP shtool >/dev/null; then
+ case $nonopt in *shtool*) :;; *) false;; esac; then
# Aesthetically quote it.
func_quote_for_eval "$nonopt"
install_prog="$func_quote_for_eval_result "
@@ -1865,7 +2787,12 @@ func_mode_install ()
# The real first argument should be the name of the installation program.
# Aesthetically quote it.
func_quote_for_eval "$arg"
- install_prog="$install_prog$func_quote_for_eval_result"
+ func_append install_prog "$func_quote_for_eval_result"
+ install_shared_prog=$install_prog
+ case " $install_prog " in
+ *[\\\ /]cp\ *) install_cp=: ;;
+ *) install_cp=false ;;
+ esac
# We need to accept at least all the BSD install flags.
dest=
@@ -1875,10 +2802,12 @@ func_mode_install ()
install_type=
isdir=no
stripme=
+ no_mode=:
for arg
do
+ arg2=
if test -n "$dest"; then
- files="$files $dest"
+ func_append files " $dest"
dest=$arg
continue
fi
@@ -1886,10 +2815,9 @@ func_mode_install ()
case $arg in
-d) isdir=yes ;;
-f)
- case " $install_prog " in
- *[\\\ /]cp\ *) ;;
- *) prev=$arg ;;
- esac
+ if $install_cp; then :; else
+ prev=$arg
+ fi
;;
-g | -m | -o)
prev=$arg
@@ -1903,6 +2831,10 @@ func_mode_install ()
*)
# If the previous option needed an argument, then skip it.
if test -n "$prev"; then
+ if test "x$prev" = x-m && test -n "$install_override_mode"; then
+ arg2=$install_override_mode
+ no_mode=false
+ fi
prev=
else
dest=$arg
@@ -1913,7 +2845,11 @@ func_mode_install ()
# Aesthetically quote the argument.
func_quote_for_eval "$arg"
- install_prog="$install_prog $func_quote_for_eval_result"
+ func_append install_prog " $func_quote_for_eval_result"
+ if test -n "$arg2"; then
+ func_quote_for_eval "$arg2"
+ fi
+ func_append install_shared_prog " $func_quote_for_eval_result"
done
test -z "$install_prog" && \
@@ -1922,6 +2858,13 @@ func_mode_install ()
test -n "$prev" && \
func_fatal_help "the \`$prev' option requires an argument"
+ if test -n "$install_override_mode" && $no_mode; then
+ if $install_cp; then :; else
+ func_quote_for_eval "$install_override_mode"
+ func_append install_shared_prog " -m $func_quote_for_eval_result"
+ fi
+ fi
+
if test -z "$files"; then
if test -z "$dest"; then
func_fatal_help "no file or destination specified"
@@ -1976,10 +2919,13 @@ func_mode_install ()
case $file in
*.$libext)
# Do the static libraries later.
- staticlibs="$staticlibs $file"
+ func_append staticlibs " $file"
;;
*.la)
+ func_resolve_sysroot "$file"
+ file=$func_resolve_sysroot_result
+
# Check to see that this really is a libtool archive.
func_lalib_unsafe_p "$file" \
|| func_fatal_help "\`$file' is not a valid libtool archive"
@@ -1993,23 +2939,23 @@ func_mode_install ()
if test "X$destdir" = "X$libdir"; then
case "$current_libdirs " in
*" $libdir "*) ;;
- *) current_libdirs="$current_libdirs $libdir" ;;
+ *) func_append current_libdirs " $libdir" ;;
esac
else
# Note the libdir as a future libdir.
case "$future_libdirs " in
*" $libdir "*) ;;
- *) future_libdirs="$future_libdirs $libdir" ;;
+ *) func_append future_libdirs " $libdir" ;;
esac
fi
func_dirname "$file" "/" ""
dir="$func_dirname_result"
- dir="$dir$objdir"
+ func_append dir "$objdir"
if test -n "$relink_command"; then
# Determine the prefix the user has applied to our future dir.
- inst_prefix_dir=`$ECHO "X$destdir" | $Xsed -e "s%$libdir\$%%"`
+ inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"`
# Don't allow the user to place us outside of our expected
# location b/c this prevents finding dependent libraries that
@@ -2022,9 +2968,9 @@ func_mode_install ()
if test -n "$inst_prefix_dir"; then
# Stick the inst_prefix_dir data into the link command.
- relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+ relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
else
- relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%%"`
+ relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"`
fi
func_warning "relinking \`$file'"
@@ -2042,11 +2988,11 @@ func_mode_install ()
test -n "$relink_command" && srcname="$realname"T
# Install the shared library and build the symlinks.
- func_show_eval "$install_prog $dir/$srcname $destdir/$realname" \
+ func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \
'exit $?'
tstripme="$stripme"
case $host_os in
- cygwin* | mingw* | pw32*)
+ cygwin* | mingw* | pw32* | cegcc*)
case $realname in
*.dll.a)
tstripme=""
@@ -2082,7 +3028,7 @@ func_mode_install ()
func_show_eval "$install_prog $instname $destdir/$name" 'exit $?'
# Maybe install the static library, too.
- test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
+ test -n "$old_library" && func_append staticlibs " $dir/$old_library"
;;
*.lo)
@@ -2152,7 +3098,7 @@ func_mode_install ()
# Do a test to see if this is really a libtool program.
case $host in
- *cygwin*|*mingw*)
+ *cygwin* | *mingw*)
if func_ltwrapper_executable_p "$file"; then
func_ltwrapper_scriptname "$file"
wrapper=$func_ltwrapper_scriptname_result
@@ -2182,7 +3128,7 @@ func_mode_install ()
if test -f "$lib"; then
func_source "$lib"
fi
- libfile="$libdir/"`$ECHO "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
+ libfile="$libdir/"`$ECHO "$lib" | $SED 's%^.*/%%g'` ### testsuite: skip nested quoting test
if test -n "$libdir" && test ! -f "$libfile"; then
func_warning "\`$lib' has not been installed in \`$libdir'"
finalize=no
@@ -2201,7 +3147,7 @@ func_mode_install ()
file="$func_basename_result"
outputname="$tmpdir/$file"
# Replace the output file specification.
- relink_command=`$ECHO "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+ relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'`
$opt_silent || {
func_quote_for_expand "$relink_command"
@@ -2220,7 +3166,7 @@ func_mode_install ()
}
else
# Install the binary that we compiled earlier.
- file=`$ECHO "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+ file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"`
fi
fi
@@ -2256,11 +3202,13 @@ func_mode_install ()
# Set up the ranlib parameters.
oldlib="$destdir/$name"
+ func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
+ tool_oldlib=$func_to_tool_file_result
func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
if test -n "$stripme" && test -n "$old_striplib"; then
- func_show_eval "$old_striplib $oldlib" 'exit $?'
+ func_show_eval "$old_striplib $tool_oldlib" 'exit $?'
fi
# Do each command in the postinstall commands.
@@ -2279,7 +3227,7 @@ func_mode_install ()
fi
}
-test "$mode" = install && func_mode_install ${1+"$@"}
+test "$opt_mode" = install && func_mode_install ${1+"$@"}
# func_generate_dlsyms outputname originator pic_p
@@ -2322,6 +3270,22 @@ func_generate_dlsyms ()
extern \"C\" {
#endif
+#if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4))
+#pragma GCC diagnostic ignored \"-Wstrict-prototypes\"
+#endif
+
+/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
+#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE)
+/* DATA imports from DLLs on WIN32 con't be const, because runtime
+ relocations are performed -- see ld's documentation on pseudo-relocs. */
+# define LT_DLSYM_CONST
+#elif defined(__osf__)
+/* This system does not cope well with relocations in const data. */
+# define LT_DLSYM_CONST
+#else
+# define LT_DLSYM_CONST const
+#endif
+
/* External symbol declarations for the compiler. */\
"
@@ -2331,10 +3295,11 @@ extern \"C\" {
$opt_dry_run || echo ': @PROGRAM@ ' > "$nlist"
# Add our own program objects to the symbol list.
- progfiles=`$ECHO "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP`
for progfile in $progfiles; do
- func_verbose "extracting global C symbols from \`$progfile'"
- $opt_dry_run || eval "$NM $progfile | $global_symbol_pipe >> '$nlist'"
+ func_to_tool_file "$progfile" func_convert_file_msys_to_w32
+ func_verbose "extracting global C symbols from \`$func_to_tool_file_result'"
+ $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'"
done
if test -n "$exclude_expsyms"; then
@@ -2358,7 +3323,7 @@ extern \"C\" {
$RM $export_symbols
eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
case $host in
- *cygwin* | *mingw* )
+ *cygwin* | *mingw* | *cegcc* )
eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
;;
@@ -2370,7 +3335,7 @@ extern \"C\" {
eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
eval '$MV "$nlist"T "$nlist"'
case $host in
- *cygwin | *mingw* )
+ *cygwin* | *mingw* | *cegcc* )
eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
;;
@@ -2383,10 +3348,52 @@ extern \"C\" {
func_verbose "extracting global C symbols from \`$dlprefile'"
func_basename "$dlprefile"
name="$func_basename_result"
- $opt_dry_run || {
- eval '$ECHO ": $name " >> "$nlist"'
- eval "$NM $dlprefile 2>/dev/null | $global_symbol_pipe >> '$nlist'"
- }
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ # if an import library, we need to obtain dlname
+ if func_win32_import_lib_p "$dlprefile"; then
+ func_tr_sh "$dlprefile"
+ eval "curr_lafile=\$libfile_$func_tr_sh_result"
+ dlprefile_dlbasename=""
+ if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then
+ # Use subshell, to avoid clobbering current variable values
+ dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"`
+ if test -n "$dlprefile_dlname" ; then
+ func_basename "$dlprefile_dlname"
+ dlprefile_dlbasename="$func_basename_result"
+ else
+ # no lafile. user explicitly requested -dlpreopen <import library>.
+ $sharedlib_from_linklib_cmd "$dlprefile"
+ dlprefile_dlbasename=$sharedlib_from_linklib_result
+ fi
+ fi
+ $opt_dry_run || {
+ if test -n "$dlprefile_dlbasename" ; then
+ eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"'
+ else
+ func_warning "Could not compute DLL name from $name"
+ eval '$ECHO ": $name " >> "$nlist"'
+ fi
+ func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
+ eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe |
+ $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'"
+ }
+ else # not an import lib
+ $opt_dry_run || {
+ eval '$ECHO ": $name " >> "$nlist"'
+ func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
+ eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'"
+ }
+ fi
+ ;;
+ *)
+ $opt_dry_run || {
+ eval '$ECHO ": $name " >> "$nlist"'
+ func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
+ eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'"
+ }
+ ;;
+ esac
done
$opt_dry_run || {
@@ -2414,36 +3421,19 @@ extern \"C\" {
if test -f "$nlist"S; then
eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"'
else
- $ECHO '/* NONE */' >> "$output_objdir/$my_dlsyms"
+ echo '/* NONE */' >> "$output_objdir/$my_dlsyms"
fi
- $ECHO >> "$output_objdir/$my_dlsyms" "\
+ echo >> "$output_objdir/$my_dlsyms" "\
/* The mapping between symbol names and symbols. */
typedef struct {
const char *name;
void *address;
} lt_dlsymlist;
-"
- case $host in
- *cygwin* | *mingw* )
- $ECHO >> "$output_objdir/$my_dlsyms" "\
-/* DATA imports from DLLs on WIN32 con't be const, because
- runtime relocations are performed -- see ld's documentation
- on pseudo-relocs. */"
- lt_dlsym_const= ;;
- *osf5*)
- echo >> "$output_objdir/$my_dlsyms" "\
-/* This system does not cope well with relocations in const data */"
- lt_dlsym_const= ;;
- *)
- lt_dlsym_const=const ;;
- esac
-
- $ECHO >> "$output_objdir/$my_dlsyms" "\
-extern $lt_dlsym_const lt_dlsymlist
+extern LT_DLSYM_CONST lt_dlsymlist
lt_${my_prefix}_LTX_preloaded_symbols[];
-$lt_dlsym_const lt_dlsymlist
+LT_DLSYM_CONST lt_dlsymlist
lt_${my_prefix}_LTX_preloaded_symbols[] =
{\
{ \"$my_originator\", (void *) 0 },"
@@ -2456,7 +3446,7 @@ lt_${my_prefix}_LTX_preloaded_symbols[] =
eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms"
;;
esac
- $ECHO >> "$output_objdir/$my_dlsyms" "\
+ echo >> "$output_objdir/$my_dlsyms" "\
{0, (void *) 0}
};
@@ -2483,7 +3473,7 @@ static const void *lt_preloaded_setup() {
# linked before any other PIC object. But we must not use
# pic_flag when linking with -static. The problem exists in
# FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
- *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+ *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
*-*-hpux*)
pic_flag_for_symtable=" $pic_flag" ;;
@@ -2499,7 +3489,7 @@ static const void *lt_preloaded_setup() {
for arg in $LTCFLAGS; do
case $arg in
-pie | -fpie | -fPIE) ;;
- *) symtab_cflags="$symtab_cflags $arg" ;;
+ *) func_append symtab_cflags " $arg" ;;
esac
done
@@ -2512,18 +3502,18 @@ static const void *lt_preloaded_setup() {
# Transform the symbol file into the correct name.
symfileobj="$output_objdir/${my_outputname}S.$objext"
case $host in
- *cygwin* | *mingw* )
+ *cygwin* | *mingw* | *cegcc* )
if test -f "$output_objdir/$my_outputname.def"; then
- compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
- finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+ compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+ finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
else
- compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
- finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"`
+ finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"`
fi
;;
*)
- compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
- finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"`
+ finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"`
;;
esac
;;
@@ -2537,8 +3527,8 @@ static const void *lt_preloaded_setup() {
# really was required.
# Nullify the symbol file.
- compile_command=`$ECHO "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
- finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+ compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"`
+ finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"`
fi
}
@@ -2548,6 +3538,7 @@ static const void *lt_preloaded_setup() {
# Need a lot of goo to handle *both* DLLs and import libs
# Has to be a shell function in order to 'eat' the argument
# that is supplied when $file_magic_command is called.
+# Despite the name, also deal with 64 bit binaries.
func_win32_libid ()
{
$opt_debug
@@ -2558,9 +3549,11 @@ func_win32_libid ()
win32_libid_type="x86 archive import"
;;
*ar\ archive*) # could be an import, or static
+ # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD.
if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
- $EGREP 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
- win32_nmres=`eval $NM -f posix -A $1 |
+ $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then
+ func_to_tool_file "$1" func_convert_file_msys_to_w32
+ win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" |
$SED -n -e '
1,100{
/ I /{
@@ -2589,6 +3582,131 @@ func_win32_libid ()
$ECHO "$win32_libid_type"
}
+# func_cygming_dll_for_implib ARG
+#
+# Platform-specific function to extract the
+# name of the DLL associated with the specified
+# import library ARG.
+# Invoked by eval'ing the libtool variable
+# $sharedlib_from_linklib_cmd
+# Result is available in the variable
+# $sharedlib_from_linklib_result
+func_cygming_dll_for_implib ()
+{
+ $opt_debug
+ sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"`
+}
+
+# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs
+#
+# The is the core of a fallback implementation of a
+# platform-specific function to extract the name of the
+# DLL associated with the specified import library LIBNAME.
+#
+# SECTION_NAME is either .idata$6 or .idata$7, depending
+# on the platform and compiler that created the implib.
+#
+# Echos the name of the DLL associated with the
+# specified import library.
+func_cygming_dll_for_implib_fallback_core ()
+{
+ $opt_debug
+ match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"`
+ $OBJDUMP -s --section "$1" "$2" 2>/dev/null |
+ $SED '/^Contents of section '"$match_literal"':/{
+ # Place marker at beginning of archive member dllname section
+ s/.*/====MARK====/
+ p
+ d
+ }
+ # These lines can sometimes be longer than 43 characters, but
+ # are always uninteresting
+ /:[ ]*file format pe[i]\{,1\}-/d
+ /^In archive [^:]*:/d
+ # Ensure marker is printed
+ /^====MARK====/p
+ # Remove all lines with less than 43 characters
+ /^.\{43\}/!d
+ # From remaining lines, remove first 43 characters
+ s/^.\{43\}//' |
+ $SED -n '
+ # Join marker and all lines until next marker into a single line
+ /^====MARK====/ b para
+ H
+ $ b para
+ b
+ :para
+ x
+ s/\n//g
+ # Remove the marker
+ s/^====MARK====//
+ # Remove trailing dots and whitespace
+ s/[\. \t]*$//
+ # Print
+ /./p' |
+ # we now have a list, one entry per line, of the stringified
+ # contents of the appropriate section of all members of the
+ # archive which possess that section. Heuristic: eliminate
+ # all those which have a first or second character that is
+ # a '.' (that is, objdump's representation of an unprintable
+ # character.) This should work for all archives with less than
+ # 0x302f exports -- but will fail for DLLs whose name actually
+ # begins with a literal '.' or a single character followed by
+ # a '.'.
+ #
+ # Of those that remain, print the first one.
+ $SED -e '/^\./d;/^.\./d;q'
+}
+
+# func_cygming_gnu_implib_p ARG
+# This predicate returns with zero status (TRUE) if
+# ARG is a GNU/binutils-style import library. Returns
+# with nonzero status (FALSE) otherwise.
+func_cygming_gnu_implib_p ()
+{
+ $opt_debug
+ func_to_tool_file "$1" func_convert_file_msys_to_w32
+ func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'`
+ test -n "$func_cygming_gnu_implib_tmp"
+}
+
+# func_cygming_ms_implib_p ARG
+# This predicate returns with zero status (TRUE) if
+# ARG is an MS-style import library. Returns
+# with nonzero status (FALSE) otherwise.
+func_cygming_ms_implib_p ()
+{
+ $opt_debug
+ func_to_tool_file "$1" func_convert_file_msys_to_w32
+ func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'`
+ test -n "$func_cygming_ms_implib_tmp"
+}
+
+# func_cygming_dll_for_implib_fallback ARG
+# Platform-specific function to extract the
+# name of the DLL associated with the specified
+# import library ARG.
+#
+# This fallback implementation is for use when $DLLTOOL
+# does not support the --identify-strict option.
+# Invoked by eval'ing the libtool variable
+# $sharedlib_from_linklib_cmd
+# Result is available in the variable
+# $sharedlib_from_linklib_result
+func_cygming_dll_for_implib_fallback ()
+{
+ $opt_debug
+ if func_cygming_gnu_implib_p "$1" ; then
+ # binutils import library
+ sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"`
+ elif func_cygming_ms_implib_p "$1" ; then
+ # ms-generated import library
+ sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"`
+ else
+ # unknown
+ sharedlib_from_linklib_result=""
+ fi
+}
# func_extract_an_archive dir oldlib
@@ -2597,7 +3715,18 @@ func_extract_an_archive ()
$opt_debug
f_ex_an_ar_dir="$1"; shift
f_ex_an_ar_oldlib="$1"
- func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" 'exit $?'
+ if test "$lock_old_archive_extraction" = yes; then
+ lockfile=$f_ex_an_ar_oldlib.lock
+ until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
+ func_echo "Waiting for $lockfile to be removed"
+ sleep 2
+ done
+ fi
+ func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \
+ 'stat=$?; rm -f "$lockfile"; exit $stat'
+ if test "$lock_old_archive_extraction" = yes; then
+ $opt_dry_run || rm -f "$lockfile"
+ fi
if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
:
else
@@ -2668,7 +3797,7 @@ func_extract_archives ()
darwin_file=
darwin_files=
for darwin_file in $darwin_filelist; do
- darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+ darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP`
$LIPO -create -output "$darwin_file" $darwin_files
done # $darwin_filelist
$RM -rf unfat-$$
@@ -2683,34 +3812,30 @@ func_extract_archives ()
func_extract_an_archive "$my_xdir" "$my_xabs"
;;
esac
- my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP`
done
func_extract_archives_result="$my_oldobjs"
}
-
-# func_emit_wrapper arg
+# func_emit_wrapper [arg=no]
#
-# emit a libtool wrapper script on stdout
-# don't directly open a file because we may want to
+# Emit a libtool wrapper script on stdout.
+# Don't directly open a file because we may want to
# incorporate the script contents within a cygwin/mingw
# wrapper executable. Must ONLY be called from within
-# func_mode_link because it depends on a number of variable
+# func_mode_link because it depends on a number of variables
# set therein.
#
-# arg is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
+# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
# variable will take. If 'yes', then the emitted script
# will assume that the directory in which it is stored is
-# the '.lib' directory. This is a cygwin/mingw-specific
+# the $objdir directory. This is a cygwin/mingw-specific
# behavior.
func_emit_wrapper ()
{
- func_emit_wrapper_arg1=no
- if test -n "$1" ; then
- func_emit_wrapper_arg1=$1
- fi
+ func_emit_wrapper_arg1=${1-no}
$ECHO "\
#! $SHELL
@@ -2726,7 +3851,6 @@ func_emit_wrapper ()
# Sed substitution that helps us do robust quoting. It backslashifies
# metacharacters that are still active within double-quoted strings.
-Xsed='${SED} -e 1s/^X//'
sed_quote_subst='$sed_quote_subst'
# Be Bourne compatible
@@ -2757,31 +3881,135 @@ if test \"\$libtool_install_magic\" = \"$magic\"; then
else
# When we are sourced in execute mode, \$file and \$ECHO are already set.
if test \"\$libtool_execute_magic\" != \"$magic\"; then
- ECHO=\"$qecho\"
- file=\"\$0\"
- # Make sure echo works.
- if test \"X\$1\" = X--no-reexec; then
- # Discard the --no-reexec flag, and continue.
- shift
- elif test \"X\`{ \$ECHO '\t'; } 2>/dev/null\`\" = 'X\t'; then
- # Yippee, \$ECHO works!
- :
- else
- # Restart under the correct shell, and then maybe \$ECHO will work.
- exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
- fi
- fi\
+ file=\"\$0\""
+
+ qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"`
+ $ECHO "\
+
+# A function that is used when there is no print builtin or printf.
+func_fallback_echo ()
+{
+ eval 'cat <<_LTECHO_EOF
+\$1
+_LTECHO_EOF'
+}
+ ECHO=\"$qECHO\"
+ fi
+
+# Very basic option parsing. These options are (a) specific to
+# the libtool wrapper, (b) are identical between the wrapper
+# /script/ and the wrapper /executable/ which is used only on
+# windows platforms, and (c) all begin with the string "--lt-"
+# (application programs are unlikely to have options which match
+# this pattern).
+#
+# There are only two supported options: --lt-debug and
+# --lt-dump-script. There is, deliberately, no --lt-help.
+#
+# The first argument to this parsing function should be the
+# script's $0 value, followed by "$@".
+lt_option_debug=
+func_parse_lt_options ()
+{
+ lt_script_arg0=\$0
+ shift
+ for lt_opt
+ do
+ case \"\$lt_opt\" in
+ --lt-debug) lt_option_debug=1 ;;
+ --lt-dump-script)
+ lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\`
+ test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=.
+ lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\`
+ cat \"\$lt_dump_D/\$lt_dump_F\"
+ exit 0
+ ;;
+ --lt-*)
+ \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2
+ exit 1
+ ;;
+ esac
+ done
+
+ # Print the debug banner immediately:
+ if test -n \"\$lt_option_debug\"; then
+ echo \"${outputname}:${output}:\${LINENO}: libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\" 1>&2
+ fi
+}
+
+# Used when --lt-debug. Prints its arguments to stdout
+# (redirection is the responsibility of the caller)
+func_lt_dump_args ()
+{
+ lt_dump_args_N=1;
+ for lt_arg
+ do
+ \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[\$lt_dump_args_N]: \$lt_arg\"
+ lt_dump_args_N=\`expr \$lt_dump_args_N + 1\`
+ done
+}
+
+# Core function for launching the target application
+func_exec_program_core ()
+{
"
- $ECHO "\
+ case $host in
+ # Backslashes separate directories on plain windows
+ *-*-mingw | *-*-os2* | *-cegcc*)
+ $ECHO "\
+ if test -n \"\$lt_option_debug\"; then
+ \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir\\\\\$program\" 1>&2
+ func_lt_dump_args \${1+\"\$@\"} 1>&2
+ fi
+ exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
+"
+ ;;
+
+ *)
+ $ECHO "\
+ if test -n \"\$lt_option_debug\"; then
+ \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir/\$program\" 1>&2
+ func_lt_dump_args \${1+\"\$@\"} 1>&2
+ fi
+ exec \"\$progdir/\$program\" \${1+\"\$@\"}
+"
+ ;;
+ esac
+ $ECHO "\
+ \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2
+ exit 1
+}
+
+# A function to encapsulate launching the target application
+# Strips options in the --lt-* namespace from \$@ and
+# launches target application with the remaining arguments.
+func_exec_program ()
+{
+ case \" \$* \" in
+ *\\ --lt-*)
+ for lt_wr_arg
+ do
+ case \$lt_wr_arg in
+ --lt-*) ;;
+ *) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
+ esac
+ shift
+ done ;;
+ esac
+ func_exec_program_core \${1+\"\$@\"}
+}
+
+ # Parse options
+ func_parse_lt_options \"\$0\" \${1+\"\$@\"}
# Find the directory that this script lives in.
- thisdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
+ thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\`
test \"x\$thisdir\" = \"x\$file\" && thisdir=.
# Follow symbolic links until we get to the real thisdir.
- file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
+ file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\`
while test -n \"\$file\"; do
- destdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
+ destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\`
# If there was a directory component, then change thisdir.
if test \"x\$destdir\" != \"x\$file\"; then
@@ -2791,8 +4019,8 @@ else
esac
fi
- file=\`\$ECHO \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
- file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
+ file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\`
+ file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\`
done
# Usually 'no', except on cygwin/mingw when embedded into
@@ -2805,7 +4033,7 @@ else
fi
# remove .libs from thisdir
case \"\$thisdir\" in
- *[\\\\/]$objdir ) thisdir=\`\$ECHO \"X\$thisdir\" | \$Xsed -e 's%[\\\\/][^\\\\/]*$%%'\` ;;
+ *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;;
$objdir ) thisdir=. ;;
esac
fi
@@ -2860,6 +4088,18 @@ else
if test -f \"\$progdir/\$program\"; then"
+ # fixup the dll searchpath if we need to.
+ #
+ # Fix the DLL searchpath if we need to. Do this before prepending
+ # to shlibpath, because on Windows, both are PATH and uninstalled
+ # libraries must come first.
+ if test -n "$dllsearchpath"; then
+ $ECHO "\
+ # Add the dll search path components to the executable PATH
+ PATH=$dllsearchpath:\$PATH
+"
+ fi
+
# Export our shlibpath_var if we have one.
if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
$ECHO "\
@@ -2868,53 +4108,28 @@ else
# Some systems cannot cope with colon-terminated $shlibpath_var
# The second colon is a workaround for a bug in BeOS R4 sed
- $shlibpath_var=\`\$ECHO \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
+ $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\`
export $shlibpath_var
"
fi
- # fixup the dll searchpath if we need to.
- if test -n "$dllsearchpath"; then
- $ECHO "\
- # Add the dll search path components to the executable PATH
- PATH=$dllsearchpath:\$PATH
-"
- fi
-
$ECHO "\
if test \"\$libtool_execute_magic\" != \"$magic\"; then
# Run the actual program with our arguments.
-"
- case $host in
- # Backslashes separate directories on plain windows
- *-*-mingw | *-*-os2*)
- $ECHO "\
- exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
-"
- ;;
-
- *)
- $ECHO "\
- exec \"\$progdir/\$program\" \${1+\"\$@\"}
-"
- ;;
- esac
- $ECHO "\
- \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2
- exit 1
+ func_exec_program \${1+\"\$@\"}
fi
else
# The program doesn't exist.
\$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
\$ECHO \"This script is just a wrapper for \$program.\" 1>&2
- $ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
+ \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
exit 1
fi
fi\
"
}
-# end: func_emit_wrapper
+
# func_emit_cwrapperexe_src
# emit the source code for a wrapper executable on stdout
@@ -2932,20 +4147,18 @@ func_emit_cwrapperexe_src ()
This wrapper executable should never be moved out of the build directory.
If it is, it will not operate correctly.
-
- Currently, it simply execs the wrapper *script* "$SHELL $output",
- but could eventually absorb all of the scripts functionality and
- exec $objdir/$outputname directly.
*/
EOF
cat <<"EOF"
+#ifdef _MSC_VER
+# define _CRT_SECURE_NO_DEPRECATE 1
+#endif
#include <stdio.h>
#include <stdlib.h>
#ifdef _MSC_VER
# include <direct.h>
# include <process.h>
# include <io.h>
-# define setmode _setmode
#else
# include <unistd.h>
# include <stdint.h>
@@ -2962,6 +4175,44 @@ EOF
#include <fcntl.h>
#include <sys/stat.h>
+/* declarations of non-ANSI functions */
+#if defined(__MINGW32__)
+# ifdef __STRICT_ANSI__
+int _putenv (const char *);
+# endif
+#elif defined(__CYGWIN__)
+# ifdef __STRICT_ANSI__
+char *realpath (const char *, char *);
+int putenv (char *);
+int setenv (const char *, const char *, int);
+# endif
+/* #elif defined (other platforms) ... */
+#endif
+
+/* portability defines, excluding path handling macros */
+#if defined(_MSC_VER)
+# define setmode _setmode
+# define stat _stat
+# define chmod _chmod
+# define getcwd _getcwd
+# define putenv _putenv
+# define S_IXUSR _S_IEXEC
+# ifndef _INTPTR_T_DEFINED
+# define _INTPTR_T_DEFINED
+# define intptr_t int
+# endif
+#elif defined(__MINGW32__)
+# define setmode _setmode
+# define stat _stat
+# define chmod _chmod
+# define getcwd _getcwd
+# define putenv _putenv
+#elif defined(__CYGWIN__)
+# define HAVE_SETENV
+# define FOPEN_WB "wb"
+/* #elif defined (other platforms) ... */
+#endif
+
#if defined(PATH_MAX)
# define LT_PATHMAX PATH_MAX
#elif defined(MAXPATHLEN)
@@ -2977,14 +4228,7 @@ EOF
# define S_IXGRP 0
#endif
-#ifdef _MSC_VER
-# define S_IXUSR _S_IEXEC
-# define stat _stat
-# ifndef _INTPTR_T_DEFINED
-# define intptr_t int
-# endif
-#endif
-
+/* path handling portability macros */
#ifndef DIR_SEPARATOR
# define DIR_SEPARATOR '/'
# define PATH_SEPARATOR ':'
@@ -3015,10 +4259,6 @@ EOF
# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
#endif /* PATH_SEPARATOR_2 */
-#ifdef __CYGWIN__
-# define FOPEN_WB "wb"
-#endif
-
#ifndef FOPEN_WB
# define FOPEN_WB "w"
#endif
@@ -3031,22 +4271,13 @@ EOF
if (stale) { free ((void *) stale); stale = 0; } \
} while (0)
-#undef LTWRAPPER_DEBUGPRINTF
-#if defined DEBUGWRAPPER
-# define LTWRAPPER_DEBUGPRINTF(args) ltwrapper_debugprintf args
-static void
-ltwrapper_debugprintf (const char *fmt, ...)
-{
- va_list args;
- va_start (args, fmt);
- (void) vfprintf (stderr, fmt, args);
- va_end (args);
-}
+#if defined(LT_DEBUGWRAPPER)
+static int lt_debug = 1;
#else
-# define LTWRAPPER_DEBUGPRINTF(args)
+static int lt_debug = 0;
#endif
-const char *program_name = NULL;
+const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */
void *xmalloc (size_t num);
char *xstrdup (const char *string);
@@ -3056,37 +4287,88 @@ char *chase_symlinks (const char *pathspec);
int make_executable (const char *path);
int check_executable (const char *path);
char *strendzap (char *str, const char *pat);
-void lt_fatal (const char *message, ...);
+void lt_debugprintf (const char *file, int line, const char *fmt, ...);
+void lt_fatal (const char *file, int line, const char *message, ...);
+static const char *nonnull (const char *s);
+static const char *nonempty (const char *s);
+void lt_setenv (const char *name, const char *value);
+char *lt_extend_str (const char *orig_value, const char *add, int to_end);
+void lt_update_exe_path (const char *name, const char *value);
+void lt_update_lib_path (const char *name, const char *value);
+char **prepare_spawn (char **argv);
+void lt_dump_script (FILE *f);
+EOF
-static const char *script_text =
+ cat <<EOF
+volatile const char * MAGIC_EXE = "$magic_exe";
+const char * LIB_PATH_VARNAME = "$shlibpath_var";
EOF
- func_emit_wrapper yes |
- $SED -e 's/\([\\"]\)/\\\1/g' \
- -e 's/^/ "/' -e 's/$/\\n"/'
- echo ";"
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ func_to_host_path "$temp_rpath"
+ cat <<EOF
+const char * LIB_PATH_VALUE = "$func_to_host_path_result";
+EOF
+ else
+ cat <<"EOF"
+const char * LIB_PATH_VALUE = "";
+EOF
+ fi
- cat <<EOF
-const char * MAGIC_EXE = "$magic_exe";
+ if test -n "$dllsearchpath"; then
+ func_to_host_path "$dllsearchpath:"
+ cat <<EOF
+const char * EXE_PATH_VARNAME = "PATH";
+const char * EXE_PATH_VALUE = "$func_to_host_path_result";
+EOF
+ else
+ cat <<"EOF"
+const char * EXE_PATH_VARNAME = "";
+const char * EXE_PATH_VALUE = "";
+EOF
+ fi
+
+ if test "$fast_install" = yes; then
+ cat <<EOF
+const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */
+EOF
+ else
+ cat <<EOF
+const char * TARGET_PROGRAM_NAME = "$outputname"; /* hopefully, no .exe */
+EOF
+ fi
+
+
+ cat <<"EOF"
+
+#define LTWRAPPER_OPTION_PREFIX "--lt-"
+
+static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX;
+static const char *dumpscript_opt = LTWRAPPER_OPTION_PREFIX "dump-script";
+static const char *debug_opt = LTWRAPPER_OPTION_PREFIX "debug";
int
main (int argc, char *argv[])
{
char **newargz;
+ int newargc;
char *tmp_pathspec;
char *actual_cwrapper_path;
- char *shwrapper_name;
+ char *actual_cwrapper_name;
+ char *target_name;
+ char *lt_argv_zero;
intptr_t rval = 127;
- FILE *shwrapper;
- const char *dumpscript_opt = "--lt-dump-script";
int i;
program_name = (char *) xstrdup (base_name (argv[0]));
- LTWRAPPER_DEBUGPRINTF (("(main) argv[0] : %s\n", argv[0]));
- LTWRAPPER_DEBUGPRINTF (("(main) program_name : %s\n", program_name));
+ newargz = XMALLOC (char *, argc + 1);
- /* very simple arg parsing; don't want to rely on getopt */
+ /* very simple arg parsing; don't want to rely on getopt
+ * also, copy all non cwrapper options to newargz, except
+ * argz[0], which is handled differently
+ */
+ newargc=0;
for (i = 1; i < argc; i++)
{
if (strcmp (argv[i], dumpscript_opt) == 0)
@@ -3099,82 +4381,112 @@ EOF
;;
esac
- cat <<EOF
- printf ("%s", script_text);
+ cat <<"EOF"
+ lt_dump_script (stdout);
return 0;
}
+ if (strcmp (argv[i], debug_opt) == 0)
+ {
+ lt_debug = 1;
+ continue;
+ }
+ if (strcmp (argv[i], ltwrapper_option_prefix) == 0)
+ {
+ /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
+ namespace, but it is not one of the ones we know about and
+ have already dealt with, above (inluding dump-script), then
+ report an error. Otherwise, targets might begin to believe
+ they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
+ namespace. The first time any user complains about this, we'll
+ need to make LTWRAPPER_OPTION_PREFIX a configure-time option
+ or a configure.ac-settable value.
+ */
+ lt_fatal (__FILE__, __LINE__,
+ "unrecognized %s option: '%s'",
+ ltwrapper_option_prefix, argv[i]);
+ }
+ /* otherwise ... */
+ newargz[++newargc] = xstrdup (argv[i]);
}
+ newargz[++newargc] = NULL;
- newargz = XMALLOC (char *, argc + 2);
EOF
-
- if test -n "$TARGETSHELL" ; then
- # no path translation at all
- lt_newargv0=$TARGETSHELL
- else
- case "$host" in
- *mingw* )
- # awkward: cmd appends spaces to result
- lt_sed_strip_trailing_spaces="s/[ ]*\$//"
- lt_newargv0=`( cmd //c echo $SHELL | $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo $SHELL`
- case $lt_newargv0 in
- *.exe | *.EXE) ;;
- *) lt_newargv0=$lt_newargv0.exe ;;
- esac
- ;;
- * ) lt_newargv0=$SHELL ;;
- esac
- fi
-
- cat <<EOF
- newargz[0] = (char *) xstrdup ("$lt_newargv0");
+ cat <<EOF
+ /* The GNU banner must be the first non-error debug message */
+ lt_debugprintf (__FILE__, __LINE__, "libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\n");
EOF
-
cat <<"EOF"
+ lt_debugprintf (__FILE__, __LINE__, "(main) argv[0]: %s\n", argv[0]);
+ lt_debugprintf (__FILE__, __LINE__, "(main) program_name: %s\n", program_name);
+
tmp_pathspec = find_executable (argv[0]);
if (tmp_pathspec == NULL)
- lt_fatal ("Couldn't find %s", argv[0]);
- LTWRAPPER_DEBUGPRINTF (("(main) found exe (before symlink chase) at : %s\n",
- tmp_pathspec));
+ lt_fatal (__FILE__, __LINE__, "couldn't find %s", argv[0]);
+ lt_debugprintf (__FILE__, __LINE__,
+ "(main) found exe (before symlink chase) at: %s\n",
+ tmp_pathspec);
actual_cwrapper_path = chase_symlinks (tmp_pathspec);
- LTWRAPPER_DEBUGPRINTF (("(main) found exe (after symlink chase) at : %s\n",
- actual_cwrapper_path));
+ lt_debugprintf (__FILE__, __LINE__,
+ "(main) found exe (after symlink chase) at: %s\n",
+ actual_cwrapper_path);
XFREE (tmp_pathspec);
- shwrapper_name = (char *) xstrdup (base_name (actual_cwrapper_path));
- strendzap (actual_cwrapper_path, shwrapper_name);
-
- /* shwrapper_name transforms */
- strendzap (shwrapper_name, ".exe");
- tmp_pathspec = XMALLOC (char, (strlen (shwrapper_name) +
- strlen ("_ltshwrapperTMP") + 1));
- strcpy (tmp_pathspec, shwrapper_name);
- strcat (tmp_pathspec, "_ltshwrapperTMP");
- XFREE (shwrapper_name);
- shwrapper_name = tmp_pathspec;
+ actual_cwrapper_name = xstrdup (base_name (actual_cwrapper_path));
+ strendzap (actual_cwrapper_path, actual_cwrapper_name);
+
+ /* wrapper name transforms */
+ strendzap (actual_cwrapper_name, ".exe");
+ tmp_pathspec = lt_extend_str (actual_cwrapper_name, ".exe", 1);
+ XFREE (actual_cwrapper_name);
+ actual_cwrapper_name = tmp_pathspec;
+ tmp_pathspec = 0;
+
+ /* target_name transforms -- use actual target program name; might have lt- prefix */
+ target_name = xstrdup (base_name (TARGET_PROGRAM_NAME));
+ strendzap (target_name, ".exe");
+ tmp_pathspec = lt_extend_str (target_name, ".exe", 1);
+ XFREE (target_name);
+ target_name = tmp_pathspec;
tmp_pathspec = 0;
- LTWRAPPER_DEBUGPRINTF (("(main) libtool shell wrapper name: %s\n",
- shwrapper_name));
+
+ lt_debugprintf (__FILE__, __LINE__,
+ "(main) libtool target name: %s\n",
+ target_name);
EOF
cat <<EOF
- newargz[1] =
+ newargz[0] =
XMALLOC (char, (strlen (actual_cwrapper_path) +
- strlen ("$objdir") + 1 + strlen (shwrapper_name) + 1));
- strcpy (newargz[1], actual_cwrapper_path);
- strcat (newargz[1], "$objdir");
- strcat (newargz[1], "/");
- strcat (newargz[1], shwrapper_name);
+ strlen ("$objdir") + 1 + strlen (actual_cwrapper_name) + 1));
+ strcpy (newargz[0], actual_cwrapper_path);
+ strcat (newargz[0], "$objdir");
+ strcat (newargz[0], "/");
EOF
+ cat <<"EOF"
+ /* stop here, and copy so we don't have to do this twice */
+ tmp_pathspec = xstrdup (newargz[0]);
+
+ /* do NOT want the lt- prefix here, so use actual_cwrapper_name */
+ strcat (newargz[0], actual_cwrapper_name);
+
+ /* DO want the lt- prefix here if it exists, so use target_name */
+ lt_argv_zero = lt_extend_str (tmp_pathspec, target_name, 1);
+ XFREE (tmp_pathspec);
+ tmp_pathspec = NULL;
+EOF
case $host_os in
mingw*)
cat <<"EOF"
{
char* p;
- while ((p = strchr (newargz[1], '\\')) != NULL)
+ while ((p = strchr (newargz[0], '\\')) != NULL)
+ {
+ *p = '/';
+ }
+ while ((p = strchr (lt_argv_zero, '\\')) != NULL)
{
*p = '/';
}
@@ -3184,62 +4496,63 @@ EOF
esac
cat <<"EOF"
- XFREE (shwrapper_name);
+ XFREE (target_name);
XFREE (actual_cwrapper_path);
-
- /* always write in binary mode */
- if ((shwrapper = fopen (newargz[1], FOPEN_WB)) == 0)
+ XFREE (actual_cwrapper_name);
+
+ lt_setenv ("BIN_SH", "xpg4"); /* for Tru64 */
+ lt_setenv ("DUALCASE", "1"); /* for MSK sh */
+ /* Update the DLL searchpath. EXE_PATH_VALUE ($dllsearchpath) must
+ be prepended before (that is, appear after) LIB_PATH_VALUE ($temp_rpath)
+ because on Windows, both *_VARNAMEs are PATH but uninstalled
+ libraries must come first. */
+ lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE);
+ lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE);
+
+ lt_debugprintf (__FILE__, __LINE__, "(main) lt_argv_zero: %s\n",
+ nonnull (lt_argv_zero));
+ for (i = 0; i < newargc; i++)
{
- lt_fatal ("Could not open %s for writing", newargz[1]);
- }
- fprintf (shwrapper, "%s", script_text);
- fclose (shwrapper);
-
- make_executable (newargz[1]);
-
- for (i = 1; i < argc; i++)
- newargz[i + 1] = xstrdup (argv[i]);
- newargz[argc + 1] = NULL;
-
- for (i = 0; i < argc + 1; i++)
- {
- LTWRAPPER_DEBUGPRINTF (("(main) newargz[%d] : %s\n", i, newargz[i]));
+ lt_debugprintf (__FILE__, __LINE__, "(main) newargz[%d]: %s\n",
+ i, nonnull (newargz[i]));
}
EOF
case $host_os in
mingw*)
- cat <<EOF
+ cat <<"EOF"
/* execv doesn't actually work on mingw as expected on unix */
- rval = _spawnv (_P_WAIT, "$lt_newargv0", (const char * const *) newargz);
+ newargz = prepare_spawn (newargz);
+ rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
if (rval == -1)
{
/* failed to start process */
- LTWRAPPER_DEBUGPRINTF (("(main) failed to launch target \"$lt_newargv0\": errno = %d\n", errno));
+ lt_debugprintf (__FILE__, __LINE__,
+ "(main) failed to launch target \"%s\": %s\n",
+ lt_argv_zero, nonnull (strerror (errno)));
return 127;
}
return rval;
-}
EOF
;;
*)
- cat <<EOF
- execv ("$lt_newargv0", newargz);
+ cat <<"EOF"
+ execv (lt_argv_zero, newargz);
return rval; /* =127, but avoids unused variable warning */
-}
EOF
;;
esac
cat <<"EOF"
+}
void *
xmalloc (size_t num)
{
void *p = (void *) malloc (num);
if (!p)
- lt_fatal ("Memory exhausted");
+ lt_fatal (__FILE__, __LINE__, "memory exhausted");
return p;
}
@@ -3273,8 +4586,8 @@ check_executable (const char *path)
{
struct stat st;
- LTWRAPPER_DEBUGPRINTF (("(check_executable) : %s\n",
- path ? (*path ? path : "EMPTY!") : "NULL!"));
+ lt_debugprintf (__FILE__, __LINE__, "(check_executable): %s\n",
+ nonempty (path));
if ((!path) || (!*path))
return 0;
@@ -3291,8 +4604,8 @@ make_executable (const char *path)
int rval = 0;
struct stat st;
- LTWRAPPER_DEBUGPRINTF (("(make_executable) : %s\n",
- path ? (*path ? path : "EMPTY!") : "NULL!"));
+ lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n",
+ nonempty (path));
if ((!path) || (!*path))
return 0;
@@ -3318,8 +4631,8 @@ find_executable (const char *wrapper)
int tmp_len;
char *concat_name;
- LTWRAPPER_DEBUGPRINTF (("(find_executable) : %s\n",
- wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!"));
+ lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n",
+ nonempty (wrapper));
if ((wrapper == NULL) || (*wrapper == '\0'))
return NULL;
@@ -3372,7 +4685,8 @@ find_executable (const char *wrapper)
{
/* empty path: current directory */
if (getcwd (tmp, LT_PATHMAX) == NULL)
- lt_fatal ("getcwd failed");
+ lt_fatal (__FILE__, __LINE__, "getcwd failed: %s",
+ nonnull (strerror (errno)));
tmp_len = strlen (tmp);
concat_name =
XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
@@ -3397,7 +4711,8 @@ find_executable (const char *wrapper)
}
/* Relative path | not found in path: prepend cwd */
if (getcwd (tmp, LT_PATHMAX) == NULL)
- lt_fatal ("getcwd failed");
+ lt_fatal (__FILE__, __LINE__, "getcwd failed: %s",
+ nonnull (strerror (errno)));
tmp_len = strlen (tmp);
concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
memcpy (concat_name, tmp, tmp_len);
@@ -3423,8 +4738,9 @@ chase_symlinks (const char *pathspec)
int has_symlinks = 0;
while (strlen (tmp_pathspec) && !has_symlinks)
{
- LTWRAPPER_DEBUGPRINTF (("checking path component for symlinks: %s\n",
- tmp_pathspec));
+ lt_debugprintf (__FILE__, __LINE__,
+ "checking path component for symlinks: %s\n",
+ tmp_pathspec);
if (lstat (tmp_pathspec, &s) == 0)
{
if (S_ISLNK (s.st_mode) != 0)
@@ -3446,8 +4762,9 @@ chase_symlinks (const char *pathspec)
}
else
{
- char *errstr = strerror (errno);
- lt_fatal ("Error accessing file %s (%s)", tmp_pathspec, errstr);
+ lt_fatal (__FILE__, __LINE__,
+ "error accessing file \"%s\": %s",
+ tmp_pathspec, nonnull (strerror (errno)));
}
}
XFREE (tmp_pathspec);
@@ -3460,7 +4777,8 @@ chase_symlinks (const char *pathspec)
tmp_pathspec = realpath (pathspec, buf);
if (tmp_pathspec == 0)
{
- lt_fatal ("Could not follow symlinks for %s", pathspec);
+ lt_fatal (__FILE__, __LINE__,
+ "could not follow symlinks for %s", pathspec);
}
return xstrdup (tmp_pathspec);
#endif
@@ -3486,11 +4804,25 @@ strendzap (char *str, const char *pat)
return str;
}
+void
+lt_debugprintf (const char *file, int line, const char *fmt, ...)
+{
+ va_list args;
+ if (lt_debug)
+ {
+ (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line);
+ va_start (args, fmt);
+ (void) vfprintf (stderr, fmt, args);
+ va_end (args);
+ }
+}
+
static void
-lt_error_core (int exit_status, const char *mode,
+lt_error_core (int exit_status, const char *file,
+ int line, const char *mode,
const char *message, va_list ap)
{
- fprintf (stderr, "%s: %s: ", program_name, mode);
+ fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode);
vfprintf (stderr, message, ap);
fprintf (stderr, ".\n");
@@ -3499,23 +4831,270 @@ lt_error_core (int exit_status, const char *mode,
}
void
-lt_fatal (const char *message, ...)
+lt_fatal (const char *file, int line, const char *message, ...)
{
va_list ap;
va_start (ap, message);
- lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+ lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap);
va_end (ap);
}
+
+static const char *
+nonnull (const char *s)
+{
+ return s ? s : "(null)";
+}
+
+static const char *
+nonempty (const char *s)
+{
+ return (s && !*s) ? "(empty)" : nonnull (s);
+}
+
+void
+lt_setenv (const char *name, const char *value)
+{
+ lt_debugprintf (__FILE__, __LINE__,
+ "(lt_setenv) setting '%s' to '%s'\n",
+ nonnull (name), nonnull (value));
+ {
+#ifdef HAVE_SETENV
+ /* always make a copy, for consistency with !HAVE_SETENV */
+ char *str = xstrdup (value);
+ setenv (name, str, 1);
+#else
+ int len = strlen (name) + 1 + strlen (value) + 1;
+ char *str = XMALLOC (char, len);
+ sprintf (str, "%s=%s", name, value);
+ if (putenv (str) != EXIT_SUCCESS)
+ {
+ XFREE (str);
+ }
+#endif
+ }
+}
+
+char *
+lt_extend_str (const char *orig_value, const char *add, int to_end)
+{
+ char *new_value;
+ if (orig_value && *orig_value)
+ {
+ int orig_value_len = strlen (orig_value);
+ int add_len = strlen (add);
+ new_value = XMALLOC (char, add_len + orig_value_len + 1);
+ if (to_end)
+ {
+ strcpy (new_value, orig_value);
+ strcpy (new_value + orig_value_len, add);
+ }
+ else
+ {
+ strcpy (new_value, add);
+ strcpy (new_value + add_len, orig_value);
+ }
+ }
+ else
+ {
+ new_value = xstrdup (add);
+ }
+ return new_value;
+}
+
+void
+lt_update_exe_path (const char *name, const char *value)
+{
+ lt_debugprintf (__FILE__, __LINE__,
+ "(lt_update_exe_path) modifying '%s' by prepending '%s'\n",
+ nonnull (name), nonnull (value));
+
+ if (name && *name && value && *value)
+ {
+ char *new_value = lt_extend_str (getenv (name), value, 0);
+ /* some systems can't cope with a ':'-terminated path #' */
+ int len = strlen (new_value);
+ while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
+ {
+ new_value[len-1] = '\0';
+ }
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ }
+}
+
+void
+lt_update_lib_path (const char *name, const char *value)
+{
+ lt_debugprintf (__FILE__, __LINE__,
+ "(lt_update_lib_path) modifying '%s' by prepending '%s'\n",
+ nonnull (name), nonnull (value));
+
+ if (name && *name && value && *value)
+ {
+ char *new_value = lt_extend_str (getenv (name), value, 0);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ }
+}
+
+EOF
+ case $host_os in
+ mingw*)
+ cat <<"EOF"
+
+/* Prepares an argument vector before calling spawn().
+ Note that spawn() does not by itself call the command interpreter
+ (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") :
+ ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+ GetVersionEx(&v);
+ v.dwPlatformId == VER_PLATFORM_WIN32_NT;
+ }) ? "cmd.exe" : "command.com").
+ Instead it simply concatenates the arguments, separated by ' ', and calls
+ CreateProcess(). We must quote the arguments since Win32 CreateProcess()
+ interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a
+ special way:
+ - Space and tab are interpreted as delimiters. They are not treated as
+ delimiters if they are surrounded by double quotes: "...".
+ - Unescaped double quotes are removed from the input. Their only effect is
+ that within double quotes, space and tab are treated like normal
+ characters.
+ - Backslashes not followed by double quotes are not special.
+ - But 2*n+1 backslashes followed by a double quote become
+ n backslashes followed by a double quote (n >= 0):
+ \" -> "
+ \\\" -> \"
+ \\\\\" -> \\"
+ */
+#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037"
+#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037"
+char **
+prepare_spawn (char **argv)
+{
+ size_t argc;
+ char **new_argv;
+ size_t i;
+
+ /* Count number of arguments. */
+ for (argc = 0; argv[argc] != NULL; argc++)
+ ;
+
+ /* Allocate new argument vector. */
+ new_argv = XMALLOC (char *, argc + 1);
+
+ /* Put quoted arguments into the new argument vector. */
+ for (i = 0; i < argc; i++)
+ {
+ const char *string = argv[i];
+
+ if (string[0] == '\0')
+ new_argv[i] = xstrdup ("\"\"");
+ else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL)
+ {
+ int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL);
+ size_t length;
+ unsigned int backslashes;
+ const char *s;
+ char *quoted_string;
+ char *p;
+
+ length = 0;
+ backslashes = 0;
+ if (quote_around)
+ length++;
+ for (s = string; *s != '\0'; s++)
+ {
+ char c = *s;
+ if (c == '"')
+ length += backslashes + 1;
+ length++;
+ if (c == '\\')
+ backslashes++;
+ else
+ backslashes = 0;
+ }
+ if (quote_around)
+ length += backslashes + 1;
+
+ quoted_string = XMALLOC (char, length + 1);
+
+ p = quoted_string;
+ backslashes = 0;
+ if (quote_around)
+ *p++ = '"';
+ for (s = string; *s != '\0'; s++)
+ {
+ char c = *s;
+ if (c == '"')
+ {
+ unsigned int j;
+ for (j = backslashes + 1; j > 0; j--)
+ *p++ = '\\';
+ }
+ *p++ = c;
+ if (c == '\\')
+ backslashes++;
+ else
+ backslashes = 0;
+ }
+ if (quote_around)
+ {
+ unsigned int j;
+ for (j = backslashes; j > 0; j--)
+ *p++ = '\\';
+ *p++ = '"';
+ }
+ *p = '\0';
+
+ new_argv[i] = quoted_string;
+ }
+ else
+ new_argv[i] = (char *) string;
+ }
+ new_argv[argc] = NULL;
+
+ return new_argv;
+}
+EOF
+ ;;
+ esac
+
+ cat <<"EOF"
+void lt_dump_script (FILE* f)
+{
+EOF
+ func_emit_wrapper yes |
+ $SED -n -e '
+s/^\(.\{79\}\)\(..*\)/\1\
+\2/
+h
+s/\([\\"]\)/\\\1/g
+s/$/\\n/
+s/\([^\n]*\).*/ fputs ("\1", f);/p
+g
+D'
+ cat <<"EOF"
+}
EOF
}
# end: func_emit_cwrapperexe_src
+# func_win32_import_lib_p ARG
+# True if ARG is an import lib, as indicated by $file_magic_cmd
+func_win32_import_lib_p ()
+{
+ $opt_debug
+ case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in
+ *import*) : ;;
+ *) false ;;
+ esac
+}
+
# func_mode_link arg...
func_mode_link ()
{
$opt_debug
case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
# It is impossible to link a dll without this setting, and
# we shouldn't force the makefile maintainer to figure out
# which system we are compiling for in order to pass an extra
@@ -3554,6 +5133,7 @@ func_mode_link ()
new_inherited_linker_flags=
avoid_version=no
+ bindir=
dlfiles=
dlprefiles=
dlself=no
@@ -3646,6 +5226,11 @@ func_mode_link ()
esac
case $prev in
+ bindir)
+ bindir="$arg"
+ prev=
+ continue
+ ;;
dlfiles|dlprefiles)
if test "$preload" = no; then
# Add the symbol object into the linking commands.
@@ -3677,9 +5262,9 @@ func_mode_link ()
;;
*)
if test "$prev" = dlfiles; then
- dlfiles="$dlfiles $arg"
+ func_append dlfiles " $arg"
else
- dlprefiles="$dlprefiles $arg"
+ func_append dlprefiles " $arg"
fi
prev=
continue
@@ -3703,7 +5288,7 @@ func_mode_link ()
*-*-darwin*)
case "$deplibs " in
*" $qarg.ltframework "*) ;;
- *) deplibs="$deplibs $qarg.ltframework" # this is fixed later
+ *) func_append deplibs " $qarg.ltframework" # this is fixed later
;;
esac
;;
@@ -3722,7 +5307,7 @@ func_mode_link ()
moreargs=
for fil in `cat "$save_arg"`
do
-# moreargs="$moreargs $fil"
+# func_append moreargs " $fil"
arg=$fil
# A libtool-controlled object.
@@ -3751,7 +5336,7 @@ func_mode_link ()
if test "$prev" = dlfiles; then
if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
- dlfiles="$dlfiles $pic_object"
+ func_append dlfiles " $pic_object"
prev=
continue
else
@@ -3763,7 +5348,7 @@ func_mode_link ()
# CHECK ME: I think I busted this. -Ossama
if test "$prev" = dlprefiles; then
# Preload the old-style object.
- dlprefiles="$dlprefiles $pic_object"
+ func_append dlprefiles " $pic_object"
prev=
fi
@@ -3833,12 +5418,12 @@ func_mode_link ()
if test "$prev" = rpath; then
case "$rpath " in
*" $arg "*) ;;
- *) rpath="$rpath $arg" ;;
+ *) func_append rpath " $arg" ;;
esac
else
case "$xrpath " in
*" $arg "*) ;;
- *) xrpath="$xrpath $arg" ;;
+ *) func_append xrpath " $arg" ;;
esac
fi
prev=
@@ -3850,28 +5435,28 @@ func_mode_link ()
continue
;;
weak)
- weak_libs="$weak_libs $arg"
+ func_append weak_libs " $arg"
prev=
continue
;;
xcclinker)
- linker_flags="$linker_flags $qarg"
- compiler_flags="$compiler_flags $qarg"
+ func_append linker_flags " $qarg"
+ func_append compiler_flags " $qarg"
prev=
func_append compile_command " $qarg"
func_append finalize_command " $qarg"
continue
;;
xcompiler)
- compiler_flags="$compiler_flags $qarg"
+ func_append compiler_flags " $qarg"
prev=
func_append compile_command " $qarg"
func_append finalize_command " $qarg"
continue
;;
xlinker)
- linker_flags="$linker_flags $qarg"
- compiler_flags="$compiler_flags $wl$qarg"
+ func_append linker_flags " $qarg"
+ func_append compiler_flags " $wl$qarg"
prev=
func_append compile_command " $wl$qarg"
func_append finalize_command " $wl$qarg"
@@ -3907,6 +5492,11 @@ func_mode_link ()
continue
;;
+ -bindir)
+ prev=bindir
+ continue
+ ;;
+
-dlopen)
prev=dlfiles
continue
@@ -3957,8 +5547,16 @@ func_mode_link ()
;;
-L*)
- func_stripname '-L' '' "$arg"
- dir=$func_stripname_result
+ func_stripname "-L" '' "$arg"
+ if test -z "$func_stripname_result"; then
+ if test "$#" -gt 0; then
+ func_fatal_error "require no space between \`-L' and \`$1'"
+ else
+ func_fatal_error "need path for \`-L' option"
+ fi
+ fi
+ func_resolve_sysroot "$func_stripname_result"
+ dir=$func_resolve_sysroot_result
# We need an absolute path.
case $dir in
[\\/]* | [A-Za-z]:[\\/]*) ;;
@@ -3970,22 +5568,30 @@ func_mode_link ()
;;
esac
case "$deplibs " in
- *" -L$dir "*) ;;
+ *" -L$dir "* | *" $arg "*)
+ # Will only happen for absolute or sysroot arguments
+ ;;
*)
- deplibs="$deplibs -L$dir"
- lib_search_path="$lib_search_path $dir"
+ # Preserve sysroot, but never include relative directories
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;;
+ *) func_append deplibs " -L$dir" ;;
+ esac
+ func_append lib_search_path " $dir"
;;
esac
case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
- testbindir=`$ECHO "X$dir" | $Xsed -e 's*/lib$*/bin*'`
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'`
case :$dllsearchpath: in
*":$dir:"*) ;;
- *) dllsearchpath="$dllsearchpath:$dir";;
+ ::) dllsearchpath=$dir;;
+ *) func_append dllsearchpath ":$dir";;
esac
case :$dllsearchpath: in
*":$testbindir:"*) ;;
- *) dllsearchpath="$dllsearchpath:$testbindir";;
+ ::) dllsearchpath=$testbindir;;
+ *) func_append dllsearchpath ":$testbindir";;
esac
;;
esac
@@ -3995,7 +5601,7 @@ func_mode_link ()
-l*)
if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos*)
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*)
# These systems don't actually have a C or math library (as such)
continue
;;
@@ -4009,7 +5615,7 @@ func_mode_link ()
;;
*-*-rhapsody* | *-*-darwin1.[012])
# Rhapsody C and math libraries are in the System framework
- deplibs="$deplibs System.ltframework"
+ func_append deplibs " System.ltframework"
continue
;;
*-*-sco3.2v5* | *-*-sco5v6*)
@@ -4029,7 +5635,7 @@ func_mode_link ()
;;
esac
fi
- deplibs="$deplibs $arg"
+ func_append deplibs " $arg"
continue
;;
@@ -4041,21 +5647,22 @@ func_mode_link ()
# Tru64 UNIX uses -model [arg] to determine the layout of C++
# classes, name mangling, and exception handling.
# Darwin uses the -arch flag to determine output architecture.
- -model|-arch|-isysroot)
- compiler_flags="$compiler_flags $arg"
+ -model|-arch|-isysroot|--sysroot)
+ func_append compiler_flags " $arg"
func_append compile_command " $arg"
func_append finalize_command " $arg"
prev=xcompiler
continue
;;
- -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
- compiler_flags="$compiler_flags $arg"
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
+ func_append compiler_flags " $arg"
func_append compile_command " $arg"
func_append finalize_command " $arg"
case "$new_inherited_linker_flags " in
*" $arg "*) ;;
- * ) new_inherited_linker_flags="$new_inherited_linker_flags $arg" ;;
+ * ) func_append new_inherited_linker_flags " $arg" ;;
esac
continue
;;
@@ -4072,7 +5679,7 @@ func_mode_link ()
-no-install)
case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin*)
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
# The PATH hackery in wrapper scripts is required on Windows
# and Darwin in order for the loader to find any dlls it needs.
func_warning "\`-no-install' is ignored for $host"
@@ -4122,13 +5729,17 @@ func_mode_link ()
# We need an absolute path.
case $dir in
[\\/]* | [A-Za-z]:[\\/]*) ;;
+ =*)
+ func_stripname '=' '' "$dir"
+ dir=$lt_sysroot$func_stripname_result
+ ;;
*)
func_fatal_error "only absolute run-paths are allowed"
;;
esac
case "$xrpath " in
*" $dir "*) ;;
- *) xrpath="$xrpath $dir" ;;
+ *) func_append xrpath " $dir" ;;
esac
continue
;;
@@ -4181,24 +5792,14 @@ func_mode_link ()
for flag in $args; do
IFS="$save_ifs"
func_quote_for_eval "$flag"
- arg="$arg $wl$func_quote_for_eval_result"
- compiler_flags="$compiler_flags $func_quote_for_eval_result"
+ func_append arg " $func_quote_for_eval_result"
+ func_append compiler_flags " $func_quote_for_eval_result"
done
IFS="$save_ifs"
func_stripname ' ' '' "$arg"
arg=$func_stripname_result
;;
- -Wl,--as-needed)
- deplibs="$deplibs $arg"
- continue
- ;;
-
- -Wl,--as-needed)
- deplibs="$deplibs $arg"
- continue
- ;;
-
-Wl,*)
func_stripname '-Wl,' '' "$arg"
args=$func_stripname_result
@@ -4207,9 +5808,9 @@ func_mode_link ()
for flag in $args; do
IFS="$save_ifs"
func_quote_for_eval "$flag"
- arg="$arg $wl$func_quote_for_eval_result"
- compiler_flags="$compiler_flags $wl$func_quote_for_eval_result"
- linker_flags="$linker_flags $func_quote_for_eval_result"
+ func_append arg " $wl$func_quote_for_eval_result"
+ func_append compiler_flags " $wl$func_quote_for_eval_result"
+ func_append linker_flags " $func_quote_for_eval_result"
done
IFS="$save_ifs"
func_stripname ' ' '' "$arg"
@@ -4237,23 +5838,27 @@ func_mode_link ()
arg="$func_quote_for_eval_result"
;;
- # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
- # -r[0-9][0-9]* specifies the processor on the SGI compiler
- # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
- # +DA*, +DD* enable 64-bit mode on the HP compiler
- # -q* pass through compiler args for the IBM compiler
- # -m*, -t[45]*, -txscale* pass through architecture-specific
- # compiler args for GCC
- # -F/path gives path to uninstalled frameworks, gcc on darwin
- # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC
- # @file GCC response files
+ # Flags to be passed through unchanged, with rationale:
+ # -64, -mips[0-9] enable 64-bit mode for the SGI compiler
+ # -r[0-9][0-9]* specify processor for the SGI compiler
+ # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler
+ # +DA*, +DD* enable 64-bit mode for the HP compiler
+ # -q* compiler args for the IBM compiler
+ # -m*, -t[45]*, -txscale* architecture-specific flags for GCC
+ # -F/path path to uninstalled frameworks, gcc on darwin
+ # -p, -pg, --coverage, -fprofile-* profiling flags for GCC
+ # @file GCC response files
+ # -tp=* Portland pgcc target processor selection
+ # --sysroot=* for sysroot support
+ # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
-64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
- -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*)
+ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
+ -O*|-flto*|-fwhopr*|-fuse-linker-plugin)
func_quote_for_eval "$arg"
arg="$func_quote_for_eval_result"
func_append compile_command " $arg"
func_append finalize_command " $arg"
- compiler_flags="$compiler_flags $arg"
+ func_append compiler_flags " $arg"
continue
;;
@@ -4265,7 +5870,7 @@ func_mode_link ()
*.$objext)
# A standard object.
- objs="$objs $arg"
+ func_append objs " $arg"
;;
*.lo)
@@ -4296,7 +5901,7 @@ func_mode_link ()
if test "$prev" = dlfiles; then
if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
- dlfiles="$dlfiles $pic_object"
+ func_append dlfiles " $pic_object"
prev=
continue
else
@@ -4308,7 +5913,7 @@ func_mode_link ()
# CHECK ME: I think I busted this. -Ossama
if test "$prev" = dlprefiles; then
# Preload the old-style object.
- dlprefiles="$dlprefiles $pic_object"
+ func_append dlprefiles " $pic_object"
prev=
fi
@@ -4353,24 +5958,25 @@ func_mode_link ()
*.$libext)
# An archive.
- deplibs="$deplibs $arg"
- old_deplibs="$old_deplibs $arg"
+ func_append deplibs " $arg"
+ func_append old_deplibs " $arg"
continue
;;
*.la)
# A libtool-controlled library.
+ func_resolve_sysroot "$arg"
if test "$prev" = dlfiles; then
# This library was specified with -dlopen.
- dlfiles="$dlfiles $arg"
+ func_append dlfiles " $func_resolve_sysroot_result"
prev=
elif test "$prev" = dlprefiles; then
# The library was specified with -dlpreopen.
- dlprefiles="$dlprefiles $arg"
+ func_append dlprefiles " $func_resolve_sysroot_result"
prev=
else
- deplibs="$deplibs $arg"
+ func_append deplibs " $func_resolve_sysroot_result"
fi
continue
;;
@@ -4408,7 +6014,7 @@ func_mode_link ()
if test -n "$shlibpath_var"; then
# get the directories listed in $shlibpath_var
- eval shlib_search_path=\`\$ECHO \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
+ eval shlib_search_path=\`\$ECHO \"\${$shlibpath_var}\" \| \$SED \'s/:/ /g\'\`
else
shlib_search_path=
fi
@@ -4417,6 +6023,8 @@ func_mode_link ()
func_dirname "$output" "/" ""
output_objdir="$func_dirname_result$objdir"
+ func_to_tool_file "$output_objdir/"
+ tool_output_objdir=$func_to_tool_file_result
# Create the object directory.
func_mkdir_p "$output_objdir"
@@ -4437,12 +6045,12 @@ func_mode_link ()
# Find all interdependent deplibs by searching for libraries
# that are linked more than once (e.g. -la -lb -la)
for deplib in $deplibs; do
- if $opt_duplicate_deps ; then
+ if $opt_preserve_dup_deps ; then
case "$libs " in
- *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ *" $deplib "*) func_append specialdeplibs " $deplib" ;;
esac
fi
- libs="$libs $deplib"
+ func_append libs " $deplib"
done
if test "$linkmode" = lib; then
@@ -4455,9 +6063,9 @@ func_mode_link ()
if $opt_duplicate_compiler_generated_deps; then
for pre_post_dep in $predeps $postdeps; do
case "$pre_post_deps " in
- *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+ *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;;
esac
- pre_post_deps="$pre_post_deps $pre_post_dep"
+ func_append pre_post_deps " $pre_post_dep"
done
fi
pre_post_deps=
@@ -4516,7 +6124,10 @@ func_mode_link ()
case $pass in
dlopen) libs="$dlfiles" ;;
dlpreopen) libs="$dlprefiles" ;;
- link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
+ link)
+ libs="$deplibs %DEPLIBS%"
+ test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
+ ;;
esac
fi
if test "$linkmode,$pass" = "lib,dlpreopen"; then
@@ -4524,17 +6135,19 @@ func_mode_link ()
for lib in $dlprefiles; do
# Ignore non-libtool-libs
dependency_libs=
+ func_resolve_sysroot "$lib"
case $lib in
- *.la) func_source "$lib" ;;
+ *.la) func_source "$func_resolve_sysroot_result" ;;
esac
# Collect preopened libtool deplibs, except any this library
# has declared as weak libs
for deplib in $dependency_libs; do
- deplib_base=`$ECHO "X$deplib" | $Xsed -e "$basename"`
+ func_basename "$deplib"
+ deplib_base=$func_basename_result
case " $weak_libs " in
*" $deplib_base "*) ;;
- *) deplibs="$deplibs $deplib" ;;
+ *) func_append deplibs " $deplib" ;;
esac
done
done
@@ -4550,25 +6163,17 @@ func_mode_link ()
lib=
found=no
case $deplib in
- -Wl,--as-needed)
- if test "$linkmode,$pass" = "prog,link"; then
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- deplibs="$deplib $deplibs"
- fi
- continue
- ;;
- -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
if test "$linkmode,$pass" = "prog,link"; then
compile_deplibs="$deplib $compile_deplibs"
finalize_deplibs="$deplib $finalize_deplibs"
else
- compiler_flags="$compiler_flags $deplib"
+ func_append compiler_flags " $deplib"
if test "$linkmode" = lib ; then
case "$new_inherited_linker_flags " in
*" $deplib "*) ;;
- * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+ * ) func_append new_inherited_linker_flags " $deplib" ;;
esac
fi
fi
@@ -4653,7 +6258,7 @@ func_mode_link ()
if test "$linkmode" = lib ; then
case "$new_inherited_linker_flags " in
*" $deplib "*) ;;
- * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+ * ) func_append new_inherited_linker_flags " $deplib" ;;
esac
fi
fi
@@ -4666,7 +6271,8 @@ func_mode_link ()
test "$pass" = conv && continue
newdependency_libs="$deplib $newdependency_libs"
func_stripname '-L' '' "$deplib"
- newlib_search_path="$newlib_search_path $func_stripname_result"
+ func_resolve_sysroot "$func_stripname_result"
+ func_append newlib_search_path " $func_resolve_sysroot_result"
;;
prog)
if test "$pass" = conv; then
@@ -4680,7 +6286,8 @@ func_mode_link ()
finalize_deplibs="$deplib $finalize_deplibs"
fi
func_stripname '-L' '' "$deplib"
- newlib_search_path="$newlib_search_path $func_stripname_result"
+ func_resolve_sysroot "$func_stripname_result"
+ func_append newlib_search_path " $func_resolve_sysroot_result"
;;
*)
func_warning "\`-L' is ignored for archives/objects"
@@ -4691,17 +6298,21 @@ func_mode_link ()
-R*)
if test "$pass" = link; then
func_stripname '-R' '' "$deplib"
- dir=$func_stripname_result
+ func_resolve_sysroot "$func_stripname_result"
+ dir=$func_resolve_sysroot_result
# Make sure the xrpath contains only unique directories.
case "$xrpath " in
*" $dir "*) ;;
- *) xrpath="$xrpath $dir" ;;
+ *) func_append xrpath " $dir" ;;
esac
fi
deplibs="$deplib $deplibs"
continue
;;
- *.la) lib="$deplib" ;;
+ *.la)
+ func_resolve_sysroot "$deplib"
+ lib=$func_resolve_sysroot_result
+ ;;
*.$libext)
if test "$pass" = conv; then
deplibs="$deplib $deplibs"
@@ -4719,7 +6330,7 @@ func_mode_link ()
match_pattern*)
set dummy $deplibs_check_method; shift
match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
- if eval "\$ECHO \"X$deplib\"" 2>/dev/null | $Xsed -e 10q \
+ if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \
| $EGREP "$match_pattern_regex" > /dev/null; then
valid_a_lib=yes
fi
@@ -4729,15 +6340,15 @@ func_mode_link ()
;;
esac
if test "$valid_a_lib" != yes; then
- $ECHO
+ echo
$ECHO "*** Warning: Trying to link with static lib archive $deplib."
- $ECHO "*** I have the capability to make that library automatically link in when"
- $ECHO "*** you link to this library. But I can only do this if you have a"
- $ECHO "*** shared version of the library, which you do not appear to have"
- $ECHO "*** because the file extensions .$libext of this argument makes me believe"
- $ECHO "*** that it is just a static archive that I should not use here."
+ echo "*** I have the capability to make that library automatically link in when"
+ echo "*** you link to this library. But I can only do this if you have a"
+ echo "*** shared version of the library, which you do not appear to have"
+ echo "*** because the file extensions .$libext of this argument makes me believe"
+ echo "*** that it is just a static archive that I should not use here."
else
- $ECHO
+ echo
$ECHO "*** Warning: Linking the shared library $output against the"
$ECHO "*** static library $deplib is not portable!"
deplibs="$deplib $deplibs"
@@ -4764,11 +6375,11 @@ func_mode_link ()
if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
# If there is no dlopen support or we're linking statically,
# we need to preload.
- newdlprefiles="$newdlprefiles $deplib"
+ func_append newdlprefiles " $deplib"
compile_deplibs="$deplib $compile_deplibs"
finalize_deplibs="$deplib $finalize_deplibs"
else
- newdlfiles="$newdlfiles $deplib"
+ func_append newdlfiles " $deplib"
fi
fi
continue
@@ -4810,20 +6421,20 @@ func_mode_link ()
# Convert "-framework foo" to "foo.ltframework"
if test -n "$inherited_linker_flags"; then
- tmp_inherited_linker_flags=`$ECHO "X$inherited_linker_flags" | $Xsed -e 's/-framework \([^ $]*\)/\1.ltframework/g'`
+ tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'`
for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do
case " $new_inherited_linker_flags " in
*" $tmp_inherited_linker_flag "*) ;;
- *) new_inherited_linker_flags="$new_inherited_linker_flags $tmp_inherited_linker_flag";;
+ *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";;
esac
done
fi
- dependency_libs=`$ECHO "X $dependency_libs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
if test "$linkmode,$pass" = "lib,link" ||
test "$linkmode,$pass" = "prog,scan" ||
{ test "$linkmode" != prog && test "$linkmode" != lib; }; then
- test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
- test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
+ test -n "$dlopen" && func_append dlfiles " $dlopen"
+ test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen"
fi
if test "$pass" = conv; then
@@ -4834,30 +6445,36 @@ func_mode_link ()
func_fatal_error "cannot find name of link library for \`$lib'"
fi
# It is a libtool convenience library, so add in its objects.
- convenience="$convenience $ladir/$objdir/$old_library"
- old_convenience="$old_convenience $ladir/$objdir/$old_library"
+ func_append convenience " $ladir/$objdir/$old_library"
+ func_append old_convenience " $ladir/$objdir/$old_library"
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ deplibs="$deplib $deplibs"
+ if $opt_preserve_dup_deps ; then
+ case "$tmp_libs " in
+ *" $deplib "*) func_append specialdeplibs " $deplib" ;;
+ esac
+ fi
+ func_append tmp_libs " $deplib"
+ done
elif test "$linkmode" != prog && test "$linkmode" != lib; then
func_fatal_error "\`$lib' is not a convenience library"
fi
- tmp_libs=
- for deplib in $dependency_libs; do
- deplibs="$deplib $deplibs"
- if $opt_duplicate_deps ; then
- case "$tmp_libs " in
- *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
- esac
- fi
- tmp_libs="$tmp_libs $deplib"
- done
continue
fi # $pass = conv
# Get the name of the library we link against.
linklib=
- for l in $old_library $library_names; do
- linklib="$l"
- done
+ if test -n "$old_library" &&
+ { test "$prefer_static_libs" = yes ||
+ test "$prefer_static_libs,$installed" = "built,no"; }; then
+ linklib=$old_library
+ else
+ for l in $old_library $library_names; do
+ linklib="$l"
+ done
+ fi
if test -z "$linklib"; then
func_fatal_error "cannot find name of link library for \`$lib'"
fi
@@ -4874,9 +6491,9 @@ func_mode_link ()
# statically, we need to preload. We also need to preload any
# dependent libraries so libltdl's deplib preloader doesn't
# bomb out in the load deplibs phase.
- dlprefiles="$dlprefiles $lib $dependency_libs"
+ func_append dlprefiles " $lib $dependency_libs"
else
- newdlfiles="$newdlfiles $lib"
+ func_append newdlfiles " $lib"
fi
continue
fi # $pass = dlopen
@@ -4898,14 +6515,14 @@ func_mode_link ()
# Find the relevant object directory and library name.
if test "X$installed" = Xyes; then
- if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
func_warning "library \`$lib' was moved."
dir="$ladir"
absdir="$abs_ladir"
libdir="$abs_ladir"
else
- dir="$libdir"
- absdir="$libdir"
+ dir="$lt_sysroot$libdir"
+ absdir="$lt_sysroot$libdir"
fi
test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
else
@@ -4913,12 +6530,12 @@ func_mode_link ()
dir="$ladir"
absdir="$abs_ladir"
# Remove this search path later
- notinst_path="$notinst_path $abs_ladir"
+ func_append notinst_path " $abs_ladir"
else
dir="$ladir/$objdir"
absdir="$abs_ladir/$objdir"
# Remove this search path later
- notinst_path="$notinst_path $abs_ladir"
+ func_append notinst_path " $abs_ladir"
fi
fi # $installed = yes
func_stripname 'lib' '.la' "$laname"
@@ -4929,20 +6546,46 @@ func_mode_link ()
if test -z "$libdir" && test "$linkmode" = prog; then
func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'"
fi
- # Prefer using a static library (so that no silly _DYNAMIC symbols
- # are required to link).
- if test -n "$old_library"; then
- newdlprefiles="$newdlprefiles $dir/$old_library"
- # Keep a list of preopened convenience libraries to check
- # that they are being used correctly in the link pass.
- test -z "$libdir" && \
- dlpreconveniencelibs="$dlpreconveniencelibs $dir/$old_library"
- # Otherwise, use the dlname, so that lt_dlopen finds it.
- elif test -n "$dlname"; then
- newdlprefiles="$newdlprefiles $dir/$dlname"
- else
- newdlprefiles="$newdlprefiles $dir/$linklib"
- fi
+ case "$host" in
+ # special handling for platforms with PE-DLLs.
+ *cygwin* | *mingw* | *cegcc* )
+ # Linker will automatically link against shared library if both
+ # static and shared are present. Therefore, ensure we extract
+ # symbols from the import library if a shared library is present
+ # (otherwise, the dlopen module name will be incorrect). We do
+ # this by putting the import library name into $newdlprefiles.
+ # We recover the dlopen module name by 'saving' the la file
+ # name in a special purpose variable, and (later) extracting the
+ # dlname from the la file.
+ if test -n "$dlname"; then
+ func_tr_sh "$dir/$linklib"
+ eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname"
+ func_append newdlprefiles " $dir/$linklib"
+ else
+ func_append newdlprefiles " $dir/$old_library"
+ # Keep a list of preopened convenience libraries to check
+ # that they are being used correctly in the link pass.
+ test -z "$libdir" && \
+ func_append dlpreconveniencelibs " $dir/$old_library"
+ fi
+ ;;
+ * )
+ # Prefer using a static library (so that no silly _DYNAMIC symbols
+ # are required to link).
+ if test -n "$old_library"; then
+ func_append newdlprefiles " $dir/$old_library"
+ # Keep a list of preopened convenience libraries to check
+ # that they are being used correctly in the link pass.
+ test -z "$libdir" && \
+ func_append dlpreconveniencelibs " $dir/$old_library"
+ # Otherwise, use the dlname, so that lt_dlopen finds it.
+ elif test -n "$dlname"; then
+ func_append newdlprefiles " $dir/$dlname"
+ else
+ func_append newdlprefiles " $dir/$linklib"
+ fi
+ ;;
+ esac
fi # $pass = dlpreopen
if test -z "$libdir"; then
@@ -4960,7 +6603,7 @@ func_mode_link ()
if test "$linkmode" = prog && test "$pass" != link; then
- newlib_search_path="$newlib_search_path $ladir"
+ func_append newlib_search_path " $ladir"
deplibs="$lib $deplibs"
linkalldeplibs=no
@@ -4973,7 +6616,8 @@ func_mode_link ()
for deplib in $dependency_libs; do
case $deplib in
-L*) func_stripname '-L' '' "$deplib"
- newlib_search_path="$newlib_search_path $func_stripname_result"
+ func_resolve_sysroot "$func_stripname_result"
+ func_append newlib_search_path " $func_resolve_sysroot_result"
;;
esac
# Need to link against all dependency_libs?
@@ -4984,12 +6628,12 @@ func_mode_link ()
# or/and link against static libraries
newdependency_libs="$deplib $newdependency_libs"
fi
- if $opt_duplicate_deps ; then
+ if $opt_preserve_dup_deps ; then
case "$tmp_libs " in
- *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ *" $deplib "*) func_append specialdeplibs " $deplib" ;;
esac
fi
- tmp_libs="$tmp_libs $deplib"
+ func_append tmp_libs " $deplib"
done # for deplib
continue
fi # $linkmode = prog...
@@ -5004,7 +6648,7 @@ func_mode_link ()
# Make sure the rpath contains only unique directories.
case "$temp_rpath:" in
*"$absdir:"*) ;;
- *) temp_rpath="$temp_rpath$absdir:" ;;
+ *) func_append temp_rpath "$absdir:" ;;
esac
fi
@@ -5016,7 +6660,7 @@ func_mode_link ()
*)
case "$compile_rpath " in
*" $absdir "*) ;;
- *) compile_rpath="$compile_rpath $absdir"
+ *) func_append compile_rpath " $absdir" ;;
esac
;;
esac
@@ -5025,7 +6669,7 @@ func_mode_link ()
*)
case "$finalize_rpath " in
*" $libdir "*) ;;
- *) finalize_rpath="$finalize_rpath $libdir"
+ *) func_append finalize_rpath " $libdir" ;;
esac
;;
esac
@@ -5048,14 +6692,14 @@ func_mode_link ()
if test -n "$library_names" &&
{ test "$use_static_libs" = no || test -z "$old_library"; }; then
case $host in
- *cygwin* | *mingw*)
+ *cygwin* | *mingw* | *cegcc*)
# No point in relinking DLLs because paths are not encoded
- notinst_deplibs="$notinst_deplibs $lib"
+ func_append notinst_deplibs " $lib"
need_relink=no
;;
*)
if test "$installed" = no; then
- notinst_deplibs="$notinst_deplibs $lib"
+ func_append notinst_deplibs " $lib"
need_relink=yes
fi
;;
@@ -5072,7 +6716,7 @@ func_mode_link ()
fi
done
if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then
- $ECHO
+ echo
if test "$linkmode" = prog; then
$ECHO "*** Warning: Linking the executable $output against the loadable module"
else
@@ -5090,7 +6734,7 @@ func_mode_link ()
*)
case "$compile_rpath " in
*" $absdir "*) ;;
- *) compile_rpath="$compile_rpath $absdir"
+ *) func_append compile_rpath " $absdir" ;;
esac
;;
esac
@@ -5099,7 +6743,7 @@ func_mode_link ()
*)
case "$finalize_rpath " in
*" $libdir "*) ;;
- *) finalize_rpath="$finalize_rpath $libdir"
+ *) func_append finalize_rpath " $libdir" ;;
esac
;;
esac
@@ -5118,7 +6762,7 @@ func_mode_link ()
elif test -n "$soname_spec"; then
# bleh windows
case $host in
- *cygwin* | mingw*)
+ *cygwin* | mingw* | *cegcc*)
func_arith $current - $age
major=$func_arith_result
versuffix="-$major"
@@ -5153,7 +6797,7 @@ func_mode_link ()
linklib=$newlib
fi # test -n "$old_archive_from_expsyms_cmds"
- if test "$linkmode" = prog || test "$mode" != relink; then
+ if test "$linkmode" = prog || test "$opt_mode" != relink; then
add_shlibpath=
add_dir=
add=
@@ -5175,9 +6819,9 @@ func_mode_link ()
if test "X$dlopenmodule" != "X$lib"; then
$ECHO "*** Warning: lib $linklib is a module, not a shared library"
if test -z "$old_library" ; then
- $ECHO
- $ECHO "*** And there doesn't seem to be a static archive available"
- $ECHO "*** The link will probably fail, sorry"
+ echo
+ echo "*** And there doesn't seem to be a static archive available"
+ echo "*** The link will probably fail, sorry"
else
add="$dir/$old_library"
fi
@@ -5204,12 +6848,12 @@ func_mode_link ()
test "$hardcode_direct_absolute" = no; then
add="$dir/$linklib"
elif test "$hardcode_minus_L" = yes; then
- add_dir="-L$dir"
+ add_dir="-L$absdir"
# Try looking first in the location we're being installed to.
if test -n "$inst_prefix_dir"; then
case $libdir in
[\\/]*)
- add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ func_append add_dir " -L$inst_prefix_dir$libdir"
;;
esac
fi
@@ -5231,7 +6875,7 @@ func_mode_link ()
if test -n "$add_shlibpath"; then
case :$compile_shlibpath: in
*":$add_shlibpath:"*) ;;
- *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
+ *) func_append compile_shlibpath "$add_shlibpath:" ;;
esac
fi
if test "$linkmode" = prog; then
@@ -5245,13 +6889,13 @@ func_mode_link ()
test "$hardcode_shlibpath_var" = yes; then
case :$finalize_shlibpath: in
*":$libdir:"*) ;;
- *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ *) func_append finalize_shlibpath "$libdir:" ;;
esac
fi
fi
fi
- if test "$linkmode" = prog || test "$mode" = relink; then
+ if test "$linkmode" = prog || test "$opt_mode" = relink; then
add_shlibpath=
add_dir=
add=
@@ -5265,7 +6909,7 @@ func_mode_link ()
elif test "$hardcode_shlibpath_var" = yes; then
case :$finalize_shlibpath: in
*":$libdir:"*) ;;
- *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ *) func_append finalize_shlibpath "$libdir:" ;;
esac
add="-l$name"
elif test "$hardcode_automatic" = yes; then
@@ -5282,7 +6926,7 @@ func_mode_link ()
if test -n "$inst_prefix_dir"; then
case $libdir in
[\\/]*)
- add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ func_append add_dir " -L$inst_prefix_dir$libdir"
;;
esac
fi
@@ -5317,21 +6961,21 @@ func_mode_link ()
# Just print a warning and add the library to dependency_libs so
# that the program can be linked against the static library.
- $ECHO
+ echo
$ECHO "*** Warning: This system can not link to static lib archive $lib."
- $ECHO "*** I have the capability to make that library automatically link in when"
- $ECHO "*** you link to this library. But I can only do this if you have a"
- $ECHO "*** shared version of the library, which you do not appear to have."
+ echo "*** I have the capability to make that library automatically link in when"
+ echo "*** you link to this library. But I can only do this if you have a"
+ echo "*** shared version of the library, which you do not appear to have."
if test "$module" = yes; then
- $ECHO "*** But as you try to build a module library, libtool will still create "
- $ECHO "*** a static module, that should work as long as the dlopening application"
- $ECHO "*** is linked with the -dlopen flag to resolve symbols at runtime."
+ echo "*** But as you try to build a module library, libtool will still create "
+ echo "*** a static module, that should work as long as the dlopening application"
+ echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
if test -z "$global_symbol_pipe"; then
- $ECHO
- $ECHO "*** However, this would only work if libtool was able to extract symbol"
- $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
- $ECHO "*** not find such a program. So, this module is probably useless."
- $ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+ echo
+ echo "*** However, this would only work if libtool was able to extract symbol"
+ echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ echo "*** not find such a program. So, this module is probably useless."
+ echo "*** \`nm' from GNU binutils and a full rebuild may help."
fi
if test "$build_old_libs" = no; then
build_libtool_libs=module
@@ -5359,37 +7003,46 @@ func_mode_link ()
temp_xrpath=$func_stripname_result
case " $xrpath " in
*" $temp_xrpath "*) ;;
- *) xrpath="$xrpath $temp_xrpath";;
+ *) func_append xrpath " $temp_xrpath";;
esac;;
- *) temp_deplibs="$temp_deplibs $libdir";;
+ *) func_append temp_deplibs " $libdir";;
esac
done
dependency_libs="$temp_deplibs"
fi
- newlib_search_path="$newlib_search_path $absdir"
+ func_append newlib_search_path " $absdir"
# Link against this library
test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
# ... and its dependency_libs
tmp_libs=
for deplib in $dependency_libs; do
newdependency_libs="$deplib $newdependency_libs"
- if $opt_duplicate_deps ; then
+ case $deplib in
+ -L*) func_stripname '-L' '' "$deplib"
+ func_resolve_sysroot "$func_stripname_result";;
+ *) func_resolve_sysroot "$deplib" ;;
+ esac
+ if $opt_preserve_dup_deps ; then
case "$tmp_libs " in
- *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ *" $func_resolve_sysroot_result "*)
+ func_append specialdeplibs " $func_resolve_sysroot_result" ;;
esac
fi
- tmp_libs="$tmp_libs $deplib"
+ func_append tmp_libs " $func_resolve_sysroot_result"
done
if test "$link_all_deplibs" != no; then
# Add the search paths of all dependency libraries
for deplib in $dependency_libs; do
+ path=
case $deplib in
-L*) path="$deplib" ;;
*.la)
+ func_resolve_sysroot "$deplib"
+ deplib=$func_resolve_sysroot_result
func_dirname "$deplib" "" "."
- dir="$func_dirname_result"
+ dir=$func_dirname_result
# We need an absolute path.
case $dir in
[\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
@@ -5416,8 +7069,8 @@ func_mode_link ()
if test -z "$darwin_install_name"; then
darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
fi
- compiler_flags="$compiler_flags ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}"
- linker_flags="$linker_flags -dylib_file ${darwin_install_name}:${depdepl}"
+ func_append compiler_flags " ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}"
+ func_append linker_flags " -dylib_file ${darwin_install_name}:${depdepl}"
path=
fi
fi
@@ -5450,7 +7103,7 @@ func_mode_link ()
compile_deplibs="$new_inherited_linker_flags $compile_deplibs"
finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs"
else
- compiler_flags="$compiler_flags "`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
fi
fi
dependency_libs="$newdependency_libs"
@@ -5467,7 +7120,7 @@ func_mode_link ()
for dir in $newlib_search_path; do
case "$lib_search_path " in
*" $dir "*) ;;
- *) lib_search_path="$lib_search_path $dir" ;;
+ *) func_append lib_search_path " $dir" ;;
esac
done
newlib_search_path=
@@ -5525,10 +7178,10 @@ func_mode_link ()
-L*)
case " $tmp_libs " in
*" $deplib "*) ;;
- *) tmp_libs="$tmp_libs $deplib" ;;
+ *) func_append tmp_libs " $deplib" ;;
esac
;;
- *) tmp_libs="$tmp_libs $deplib" ;;
+ *) func_append tmp_libs " $deplib" ;;
esac
done
eval $var=\"$tmp_libs\"
@@ -5544,7 +7197,7 @@ func_mode_link ()
;;
esac
if test -n "$i" ; then
- tmp_libs="$tmp_libs $i"
+ func_append tmp_libs " $i"
fi
done
dependency_libs=$tmp_libs
@@ -5585,7 +7238,7 @@ func_mode_link ()
# Now set the variables for building old libraries.
build_libtool_libs=no
oldlibs="$output"
- objs="$objs$old_deplibs"
+ func_append objs "$old_deplibs"
;;
lib)
@@ -5618,10 +7271,10 @@ func_mode_link ()
if test "$deplibs_check_method" != pass_all; then
func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs"
else
- $ECHO
+ echo
$ECHO "*** Warning: Linking the shared library $output against the non-libtool"
$ECHO "*** objects $objs is not portable!"
- libobjs="$libobjs $objs"
+ func_append libobjs " $objs"
fi
fi
@@ -5680,13 +7333,14 @@ func_mode_link ()
# which has an extra 1 added just for fun
#
case $version_type in
+ # correct linux to gnu/linux during the next big refactor
darwin|linux|osf|windows|none)
func_arith $number_major + $number_minor
current=$func_arith_result
age="$number_minor"
revision="$number_revision"
;;
- freebsd-aout|freebsd-elf|sunos)
+ freebsd-aout|freebsd-elf|qnx|sunos)
current="$number_major"
revision="$number_minor"
age="0"
@@ -5698,6 +7352,9 @@ func_mode_link ()
revision="$number_minor"
lt_irix_increment=no
;;
+ *)
+ func_fatal_configuration "$modename: unknown library version type \`$version_type'"
+ ;;
esac
;;
no)
@@ -5796,7 +7453,7 @@ func_mode_link ()
versuffix="$major.$revision"
;;
- linux)
+ linux) # correct to gnu/linux during the next big refactor
func_arith $current - $age
major=.$func_arith_result
versuffix="$major.$age.$revision"
@@ -5819,7 +7476,7 @@ func_mode_link ()
done
# Make executables depend on our current version.
- verstring="$verstring:${current}.0"
+ func_append verstring ":${current}.0"
;;
qnx)
@@ -5887,17 +7544,17 @@ func_mode_link ()
fi
func_generate_dlsyms "$libname" "$libname" "yes"
- libobjs="$libobjs $symfileobj"
+ func_append libobjs " $symfileobj"
test "X$libobjs" = "X " && libobjs=
- if test "$mode" != relink; then
+ if test "$opt_mode" != relink; then
# Remove our outputs, but don't remove object files since they
# may have been created when compiling PIC objects.
removelist=
tempremovelist=`$ECHO "$output_objdir/*"`
for p in $tempremovelist; do
case $p in
- *.$objext)
+ *.$objext | *.gcno)
;;
$output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
if test "X$precious_files_regex" != "X"; then
@@ -5906,7 +7563,7 @@ func_mode_link ()
continue
fi
fi
- removelist="$removelist $p"
+ func_append removelist " $p"
;;
*) ;;
esac
@@ -5917,27 +7574,28 @@ func_mode_link ()
# Now set the variables for building old libraries.
if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
- oldlibs="$oldlibs $output_objdir/$libname.$libext"
+ func_append oldlibs " $output_objdir/$libname.$libext"
# Transform .lo files to .o files.
- oldobjs="$objs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
+ oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; $lo2o" | $NL2SP`
fi
# Eliminate all temporary directories.
#for path in $notinst_path; do
- # lib_search_path=`$ECHO "X$lib_search_path " | $Xsed -e "s% $path % %g"`
- # deplibs=`$ECHO "X$deplibs " | $Xsed -e "s% -L$path % %g"`
- # dependency_libs=`$ECHO "X$dependency_libs " | $Xsed -e "s% -L$path % %g"`
+ # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"`
+ # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"`
+ # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"`
#done
if test -n "$xrpath"; then
# If the user specified any rpath flags, then add them.
temp_xrpath=
for libdir in $xrpath; do
- temp_xrpath="$temp_xrpath -R$libdir"
+ func_replace_sysroot "$libdir"
+ func_append temp_xrpath " -R$func_replace_sysroot_result"
case "$finalize_rpath " in
*" $libdir "*) ;;
- *) finalize_rpath="$finalize_rpath $libdir" ;;
+ *) func_append finalize_rpath " $libdir" ;;
esac
done
if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
@@ -5951,7 +7609,7 @@ func_mode_link ()
for lib in $old_dlfiles; do
case " $dlprefiles $dlfiles " in
*" $lib "*) ;;
- *) dlfiles="$dlfiles $lib" ;;
+ *) func_append dlfiles " $lib" ;;
esac
done
@@ -5961,19 +7619,19 @@ func_mode_link ()
for lib in $old_dlprefiles; do
case "$dlprefiles " in
*" $lib "*) ;;
- *) dlprefiles="$dlprefiles $lib" ;;
+ *) func_append dlprefiles " $lib" ;;
esac
done
if test "$build_libtool_libs" = yes; then
if test -n "$rpath"; then
case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos*)
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*)
# these systems don't actually have a c library (as such)!
;;
*-*-rhapsody* | *-*-darwin1.[012])
# Rhapsody C library is in the System framework
- deplibs="$deplibs System.ltframework"
+ func_append deplibs " System.ltframework"
;;
*-*-netbsd*)
# Don't link with libc until the a.out ld.so is fixed.
@@ -5990,7 +7648,7 @@ func_mode_link ()
*)
# Add libc to deplibs on all other systems if necessary.
if test "$build_libtool_need_lc" = "yes"; then
- deplibs="$deplibs -lc"
+ func_append deplibs " -lc"
fi
;;
esac
@@ -6039,7 +7697,7 @@ EOF
if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
case " $predeps $postdeps " in
*" $i "*)
- newdeplibs="$newdeplibs $i"
+ func_append newdeplibs " $i"
i=""
;;
esac
@@ -6050,21 +7708,21 @@ EOF
set dummy $deplib_matches; shift
deplib_match=$1
if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
- newdeplibs="$newdeplibs $i"
+ func_append newdeplibs " $i"
else
droppeddeps=yes
- $ECHO
+ echo
$ECHO "*** Warning: dynamic linker does not accept needed library $i."
- $ECHO "*** I have the capability to make that library automatically link in when"
- $ECHO "*** you link to this library. But I can only do this if you have a"
- $ECHO "*** shared version of the library, which I believe you do not have"
- $ECHO "*** because a test_compile did reveal that the linker did not use it for"
- $ECHO "*** its dynamic dependency list that programs get resolved with at runtime."
+ echo "*** I have the capability to make that library automatically link in when"
+ echo "*** you link to this library. But I can only do this if you have a"
+ echo "*** shared version of the library, which I believe you do not have"
+ echo "*** because a test_compile did reveal that the linker did not use it for"
+ echo "*** its dynamic dependency list that programs get resolved with at runtime."
fi
fi
;;
*)
- newdeplibs="$newdeplibs $i"
+ func_append newdeplibs " $i"
;;
esac
done
@@ -6082,7 +7740,7 @@ EOF
if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
case " $predeps $postdeps " in
*" $i "*)
- newdeplibs="$newdeplibs $i"
+ func_append newdeplibs " $i"
i=""
;;
esac
@@ -6093,29 +7751,29 @@ EOF
set dummy $deplib_matches; shift
deplib_match=$1
if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
- newdeplibs="$newdeplibs $i"
+ func_append newdeplibs " $i"
else
droppeddeps=yes
- $ECHO
+ echo
$ECHO "*** Warning: dynamic linker does not accept needed library $i."
- $ECHO "*** I have the capability to make that library automatically link in when"
- $ECHO "*** you link to this library. But I can only do this if you have a"
- $ECHO "*** shared version of the library, which you do not appear to have"
- $ECHO "*** because a test_compile did reveal that the linker did not use this one"
- $ECHO "*** as a dynamic dependency that programs can get resolved with at runtime."
+ echo "*** I have the capability to make that library automatically link in when"
+ echo "*** you link to this library. But I can only do this if you have a"
+ echo "*** shared version of the library, which you do not appear to have"
+ echo "*** because a test_compile did reveal that the linker did not use this one"
+ echo "*** as a dynamic dependency that programs can get resolved with at runtime."
fi
fi
else
droppeddeps=yes
- $ECHO
+ echo
$ECHO "*** Warning! Library $i is needed by this library but I was not able to"
- $ECHO "*** make it link in! You will probably need to install it or some"
- $ECHO "*** library that it depends on before this library will be fully"
- $ECHO "*** functional. Installing it before continuing would be even better."
+ echo "*** make it link in! You will probably need to install it or some"
+ echo "*** library that it depends on before this library will be fully"
+ echo "*** functional. Installing it before continuing would be even better."
fi
;;
*)
- newdeplibs="$newdeplibs $i"
+ func_append newdeplibs " $i"
;;
esac
done
@@ -6132,15 +7790,27 @@ EOF
if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
case " $predeps $postdeps " in
*" $a_deplib "*)
- newdeplibs="$newdeplibs $a_deplib"
+ func_append newdeplibs " $a_deplib"
a_deplib=""
;;
esac
fi
if test -n "$a_deplib" ; then
libname=`eval "\\$ECHO \"$libname_spec\""`
+ if test -n "$file_magic_glob"; then
+ libnameglob=`func_echo_all "$libname" | $SED -e $file_magic_glob`
+ else
+ libnameglob=$libname
+ fi
+ test "$want_nocaseglob" = yes && nocaseglob=`shopt -p nocaseglob`
for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
- potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ if test "$want_nocaseglob" = yes; then
+ shopt -s nocaseglob
+ potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null`
+ $nocaseglob
+ else
+ potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null`
+ fi
for potent_lib in $potential_libs; do
# Follow soft links.
if ls -lLd "$potent_lib" 2>/dev/null |
@@ -6157,13 +7827,13 @@ EOF
potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
case $potliblink in
[\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
- *) potlib=`$ECHO "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
+ *) potlib=`$ECHO "$potlib" | $SED 's,[^/]*$,,'`"$potliblink";;
esac
done
if eval $file_magic_cmd \"\$potlib\" 2>/dev/null |
$SED -e 10q |
$EGREP "$file_magic_regex" > /dev/null; then
- newdeplibs="$newdeplibs $a_deplib"
+ func_append newdeplibs " $a_deplib"
a_deplib=""
break 2
fi
@@ -6172,12 +7842,12 @@ EOF
fi
if test -n "$a_deplib" ; then
droppeddeps=yes
- $ECHO
+ echo
$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
- $ECHO "*** I have the capability to make that library automatically link in when"
- $ECHO "*** you link to this library. But I can only do this if you have a"
- $ECHO "*** shared version of the library, which you do not appear to have"
- $ECHO "*** because I did check the linker path looking for a file starting"
+ echo "*** I have the capability to make that library automatically link in when"
+ echo "*** you link to this library. But I can only do this if you have a"
+ echo "*** shared version of the library, which you do not appear to have"
+ echo "*** because I did check the linker path looking for a file starting"
if test -z "$potlib" ; then
$ECHO "*** with $libname but no candidates were found. (...for file magic test)"
else
@@ -6188,7 +7858,7 @@ EOF
;;
*)
# Add a -L argument.
- newdeplibs="$newdeplibs $a_deplib"
+ func_append newdeplibs " $a_deplib"
;;
esac
done # Gone through all deplibs.
@@ -6204,7 +7874,7 @@ EOF
if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
case " $predeps $postdeps " in
*" $a_deplib "*)
- newdeplibs="$newdeplibs $a_deplib"
+ func_append newdeplibs " $a_deplib"
a_deplib=""
;;
esac
@@ -6215,9 +7885,9 @@ EOF
potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
for potent_lib in $potential_libs; do
potlib="$potent_lib" # see symlink-check above in file_magic test
- if eval "\$ECHO \"X$potent_lib\"" 2>/dev/null | $Xsed -e 10q | \
+ if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \
$EGREP "$match_pattern_regex" > /dev/null; then
- newdeplibs="$newdeplibs $a_deplib"
+ func_append newdeplibs " $a_deplib"
a_deplib=""
break 2
fi
@@ -6226,12 +7896,12 @@ EOF
fi
if test -n "$a_deplib" ; then
droppeddeps=yes
- $ECHO
+ echo
$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
- $ECHO "*** I have the capability to make that library automatically link in when"
- $ECHO "*** you link to this library. But I can only do this if you have a"
- $ECHO "*** shared version of the library, which you do not appear to have"
- $ECHO "*** because I did check the linker path looking for a file starting"
+ echo "*** I have the capability to make that library automatically link in when"
+ echo "*** you link to this library. But I can only do this if you have a"
+ echo "*** shared version of the library, which you do not appear to have"
+ echo "*** because I did check the linker path looking for a file starting"
if test -z "$potlib" ; then
$ECHO "*** with $libname but no candidates were found. (...for regex pattern test)"
else
@@ -6242,32 +7912,32 @@ EOF
;;
*)
# Add a -L argument.
- newdeplibs="$newdeplibs $a_deplib"
+ func_append newdeplibs " $a_deplib"
;;
esac
done # Gone through all deplibs.
;;
none | unknown | *)
newdeplibs=""
- tmp_deplibs=`$ECHO "X $deplibs" | $Xsed \
- -e 's/ -lc$//' -e 's/ -[LR][^ ]*//g'`
+ tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'`
if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
for i in $predeps $postdeps ; do
# can't use Xsed below, because $i might contain '/'
- tmp_deplibs=`$ECHO "X $tmp_deplibs" | $Xsed -e "s,$i,,"`
+ tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s,$i,,"`
done
fi
- if $ECHO "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' |
- $GREP . >/dev/null; then
- $ECHO
+ case $tmp_deplibs in
+ *[!\ \ ]*)
+ echo
if test "X$deplibs_check_method" = "Xnone"; then
- $ECHO "*** Warning: inter-library dependencies are not supported in this platform."
+ echo "*** Warning: inter-library dependencies are not supported in this platform."
else
- $ECHO "*** Warning: inter-library dependencies are not known to be supported."
+ echo "*** Warning: inter-library dependencies are not known to be supported."
fi
- $ECHO "*** All declared inter-library dependencies are being dropped."
+ echo "*** All declared inter-library dependencies are being dropped."
droppeddeps=yes
- fi
+ ;;
+ esac
;;
esac
versuffix=$versuffix_save
@@ -6279,23 +7949,23 @@ EOF
case $host in
*-*-rhapsody* | *-*-darwin1.[012])
# On Rhapsody replace the C library with the System framework
- newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+ newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'`
;;
esac
if test "$droppeddeps" = yes; then
if test "$module" = yes; then
- $ECHO
- $ECHO "*** Warning: libtool could not satisfy all declared inter-library"
+ echo
+ echo "*** Warning: libtool could not satisfy all declared inter-library"
$ECHO "*** dependencies of module $libname. Therefore, libtool will create"
- $ECHO "*** a static module, that should work as long as the dlopening"
- $ECHO "*** application is linked with the -dlopen flag."
+ echo "*** a static module, that should work as long as the dlopening"
+ echo "*** application is linked with the -dlopen flag."
if test -z "$global_symbol_pipe"; then
- $ECHO
- $ECHO "*** However, this would only work if libtool was able to extract symbol"
- $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
- $ECHO "*** not find such a program. So, this module is probably useless."
- $ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+ echo
+ echo "*** However, this would only work if libtool was able to extract symbol"
+ echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ echo "*** not find such a program. So, this module is probably useless."
+ echo "*** \`nm' from GNU binutils and a full rebuild may help."
fi
if test "$build_old_libs" = no; then
oldlibs="$output_objdir/$libname.$libext"
@@ -6305,16 +7975,16 @@ EOF
build_libtool_libs=no
fi
else
- $ECHO "*** The inter-library dependencies that have been dropped here will be"
- $ECHO "*** automatically added whenever a program is linked with this library"
- $ECHO "*** or is declared to -dlopen it."
+ echo "*** The inter-library dependencies that have been dropped here will be"
+ echo "*** automatically added whenever a program is linked with this library"
+ echo "*** or is declared to -dlopen it."
if test "$allow_undefined" = no; then
- $ECHO
- $ECHO "*** Since this library must not contain undefined symbols,"
- $ECHO "*** because either the platform does not support them or"
- $ECHO "*** it was explicitly requested with -no-undefined,"
- $ECHO "*** libtool will only create a static version of it."
+ echo
+ echo "*** Since this library must not contain undefined symbols,"
+ echo "*** because either the platform does not support them or"
+ echo "*** it was explicitly requested with -no-undefined,"
+ echo "*** libtool will only create a static version of it."
if test "$build_old_libs" = no; then
oldlibs="$output_objdir/$libname.$libext"
build_libtool_libs=module
@@ -6331,9 +8001,9 @@ EOF
# Time to change all our "foo.ltframework" stuff back to "-framework foo"
case $host in
*-*-darwin*)
- newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
- new_inherited_linker_flags=`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
- deplibs=`$ECHO "X $deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
+ new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
+ deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
;;
esac
@@ -6346,7 +8016,7 @@ EOF
*)
case " $deplibs " in
*" -L$path/$objdir "*)
- new_libs="$new_libs -L$path/$objdir" ;;
+ func_append new_libs " -L$path/$objdir" ;;
esac
;;
esac
@@ -6356,10 +8026,10 @@ EOF
-L*)
case " $new_libs " in
*" $deplib "*) ;;
- *) new_libs="$new_libs $deplib" ;;
+ *) func_append new_libs " $deplib" ;;
esac
;;
- *) new_libs="$new_libs $deplib" ;;
+ *) func_append new_libs " $deplib" ;;
esac
done
deplibs="$new_libs"
@@ -6371,15 +8041,22 @@ EOF
# Test again, we may have decided not to build it any more
if test "$build_libtool_libs" = yes; then
+ # Remove ${wl} instances when linking with ld.
+ # FIXME: should test the right _cmds variable.
+ case $archive_cmds in
+ *\$LD\ *) wl= ;;
+ esac
if test "$hardcode_into_libs" = yes; then
# Hardcode the library paths
hardcode_libdirs=
dep_rpath=
rpath="$finalize_rpath"
- test "$mode" != relink && rpath="$compile_rpath$rpath"
+ test "$opt_mode" != relink && rpath="$compile_rpath$rpath"
for libdir in $rpath; do
if test -n "$hardcode_libdir_flag_spec"; then
if test -n "$hardcode_libdir_separator"; then
+ func_replace_sysroot "$libdir"
+ libdir=$func_replace_sysroot_result
if test -z "$hardcode_libdirs"; then
hardcode_libdirs="$libdir"
else
@@ -6388,18 +8065,18 @@ EOF
*"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
;;
*)
- hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
;;
esac
fi
else
eval flag=\"$hardcode_libdir_flag_spec\"
- dep_rpath="$dep_rpath $flag"
+ func_append dep_rpath " $flag"
fi
elif test -n "$runpath_var"; then
case "$perm_rpath " in
*" $libdir "*) ;;
- *) perm_rpath="$perm_rpath $libdir" ;;
+ *) func_append perm_rpath " $libdir" ;;
esac
fi
done
@@ -6407,17 +8084,13 @@ EOF
if test -n "$hardcode_libdir_separator" &&
test -n "$hardcode_libdirs"; then
libdir="$hardcode_libdirs"
- if test -n "$hardcode_libdir_flag_spec_ld"; then
- eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
- else
- eval dep_rpath=\"$hardcode_libdir_flag_spec\"
- fi
+ eval "dep_rpath=\"$hardcode_libdir_flag_spec\""
fi
if test -n "$runpath_var" && test -n "$perm_rpath"; then
# We should set the runpath_var.
rpath=
for dir in $perm_rpath; do
- rpath="$rpath$dir:"
+ func_append rpath "$dir:"
done
eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
fi
@@ -6425,7 +8098,7 @@ EOF
fi
shlibpath="$finalize_shlibpath"
- test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
+ test "$opt_mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
if test -n "$shlibpath"; then
eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
fi
@@ -6451,23 +8124,23 @@ EOF
linknames=
for link
do
- linknames="$linknames $link"
+ func_append linknames " $link"
done
# Use standard objects if they are pic
- test -z "$pic_flag" && libobjs=`$ECHO "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP`
test "X$libobjs" = "X " && libobjs=
delfiles=
if test -n "$export_symbols" && test -n "$include_expsyms"; then
$opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp"
export_symbols="$output_objdir/$libname.uexp"
- delfiles="$delfiles $export_symbols"
+ func_append delfiles " $export_symbols"
fi
orig_export_symbols=
case $host_os in
- cygwin* | mingw*)
+ cygwin* | mingw* | cegcc*)
if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
# exporting using user supplied symfile
if test "x`$SED 1q $export_symbols`" != xEXPORTS; then
@@ -6493,13 +8166,45 @@ EOF
$opt_dry_run || $RM $export_symbols
cmds=$export_symbols_cmds
save_ifs="$IFS"; IFS='~'
- for cmd in $cmds; do
+ for cmd1 in $cmds; do
IFS="$save_ifs"
- eval cmd=\"$cmd\"
- func_len " $cmd"
- len=$func_len_result
- if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ # Take the normal branch if the nm_file_list_spec branch
+ # doesn't work or if tool conversion is not needed.
+ case $nm_file_list_spec~$to_tool_file_cmd in
+ *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*)
+ try_normal_branch=yes
+ eval cmd=\"$cmd1\"
+ func_len " $cmd"
+ len=$func_len_result
+ ;;
+ *)
+ try_normal_branch=no
+ ;;
+ esac
+ if test "$try_normal_branch" = yes \
+ && { test "$len" -lt "$max_cmd_len" \
+ || test "$max_cmd_len" -le -1; }
+ then
+ func_show_eval "$cmd" 'exit $?'
+ skipped_export=false
+ elif test -n "$nm_file_list_spec"; then
+ func_basename "$output"
+ output_la=$func_basename_result
+ save_libobjs=$libobjs
+ save_output=$output
+ output=${output_objdir}/${output_la}.nm
+ func_to_tool_file "$output"
+ libobjs=$nm_file_list_spec$func_to_tool_file_result
+ func_append delfiles " $output"
+ func_verbose "creating $NM input file list: $output"
+ for obj in $save_libobjs; do
+ func_to_tool_file "$obj"
+ $ECHO "$func_to_tool_file_result"
+ done > "$output"
+ eval cmd=\"$cmd1\"
func_show_eval "$cmd" 'exit $?'
+ output=$save_output
+ libobjs=$save_libobjs
skipped_export=false
else
# The command line is too long to execute in one step.
@@ -6521,7 +8226,7 @@ EOF
if test -n "$export_symbols" && test -n "$include_expsyms"; then
tmp_export_symbols="$export_symbols"
test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
- $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+ $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"'
fi
if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then
@@ -6533,7 +8238,7 @@ EOF
# global variables. join(1) would be nice here, but unfortunately
# isn't a blessed tool.
$opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
- delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+ func_append delfiles " $export_symbols $output_objdir/$libname.filter"
export_symbols=$output_objdir/$libname.def
$opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
fi
@@ -6543,7 +8248,7 @@ EOF
case " $convenience " in
*" $test_deplib "*) ;;
*)
- tmp_deplibs="$tmp_deplibs $test_deplib"
+ func_append tmp_deplibs " $test_deplib"
;;
esac
done
@@ -6563,21 +8268,21 @@ EOF
test "X$libobjs" = "X " && libobjs=
else
gentop="$output_objdir/${outputname}x"
- generated="$generated $gentop"
+ func_append generated " $gentop"
func_extract_archives $gentop $convenience
- libobjs="$libobjs $func_extract_archives_result"
+ func_append libobjs " $func_extract_archives_result"
test "X$libobjs" = "X " && libobjs=
fi
fi
if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
eval flag=\"$thread_safe_flag_spec\"
- linker_flags="$linker_flags $flag"
+ func_append linker_flags " $flag"
fi
# Make a backup of the uninstalled library when relinking
- if test "$mode" = relink; then
+ if test "$opt_mode" = relink; then
$opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $?
fi
@@ -6622,7 +8327,8 @@ EOF
save_libobjs=$libobjs
fi
save_output=$output
- output_la=`$ECHO "X$output" | $Xsed -e "$basename"`
+ func_basename "$output"
+ output_la=$func_basename_result
# Clear the reloadable object creation command queue and
# initialize k to one.
@@ -6635,13 +8341,16 @@ EOF
if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then
output=${output_objdir}/${output_la}.lnkscript
func_verbose "creating GNU ld script: $output"
- $ECHO 'INPUT (' > $output
+ echo 'INPUT (' > $output
for obj in $save_libobjs
do
- $ECHO "$obj" >> $output
+ func_to_tool_file "$obj"
+ $ECHO "$func_to_tool_file_result" >> $output
done
- $ECHO ')' >> $output
- delfiles="$delfiles $output"
+ echo ')' >> $output
+ func_append delfiles " $output"
+ func_to_tool_file "$output"
+ output=$func_to_tool_file_result
elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then
output=${output_objdir}/${output_la}.lnk
func_verbose "creating linker input file list: $output"
@@ -6655,10 +8364,12 @@ EOF
fi
for obj
do
- $ECHO "$obj" >> $output
+ func_to_tool_file "$obj"
+ $ECHO "$func_to_tool_file_result" >> $output
done
- delfiles="$delfiles $output"
- output=$firstobj\"$file_list_spec$output\"
+ func_append delfiles " $output"
+ func_to_tool_file "$output"
+ output=$firstobj\"$file_list_spec$func_to_tool_file_result\"
else
if test -n "$save_libobjs"; then
func_verbose "creating reloadable object files..."
@@ -6682,17 +8393,19 @@ EOF
# command to the queue.
if test "$k" -eq 1 ; then
# The first file doesn't have a previous command to add.
- eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
+ reload_objs=$objlist
+ eval concat_cmds=\"$reload_cmds\"
else
# All subsequent reloadable object files will link in
# the last one created.
- eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj~\$RM $last_robj\"
+ reload_objs="$objlist $last_robj"
+ eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\"
fi
last_robj=$output_objdir/$output_la-${k}.$objext
func_arith $k + 1
k=$func_arith_result
output=$output_objdir/$output_la-${k}.$objext
- objlist=$obj
+ objlist=" $obj"
func_len " $last_robj"
func_arith $len0 + $func_len_result
len=$func_arith_result
@@ -6702,11 +8415,12 @@ EOF
# reloadable object file. All subsequent reloadable object
# files will link in the last one created.
test -z "$concat_cmds" || concat_cmds=$concat_cmds~
- eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
+ reload_objs="$objlist $last_robj"
+ eval concat_cmds=\"\${concat_cmds}$reload_cmds\"
if test -n "$last_robj"; then
eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\"
fi
- delfiles="$delfiles $output"
+ func_append delfiles " $output"
else
output=
@@ -6740,7 +8454,7 @@ EOF
lt_exit=$?
# Restore the uninstalled library and exit
- if test "$mode" = relink; then
+ if test "$opt_mode" = relink; then
( cd "$output_objdir" && \
$RM "${realname}T" && \
$MV "${realname}U" "$realname" )
@@ -6761,7 +8475,7 @@ EOF
if test -n "$export_symbols" && test -n "$include_expsyms"; then
tmp_export_symbols="$export_symbols"
test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
- $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+ $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"'
fi
if test -n "$orig_export_symbols"; then
@@ -6773,7 +8487,7 @@ EOF
# global variables. join(1) would be nice here, but unfortunately
# isn't a blessed tool.
$opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
- delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+ func_append delfiles " $export_symbols $output_objdir/$libname.filter"
export_symbols=$output_objdir/$libname.def
$opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
fi
@@ -6814,10 +8528,10 @@ EOF
# Add any objects from preloaded convenience libraries
if test -n "$dlprefiles"; then
gentop="$output_objdir/${outputname}x"
- generated="$generated $gentop"
+ func_append generated " $gentop"
func_extract_archives $gentop $dlprefiles
- libobjs="$libobjs $func_extract_archives_result"
+ func_append libobjs " $func_extract_archives_result"
test "X$libobjs" = "X " && libobjs=
fi
@@ -6833,7 +8547,7 @@ EOF
lt_exit=$?
# Restore the uninstalled library and exit
- if test "$mode" = relink; then
+ if test "$opt_mode" = relink; then
( cd "$output_objdir" && \
$RM "${realname}T" && \
$MV "${realname}U" "$realname" )
@@ -6845,7 +8559,7 @@ EOF
IFS="$save_ifs"
# Restore the uninstalled library and exit
- if test "$mode" = relink; then
+ if test "$opt_mode" = relink; then
$opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $?
if test -n "$convenience"; then
@@ -6926,18 +8640,21 @@ EOF
if test -n "$convenience"; then
if test -n "$whole_archive_flag_spec"; then
eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
- reload_conv_objs=$reload_objs\ `$ECHO "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'`
+ reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'`
else
gentop="$output_objdir/${obj}x"
- generated="$generated $gentop"
+ func_append generated " $gentop"
func_extract_archives $gentop $convenience
reload_conv_objs="$reload_objs $func_extract_archives_result"
fi
fi
+ # If we're not building shared, we need to use non_pic_objs
+ test "$build_libtool_libs" != yes && libobjs="$non_pic_objects"
+
# Create the old-style object.
- reload_objs="$objs$old_deplibs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
+ reload_objs="$objs$old_deplibs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; /\.lib$/d; $lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
output="$obj"
func_execute_cmds "$reload_cmds" 'exit $?'
@@ -6997,8 +8714,8 @@ EOF
case $host in
*-*-rhapsody* | *-*-darwin1.[012])
# On Rhapsody replace the C library is the System framework
- compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
- finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+ compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'`
+ finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'`
;;
esac
@@ -7009,14 +8726,14 @@ EOF
if test "$tagname" = CXX ; then
case ${MACOSX_DEPLOYMENT_TARGET-10.0} in
10.[0123])
- compile_command="$compile_command ${wl}-bind_at_load"
- finalize_command="$finalize_command ${wl}-bind_at_load"
+ func_append compile_command " ${wl}-bind_at_load"
+ func_append finalize_command " ${wl}-bind_at_load"
;;
esac
fi
# Time to change all our "foo.ltframework" stuff back to "-framework foo"
- compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
- finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
+ finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
;;
esac
@@ -7030,7 +8747,7 @@ EOF
*)
case " $compile_deplibs " in
*" -L$path/$objdir "*)
- new_libs="$new_libs -L$path/$objdir" ;;
+ func_append new_libs " -L$path/$objdir" ;;
esac
;;
esac
@@ -7040,17 +8757,17 @@ EOF
-L*)
case " $new_libs " in
*" $deplib "*) ;;
- *) new_libs="$new_libs $deplib" ;;
+ *) func_append new_libs " $deplib" ;;
esac
;;
- *) new_libs="$new_libs $deplib" ;;
+ *) func_append new_libs " $deplib" ;;
esac
done
compile_deplibs="$new_libs"
- compile_command="$compile_command $compile_deplibs"
- finalize_command="$finalize_command $finalize_deplibs"
+ func_append compile_command " $compile_deplibs"
+ func_append finalize_command " $finalize_deplibs"
if test -n "$rpath$xrpath"; then
# If the user specified any rpath flags, then add them.
@@ -7058,7 +8775,7 @@ EOF
# This is the magic to use -rpath.
case "$finalize_rpath " in
*" $libdir "*) ;;
- *) finalize_rpath="$finalize_rpath $libdir" ;;
+ *) func_append finalize_rpath " $libdir" ;;
esac
done
fi
@@ -7077,30 +8794,32 @@ EOF
*"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
;;
*)
- hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
;;
esac
fi
else
eval flag=\"$hardcode_libdir_flag_spec\"
- rpath="$rpath $flag"
+ func_append rpath " $flag"
fi
elif test -n "$runpath_var"; then
case "$perm_rpath " in
*" $libdir "*) ;;
- *) perm_rpath="$perm_rpath $libdir" ;;
+ *) func_append perm_rpath " $libdir" ;;
esac
fi
case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'`
case :$dllsearchpath: in
*":$libdir:"*) ;;
- *) dllsearchpath="$dllsearchpath:$libdir";;
+ ::) dllsearchpath=$libdir;;
+ *) func_append dllsearchpath ":$libdir";;
esac
case :$dllsearchpath: in
*":$testbindir:"*) ;;
- *) dllsearchpath="$dllsearchpath:$testbindir";;
+ ::) dllsearchpath=$testbindir;;
+ *) func_append dllsearchpath ":$testbindir";;
esac
;;
esac
@@ -7126,18 +8845,18 @@ EOF
*"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
;;
*)
- hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
;;
esac
fi
else
eval flag=\"$hardcode_libdir_flag_spec\"
- rpath="$rpath $flag"
+ func_append rpath " $flag"
fi
elif test -n "$runpath_var"; then
case "$finalize_perm_rpath " in
*" $libdir "*) ;;
- *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
+ *) func_append finalize_perm_rpath " $libdir" ;;
esac
fi
done
@@ -7151,8 +8870,8 @@ EOF
if test -n "$libobjs" && test "$build_old_libs" = yes; then
# Transform all the library objects into standard objects.
- compile_command=`$ECHO "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
- finalize_command=`$ECHO "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP`
+ finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP`
fi
func_generate_dlsyms "$outputname" "@PROGRAM@" "no"
@@ -7164,6 +8883,10 @@ EOF
wrappers_required=yes
case $host in
+ *cegcc* | *mingw32ce*)
+ # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway.
+ wrappers_required=no
+ ;;
*cygwin* | *mingw* )
if test "$build_libtool_libs" != yes; then
wrappers_required=no
@@ -7177,13 +8900,19 @@ EOF
esac
if test "$wrappers_required" = no; then
# Replace the output file specification.
- compile_command=`$ECHO "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'`
link_command="$compile_command$compile_rpath"
# We have no uninstalled library dependencies, so finalize right now.
exit_status=0
func_show_eval "$link_command" 'exit_status=$?'
+ if test -n "$postlink_cmds"; then
+ func_to_tool_file "$output"
+ postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
+ func_execute_cmds "$postlink_cmds" 'exit $?'
+ fi
+
# Delete the generated files.
if test -f "$output_objdir/${outputname}S.${objext}"; then
func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"'
@@ -7206,7 +8935,7 @@ EOF
# We should set the runpath_var.
rpath=
for dir in $perm_rpath; do
- rpath="$rpath$dir:"
+ func_append rpath "$dir:"
done
compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
fi
@@ -7214,7 +8943,7 @@ EOF
# We should set the runpath_var.
rpath=
for dir in $finalize_perm_rpath; do
- rpath="$rpath$dir:"
+ func_append rpath "$dir:"
done
finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
fi
@@ -7224,11 +8953,18 @@ EOF
# We don't need to create a wrapper script.
link_command="$compile_var$compile_command$compile_rpath"
# Replace the output file specification.
- link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'`
# Delete the old output file.
$opt_dry_run || $RM $output
# Link the executable and exit
func_show_eval "$link_command" 'exit $?'
+
+ if test -n "$postlink_cmds"; then
+ func_to_tool_file "$output"
+ postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
+ func_execute_cmds "$postlink_cmds" 'exit $?'
+ fi
+
exit $EXIT_SUCCESS
fi
@@ -7243,7 +8979,7 @@ EOF
if test "$fast_install" != no; then
link_command="$finalize_var$compile_command$finalize_rpath"
if test "$fast_install" = yes; then
- relink_command=`$ECHO "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
+ relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'`
else
# fast_install is set to needless
relink_command=
@@ -7255,13 +8991,19 @@ EOF
fi
# Replace the output file specification.
- link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
+ link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
# Delete the old output files.
$opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname
func_show_eval "$link_command" 'exit $?'
+ if test -n "$postlink_cmds"; then
+ func_to_tool_file "$output_objdir/$outputname"
+ postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
+ func_execute_cmds "$postlink_cmds" 'exit $?'
+ fi
+
# Now create the wrapper script.
func_verbose "creating $output"
@@ -7279,18 +9021,7 @@ EOF
fi
done
relink_command="(cd `pwd`; $relink_command)"
- relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
- fi
-
- # Quote $ECHO for shipping.
- if test "X$ECHO" = "X$SHELL $progpath --fallback-echo"; then
- case $progpath in
- [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
- *) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
- esac
- qecho=`$ECHO "X$qecho" | $Xsed -e "$sed_quote_subst"`
- else
- qecho=`$ECHO "X$ECHO" | $Xsed -e "$sed_quote_subst"`
+ relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
fi
# Only actually do things if not in dry run mode.
@@ -7321,11 +9052,10 @@ EOF
func_emit_cwrapperexe_src > $cwrappersource
- # we should really use a build-platform specific compiler
- # here, but OTOH, the wrappers (shell script and this C one)
- # are only useful if you want to execute the "real" binary.
- # Since the "real" binary is built for $host, then this
- # wrapper might as well be built for $host, too.
+ # The wrapper executable is built using the $host compiler,
+ # because it contains $host paths and files. If cross-
+ # compiling, it, like the target executable, must be
+ # executed on the $host or under an emulation environment.
$opt_dry_run || {
$LTCC $LTCFLAGS -o $cwrapper $cwrappersource
$STRIP $cwrapper
@@ -7371,7 +9101,7 @@ EOF
else
oldobjs="$old_deplibs $non_pic_objects"
if test "$preload" = yes && test -f "$symfileobj"; then
- oldobjs="$oldobjs $symfileobj"
+ func_append oldobjs " $symfileobj"
fi
fi
addlibs="$old_convenience"
@@ -7379,10 +9109,10 @@ EOF
if test -n "$addlibs"; then
gentop="$output_objdir/${outputname}x"
- generated="$generated $gentop"
+ func_append generated " $gentop"
func_extract_archives $gentop $addlibs
- oldobjs="$oldobjs $func_extract_archives_result"
+ func_append oldobjs " $func_extract_archives_result"
fi
# Do each command in the archive commands.
@@ -7393,10 +9123,10 @@ EOF
# Add any objects from preloaded convenience libraries
if test -n "$dlprefiles"; then
gentop="$output_objdir/${outputname}x"
- generated="$generated $gentop"
+ func_append generated " $gentop"
func_extract_archives $gentop $dlprefiles
- oldobjs="$oldobjs $func_extract_archives_result"
+ func_append oldobjs " $func_extract_archives_result"
fi
# POSIX demands no paths to be encoded in archives. We have
@@ -7412,9 +9142,9 @@ EOF
done | sort | sort -uc >/dev/null 2>&1); then
:
else
- $ECHO "copying selected object files to avoid basename conflicts..."
+ echo "copying selected object files to avoid basename conflicts..."
gentop="$output_objdir/${outputname}x"
- generated="$generated $gentop"
+ func_append generated " $gentop"
func_mkdir_p "$gentop"
save_oldobjs=$oldobjs
oldobjs=
@@ -7438,18 +9168,30 @@ EOF
esac
done
func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
- oldobjs="$oldobjs $gentop/$newobj"
+ func_append oldobjs " $gentop/$newobj"
;;
- *) oldobjs="$oldobjs $obj" ;;
+ *) func_append oldobjs " $obj" ;;
esac
done
fi
+ func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
+ tool_oldlib=$func_to_tool_file_result
eval cmds=\"$old_archive_cmds\"
func_len " $cmds"
len=$func_len_result
if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
cmds=$old_archive_cmds
+ elif test -n "$archiver_list_spec"; then
+ func_verbose "using command file archive linking..."
+ for obj in $oldobjs
+ do
+ func_to_tool_file "$obj"
+ $ECHO "$func_to_tool_file_result"
+ done > $output_objdir/$libname.libcmd
+ func_to_tool_file "$output_objdir/$libname.libcmd"
+ oldobjs=" $archiver_list_spec$func_to_tool_file_result"
+ cmds=$old_archive_cmds
else
# the command line is too long to link in one step, link in parts
func_verbose "using piecewise archive linking..."
@@ -7523,7 +9265,7 @@ EOF
done
# Quote the link command for shipping.
relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
- relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
if test "$hardcode_automatic" = yes ; then
relink_command=
fi
@@ -7543,12 +9285,23 @@ EOF
*.la)
func_basename "$deplib"
name="$func_basename_result"
- eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ func_resolve_sysroot "$deplib"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result`
test -z "$libdir" && \
func_fatal_error "\`$deplib' is not a valid libtool archive"
- newdependency_libs="$newdependency_libs $libdir/$name"
+ func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name"
+ ;;
+ -L*)
+ func_stripname -L '' "$deplib"
+ func_replace_sysroot "$func_stripname_result"
+ func_append newdependency_libs " -L$func_replace_sysroot_result"
+ ;;
+ -R*)
+ func_stripname -R '' "$deplib"
+ func_replace_sysroot "$func_stripname_result"
+ func_append newdependency_libs " -R$func_replace_sysroot_result"
;;
- *) newdependency_libs="$newdependency_libs $deplib" ;;
+ *) func_append newdependency_libs " $deplib" ;;
esac
done
dependency_libs="$newdependency_libs"
@@ -7562,9 +9315,9 @@ EOF
eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
test -z "$libdir" && \
func_fatal_error "\`$lib' is not a valid libtool archive"
- newdlfiles="$newdlfiles $libdir/$name"
+ func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name"
;;
- *) newdlfiles="$newdlfiles $lib" ;;
+ *) func_append newdlfiles " $lib" ;;
esac
done
dlfiles="$newdlfiles"
@@ -7581,7 +9334,7 @@ EOF
eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
test -z "$libdir" && \
func_fatal_error "\`$lib' is not a valid libtool archive"
- newdlprefiles="$newdlprefiles $libdir/$name"
+ func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name"
;;
esac
done
@@ -7593,7 +9346,7 @@ EOF
[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
*) abs=`pwd`"/$lib" ;;
esac
- newdlfiles="$newdlfiles $abs"
+ func_append newdlfiles " $abs"
done
dlfiles="$newdlfiles"
newdlprefiles=
@@ -7602,15 +9355,33 @@ EOF
[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
*) abs=`pwd`"/$lib" ;;
esac
- newdlprefiles="$newdlprefiles $abs"
+ func_append newdlprefiles " $abs"
done
dlprefiles="$newdlprefiles"
fi
$RM $output
# place dlname in correct position for cygwin
+ # In fact, it would be nice if we could use this code for all target
+ # systems that can't hard-code library paths into their executables
+ # and that have no shared library path variable independent of PATH,
+ # but it turns out we can't easily determine that from inspecting
+ # libtool variables, so we have to hard-code the OSs to which it
+ # applies here; at the moment, that means platforms that use the PE
+ # object format with DLL files. See the long comment at the top of
+ # tests/bindir.at for full details.
tdlname=$dlname
case $host,$output,$installed,$module,$dlname in
- *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
+ *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll)
+ # If a -bindir argument was supplied, place the dll there.
+ if test "x$bindir" != x ;
+ then
+ func_relative_path "$install_libdir" "$bindir"
+ tdlname=$func_relative_path_result$dlname
+ else
+ # Otherwise fall back on heuristic.
+ tdlname=../bin/$dlname
+ fi
+ ;;
esac
$ECHO > $output "\
# $outputname - a libtool library file
@@ -7669,7 +9440,7 @@ relink_command=\"$relink_command\""
exit $EXIT_SUCCESS
}
-{ test "$mode" = link || test "$mode" = relink; } &&
+{ test "$opt_mode" = link || test "$opt_mode" = relink; } &&
func_mode_link ${1+"$@"}
@@ -7689,9 +9460,9 @@ func_mode_uninstall ()
for arg
do
case $arg in
- -f) RM="$RM $arg"; rmforce=yes ;;
- -*) RM="$RM $arg" ;;
- *) files="$files $arg" ;;
+ -f) func_append RM " $arg"; rmforce=yes ;;
+ -*) func_append RM " $arg" ;;
+ *) func_append files " $arg" ;;
esac
done
@@ -7700,24 +9471,23 @@ func_mode_uninstall ()
rmdirs=
- origobjdir="$objdir"
for file in $files; do
func_dirname "$file" "" "."
dir="$func_dirname_result"
if test "X$dir" = X.; then
- objdir="$origobjdir"
+ odir="$objdir"
else
- objdir="$dir/$origobjdir"
+ odir="$dir/$objdir"
fi
func_basename "$file"
name="$func_basename_result"
- test "$mode" = uninstall && objdir="$dir"
+ test "$opt_mode" = uninstall && odir="$dir"
- # Remember objdir for removal later, being careful to avoid duplicates
- if test "$mode" = clean; then
+ # Remember odir for removal later, being careful to avoid duplicates
+ if test "$opt_mode" = clean; then
case " $rmdirs " in
- *" $objdir "*) ;;
- *) rmdirs="$rmdirs $objdir" ;;
+ *" $odir "*) ;;
+ *) func_append rmdirs " $odir" ;;
esac
fi
@@ -7743,18 +9513,17 @@ func_mode_uninstall ()
# Delete the libtool libraries and symlinks.
for n in $library_names; do
- rmfiles="$rmfiles $objdir/$n"
+ func_append rmfiles " $odir/$n"
done
- test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
+ test -n "$old_library" && func_append rmfiles " $odir/$old_library"
- case "$mode" in
+ case "$opt_mode" in
clean)
- case " $library_names " in
- # " " in the beginning catches empty $dlname
+ case " $library_names " in
*" $dlname "*) ;;
- *) rmfiles="$rmfiles $objdir/$dlname" ;;
+ *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;;
esac
- test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
+ test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i"
;;
uninstall)
if test -n "$library_names"; then
@@ -7782,19 +9551,19 @@ func_mode_uninstall ()
# Add PIC object to the list of files to remove.
if test -n "$pic_object" &&
test "$pic_object" != none; then
- rmfiles="$rmfiles $dir/$pic_object"
+ func_append rmfiles " $dir/$pic_object"
fi
# Add non-PIC object to the list of files to remove.
if test -n "$non_pic_object" &&
test "$non_pic_object" != none; then
- rmfiles="$rmfiles $dir/$non_pic_object"
+ func_append rmfiles " $dir/$non_pic_object"
fi
fi
;;
*)
- if test "$mode" = clean ; then
+ if test "$opt_mode" = clean ; then
noexename=$name
case $file in
*.exe)
@@ -7804,7 +9573,7 @@ func_mode_uninstall ()
noexename=$func_stripname_result
# $file with .exe has already been added to rmfiles,
# add $file without .exe
- rmfiles="$rmfiles $file"
+ func_append rmfiles " $file"
;;
esac
# Do a test to see if this is a libtool program.
@@ -7813,7 +9582,7 @@ func_mode_uninstall ()
func_ltwrapper_scriptname "$file"
relink_command=
func_source $func_ltwrapper_scriptname_result
- rmfiles="$rmfiles $func_ltwrapper_scriptname_result"
+ func_append rmfiles " $func_ltwrapper_scriptname_result"
else
relink_command=
func_source $dir/$noexename
@@ -7821,12 +9590,12 @@ func_mode_uninstall ()
# note $name still contains .exe if it was in $file originally
# as does the version of $file that was added into $rmfiles
- rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
+ func_append rmfiles " $odir/$name $odir/${name}S.${objext}"
if test "$fast_install" = yes && test -n "$relink_command"; then
- rmfiles="$rmfiles $objdir/lt-$name"
+ func_append rmfiles " $odir/lt-$name"
fi
if test "X$noexename" != "X$name" ; then
- rmfiles="$rmfiles $objdir/lt-${noexename}.c"
+ func_append rmfiles " $odir/lt-${noexename}.c"
fi
fi
fi
@@ -7834,7 +9603,6 @@ func_mode_uninstall ()
esac
func_show_eval "$RM $rmfiles" 'exit_status=1'
done
- objdir="$origobjdir"
# Try to remove the ${objdir}s in the directories where we deleted files
for dir in $rmdirs; do
@@ -7846,16 +9614,16 @@ func_mode_uninstall ()
exit $exit_status
}
-{ test "$mode" = uninstall || test "$mode" = clean; } &&
+{ test "$opt_mode" = uninstall || test "$opt_mode" = clean; } &&
func_mode_uninstall ${1+"$@"}
-test -z "$mode" && {
+test -z "$opt_mode" && {
help="$generic_help"
func_fatal_help "you must specify a MODE"
}
test -z "$exec_cmd" && \
- func_fatal_help "invalid operation mode \`$mode'"
+ func_fatal_help "invalid operation mode \`$opt_mode'"
if test -n "$exec_cmd"; then
eval exec "$exec_cmd"
diff --git a/missing b/build-aux/missing
index 1c8ff70..86a8fc3 100755
--- a/missing
+++ b/build-aux/missing
@@ -1,10 +1,10 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
-scriptversion=2006-05-10.23
+scriptversion=2012-01-06.13; # UTC
-# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006
-# Free Software Foundation, Inc.
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
@@ -18,9 +18,7 @@ scriptversion=2006-05-10.23
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-# 02110-1301, USA.
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -86,9 +84,11 @@ Supported PROGRAM values:
help2man touch the output file
lex create \`lex.yy.c', if possible, from existing .c
makeinfo touch the output file
- tar try tar, gnutar, gtar, then tar without non-portable flags
yacc create \`y.tab.[ch]', if possible, from existing .[ch]
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
Send bug reports to <bug-automake@gnu.org>."
exit $?
;;
@@ -106,23 +106,21 @@ Send bug reports to <bug-automake@gnu.org>."
esac
+# normalize program name to check for.
+program=`echo "$1" | sed '
+ s/^gnu-//; t
+ s/^gnu//; t
+ s/^g//; t'`
+
# Now exit if we have it, but it failed. Also exit now if we
# don't have it and --version was passed (most likely to detect
-# the program).
+# the program). This is about non-GNU programs, so use $1 not
+# $program.
case $1 in
- lex|yacc)
+ lex*|yacc*)
# Not GNU programs, they don't have --version.
;;
- tar)
- if test -n "$run"; then
- echo 1>&2 "ERROR: \`tar' requires --run"
- exit 1
- elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
- exit 1
- fi
- ;;
-
*)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
@@ -138,7 +136,7 @@ esac
# If it does not exist, or fails to run (possibly an outdated version),
# try to emulate it.
-case $1 in
+case $program in
aclocal*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
@@ -148,7 +146,7 @@ WARNING: \`$1' is $msg. You should only need it if
touch aclocal.m4
;;
- autoconf)
+ autoconf*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`${configure_ac}'. You might want to install the
@@ -157,7 +155,7 @@ WARNING: \`$1' is $msg. You should only need it if
touch configure
;;
- autoheader)
+ autoheader*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`acconfig.h' or \`${configure_ac}'. You might want
@@ -187,7 +185,7 @@ WARNING: \`$1' is $msg. You should only need it if
while read f; do touch "$f"; done
;;
- autom4te)
+ autom4te*)
echo 1>&2 "\
WARNING: \`$1' is needed, but is $msg.
You might have modified some files without having the
@@ -210,7 +208,7 @@ WARNING: \`$1' is needed, but is $msg.
fi
;;
- bison|yacc)
+ bison*|yacc*)
echo 1>&2 "\
WARNING: \`$1' $msg. You should only need it if
you modified a \`.y' file. You may need the \`Bison' package
@@ -218,7 +216,7 @@ WARNING: \`$1' $msg. You should only need it if
\`Bison' from any GNU archive site."
rm -f y.tab.c y.tab.h
if test $# -ne 1; then
- eval LASTARG="\${$#}"
+ eval LASTARG=\${$#}
case $LASTARG in
*.y)
SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
@@ -240,7 +238,7 @@ WARNING: \`$1' $msg. You should only need it if
fi
;;
- lex|flex)
+ lex*|flex*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.l' file. You may need the \`Flex' package
@@ -248,7 +246,7 @@ WARNING: \`$1' is $msg. You should only need it if
\`Flex' from any GNU archive site."
rm -f lex.yy.c
if test $# -ne 1; then
- eval LASTARG="\${$#}"
+ eval LASTARG=\${$#}
case $LASTARG in
*.l)
SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
@@ -263,7 +261,7 @@ WARNING: \`$1' is $msg. You should only need it if
fi
;;
- help2man)
+ help2man*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a dependency of a manual page. You may need the
@@ -277,11 +275,11 @@ WARNING: \`$1' is $msg. You should only need it if
else
test -z "$file" || exec >$file
echo ".ab help2man is required to generate this page"
- exit 1
+ exit $?
fi
;;
- makeinfo)
+ makeinfo*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.texi' or \`.texinfo' file, or any other file
@@ -310,41 +308,6 @@ WARNING: \`$1' is $msg. You should only need it if
touch $file
;;
- tar)
- shift
-
- # We have already tried tar in the generic part.
- # Look for gnutar/gtar before invocation to avoid ugly error
- # messages.
- if (gnutar --version > /dev/null 2>&1); then
- gnutar "$@" && exit 0
- fi
- if (gtar --version > /dev/null 2>&1); then
- gtar "$@" && exit 0
- fi
- firstarg="$1"
- if shift; then
- case $firstarg in
- *o*)
- firstarg=`echo "$firstarg" | sed s/o//`
- tar "$firstarg" "$@" && exit 0
- ;;
- esac
- case $firstarg in
- *h*)
- firstarg=`echo "$firstarg" | sed s/h//`
- tar "$firstarg" "$@" && exit 0
- ;;
- esac
- fi
-
- echo 1>&2 "\
-WARNING: I can't seem to be able to run \`tar' with the given arguments.
- You may want to install GNU tar or Free paxutils, or check the
- command line arguments."
- exit 1
- ;;
-
*)
echo 1>&2 "\
WARNING: \`$1' is needed, and is $msg.
@@ -363,5 +326,6 @@ exit 0
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
# End:
diff --git a/compile b/compile
deleted file mode 100755
index 1b1d232..0000000
--- a/compile
+++ /dev/null
@@ -1,142 +0,0 @@
-#! /bin/sh
-# Wrapper for compilers which do not understand `-c -o'.
-
-scriptversion=2005-05-14.22
-
-# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
-# Written by Tom Tromey <tromey@cygnus.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-case $1 in
- '')
- echo "$0: No command. Try \`$0 --help' for more information." 1>&2
- exit 1;
- ;;
- -h | --h*)
- cat <<\EOF
-Usage: compile [--help] [--version] PROGRAM [ARGS]
-
-Wrapper for compilers which do not understand `-c -o'.
-Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
-arguments, and rename the output as expected.
-
-If you are trying to build a whole package this is not the
-right script to run: please start by reading the file `INSTALL'.
-
-Report bugs to <bug-automake@gnu.org>.
-EOF
- exit $?
- ;;
- -v | --v*)
- echo "compile $scriptversion"
- exit $?
- ;;
-esac
-
-ofile=
-cfile=
-eat=
-
-for arg
-do
- if test -n "$eat"; then
- eat=
- else
- case $1 in
- -o)
- # configure might choose to run compile as `compile cc -o foo foo.c'.
- # So we strip `-o arg' only if arg is an object.
- eat=1
- case $2 in
- *.o | *.obj)
- ofile=$2
- ;;
- *)
- set x "$@" -o "$2"
- shift
- ;;
- esac
- ;;
- *.c)
- cfile=$1
- set x "$@" "$1"
- shift
- ;;
- *)
- set x "$@" "$1"
- shift
- ;;
- esac
- fi
- shift
-done
-
-if test -z "$ofile" || test -z "$cfile"; then
- # If no `-o' option was seen then we might have been invoked from a
- # pattern rule where we don't need one. That is ok -- this is a
- # normal compilation that the losing compiler can handle. If no
- # `.c' file was seen then we are probably linking. That is also
- # ok.
- exec "$@"
-fi
-
-# Name of file we expect compiler to create.
-cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
-
-# Create the lock directory.
-# Note: use `[/.-]' here to ensure that we don't use the same name
-# that we are using for the .o file. Also, base the name on the expected
-# object file name, since that is what matters with a parallel build.
-lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d
-while true; do
- if mkdir "$lockdir" >/dev/null 2>&1; then
- break
- fi
- sleep 1
-done
-# FIXME: race condition here if user kills between mkdir and trap.
-trap "rmdir '$lockdir'; exit 1" 1 2 15
-
-# Run the compile.
-"$@"
-ret=$?
-
-if test -f "$cofile"; then
- mv "$cofile" "$ofile"
-elif test -f "${cofile}bj"; then
- mv "${cofile}bj" "$ofile"
-fi
-
-rmdir "$lockdir"
-exit $ret
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
-# End:
diff --git a/config.h.in b/config.h.in
index 1c9c69d..b8987f2 100644
--- a/config.h.in
+++ b/config.h.in
@@ -6,6 +6,21 @@
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
+/* Define to 1 if you have the `pcap' library (-lpcap). */
+#undef HAVE_LIBPCAP
+
+/* Define to 1 if you have the <linux/dccp.h> header file. */
+#undef HAVE_LINUX_DCCP_H
+
+/* Define to 1 if you have the <linux/ip_vs.h> header file. */
+#undef HAVE_LINUX_IP_VS_H
+
+/* Define to 1 if you have the <linux/magic.h> header file. */
+#undef HAVE_LINUX_MAGIC_H
+
+/* Define to 1 if you have the <linux/proc_fs.h> header file. */
+#undef HAVE_LINUX_PROC_FS_H
+
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
@@ -52,9 +67,15 @@
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
/* Define to the version of this package. */
#undef PACKAGE_VERSION
+/* The size of `struct ip6_hdr', as computed by sizeof. */
+#undef SIZEOF_STRUCT_IP6_HDR
+
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
diff --git a/configure b/configure
index 3c12bf5..b45162e 100755
--- a/configure
+++ b/configure
@@ -1,60 +1,81 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for iptables 1.4.9.1.
+# Generated by GNU Autoconf 2.69 for iptables 1.4.21.
+#
+#
+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+#
#
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.
-## --------------------- ##
-## M4sh Initialization. ##
-## --------------------- ##
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
# Be more Bourne compatible
DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
emulate sh
NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
setopt NO_GLOB_SUBST
else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
esac
-
fi
-
-
-# PATH needs CR
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- echo "#! /bin/sh" >conf$$.sh
- echo "exit 0" >>conf$$.sh
- chmod +x conf$$.sh
- if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
- PATH_SEPARATOR=';'
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
else
- PATH_SEPARATOR=:
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
fi
- rm -f conf$$.sh
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
fi
-# Support unset when possible.
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- as_unset=unset
-else
- as_unset=false
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
fi
@@ -63,20 +84,19 @@ fi
# there to prevent editors from complaining about space-tab.
# (If _AS_PATH_WALK were called with IFS unset, it would disable word
# splitting by setting IFS to empty value.)
-as_nl='
-'
IFS=" "" $as_nl"
# Find who we are. Look in the path if we contain no directory separator.
-case $0 in
+as_myself=
+case $0 in #((
*[\\/]* ) as_myself=$0 ;;
*) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
IFS=$as_save_IFS
;;
@@ -87,354 +107,374 @@ if test "x$as_myself" = x; then
as_myself=$0
fi
if test ! -f "$as_myself"; then
- echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- { (exit 1); exit 1; }
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
fi
-# Work around bugs in pre-3.0 UWIN ksh.
-for as_var in ENV MAIL MAILPATH
-do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
done
PS1='$ '
PS2='> '
PS4='+ '
# NLS nuisances.
-for as_var in \
- LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
- LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
- LC_TELEPHONE LC_TIME
-do
- if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
- eval $as_var=C; export $as_var
- else
- ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
- fi
-done
-
-# Required to use basename.
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-
-# Name of the executable.
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
# CDPATH.
-$as_unset CDPATH
-
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+# Use a proper internal environment variable to ensure we don't fall
+ # into an infinite loop, continuously re-executing ourselves.
+ if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+ _as_can_reexec=no; export _as_can_reexec;
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+as_fn_exit 255
+ fi
+ # We don't want this to propagate to other subprocesses.
+ { _as_can_reexec=; unset _as_can_reexec;}
if test "x$CONFIG_SHELL" = x; then
- if (eval ":") 2>/dev/null; then
- as_have_required=yes
+ as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
else
- as_have_required=no
+ case \`(set -o) 2>/dev/null\` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
fi
-
- if test $as_have_required = yes && (eval ":
-(as_func_return () {
- (exit \$1)
-}
-as_func_success () {
- as_func_return 0
-}
-as_func_failure () {
- as_func_return 1
-}
-as_func_ret_success () {
- return 0
-}
-as_func_ret_failure () {
- return 1
-}
+"
+ as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
exitcode=0
-if as_func_success; then
- :
-else
- exitcode=1
- echo as_func_success failed.
-fi
-
-if as_func_failure; then
- exitcode=1
- echo as_func_failure succeeded.
-fi
-
-if as_func_ret_success; then
- :
-else
- exitcode=1
- echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
- exitcode=1
- echo as_func_ret_failure succeeded.
-fi
-
-if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
- :
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+ exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1
+test -x / || exit 1"
+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+
+ test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || (
+ ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+ ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
+ ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
+ PATH=/empty FPATH=/empty; export PATH FPATH
+ test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
+ || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+ if (eval "$as_required") 2>/dev/null; then :
+ as_have_required=yes
else
- exitcode=1
- echo positional parameters were not saved.
+ as_have_required=no
fi
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
-test \$exitcode = 0) || { (exit 1); exit 1; }
-
-(
- as_lineno_1=\$LINENO
- as_lineno_2=\$LINENO
- test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
- test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
-") 2> /dev/null; then
- :
else
- as_candidate_shells=
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- case $as_dir in
+ as_found=:
+ case $as_dir in #(
/*)
for as_base in sh bash ksh sh5; do
- as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
+ # Try only shells that exist, to save several forks.
+ as_shell=$as_dir/$as_base
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ CONFIG_SHELL=$as_shell as_have_required=yes
+ if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ break 2
+fi
+fi
done;;
esac
+ as_found=false
done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
IFS=$as_save_IFS
- for as_shell in $as_candidate_shells $SHELL; do
- # Try only shells that exist, to save several forks.
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- { ("$as_shell") 2> /dev/null <<\_ASEOF
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
-esac
-
-fi
-
-
-:
-_ASEOF
-}; then
- CONFIG_SHELL=$as_shell
- as_have_required=yes
- if { "$as_shell" 2> /dev/null <<\_ASEOF
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
+ if test "x$CONFIG_SHELL" != x; then :
+ export CONFIG_SHELL
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
esac
-
-fi
-
-
-:
-(as_func_return () {
- (exit $1)
-}
-as_func_success () {
- as_func_return 0
-}
-as_func_failure () {
- as_func_return 1
-}
-as_func_ret_success () {
- return 0
-}
-as_func_ret_failure () {
- return 1
-}
-
-exitcode=0
-if as_func_success; then
- :
-else
- exitcode=1
- echo as_func_success failed.
-fi
-
-if as_func_failure; then
- exitcode=1
- echo as_func_failure succeeded.
-fi
-
-if as_func_ret_success; then
- :
-else
- exitcode=1
- echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
- exitcode=1
- echo as_func_ret_failure succeeded.
-fi
-
-if ( set x; as_func_ret_success y && test x = "$1" ); then
- :
-else
- exitcode=1
- echo positional parameters were not saved.
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
+fi
+
+ if test x$as_have_required = xno; then :
+ $as_echo "$0: This script requires a shell more modern than all"
+ $as_echo "$0: the shells that I found on your system."
+ if test x${ZSH_VERSION+set} = xset ; then
+ $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+ else
+ $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
+$0: including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
+ fi
+ exit 1
fi
-
-test $exitcode = 0) || { (exit 1); exit 1; }
-
-(
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
-
-_ASEOF
-}; then
- break
fi
-
fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
- done
-
- if test "x$CONFIG_SHELL" != x; then
- for as_var in BASH_ENV ENV
- do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
- done
- export CONFIG_SHELL
- exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
-fi
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
- if test $as_have_required = no; then
- echo This script requires a shell more modern than all the
- echo shells that I found on your system. Please install a
- echo modern shell, or manually run the script under such a
- echo shell if you do have one.
- { (exit 1); exit 1; }
-fi
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-fi
-fi
+} # as_fn_mkdir_p
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
-(eval "as_func_return () {
- (exit \$1)
-}
-as_func_success () {
- as_func_return 0
-}
-as_func_failure () {
- as_func_return 1
-}
-as_func_ret_success () {
- return 0
-}
-as_func_ret_failure () {
- return 1
-}
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
-exitcode=0
-if as_func_success; then
- :
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
else
- exitcode=1
- echo as_func_success failed.
-fi
-
-if as_func_failure; then
- exitcode=1
- echo as_func_failure succeeded.
+ as_expr=false
fi
-if as_func_ret_success; then
- :
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
else
- exitcode=1
- echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
- exitcode=1
- echo as_func_ret_failure succeeded.
+ as_basename=false
fi
-if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
- :
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
else
- exitcode=1
- echo positional parameters were not saved.
+ as_dirname=false
fi
-test \$exitcode = 0") || {
- echo No shell found that supports shell functions.
- echo Please tell autoconf@gnu.org about your system,
- echo including any error possibly output before this
- echo message
-}
-
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
- # uniformly replaced by the line number. The first 'sed' inserts a
- # line-number line after each line using $LINENO; the second 'sed'
- # does the real work. The second script uses 'N' to pair each
- # line-number line with the line containing $LINENO, and appends
- # trailing '-' during substitution so that $LINENO is not a special
- # case at line end.
- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
- # scripts with optimization help from Paolo Bonzini. Blame Lee
- # E. McMahon (1931-1989) for sed's syntax. :-)
+ as_lineno_1=$LINENO as_lineno_1a=$LINENO
+ as_lineno_2=$LINENO as_lineno_2a=$LINENO
+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
sed -n '
p
/[$]LINENO/=
@@ -451,9 +491,12 @@ test \$exitcode = 0") || {
s/-\n.*//
' >$as_me.lineno &&
chmod +x "$as_me.lineno" ||
- { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
- { (exit 1); exit 1; }; }
+ { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+ # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+ # already done that, so ensure we don't try to do so again and fall
+ # in an infinite loop. This has already happened in practice.
+ _as_can_reexec=no; export _as_can_reexec
# Don't try to exec as it changes $[0], causing all sort of problems
# (the dirname of $[0] is not the place where we might find the
# original and so on. Autoconf is especially sensitive to this).
@@ -462,84 +505,55 @@ test \$exitcode = 0") || {
exit
}
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in
+case `echo -n x` in #(((((
-n*)
- case `echo 'x\c'` in
+ case `echo 'xy\c'` in
*c*) ECHO_T=' ';; # ECHO_T is single tab character.
- *) ECHO_C='\c';;
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
esac;;
*)
ECHO_N='-n';;
esac
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
rm -f conf$$ conf$$.exe conf$$.file
if test -d conf$$.dir; then
rm -f conf$$.dir/conf$$.file
else
rm -f conf$$.dir
- mkdir conf$$.dir
-fi
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -p'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -p'
-elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
-else
- as_ln_s='cp -p'
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -pR'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -pR'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -pR'
+ fi
+else
+ as_ln_s='cp -pR'
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
if mkdir -p . 2>/dev/null; then
- as_mkdir_p=:
+ as_mkdir_p='mkdir -p "$as_dir"'
else
test -d ./-p && rmdir ./-p
as_mkdir_p=false
fi
-if test -x / >/dev/null 2>&1; then
- as_test_x='test -x'
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option=
- fi
- as_test_x='
- eval sh -c '\''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in
- -*)set "./$1";;
- esac;
- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
- ???[sx]*):;;*)false;;esac;fi
- '\'' sh
- '
-fi
-as_executable_p=$as_test_x
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@@ -547,161 +561,14 @@ as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
# Sed expression to map a string onto a valid variable name.
as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-
-# Check that we are running under the correct shell.
SHELL=${CONFIG_SHELL-/bin/sh}
-case X$lt_ECHO in
-X*--fallback-echo)
- # Remove one level of quotation (which was required for Make).
- ECHO=`echo "$lt_ECHO" | sed 's,\\\\\$\\$0,'$0','`
- ;;
-esac
-
-ECHO=${lt_ECHO-echo}
-if test "X$1" = X--no-reexec; then
- # Discard the --no-reexec flag, and continue.
- shift
-elif test "X$1" = X--fallback-echo; then
- # Avoid inline document here, it may be left over
- :
-elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
- # Yippee, $ECHO works!
- :
-else
- # Restart under the correct shell.
- exec $SHELL "$0" --no-reexec ${1+"$@"}
-fi
-
-if test "X$1" = X--fallback-echo; then
- # used as fallback echo
- shift
- cat <<_LT_EOF
-$*
-_LT_EOF
- exit 0
-fi
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-if test -z "$lt_ECHO"; then
- if test "X${echo_test_string+set}" != Xset; then
- # find a string as large as possible, as long as the shell can cope with it
- for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
- # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
- if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
- { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
- then
- break
- fi
- done
- fi
-
- if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- :
- else
- # The Solaris, AIX, and Digital Unix default echo programs unquote
- # backslashes. This makes it impossible to quote backslashes using
- # echo "$something" | sed 's/\\/\\\\/g'
- #
- # So, first we look for a working echo in the user's PATH.
-
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
- for dir in $PATH /usr/ucb; do
- IFS="$lt_save_ifs"
- if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
- test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- ECHO="$dir/echo"
- break
- fi
- done
- IFS="$lt_save_ifs"
-
- if test "X$ECHO" = Xecho; then
- # We didn't find a better echo, so look for alternatives.
- if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- # This shell has a builtin print -r that does the trick.
- ECHO='print -r'
- elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
- test "X$CONFIG_SHELL" != X/bin/ksh; then
- # If we have ksh, try running configure again with it.
- ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
- export ORIGINAL_CONFIG_SHELL
- CONFIG_SHELL=/bin/ksh
- export CONFIG_SHELL
- exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
- else
- # Try using printf.
- ECHO='printf %s\n'
- if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- # Cool, printf works
- :
- elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
- test "X$echo_testing_string" = 'X\t' &&
- echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
- export CONFIG_SHELL
- SHELL="$CONFIG_SHELL"
- export SHELL
- ECHO="$CONFIG_SHELL $0 --fallback-echo"
- elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
- test "X$echo_testing_string" = 'X\t' &&
- echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- ECHO="$CONFIG_SHELL $0 --fallback-echo"
- else
- # maybe with a smaller string...
- prev=:
-
- for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
- if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
- then
- break
- fi
- prev="$cmd"
- done
- if test "$prev" != 'sed 50q "$0"'; then
- echo_test_string=`eval $prev`
- export echo_test_string
- exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
- else
- # Oops. We lost completely, so just stick with echo.
- ECHO=echo
- fi
- fi
- fi
- fi
- fi
-fi
-
-# Copy echo and quote the copy suitably for passing to libtool from
-# the Makefile, instead of quoting the original, which is used later.
-lt_ECHO=$ECHO
-if test "X$lt_ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
- lt_ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
-fi
-
-
-
-
-exec 7<&0 </dev/null 6>&1
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
# Name of the host.
-# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
# so uname gets run too.
ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
@@ -716,14 +583,14 @@ cross_compiling=no
subdirs=
MFLAGS=
MAKEFLAGS=
-SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='iptables'
PACKAGE_TARNAME='iptables'
-PACKAGE_VERSION='1.4.9.1'
-PACKAGE_STRING='iptables 1.4.9.1'
+PACKAGE_VERSION='1.4.21'
+PACKAGE_STRING='iptables 1.4.21'
PACKAGE_BUGREPORT=''
+PACKAGE_URL=''
# Factoring default headers for most tests.
ac_includes_default="\
@@ -761,141 +628,185 @@ ac_includes_default="\
# include <unistd.h>
#endif"
-ac_subst_vars='SHELL
-PATH_SEPARATOR
-PACKAGE_NAME
-PACKAGE_TARNAME
-PACKAGE_VERSION
-PACKAGE_STRING
-PACKAGE_BUGREPORT
-exec_prefix
-prefix
-program_transform_name
-bindir
-sbindir
-libexecdir
-datarootdir
-datadir
-sysconfdir
-sharedstatedir
-localstatedir
-includedir
-oldincludedir
-docdir
-infodir
-htmldir
-dvidir
-pdfdir
-psdir
-libdir
-localedir
-mandir
-DEFS
-ECHO_C
-ECHO_N
-ECHO_T
-LIBS
-build_alias
-host_alias
-target_alias
-INSTALL_PROGRAM
-INSTALL_SCRIPT
-INSTALL_DATA
-am__isrc
-CYGPATH_W
-PACKAGE
-VERSION
-ACLOCAL
-AUTOCONF
-AUTOMAKE
-AUTOHEADER
-MAKEINFO
-install_sh
-STRIP
-INSTALL_STRIP_PROGRAM
-mkdir_p
-AWK
-SET_MAKE
-am__leading_dot
-AMTAR
-am__tar
-am__untar
-CC
-CFLAGS
-LDFLAGS
-CPPFLAGS
-ac_ct_CC
-EXEEXT
-OBJEXT
-DEPDIR
-am__include
-am__quote
-AMDEP_TRUE
-AMDEP_FALSE
-AMDEPBACKSLASH
-CCDEPMODE
-am__fastdepCC_TRUE
-am__fastdepCC_FALSE
-LIBTOOL
-build
-build_cpu
-build_vendor
-build_os
-host
-host_cpu
-host_vendor
-host_os
-SED
-GREP
-EGREP
-FGREP
-LD
-DUMPBIN
-ac_ct_DUMPBIN
-NM
-LN_S
-AR
-RANLIB
-lt_ECHO
-DSYMUTIL
-NMEDIT
-LIPO
-OTOOL
-OTOOL64
-CPP
-blacklist_modules
-ENABLE_STATIC_TRUE
-ENABLE_STATIC_FALSE
-ENABLE_SHARED_TRUE
-ENABLE_SHARED_FALSE
-ENABLE_IPV4_TRUE
-ENABLE_IPV4_FALSE
-ENABLE_IPV6_TRUE
-ENABLE_IPV6_FALSE
-ENABLE_LARGEFILE_TRUE
-ENABLE_LARGEFILE_FALSE
-ENABLE_DEVEL_TRUE
-ENABLE_DEVEL_FALSE
-ENABLE_LIBIPQ_TRUE
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIBOBJS
+libxtables_vmajor
+libxtables_vage
+libxtables_vcurrent
+pkgdatadir
+pkgconfigdir
+xtlibdir
+ksourcedir
+kbuilddir
+kinclude_CPPFLAGS
+noundef_LDFLAGS
+regular_CPPFLAGS
+regular_CFLAGS
+HAVE_LIBNFNETLINK_FALSE
+HAVE_LIBNFNETLINK_TRUE
+libnfnetlink_LIBS
+libnfnetlink_CFLAGS
+ENABLE_SYNCONF_FALSE
+ENABLE_SYNCONF_TRUE
+ENABLE_BPFC_FALSE
+ENABLE_BPFC_TRUE
ENABLE_LIBIPQ_FALSE
+ENABLE_LIBIPQ_TRUE
+ENABLE_DEVEL_FALSE
+ENABLE_DEVEL_TRUE
+ENABLE_LARGEFILE_FALSE
+ENABLE_LARGEFILE_TRUE
+ENABLE_IPV6_FALSE
+ENABLE_IPV6_TRUE
+ENABLE_IPV4_FALSE
+ENABLE_IPV4_TRUE
+ENABLE_SHARED_FALSE
+ENABLE_SHARED_TRUE
+ENABLE_STATIC_FALSE
+ENABLE_STATIC_TRUE
+blacklist_modules
+HAVE_LIBNETFILTER_CONNTRACK_FALSE
+HAVE_LIBNETFILTER_CONNTRACK_TRUE
+libnetfilter_conntrack_LIBS
+libnetfilter_conntrack_CFLAGS
+PKG_CONFIG_LIBDIR
+PKG_CONFIG_PATH
PKG_CONFIG
-libnfnetlink_CFLAGS
-libnfnetlink_LIBS
-HAVE_LIBNFNETLINK_TRUE
-HAVE_LIBNFNETLINK_FALSE
-regular_CFLAGS
-kinclude_CFLAGS
-kbuilddir
-ksourcedir
-xtlibdir
-pkgconfigdir
-pkgdatadir
-libxtables_vcurrent
-libxtables_vage
-libxtables_vmajor
-LIBOBJS
-LTLIBOBJS'
+libiptc_LDFLAGS2
+CPP
+OTOOL64
+OTOOL
+LIPO
+NMEDIT
+DSYMUTIL
+MANIFEST_TOOL
+RANLIB
+DLLTOOL
+OBJDUMP
+LN_S
+NM
+ac_ct_DUMPBIN
+DUMPBIN
+LD
+FGREP
+EGREP
+GREP
+SED
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+LIBTOOL
+ac_ct_AR
+AR
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+am__nodep
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_dependency_tracking
+enable_static
+enable_shared
+with_pic
+enable_fast_install
+with_gnu_ld
+with_sysroot
+enable_libtool_lock
+with_kernel
+with_kbuild
+with_ksource
+with_xtlibdir
+enable_ipv4
+enable_ipv6
+enable_largefile
+enable_devel
+enable_libipq
+enable_bpf_compiler
+enable_nfsynproxy
+with_pkgconfigdir
+'
ac_precious_vars='build_alias
host_alias
target_alias
@@ -906,6 +817,10 @@ LIBS
CPPFLAGS
CPP
PKG_CONFIG
+PKG_CONFIG_PATH
+PKG_CONFIG_LIBDIR
+libnetfilter_conntrack_CFLAGS
+libnetfilter_conntrack_LIBS
libnfnetlink_CFLAGS
libnfnetlink_LIBS'
@@ -913,6 +828,8 @@ libnfnetlink_LIBS'
# Initialize some variables set by options.
ac_init_help=
ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
# The variables have the same names as the options, with
# dashes changed to underlines.
cache_file=/dev/null
@@ -968,8 +885,9 @@ do
fi
case $ac_option in
- *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
- *) ac_optarg=yes ;;
+ *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *=) ac_optarg= ;;
+ *) ac_optarg=yes ;;
esac
# Accept the important Cygnus configure options, so we can diagnose typos.
@@ -1011,13 +929,20 @@ do
datarootdir=$ac_optarg ;;
-disable-* | --disable-*)
- ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid feature name: $ac_feature" >&2
- { (exit 1); exit 1; }; }
- ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
- eval enable_$ac_feature=no ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=no ;;
-docdir | --docdir | --docdi | --doc | --do)
ac_prev=docdir ;;
@@ -1030,13 +955,20 @@ do
dvidir=$ac_optarg ;;
-enable-* | --enable-*)
- ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid feature name: $ac_feature" >&2
- { (exit 1); exit 1; }; }
- ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
- eval enable_$ac_feature=\$ac_optarg ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=\$ac_optarg ;;
-exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
| --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
@@ -1227,22 +1159,36 @@ do
ac_init_version=: ;;
-with-* | --with-*)
- ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid package name: $ac_package" >&2
- { (exit 1); exit 1; }; }
- ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
- eval with_$ac_package=\$ac_optarg ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=\$ac_optarg ;;
-without-* | --without-*)
- ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid package name: $ac_package" >&2
- { (exit 1); exit 1; }; }
- ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
- eval with_$ac_package=no ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=no ;;
--x)
# Obsolete; use --with-x.
@@ -1262,26 +1208,26 @@ do
| --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
x_libraries=$ac_optarg ;;
- -*) { echo "$as_me: error: unrecognized option: $ac_option
-Try \`$0 --help' for more information." >&2
- { (exit 1); exit 1; }; }
+ -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
;;
*=*)
ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
# Reject names that are not valid shell variable names.
- expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
- { (exit 1); exit 1; }; }
+ case $ac_envvar in #(
+ '' | [0-9]* | *[!_$as_cr_alnum]* )
+ as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+ esac
eval $ac_envvar=\$ac_optarg
export $ac_envvar ;;
*)
# FIXME: should be removed in autoconf 3.0.
- echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- echo "$as_me: WARNING: invalid host type: $ac_option" >&2
- : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+ $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
;;
esac
@@ -1289,23 +1235,36 @@ done
if test -n "$ac_prev"; then
ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- { echo "$as_me: error: missing argument to $ac_option" >&2
- { (exit 1); exit 1; }; }
+ as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+ case $enable_option_checking in
+ no) ;;
+ fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+ *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ esac
fi
-# Be sure to have absolute directory names.
+# Check all directory arguments for consistency.
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir
do
eval ac_val=\$$ac_var
+ # Remove trailing slashes.
+ case $ac_val in
+ */ )
+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+ eval $ac_var=\$ac_val;;
+ esac
+ # Be sure to have absolute directory names.
case $ac_val in
[\\/$]* | ?:[\\/]* ) continue;;
NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
esac
- { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
- { (exit 1); exit 1; }; }
+ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
done
# There might be people who depend on the old broken behavior: `$host'
@@ -1319,8 +1278,6 @@ target=$target_alias
if test "x$host_alias" != x; then
if test "x$build_alias" = x; then
cross_compiling=maybe
- echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
- If a cross compiler is detected then cross compile mode will be used." >&2
elif test "x$build_alias" != "x$host_alias"; then
cross_compiling=yes
fi
@@ -1335,23 +1292,21 @@ test "$silent" = yes && exec 6>/dev/null
ac_pwd=`pwd` && test -n "$ac_pwd" &&
ac_ls_di=`ls -di .` &&
ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
- { echo "$as_me: error: Working directory cannot be determined" >&2
- { (exit 1); exit 1; }; }
+ as_fn_error $? "working directory cannot be determined"
test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
- { echo "$as_me: error: pwd does not report name of working directory" >&2
- { (exit 1); exit 1; }; }
+ as_fn_error $? "pwd does not report name of working directory"
# Find the source files, if location was not specified.
if test -z "$srcdir"; then
ac_srcdir_defaulted=yes
# Try the directory containing this script, then the parent directory.
- ac_confdir=`$as_dirname -- "$0" ||
-$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$0" : 'X\(//\)[^/]' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$0" |
+ ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_myself" : 'X\(//\)[^/]' \| \
+ X"$as_myself" : 'X\(//\)$' \| \
+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -1378,13 +1333,11 @@ else
fi
if test ! -r "$srcdir/$ac_unique_file"; then
test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
- { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
- { (exit 1); exit 1; }; }
+ as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
fi
ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
ac_abs_confdir=`(
- cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2
- { (exit 1); exit 1; }; }
+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
pwd)`
# When building in place, set srcdir=.
if test "$ac_abs_confdir" = "$ac_pwd"; then
@@ -1410,7 +1363,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures iptables 1.4.9.1 to adapt to many kinds of systems.
+\`configure' configures iptables 1.4.21 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1424,7 +1377,7 @@ Configuration:
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking...' messages
+ -q, --quiet, --silent do not print \`checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for \`--cache-file=config.cache'
-n, --no-create do not create output files
@@ -1432,9 +1385,9 @@ Configuration:
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
- [$ac_default_prefix]
+ [$ac_default_prefix]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- [PREFIX]
+ [PREFIX]
By default, \`make install' will install all the files in
\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
@@ -1444,25 +1397,25 @@ for instance \`--prefix=\$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
- --infodir=DIR info documentation [DATAROOTDIR/info]
- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
- --mandir=DIR man documentation [DATAROOTDIR/man]
- --docdir=DIR documentation root [DATAROOTDIR/doc/iptables]
- --htmldir=DIR html documentation [DOCDIR]
- --dvidir=DIR dvi documentation [DOCDIR]
- --pdfdir=DIR pdf documentation [DOCDIR]
- --psdir=DIR ps documentation [DOCDIR]
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root [DATAROOTDIR/doc/iptables]
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
_ACEOF
cat <<\_ACEOF
@@ -1480,11 +1433,12 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of iptables 1.4.9.1:";;
+ short | recursive ) echo "Configuration of iptables 1.4.21:";;
esac
cat <<\_ACEOF
Optional Features:
+ --disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-dependency-tracking speeds up one-time build
@@ -1499,22 +1453,26 @@ Optional Features:
--disable-largefile Do not build largefile support
--enable-devel Install Xtables development headers
--enable-libipq Build and install libipq
+ --enable-bpf-compiler Build bpf compiler
+ --enable-nfsynproxy Build SYNPROXY configuration tool
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --with-pic try to use only PIC/non-PIC objects [default=use
+ --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
both]
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
+ --with-sysroot=DIR Search for dependent libraries within DIR
+ (or the compiler's sysroot if not specified).
--with-kernel=PATH Path to kernel source/build directory
--with-kbuild=PATH Path to kernel build directory
- [/lib/modules/CURRENT/build]
+ [[/lib/modules/CURRENT/build]]
--with-ksource=PATH Path to kernel source directory
- [/lib/modules/CURRENT/source]
+ [[/lib/modules/CURRENT/source]]
--with-xtlibdir=PATH Path where to install Xtables extensions
- [LIBEXECDIR/xtables]
+ [[LIBEXECDIR/xtables]]
--with-pkgconfigdir=PATH
- Path to the pkgconfig directory [LIBDIR/pkgconfig]
+ Path to the pkgconfig directory [[LIBDIR/pkgconfig]]
Some influential environment variables:
CC C compiler command
@@ -1522,10 +1480,19 @@ Some influential environment variables:
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
LIBS libraries to pass to the linker, e.g. -l<library>
- CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CPP C preprocessor
PKG_CONFIG path to pkg-config utility
+ PKG_CONFIG_PATH
+ directories to add to pkg-config's search path
+ PKG_CONFIG_LIBDIR
+ path overriding pkg-config's built-in search path
+ libnetfilter_conntrack_CFLAGS
+ C compiler flags for libnetfilter_conntrack, overriding
+ pkg-config
+ libnetfilter_conntrack_LIBS
+ linker flags for libnetfilter_conntrack, overriding pkg-config
libnfnetlink_CFLAGS
C compiler flags for libnfnetlink, overriding pkg-config
libnfnetlink_LIBS
@@ -1534,6 +1501,7 @@ Some influential environment variables:
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
+Report bugs to the package provider.
_ACEOF
ac_status=$?
fi
@@ -1541,15 +1509,17 @@ fi
if test "$ac_init_help" = "recursive"; then
# If there are subdirs, report their specific --help.
for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d "$ac_dir" || continue
+ test -d "$ac_dir" ||
+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+ continue
ac_builddir=.
case "$ac_dir" in
.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
*)
- ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
# A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'`
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
case $ac_top_builddir_sub in
"") ac_top_builddir_sub=. ac_top_build_prefix= ;;
*) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
@@ -1585,7 +1555,7 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
echo &&
$SHELL "$ac_srcdir/configure" --help=recursive
else
- echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
fi || ac_status=$?
cd "$ac_pwd" || { ac_status=$?; break; }
done
@@ -1594,22 +1564,556 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-iptables configure 1.4.9.1
-generated by GNU Autoconf 2.61
+iptables configure 1.4.21
+generated by GNU Autoconf 2.69
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
exit
fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ test -x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } > conftest.i && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: program exited with status $ac_status" >&5
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=$ac_status
+fi
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $2 (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_func
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if eval \${$3+:} false; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_header_compiler=yes
+else
+ ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ ac_header_preproc=yes
+else
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+ yes:no: )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+ ;;
+ no:yes:* )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+ ;;
+esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0;
+return test_array [0];
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid; break
+else
+ as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0;
+return test_array [0];
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=$ac_mid; break
+else
+ as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ ac_lo= ac_hi=
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid
+else
+ as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ return 1;
+ if (($2) < 0)
+ {
+ long int i = longval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%ld", i);
+ }
+ else
+ {
+ unsigned long int i = ulongval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%lu", i);
+ }
+ /* Do not output a trailing newline, as this causes \r\n confusion
+ on some platforms. */
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+ ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+ fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by iptables $as_me 1.4.9.1, which was
-generated by GNU Autoconf 2.61. Invocation command line was
+It was created by iptables $as_me 1.4.21, which was
+generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -1645,8 +2149,8 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- echo "PATH: $as_dir"
-done
+ $as_echo "PATH: $as_dir"
+ done
IFS=$as_save_IFS
} >&5
@@ -1680,12 +2184,12 @@ do
| -silent | --silent | --silen | --sile | --sil)
continue ;;
*\'*)
- ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
esac
case $ac_pass in
- 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
2)
- ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+ as_fn_append ac_configure_args1 " '$ac_arg'"
if test $ac_must_keep_next = true; then
ac_must_keep_next=false # Got value, back to normal.
else
@@ -1701,13 +2205,13 @@ do
-* ) ac_must_keep_next=true ;;
esac
fi
- ac_configure_args="$ac_configure_args '$ac_arg'"
+ as_fn_append ac_configure_args " '$ac_arg'"
;;
esac
done
done
-$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
-$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
# When interrupted or exit'd, cleanup temporary files, and complete
# config.log. We remove comments because anyway the quotes in there
@@ -1719,11 +2223,9 @@ trap 'exit_status=$?
{
echo
- cat <<\_ASBOX
-## ---------------- ##
+ $as_echo "## ---------------- ##
## Cache variables. ##
-## ---------------- ##
-_ASBOX
+## ---------------- ##"
echo
# The following way of writing the cache mishandles newlines in values,
(
@@ -1732,12 +2234,13 @@ _ASBOX
case $ac_val in #(
*${as_nl}*)
case $ac_var in #(
- *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
-echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
esac
case $ac_var in #(
_ | IFS | as_nl) ;; #(
- *) $as_unset $ac_var ;;
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
esac ;;
esac
done
@@ -1756,128 +2259,136 @@ echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
)
echo
- cat <<\_ASBOX
-## ----------------- ##
+ $as_echo "## ----------------- ##
## Output variables. ##
-## ----------------- ##
-_ASBOX
+## ----------------- ##"
echo
for ac_var in $ac_subst_vars
do
eval ac_val=\$$ac_var
case $ac_val in
- *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
esac
- echo "$ac_var='\''$ac_val'\''"
+ $as_echo "$ac_var='\''$ac_val'\''"
done | sort
echo
if test -n "$ac_subst_files"; then
- cat <<\_ASBOX
-## ------------------- ##
+ $as_echo "## ------------------- ##
## File substitutions. ##
-## ------------------- ##
-_ASBOX
+## ------------------- ##"
echo
for ac_var in $ac_subst_files
do
eval ac_val=\$$ac_var
case $ac_val in
- *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
esac
- echo "$ac_var='\''$ac_val'\''"
+ $as_echo "$ac_var='\''$ac_val'\''"
done | sort
echo
fi
if test -s confdefs.h; then
- cat <<\_ASBOX
-## ----------- ##
+ $as_echo "## ----------- ##
## confdefs.h. ##
-## ----------- ##
-_ASBOX
+## ----------- ##"
echo
cat confdefs.h
echo
fi
test "$ac_signal" != 0 &&
- echo "$as_me: caught signal $ac_signal"
- echo "$as_me: exit $exit_status"
+ $as_echo "$as_me: caught signal $ac_signal"
+ $as_echo "$as_me: exit $exit_status"
} >&5
rm -f core *.core core.conftest.* &&
rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
exit $exit_status
' 0
for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
done
ac_signal=0
# confdefs.h avoids OS command line length limits that DEFS can exceed.
rm -f -r conftest* confdefs.h
+$as_echo "/* confdefs.h */" > confdefs.h
+
# Predefined preprocessor variables.
cat >>confdefs.h <<_ACEOF
#define PACKAGE_NAME "$PACKAGE_NAME"
_ACEOF
-
cat >>confdefs.h <<_ACEOF
#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
_ACEOF
-
cat >>confdefs.h <<_ACEOF
#define PACKAGE_VERSION "$PACKAGE_VERSION"
_ACEOF
-
cat >>confdefs.h <<_ACEOF
#define PACKAGE_STRING "$PACKAGE_STRING"
_ACEOF
-
cat >>confdefs.h <<_ACEOF
#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
_ACEOF
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
# Let the site file select an alternate cache file if it wants to.
-# Prefer explicitly selected file to automatically selected ones.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
if test -n "$CONFIG_SITE"; then
- set x "$CONFIG_SITE"
+ # We do not want a PATH search for config.site.
+ case $CONFIG_SITE in #((
+ -*) ac_site_file1=./$CONFIG_SITE;;
+ */*) ac_site_file1=$CONFIG_SITE;;
+ *) ac_site_file1=./$CONFIG_SITE;;
+ esac
elif test "x$prefix" != xNONE; then
- set x "$prefix/share/config.site" "$prefix/etc/config.site"
+ ac_site_file1=$prefix/share/config.site
+ ac_site_file2=$prefix/etc/config.site
else
- set x "$ac_default_prefix/share/config.site" \
- "$ac_default_prefix/etc/config.site"
+ ac_site_file1=$ac_default_prefix/share/config.site
+ ac_site_file2=$ac_default_prefix/etc/config.site
fi
-shift
-for ac_site_file
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
do
- if test -r "$ac_site_file"; then
- { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
-echo "$as_me: loading site script $ac_site_file" >&6;}
+ test "x$ac_site_file" = xNONE && continue
+ if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file"
+ . "$ac_site_file" \
+ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
fi
done
if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special
- # files actually), so we avoid doing that.
- if test -f "$cache_file"; then
- { echo "$as_me:$LINENO: loading cache $cache_file" >&5
-echo "$as_me: loading cache $cache_file" >&6;}
+ # Some versions of bash will fail to source /dev/null (special files
+ # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
case $cache_file in
[\\/]* | ?:[\\/]* ) . "$cache_file";;
*) . "./$cache_file";;
esac
fi
else
- { echo "$as_me:$LINENO: creating cache $cache_file" >&5
-echo "$as_me: creating cache $cache_file" >&6;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
>$cache_file
fi
@@ -1891,68 +2402,56 @@ for ac_var in $ac_precious_vars; do
eval ac_new_val=\$ac_env_${ac_var}_value
case $ac_old_set,$ac_new_set in
set,)
- { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
ac_cache_corrupted=: ;;
,set)
- { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
ac_cache_corrupted=: ;;
,);;
*)
if test "x$ac_old_val" != "x$ac_new_val"; then
- { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
-echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- { echo "$as_me:$LINENO: former value: $ac_old_val" >&5
-echo "$as_me: former value: $ac_old_val" >&2;}
- { echo "$as_me:$LINENO: current value: $ac_new_val" >&5
-echo "$as_me: current value: $ac_new_val" >&2;}
- ac_cache_corrupted=:
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
fi;;
esac
# Pass precious variables to config.status.
if test "$ac_new_set" = set; then
case $ac_new_val in
- *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
*) ac_arg=$ac_var=$ac_new_val ;;
esac
case " $ac_configure_args " in
*" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
esac
fi
done
if $ac_cache_corrupted; then
- { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
-echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
-echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
- { (exit 1); exit 1; }; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@@ -1963,14 +2462,11 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
# See libtool.info "Libtool's versioning system"
-libxtables_vcurrent=5
+libxtables_vcurrent=10
libxtables_vage=0
-ac_config_headers="$ac_config_headers config.h"
-
-
ac_aux_dir=
-for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+for ac_dir in build-aux "$srcdir"/build-aux; do
if test -f "$ac_dir/install-sh"; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install-sh -c"
@@ -1986,9 +2482,7 @@ for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
fi
done
if test -z "$ac_aux_dir"; then
- { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5
-echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "cannot find install-sh, install.sh, or shtool in build-aux \"$srcdir\"/build-aux" "$LINENO" 5
fi
# These three variables are undocumented and unsupported,
@@ -2000,6 +2494,9 @@ ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+ac_config_headers="$ac_config_headers config.h"
+
+
# Find a good install program. We prefer a C program (faster),
# so one script is as good as another. But avoid the broken or
# incompatible versions:
@@ -2013,22 +2510,23 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
# OS/2's system install, which has a completely different semantic
# ./install, which can be erroneously created by make from ./install.sh.
-{ echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
-echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; }
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
if test -z "$INSTALL"; then
-if test "${ac_cv_path_install+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+if ${ac_cv_path_install+:} false; then :
+ $as_echo_n "(cached) " >&6
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in
- ./ | .// | /cC/* | \
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+ ./ | .// | /[cC]/* | \
/etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
/usr/ucb/* ) ;;
*)
# OSF1 and SCO ODT 3.0 have their own names for install.
@@ -2036,7 +2534,7 @@ case $as_dir/ in
# by default.
for ac_prog in ginstall scoinst install; do
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
if test $ac_prog = install &&
grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# AIX install. It has an incompatible calling convention.
@@ -2046,17 +2544,29 @@ case $as_dir/ in
# program-specific install script used by HP pwplus--don't use.
:
else
- ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
- break 3
+ rm -rf conftest.one conftest.two conftest.dir
+ echo one > conftest.one
+ echo two > conftest.two
+ mkdir conftest.dir
+ if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ test -s conftest.one && test -s conftest.two &&
+ test -s conftest.dir/conftest.one &&
+ test -s conftest.dir/conftest.two
+ then
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
fi
fi
done
done
;;
esac
-done
+
+ done
IFS=$as_save_IFS
+rm -rf conftest.one conftest.two conftest.dir
fi
if test "${ac_cv_path_install+set}" = set; then
@@ -2069,8 +2579,8 @@ fi
INSTALL=$ac_install_sh
fi
fi
-{ echo "$as_me:$LINENO: result: $INSTALL" >&5
-echo "${ECHO_T}$INSTALL" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
# It thinks the first close brace ends the variable substitution.
@@ -2080,23 +2590,36 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-am__api_version='1.10'
+am__api_version='1.11'
-{ echo "$as_me:$LINENO: checking whether build environment is sane" >&5
-echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
# Just in case
sleep 1
echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[\\\"\#\$\&\'\`$am_lf]*)
+ as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;;
+esac
+case $srcdir in
+ *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
+ as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;;
+esac
+
# Do `set' in a subshell so we don't clobber the current shell's
# arguments. Must try -L first in case configure is actually a
# symlink; some systems play weird games with the mod time of symlinks
# (eg FreeBSD returns the mod time of the symlink's containing
# directory).
if (
- set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
if test "$*" = "X"; then
# -L didn't work.
- set X `ls -t $srcdir/configure conftest.file`
+ set X `ls -t "$srcdir/configure" conftest.file`
fi
rm -f conftest.file
if test "$*" != "X $srcdir/configure conftest.file" \
@@ -2106,11 +2629,8 @@ if (
# if, for instance, CONFIG_SHELL is bash and it inherits a
# broken ls alias from the environment. This has actually
# happened. Such a system could not be considered "sane".
- { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken
-alias in your environment" >&5
-echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken
-alias in your environment" >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
+alias in your environment" "$LINENO" 5
fi
test "$2" = conftest.file
@@ -2119,54 +2639,164 @@ then
# Ok.
:
else
- { { echo "$as_me:$LINENO: error: newly created file is older than distributed files!
-Check your system clock" >&5
-echo "$as_me: error: newly created file is older than distributed files!
-Check your system clock" >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "newly created file is older than distributed files!
+Check your system clock" "$LINENO" 5
fi
-{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
test "$program_prefix" != NONE &&
program_transform_name="s&^&$program_prefix&;$program_transform_name"
# Use a double $ so make ignores it.
test "$program_suffix" != NONE &&
program_transform_name="s&\$&$program_suffix&;$program_transform_name"
-# Double any \ or $. echo might interpret backslashes.
+# Double any \ or $.
# By default was `s,x,x', remove it if useless.
-cat <<\_ACEOF >conftest.sed
-s/[\\$]/&&/g;s/;s,x,x,$//
-_ACEOF
-program_transform_name=`echo $program_transform_name | sed -f conftest.sed`
-rm -f conftest.sed
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
# expand $ac_aux_dir to an absolute path
am_aux_dir=`cd $ac_aux_dir && pwd`
-test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
+if test x"${MISSING+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+ *)
+ MISSING="\${SHELL} $am_aux_dir/missing" ;;
+ esac
+fi
# Use eval to expand $SHELL
if eval "$MISSING --run true"; then
am_missing_run="$MISSING --run "
else
am_missing_run=
- { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
-echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+ *)
+ install_sh="\${SHELL} $am_aux_dir/install-sh"
+ esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_STRIP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
fi
-{ echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5
-echo $ECHO_N "checking for a thread-safe mkdir -p... $ECHO_C" >&6; }
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
if test -z "$MKDIR_P"; then
- if test "${ac_cv_path_mkdir+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ if ${ac_cv_path_mkdir+:} false; then :
+ $as_echo_n "(cached) " >&6
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_prog in mkdir gmkdir; do
+ for ac_prog in mkdir gmkdir; do
for ac_exec_ext in '' $ac_executable_extensions; do
- { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+ as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue
case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
'mkdir (GNU coreutils) '* | \
'mkdir (coreutils) '* | \
@@ -2176,11 +2806,12 @@ do
esac
done
done
-done
+ done
IFS=$as_save_IFS
fi
+ test -d ./--version && rmdir ./--version
if test "${ac_cv_path_mkdir+set}" = set; then
MKDIR_P="$ac_cv_path_mkdir -p"
else
@@ -2188,12 +2819,11 @@ fi
# value for MKDIR_P within a source directory, because that will
# break other packages using the cache if that directory is
# removed, or if the value is a relative name.
- test -d ./--version && rmdir ./--version
MKDIR_P="$ac_install_sh -d"
fi
fi
-{ echo "$as_me:$LINENO: result: $MKDIR_P" >&5
-echo "${ECHO_T}$MKDIR_P" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
mkdir_p="$MKDIR_P"
case $mkdir_p in
@@ -2205,10 +2835,10 @@ for ac_prog in gawk mawk nawk awk
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_AWK+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AWK+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$AWK"; then
ac_cv_prog_AWK="$AWK" # Let the user override the test.
@@ -2218,43 +2848,44 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_AWK="$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
AWK=$ac_cv_prog_AWK
if test -n "$AWK"; then
- { echo "$as_me:$LINENO: result: $AWK" >&5
-echo "${ECHO_T}$AWK" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
test -n "$AWK" && break
done
-{ echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6; }
-set x ${MAKE-make}; ac_make=`echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then :
+ $as_echo_n "(cached) " >&6
else
cat >conftest.make <<\_ACEOF
SHELL = /bin/sh
all:
@echo '@@@%%%=$(MAKE)=@@@%%%'
_ACEOF
-# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
case `${MAKE-make} -f conftest.make 2>/dev/null` in
*@@@%%%=?*=@@@%%%*)
eval ac_cv_prog_make_${ac_make}_set=yes;;
@@ -2264,12 +2895,12 @@ esac
rm -f conftest.make
fi
if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
SET_MAKE=
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
SET_MAKE="MAKE=${MAKE-make}"
fi
@@ -2288,9 +2919,7 @@ if test "`cd $srcdir && pwd`" != "`pwd`"; then
am__isrc=' -I$(srcdir)'
# test to see if srcdir already configured
if test -f $srcdir/config.status; then
- { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
-echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
fi
fi
@@ -2306,7 +2935,7 @@ fi
# Define the identity of the package.
PACKAGE='iptables'
- VERSION='1.4.9.1'
+ VERSION='1.4.21'
cat >>confdefs.h <<_ACEOF
@@ -2334,119 +2963,13 @@ AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
-install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"}
-
-# Installed binaries are usually stripped using `strip' when the user
-# run `make install-strip'. However `strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the `STRIP' environment variable to overrule this program.
-if test "$cross_compiling" != no; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_STRIP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { echo "$as_me:$LINENO: result: $STRIP" >&5
-echo "${ECHO_T}$STRIP" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_STRIP="strip"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
-echo "${ECHO_T}$ac_ct_STRIP" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-
# We need awk for the "check" target. The system "awk" is bad on
# some platforms.
-# Always define AMTAR for backward compatibility.
-
-AMTAR=${AMTAR-"${am_missing_run}tar"}
+# Always define AMTAR for backward compatibility. Yes, it's still used
+# in the wild :-( We should find a proper way to deprecate it ...
+AMTAR='$${TAR-tar}'
-am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
@@ -2460,10 +2983,10 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
@@ -2473,25 +2996,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}gcc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -2500,10 +3023,10 @@ if test -z "$ac_cv_prog_CC"; then
ac_ct_CC=$CC
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
@@ -2513,25 +3036,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="gcc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
- { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
if test "x$ac_ct_CC" = x; then
@@ -2539,12 +3062,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
CC=$ac_ct_CC
@@ -2557,10 +3076,10 @@ if test -z "$CC"; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
@@ -2570,25 +3089,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}cc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -2597,10 +3116,10 @@ fi
if test -z "$CC"; then
# Extract the first word of "cc", so it can be a program name with args.
set dummy cc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
@@ -2611,18 +3130,18 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
ac_prog_rejected=yes
continue
fi
ac_cv_prog_CC="cc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
if test $ac_prog_rejected = yes; then
@@ -2641,11 +3160,11 @@ fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -2656,10 +3175,10 @@ if test -z "$CC"; then
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
@@ -2669,25 +3188,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -2700,10 +3219,10 @@ if test -z "$CC"; then
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
@@ -2713,25 +3232,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
- { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -2743,12 +3262,8 @@ done
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
CC=$ac_ct_CC
@@ -2758,51 +3273,37 @@ fi
fi
-test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&5
-echo "$as_me: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
# Provide some information about the compiler.
-echo "$as_me:$LINENO: checking for C compiler version" >&5
-ac_compiler=`set X $ac_compile; echo $2`
-{ (ac_try="$ac_compiler --version >&5"
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compiler --version >&5") 2>&5
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (ac_try="$ac_compiler -v >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compiler -v >&5") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (ac_try="$ac_compiler -V >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compiler -V >&5") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -2814,42 +3315,38 @@ main ()
}
_ACEOF
ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.exe b.out"
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
# Try to create an executable without -o first, disregard a.out.
# It will help us diagnose broken compilers, and finding out an intuition
# of exeext.
-{ echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
-echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; }
-ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-#
-# List of possible output files, starting from the most likely.
-# The algorithm is not robust to junk in `.', hence go to wildcards (a.*)
-# only as a last resort. b.out is created by i960 compilers.
-ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out'
-#
-# The IRIX 6 linker writes into existing files which may not be
-# executable, retaining their permissions. Remove them first so a
-# subsequent execution test works.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
ac_rmfiles=
for ac_file in $ac_files
do
case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
* ) ac_rmfiles="$ac_rmfiles $ac_file";;
esac
done
rm -f $ac_rmfiles
-if { (ac_try="$ac_link_default"
+if { { ac_try="$ac_link_default"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
(eval "$ac_link_default") 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
# Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
# in a Makefile. We should not override ac_cv_exeext if it was cached,
@@ -2859,14 +3356,14 @@ for ac_file in $ac_files ''
do
test -f "$ac_file" || continue
case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj )
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
;;
[ab].out )
# We found the default executable, but exeext='' is most
# certainly right.
break;;
*.* )
- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
then :; else
ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
fi
@@ -2885,78 +3382,41 @@ test "$ac_cv_exeext" = no && ac_cv_exeext=
else
ac_file=''
fi
-
-{ echo "$as_me:$LINENO: result: $ac_file" >&5
-echo "${ECHO_T}$ac_file" >&6; }
-if test -z "$ac_file"; then
- echo "$as_me: failed program was:" >&5
+if test -z "$ac_file"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-{ { echo "$as_me:$LINENO: error: C compiler cannot create executables
-See \`config.log' for more details." >&5
-echo "$as_me: error: C compiler cannot create executables
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
fi
-
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
ac_exeext=$ac_cv_exeext
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ echo "$as_me:$LINENO: checking whether the C compiler works" >&5
-echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; }
-# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
-# If not cross compiling, check that we can run a simple program.
-if test "$cross_compiling" != yes; then
- if { ac_try='./$ac_file'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { echo "$as_me:$LINENO: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
- fi
- fi
-fi
-{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-
-rm -f a.out a.exe conftest$ac_cv_exeext b.out
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
ac_clean_files=$ac_clean_files_save
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
-echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; }
-{ echo "$as_me:$LINENO: result: $cross_compiling" >&5
-echo "${ECHO_T}$cross_compiling" >&6; }
-
-{ echo "$as_me:$LINENO: checking for suffix of executables" >&5
-echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; }
-if { (ac_try="$ac_link"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
(eval "$ac_link") 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
# If both `conftest.exe' and `conftest' are `present' (well, observable)
# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
# work properly (i.e., refer to `conftest.exe'), while it won't with
@@ -2964,37 +3424,90 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
for ac_file in conftest.exe conftest conftest.*; do
test -f "$ac_file" || continue
case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
*.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
break;;
* ) break;;
esac
done
else
- { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5; }
fi
-
-rm -f conftest$ac_cv_exeext
-{ echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
-echo "${ECHO_T}$ac_cv_exeext" >&6; }
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
rm -f conftest.$ac_ext
EXEEXT=$ac_cv_exeext
ac_exeext=$EXEEXT
-{ echo "$as_me:$LINENO: checking for suffix of object files" >&5
-echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; }
-if test "${ac_cv_objext+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+ { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if { ac_try='./conftest$ac_cv_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if ${ac_cv_objext+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -3006,51 +3519,46 @@ main ()
}
_ACEOF
rm -f conftest.o conftest.obj
-if { (ac_try="$ac_compile"
+if { { ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
(eval "$ac_compile") 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
for ac_file in conftest.o conftest.obj conftest.*; do
test -f "$ac_file" || continue;
case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;;
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
*) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
break;;
esac
done
else
- echo "$as_me: failed program was:" >&5
+ $as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute suffix of object files: cannot compile
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5; }
fi
-
rm -f conftest.$ac_cv_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
-echo "${ECHO_T}$ac_cv_objext" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
OBJEXT=$ac_cv_objext
ac_objext=$OBJEXT
-{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; }
-if test "${ac_cv_c_compiler_gnu+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if ${ac_cv_c_compiler_gnu+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -3064,54 +3572,34 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
+if ac_fn_c_try_compile "$LINENO"; then :
ac_compiler_gnu=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_compiler_gnu=no
+ ac_compiler_gnu=no
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
ac_cv_c_compiler_gnu=$ac_compiler_gnu
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; }
-GCC=`test $ac_compiler_gnu = yes && echo yes`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
ac_test_CFLAGS=${CFLAGS+set}
ac_save_CFLAGS=$CFLAGS
-{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
-echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; }
-if test "${ac_cv_prog_cc_g+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if ${ac_cv_prog_cc_g+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_save_c_werror_flag=$ac_c_werror_flag
ac_c_werror_flag=yes
ac_cv_prog_cc_g=no
CFLAGS="-g"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -3122,34 +3610,11 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
+if ac_fn_c_try_compile "$LINENO"; then :
ac_cv_prog_cc_g=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- CFLAGS=""
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -3160,35 +3625,12 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- :
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+if ac_fn_c_try_compile "$LINENO"; then :
- ac_c_werror_flag=$ac_save_c_werror_flag
+else
+ ac_c_werror_flag=$ac_save_c_werror_flag
CFLAGS="-g"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -3199,42 +3641,18 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
+if ac_fn_c_try_compile "$LINENO"; then :
ac_cv_prog_cc_g=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
ac_c_werror_flag=$ac_save_c_werror_flag
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
if test "$ac_test_CFLAGS" = set; then
CFLAGS=$ac_save_CFLAGS
elif test $ac_cv_prog_cc_g = yes; then
@@ -3250,23 +3668,18 @@ else
CFLAGS=
fi
fi
-{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
-echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; }
-if test "${ac_cv_prog_cc_c89+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if ${ac_cv_prog_cc_c89+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_cv_prog_cc_c89=no
ac_save_CC=$CC
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdarg.h>
#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
+struct stat;
/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
struct buf { int x; };
FILE * (*rcsopen) (struct buf *, struct stat *, int);
@@ -3318,31 +3731,9 @@ for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
do
CC="$ac_save_CC $ac_arg"
- rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
+ if ac_fn_c_try_compile "$LINENO"; then :
ac_cv_prog_cc_c89=$ac_arg
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
fi
-
rm -f core conftest.err conftest.$ac_objext
test "x$ac_cv_prog_cc_c89" != "xno" && break
done
@@ -3353,17 +3744,19 @@ fi
# AC_CACHE_VAL
case "x$ac_cv_prog_cc_c89" in
x)
- { echo "$as_me:$LINENO: result: none needed" >&5
-echo "${ECHO_T}none needed" >&6; } ;;
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
xno)
- { echo "$as_me:$LINENO: result: unsupported" >&5
-echo "${ECHO_T}unsupported" >&6; } ;;
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
*)
CC="$CC $ac_cv_prog_cc_c89"
- { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;;
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+fi
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@@ -3378,50 +3771,51 @@ ac_config_commands="$ac_config_commands depfiles"
am_make=${MAKE-make}
cat > confinc << 'END'
am__doit:
- @echo done
+ @echo this is the am__doit target
.PHONY: am__doit
END
# If we don't find an include directive, just comment out the code.
-{ echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
-echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
am__include="#"
am__quote=
_am_result=none
# First try GNU make style include.
echo "include confinc" > confmf
-# We grep out `Entering directory' and `Leaving directory'
-# messages which can occur if `w' ends up in MAKEFLAGS.
-# In particular we don't look at `^make:' because GNU make might
-# be invoked under some other name (usually "gmake"), in which
-# case it prints its new name instead of `make'.
-if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
- am__include=include
- am__quote=
- _am_result=GNU
-fi
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+ am__include=include
+ am__quote=
+ _am_result=GNU
+ ;;
+esac
# Now try BSD make style include.
if test "$am__include" = "#"; then
echo '.include "confinc"' > confmf
- if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
- am__include=.include
- am__quote="\""
- _am_result=BSD
- fi
+ case `$am_make -s -f confmf 2> /dev/null` in #(
+ *the\ am__doit\ target*)
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ ;;
+ esac
fi
-{ echo "$as_me:$LINENO: result: $_am_result" >&5
-echo "${ECHO_T}$_am_result" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
rm -f confinc confmf
# Check whether --enable-dependency-tracking was given.
-if test "${enable_dependency_tracking+set}" = set; then
+if test "${enable_dependency_tracking+set}" = set; then :
enableval=$enable_dependency_tracking;
fi
if test "x$enable_dependency_tracking" != xno; then
am_depcomp="$ac_aux_dir/depcomp"
AMDEPBACKSLASH='\'
+ am__nodep='_no'
fi
if test "x$enable_dependency_tracking" != xno; then
AMDEP_TRUE=
@@ -3435,10 +3829,10 @@ fi
depcc="$CC" am_compiler_list=
-{ echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
-echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6; }
-if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if ${am_cv_CC_dependencies_compiler_type+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
# We make a subdir and do the tests there. Otherwise we can end up
@@ -3446,6 +3840,7 @@ else
# instance it was reported that on HP-UX the gcc test will end up
# making a dummy file named `D' -- because `-MD' means `put the output
# in D'.
+ rm -rf conftest.dir
mkdir conftest.dir
# Copy depcomp to subdir because otherwise we won't find it if we're
# using a relative directory.
@@ -3463,6 +3858,11 @@ else
if test "$am_compiler_list" = ""; then
am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
fi
+ am__universal=false
+ case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac
+
for depmode in $am_compiler_list; do
# Setup a source with many dependencies, because some compilers
# like to wrap large dependency lists on column 80 (with \), and
@@ -3480,7 +3880,17 @@ else
done
echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
nosideeffect)
# after this tag, mechanisms are not by side-effect, so they'll
# only be used when explicitly requested
@@ -3490,19 +3900,23 @@ else
break
fi
;;
+ msvc7 | msvc7msys | msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
none) break ;;
esac
- # We check with `-c' and `-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle `-M -o', and we need to detect this.
if depmode=$depmode \
- source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+ source=sub/conftest.c object=$am__obj \
depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
>/dev/null 2>conftest.err &&
grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
${MAKE-make} -s -f confmf > /dev/null 2>&1; then
# icc doesn't choke on unknown options, it will just issue warnings
# or remarks (even with -Werror). So we grep stderr for any message
@@ -3526,8 +3940,8 @@ else
fi
fi
-{ echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
-echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
if
@@ -3542,22 +3956,18 @@ fi
if test "x$CC" != xcc; then
- { echo "$as_me:$LINENO: checking whether $CC and cc understand -c and -o together" >&5
-echo $ECHO_N "checking whether $CC and cc understand -c and -o together... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5
+$as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; }
else
- { echo "$as_me:$LINENO: checking whether cc understands -c and -o together" >&5
-echo $ECHO_N "checking whether cc understands -c and -o together... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5
+$as_echo_n "checking whether cc understands -c and -o together... " >&6; }
fi
-set dummy $CC; ac_cc=`echo $2 |
+set dummy $CC; ac_cc=`$as_echo "$2" |
sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
-if { as_var=ac_cv_prog_cc_${ac_cc}_c_o; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+if eval \${ac_cv_prog_cc_${ac_cc}_c_o+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -3573,58 +3983,63 @@ _ACEOF
# existing .o file with -o, though they will create one.
ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
rm -f conftest2.*
-if { (case "(($ac_try" in
+if { { case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
(eval "$ac_try") 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- test -f conftest2.$ac_objext && { (case "(($ac_try" in
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } &&
+ test -f conftest2.$ac_objext && { { case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
(eval "$ac_try") 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); };
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; };
then
eval ac_cv_prog_cc_${ac_cc}_c_o=yes
if test "x$CC" != xcc; then
# Test first that cc exists at all.
if { ac_try='cc -c conftest.$ac_ext >&5'
- { (case "(($ac_try" in
+ { { case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
(eval "$ac_try") 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
rm -f conftest2.*
- if { (case "(($ac_try" in
+ if { { case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
(eval "$ac_try") 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- test -f conftest2.$ac_objext && { (case "(($ac_try" in
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } &&
+ test -f conftest2.$ac_objext && { { case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
(eval "$ac_try") 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); };
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; };
then
# cc works too.
:
@@ -3641,15 +4056,13 @@ rm -f core conftest*
fi
if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then
- { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
-cat >>confdefs.h <<\_ACEOF
-#define NO_MINUS_C_MINUS_O 1
-_ACEOF
+$as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h
fi
@@ -3669,7 +4082,7 @@ fi
# Check whether --enable-static was given.
-if test "${enable_static+set}" = set; then
+if test "${enable_static+set}" = set; then :
enableval=$enable_static; p=${PACKAGE-default}
case $enableval in
yes) enable_static=yes ;;
@@ -3699,16 +4112,177 @@ fi
+
+if test -n "$ac_tool_prefix"; then
+ for ac_prog in ar lib "link -lib"
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$AR" && break
+ done
+fi
+if test -z "$AR"; then
+ ac_ct_AR=$AR
+ for ac_prog in ar lib "link -lib"
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_AR="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_AR" && break
+done
+
+ if test "x$ac_ct_AR" = x; then
+ AR="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ AR=$ac_ct_AR
+ fi
+fi
+
+: ${AR=ar}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the archiver ($AR) interface" >&5
+$as_echo_n "checking the archiver ($AR) interface... " >&6; }
+if ${am_cv_ar_interface+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ am_cv_ar_interface=ar
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int some_variable = 0;
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&5'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5
+ (eval $am_ar_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if test "$ac_status" -eq 0; then
+ am_cv_ar_interface=ar
+ else
+ am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&5'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5
+ (eval $am_ar_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if test "$ac_status" -eq 0; then
+ am_cv_ar_interface=lib
+ else
+ am_cv_ar_interface=unknown
+ fi
+ fi
+ rm -f conftest.lib libconftest.a
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_ar_interface" >&5
+$as_echo "$am_cv_ar_interface" >&6; }
+
+case $am_cv_ar_interface in
+ar)
+ ;;
+lib)
+ # Microsoft lib, so override with the ar-lib wrapper script.
+ # FIXME: It is wrong to rewrite AR.
+ # But if we don't then we get into trouble of one sort or another.
+ # A longer-term fix would be to have automake use am__AR in this case,
+ # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something
+ # similar.
+ AR="$am_aux_dir/ar-lib $AR"
+ ;;
+unknown)
+ as_fn_error $? "could not determine $AR interface" "$LINENO" 5
+ ;;
+esac
+
case `pwd` in
*\ * | *\ *)
- { echo "$as_me:$LINENO: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
-echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
esac
-macro_version='2.2.4'
-macro_revision='1.2976'
+macro_version='2.4.2'
+macro_revision='1.3337'
@@ -3726,35 +4300,27 @@ ltmain="$ac_aux_dir/ltmain.sh"
# Make sure we can run config.sub.
$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
- { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
-echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
-{ echo "$as_me:$LINENO: checking build system type" >&5
-echo $ECHO_N "checking build system type... $ECHO_C" >&6; }
-if test "${ac_cv_build+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if ${ac_cv_build+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_build_alias=$build_alias
test "x$ac_build_alias" = x &&
ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
test "x$ac_build_alias" = x &&
- { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
-echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
- { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
-echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_build" >&5
-echo "${ECHO_T}$ac_cv_build" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
case $ac_cv_build in
*-*-*) ;;
-*) { { echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
-echo "$as_me: error: invalid value of canonical build" >&2;}
- { (exit 1); exit 1; }; };;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
esac
build=$ac_cv_build
ac_save_IFS=$IFS; IFS='-'
@@ -3770,28 +4336,24 @@ IFS=$ac_save_IFS
case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-{ echo "$as_me:$LINENO: checking host system type" >&5
-echo $ECHO_N "checking host system type... $ECHO_C" >&6; }
-if test "${ac_cv_host+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if ${ac_cv_host+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test "x$host_alias" = x; then
ac_cv_host=$ac_cv_build
else
ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
- { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
-echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
fi
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_host" >&5
-echo "${ECHO_T}$ac_cv_host" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
case $ac_cv_host in
*-*-*) ;;
-*) { { echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
-echo "$as_me: error: invalid value of canonical host" >&2;}
- { (exit 1); exit 1; }; };;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
esac
host=$ac_cv_host
ac_save_IFS=$IFS; IFS='-'
@@ -3807,51 +4369,115 @@ IFS=$ac_save_IFS
case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-{ echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5
-echo $ECHO_N "checking for a sed that does not truncate output... $ECHO_C" >&6; }
-if test "${ac_cv_path_SED+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+# Backslashify metacharacters that are still active within
+# double-quoted strings.
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
+ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
+$as_echo_n "checking how to print strings... " >&6; }
+# Test print first, because it will be a builtin if present.
+if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
+ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
+ ECHO='print -r --'
+elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
+ ECHO='printf %s\n'
+else
+ # Use this function as a fallback that always works.
+ func_fallback_echo ()
+ {
+ eval 'cat <<_LTECHO_EOF
+$1
+_LTECHO_EOF'
+ }
+ ECHO='func_fallback_echo'
+fi
+
+# func_echo_all arg...
+# Invoke $ECHO with all args, space-separated.
+func_echo_all ()
+{
+ $ECHO ""
+}
+
+case "$ECHO" in
+ printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5
+$as_echo "printf" >&6; } ;;
+ print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
+$as_echo "print -r" >&6; } ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5
+$as_echo "cat" >&6; } ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+$as_echo_n "checking for a sed that does not truncate output... " >&6; }
+if ${ac_cv_path_SED+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
for ac_i in 1 2 3 4 5 6 7; do
ac_script="$ac_script$as_nl$ac_script"
done
- echo "$ac_script" | sed 99q >conftest.sed
- $as_unset ac_script || ac_script=
- # Extract the first word of "sed gsed" to use in msg output
-if test -z "$SED"; then
-set dummy sed gsed; ac_prog_name=$2
-if test "${ac_cv_path_SED+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
+ echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+ { ac_script=; unset ac_script;}
+ if test -z "$SED"; then
ac_path_SED_found=false
-# Loop through the user's path and test for each of PROGNAME-LIST
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_prog in sed gsed; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue
- # Check for GNU ac_path_SED and select it if it is found.
+ for ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_SED" || continue
+# Check for GNU ac_path_SED and select it if it is found.
# Check for GNU $ac_path_SED
case `"$ac_path_SED" --version 2>&1` in
*GNU*)
ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
*)
ac_count=0
- echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
+ $as_echo_n 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- echo '' >> "conftest.nl"
+ $as_echo '' >> "conftest.nl"
"$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- ac_count=`expr $ac_count + 1`
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
if test $ac_count -gt ${ac_path_SED_max-0}; then
# Best one so far, save it but keep looking for a better one
ac_cv_path_SED="$ac_path_SED"
@@ -3863,31 +4489,21 @@ case `"$ac_path_SED" --version 2>&1` in
rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
esac
-
- $ac_path_SED_found && break 3
+ $ac_path_SED_found && break 3
+ done
+ done
done
-done
-
-done
IFS=$as_save_IFS
-
-
-fi
-
-SED="$ac_cv_path_SED"
-if test -z "$SED"; then
- { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in \$PATH" >&5
-echo "$as_me: error: no acceptable $ac_prog_name could be found in \$PATH" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
+ if test -z "$ac_cv_path_SED"; then
+ as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
+ fi
else
ac_cv_path_SED=$SED
fi
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_path_SED" >&5
-echo "${ECHO_T}$ac_cv_path_SED" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+$as_echo "$ac_cv_path_SED" >&6; }
SED="$ac_cv_path_SED"
rm -f conftest.sed
@@ -3904,45 +4520,40 @@ Xsed="$SED -e 1s/^X//"
-{ echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5
-echo $ECHO_N "checking for grep that handles long lines and -e... $ECHO_C" >&6; }
-if test "${ac_cv_path_GREP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- # Extract the first word of "grep ggrep" to use in msg output
-if test -z "$GREP"; then
-set dummy grep ggrep; ac_prog_name=$2
-if test "${ac_cv_path_GREP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if ${ac_cv_path_GREP+:} false; then :
+ $as_echo_n "(cached) " >&6
else
+ if test -z "$GREP"; then
ac_path_GREP_found=false
-# Loop through the user's path and test for each of PROGNAME-LIST
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_prog in grep ggrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
- # Check for GNU ac_path_GREP and select it if it is found.
+ for ac_prog in grep ggrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_GREP" || continue
+# Check for GNU ac_path_GREP and select it if it is found.
# Check for GNU $ac_path_GREP
case `"$ac_path_GREP" --version 2>&1` in
*GNU*)
ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
*)
ac_count=0
- echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
+ $as_echo_n 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- echo 'GREP' >> "conftest.nl"
+ $as_echo 'GREP' >> "conftest.nl"
"$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- ac_count=`expr $ac_count + 1`
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
if test $ac_count -gt ${ac_path_GREP_max-0}; then
# Best one so far, save it but keep looking for a better one
ac_cv_path_GREP="$ac_path_GREP"
@@ -3954,77 +4565,61 @@ case `"$ac_path_GREP" --version 2>&1` in
rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
esac
-
- $ac_path_GREP_found && break 3
+ $ac_path_GREP_found && break 3
+ done
+ done
done
-done
-
-done
IFS=$as_save_IFS
-
-
-fi
-
-GREP="$ac_cv_path_GREP"
-if test -z "$GREP"; then
- { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
-echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
+ if test -z "$ac_cv_path_GREP"; then
+ as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
else
ac_cv_path_GREP=$GREP
fi
-
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5
-echo "${ECHO_T}$ac_cv_path_GREP" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
GREP="$ac_cv_path_GREP"
-{ echo "$as_me:$LINENO: checking for egrep" >&5
-echo $ECHO_N "checking for egrep... $ECHO_C" >&6; }
-if test "${ac_cv_path_EGREP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if ${ac_cv_path_EGREP+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
then ac_cv_path_EGREP="$GREP -E"
else
- # Extract the first word of "egrep" to use in msg output
-if test -z "$EGREP"; then
-set dummy egrep; ac_prog_name=$2
-if test "${ac_cv_path_EGREP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
+ if test -z "$EGREP"; then
ac_path_EGREP_found=false
-# Loop through the user's path and test for each of PROGNAME-LIST
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_prog in egrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
- # Check for GNU ac_path_EGREP and select it if it is found.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_EGREP" || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
# Check for GNU $ac_path_EGREP
case `"$ac_path_EGREP" --version 2>&1` in
*GNU*)
ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
*)
ac_count=0
- echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
+ $as_echo_n 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- echo 'EGREP' >> "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
"$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- ac_count=`expr $ac_count + 1`
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
if test $ac_count -gt ${ac_path_EGREP_max-0}; then
# Best one so far, save it but keep looking for a better one
ac_cv_path_EGREP="$ac_path_EGREP"
@@ -4036,78 +4631,62 @@ case `"$ac_path_EGREP" --version 2>&1` in
rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
esac
-
- $ac_path_EGREP_found && break 3
+ $ac_path_EGREP_found && break 3
+ done
+ done
done
-done
-
-done
IFS=$as_save_IFS
-
-
-fi
-
-EGREP="$ac_cv_path_EGREP"
-if test -z "$EGREP"; then
- { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
-echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
else
ac_cv_path_EGREP=$EGREP
fi
-
fi
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5
-echo "${ECHO_T}$ac_cv_path_EGREP" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
EGREP="$ac_cv_path_EGREP"
-{ echo "$as_me:$LINENO: checking for fgrep" >&5
-echo $ECHO_N "checking for fgrep... $ECHO_C" >&6; }
-if test "${ac_cv_path_FGREP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+$as_echo_n "checking for fgrep... " >&6; }
+if ${ac_cv_path_FGREP+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
then ac_cv_path_FGREP="$GREP -F"
else
- # Extract the first word of "fgrep" to use in msg output
-if test -z "$FGREP"; then
-set dummy fgrep; ac_prog_name=$2
-if test "${ac_cv_path_FGREP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
+ if test -z "$FGREP"; then
ac_path_FGREP_found=false
-# Loop through the user's path and test for each of PROGNAME-LIST
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_prog in fgrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue
- # Check for GNU ac_path_FGREP and select it if it is found.
+ for ac_prog in fgrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_FGREP" || continue
+# Check for GNU ac_path_FGREP and select it if it is found.
# Check for GNU $ac_path_FGREP
case `"$ac_path_FGREP" --version 2>&1` in
*GNU*)
ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
*)
ac_count=0
- echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
+ $as_echo_n 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- echo 'FGREP' >> "conftest.nl"
+ $as_echo 'FGREP' >> "conftest.nl"
"$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- ac_count=`expr $ac_count + 1`
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
if test $ac_count -gt ${ac_path_FGREP_max-0}; then
# Best one so far, save it but keep looking for a better one
ac_cv_path_FGREP="$ac_path_FGREP"
@@ -4119,33 +4698,22 @@ case `"$ac_path_FGREP" --version 2>&1` in
rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
esac
-
- $ac_path_FGREP_found && break 3
+ $ac_path_FGREP_found && break 3
+ done
+ done
done
-done
-
-done
IFS=$as_save_IFS
-
-
-fi
-
-FGREP="$ac_cv_path_FGREP"
-if test -z "$FGREP"; then
- { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
-echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
+ if test -z "$ac_cv_path_FGREP"; then
+ as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
else
ac_cv_path_FGREP=$FGREP
fi
-
fi
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_path_FGREP" >&5
-echo "${ECHO_T}$ac_cv_path_FGREP" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+$as_echo "$ac_cv_path_FGREP" >&6; }
FGREP="$ac_cv_path_FGREP"
@@ -4170,7 +4738,7 @@ test -z "$GREP" && GREP=grep
# Check whether --with-gnu-ld was given.
-if test "${with_gnu_ld+set}" = set; then
+if test "${with_gnu_ld+set}" = set; then :
withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
else
with_gnu_ld=no
@@ -4179,8 +4747,8 @@ fi
ac_prog=ld
if test "$GCC" = yes; then
# Check if gcc -print-prog-name=ld gives a path.
- { echo "$as_me:$LINENO: checking for ld used by $CC" >&5
-echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
case $host in
*-*-mingw*)
# gcc leaves a trailing carriage return which upsets mingw
@@ -4209,14 +4777,14 @@ echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; }
;;
esac
elif test "$with_gnu_ld" = yes; then
- { echo "$as_me:$LINENO: checking for GNU ld" >&5
-echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
else
- { echo "$as_me:$LINENO: checking for non-GNU ld" >&5
-echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
fi
-if test "${lt_cv_path_LD+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+if ${lt_cv_path_LD+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -z "$LD"; then
lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
@@ -4246,19 +4814,17 @@ fi
LD="$lt_cv_path_LD"
if test -n "$LD"; then
- { echo "$as_me:$LINENO: result: $LD" >&5
-echo "${ECHO_T}$LD" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
-echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
- { (exit 1); exit 1; }; }
-{ echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
-echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; }
-if test "${lt_cv_prog_gnu_ld+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if ${lt_cv_prog_gnu_ld+:} false; then :
+ $as_echo_n "(cached) " >&6
else
# I'd rather use --version here, but apparently some GNU lds only accept -v.
case `$LD -v 2>&1 </dev/null` in
@@ -4270,8 +4836,8 @@ case `$LD -v 2>&1 </dev/null` in
;;
esac
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
-echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
with_gnu_ld=$lt_cv_prog_gnu_ld
@@ -4282,10 +4848,10 @@ with_gnu_ld=$lt_cv_prog_gnu_ld
-{ echo "$as_me:$LINENO: checking for BSD- or MS-compatible name lister (nm)" >&5
-echo $ECHO_N "checking for BSD- or MS-compatible name lister (nm)... $ECHO_C" >&6; }
-if test "${lt_cv_path_NM+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if ${lt_cv_path_NM+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$NM"; then
# Let the user override the test.
@@ -4331,21 +4897,24 @@ else
: ${lt_cv_path_NM=no}
fi
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5
-echo "${ECHO_T}$lt_cv_path_NM" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+$as_echo "$lt_cv_path_NM" >&6; }
if test "$lt_cv_path_NM" != "no"; then
NM="$lt_cv_path_NM"
else
# Didn't find any BSD compatible name lister, look for dumpbin.
- if test -n "$ac_tool_prefix"; then
- for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+ if test -n "$DUMPBIN"; then :
+ # Let the user override the test.
+ else
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in dumpbin "link -dump"
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_DUMPBIN+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_DUMPBIN+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$DUMPBIN"; then
ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
@@ -4355,25 +4924,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
DUMPBIN=$ac_cv_prog_DUMPBIN
if test -n "$DUMPBIN"; then
- { echo "$as_me:$LINENO: result: $DUMPBIN" >&5
-echo "${ECHO_T}$DUMPBIN" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+$as_echo "$DUMPBIN" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -4382,14 +4951,14 @@ fi
fi
if test -z "$DUMPBIN"; then
ac_ct_DUMPBIN=$DUMPBIN
- for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+ for ac_prog in dumpbin "link -dump"
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_DUMPBIN"; then
ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
@@ -4399,25 +4968,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
if test -n "$ac_ct_DUMPBIN"; then
- { echo "$as_me:$LINENO: result: $ac_ct_DUMPBIN" >&5
-echo "${ECHO_T}$ac_ct_DUMPBIN" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+$as_echo "$ac_ct_DUMPBIN" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -4429,18 +4998,23 @@ done
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
DUMPBIN=$ac_ct_DUMPBIN
fi
fi
+ case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in
+ *COFF*)
+ DUMPBIN="$DUMPBIN -symbols"
+ ;;
+ *)
+ DUMPBIN=:
+ ;;
+ esac
+ fi
if test "$DUMPBIN" != ":"; then
NM="$DUMPBIN"
@@ -4453,45 +5027,45 @@ test -z "$NM" && NM=nm
-{ echo "$as_me:$LINENO: checking the name lister ($NM) interface" >&5
-echo $ECHO_N "checking the name lister ($NM) interface... $ECHO_C" >&6; }
-if test "${lt_cv_nm_interface+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+$as_echo_n "checking the name lister ($NM) interface... " >&6; }
+if ${lt_cv_nm_interface+:} false; then :
+ $as_echo_n "(cached) " >&6
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:4463: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:4466: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:4469: output\"" >&5)
+ (eval echo "\"\$as_me:$LINENO: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
fi
rm -f conftest*
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_nm_interface" >&5
-echo "${ECHO_T}$lt_cv_nm_interface" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+$as_echo "$lt_cv_nm_interface" >&6; }
-{ echo "$as_me:$LINENO: checking whether ln -s works" >&5
-echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+$as_echo_n "checking whether ln -s works... " >&6; }
LN_S=$as_ln_s
if test "$LN_S" = "ln -s"; then
- { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
else
- { echo "$as_me:$LINENO: result: no, using $LN_S" >&5
-echo "${ECHO_T}no, using $LN_S" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+$as_echo "no, using $LN_S" >&6; }
fi
# find the maximum length of command line arguments
-{ echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5
-echo $ECHO_N "checking the maximum length of command line arguments... $ECHO_C" >&6; }
-if test "${lt_cv_sys_max_cmd_len+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+$as_echo_n "checking the maximum length of command line arguments... " >&6; }
+if ${lt_cv_sys_max_cmd_len+:} false; then :
+ $as_echo_n "(cached) " >&6
else
i=0
teststring="ABCD"
@@ -4512,7 +5086,7 @@ else
lt_cv_sys_max_cmd_len=-1;
;;
- cygwin* | mingw*)
+ cygwin* | mingw* | cegcc*)
# On Win9x/ME, this test blows up -- it succeeds, but takes
# about 5 minutes as the teststring grows exponentially.
# Worse, since 9x/ME are not pre-emptively multitasking,
@@ -4523,6 +5097,11 @@ else
lt_cv_sys_max_cmd_len=8192;
;;
+ mint*)
+ # On MiNT this can take a long time and run out of memory.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
amigaos*)
# On AmigaOS with pdksh, this test takes hours, literally.
# So we just punt and use a minimum line length of 8192.
@@ -4548,6 +5127,11 @@ else
lt_cv_sys_max_cmd_len=196608
;;
+ os2*)
+ # The test takes a long time on OS/2.
+ lt_cv_sys_max_cmd_len=8192
+ ;;
+
osf*)
# Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
# due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
@@ -4574,7 +5158,8 @@ else
;;
*)
lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
- if test -n "$lt_cv_sys_max_cmd_len"; then
+ if test -n "$lt_cv_sys_max_cmd_len" && \
+ test undefined != "$lt_cv_sys_max_cmd_len"; then
lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
else
@@ -4587,8 +5172,8 @@ else
# If test is not a shell built-in, we'll probably end up computing a
# maximum length that is only half of the actual maximum length, but
# we can't tell.
- while { test "X"`$SHELL $0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
- = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+ while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \
+ = "X$teststring$teststring"; } >/dev/null 2>&1 &&
test $i != 17 # 1/2 MB should be enough
do
i=`expr $i + 1`
@@ -4608,11 +5193,11 @@ else
fi
if test -n $lt_cv_sys_max_cmd_len ; then
- { echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5
-echo "${ECHO_T}$lt_cv_sys_max_cmd_len" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
else
- { echo "$as_me:$LINENO: result: none" >&5
-echo "${ECHO_T}none" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
+$as_echo "none" >&6; }
fi
max_cmd_len=$lt_cv_sys_max_cmd_len
@@ -4625,28 +5210,28 @@ max_cmd_len=$lt_cv_sys_max_cmd_len
: ${MV="mv -f"}
: ${RM="rm -f"}
-{ echo "$as_me:$LINENO: checking whether the shell understands some XSI constructs" >&5
-echo $ECHO_N "checking whether the shell understands some XSI constructs... $ECHO_C" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5
+$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; }
# Try some XSI features
xsi_shell=no
( _lt_dummy="a/b/c"
- test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
- = c,a/b,, \
+ test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \
+ = c,a/b,b/c, \
&& eval 'test $(( 1 + 1 )) -eq 2 \
&& test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
&& xsi_shell=yes
-{ echo "$as_me:$LINENO: result: $xsi_shell" >&5
-echo "${ECHO_T}$xsi_shell" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5
+$as_echo "$xsi_shell" >&6; }
-{ echo "$as_me:$LINENO: checking whether the shell understands \"+=\"" >&5
-echo $ECHO_N "checking whether the shell understands \"+=\"... $ECHO_C" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5
+$as_echo_n "checking whether the shell understands \"+=\"... " >&6; }
lt_shell_append=no
( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \
>/dev/null 2>&1 \
&& lt_shell_append=yes
-{ echo "$as_me:$LINENO: result: $lt_shell_append" >&5
-echo "${ECHO_T}$lt_shell_append" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5
+$as_echo "$lt_shell_append" >&6; }
if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
@@ -4680,15 +5265,89 @@ esac
-{ echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5
-echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6; }
-if test "${lt_cv_ld_reload_flag+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
+$as_echo_n "checking how to convert $build file names to $host format... " >&6; }
+if ${lt_cv_to_host_file_cmd+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $host in
+ *-*-mingw* )
+ case $build in
+ *-*-mingw* ) # actually msys
+ lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
+ ;;
+ *-*-cygwin* )
+ lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
+ ;;
+ * ) # otherwise, assume *nix
+ lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
+ ;;
+ esac
+ ;;
+ *-*-cygwin* )
+ case $build in
+ *-*-mingw* ) # actually msys
+ lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
+ ;;
+ *-*-cygwin* )
+ lt_cv_to_host_file_cmd=func_convert_file_noop
+ ;;
+ * ) # otherwise, assume *nix
+ lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
+ ;;
+ esac
+ ;;
+ * ) # unhandled hosts (and "normal" native builds)
+ lt_cv_to_host_file_cmd=func_convert_file_noop
+ ;;
+esac
+
+fi
+
+to_host_file_cmd=$lt_cv_to_host_file_cmd
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
+$as_echo "$lt_cv_to_host_file_cmd" >&6; }
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
+$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; }
+if ${lt_cv_to_tool_file_cmd+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ #assume ordinary cross tools, or native build.
+lt_cv_to_tool_file_cmd=func_convert_file_noop
+case $host in
+ *-*-mingw* )
+ case $build in
+ *-*-mingw* ) # actually msys
+ lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
+ ;;
+ esac
+ ;;
+esac
+
+fi
+
+to_tool_file_cmd=$lt_cv_to_tool_file_cmd
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
+$as_echo "$lt_cv_to_tool_file_cmd" >&6; }
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+$as_echo_n "checking for $LD option to reload object files... " >&6; }
+if ${lt_cv_ld_reload_flag+:} false; then :
+ $as_echo_n "(cached) " >&6
else
lt_cv_ld_reload_flag='-r'
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5
-echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+$as_echo "$lt_cv_ld_reload_flag" >&6; }
reload_flag=$lt_cv_ld_reload_flag
case $reload_flag in
"" | " "*) ;;
@@ -4696,6 +5355,11 @@ case $reload_flag in
esac
reload_cmds='$LD$reload_flag -o $output$reload_objs'
case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ if test "$GCC" != yes; then
+ reload_cmds=false
+ fi
+ ;;
darwin*)
if test "$GCC" = yes; then
reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
@@ -4713,11 +5377,112 @@ esac
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
+set dummy ${ac_tool_prefix}objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_OBJDUMP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OBJDUMP"; then
+ ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OBJDUMP=$ac_cv_prog_OBJDUMP
+if test -n "$OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+$as_echo "$OBJDUMP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OBJDUMP"; then
+ ac_ct_OBJDUMP=$OBJDUMP
+ # Extract the first word of "objdump", so it can be a program name with args.
+set dummy objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OBJDUMP"; then
+ ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_OBJDUMP="objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
+if test -n "$ac_ct_OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+$as_echo "$ac_ct_OBJDUMP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OBJDUMP" = x; then
+ OBJDUMP="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OBJDUMP=$ac_ct_OBJDUMP
+ fi
+else
+ OBJDUMP="$ac_cv_prog_OBJDUMP"
+fi
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+
+
+
+
+
+
+
+
-{ echo "$as_me:$LINENO: checking how to recognize dependent libraries" >&5
-echo $ECHO_N "checking how to recognize dependent libraries... $ECHO_C" >&6; }
-if test "${lt_cv_deplibs_check_method+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+$as_echo_n "checking how to recognize dependent libraries... " >&6; }
+if ${lt_cv_deplibs_check_method+:} false; then :
+ $as_echo_n "(cached) " >&6
else
lt_cv_file_magic_cmd='$MAGIC_CMD'
lt_cv_file_magic_test_file=
@@ -4758,15 +5523,23 @@ mingw* | pw32*)
# Base MSYS/MinGW do not provide the 'file' command needed by
# func_win32_libid shell function, so use a weaker test based on 'objdump',
# unless we find 'file', for example because we are cross-compiling.
- if ( file / ) >/dev/null 2>&1; then
+ # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin.
+ if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then
lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
lt_cv_file_magic_cmd='func_win32_libid'
else
- lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ # Keep this pattern in sync with the one in func_win32_libid.
+ lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
lt_cv_file_magic_cmd='$OBJDUMP -f'
fi
;;
+cegcc*)
+ # use the weaker test based on 'objdump'. See mingw*.
+ lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
darwin* | rhapsody*)
lt_cv_deplibs_check_method=pass_all
;;
@@ -4787,7 +5560,7 @@ freebsd* | dragonfly*)
fi
;;
-gnu*)
+haiku*)
lt_cv_deplibs_check_method=pass_all
;;
@@ -4799,11 +5572,11 @@ hpux10.20* | hpux11*)
lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
;;
hppa*64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'
lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
;;
*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library'
lt_cv_file_magic_test_file=/usr/lib/libc.sl
;;
esac
@@ -4824,12 +5597,12 @@ irix5* | irix6* | nonstopux*)
lt_cv_deplibs_check_method=pass_all
;;
-# This must be Linux ELF.
-linux* | k*bsd*-gnu)
+# This must be glibc/ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
lt_cv_deplibs_check_method=pass_all
;;
-netbsd*)
+netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
else
@@ -4904,8 +5677,23 @@ tpf*)
esac
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5
-echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+$as_echo "$lt_cv_deplibs_check_method" >&6; }
+
+file_magic_glob=
+want_nocaseglob=no
+if test "$build" = "$host"; then
+ case $host_os in
+ mingw* | pw32*)
+ if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
+ want_nocaseglob=yes
+ else
+ file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"`
+ fi
+ ;;
+ esac
+fi
+
file_magic_cmd=$lt_cv_file_magic_cmd
deplibs_check_method=$lt_cv_deplibs_check_method
test -z "$deplibs_check_method" && deplibs_check_method=unknown
@@ -4921,13 +5709,166 @@ test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+
+
+
+
+
+
if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ar; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_AR+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dlltool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_DLLTOOL+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$DLLTOOL"; then
+ ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DLLTOOL=$ac_cv_prog_DLLTOOL
+if test -n "$DLLTOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
+$as_echo "$DLLTOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_DLLTOOL"; then
+ ac_ct_DLLTOOL=$DLLTOOL
+ # Extract the first word of "dlltool", so it can be a program name with args.
+set dummy dlltool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_DLLTOOL"; then
+ ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_DLLTOOL="dlltool"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
+if test -n "$ac_ct_DLLTOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
+$as_echo "$ac_ct_DLLTOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_DLLTOOL" = x; then
+ DLLTOOL="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DLLTOOL=$ac_ct_DLLTOOL
+ fi
+else
+ DLLTOOL="$ac_cv_prog_DLLTOOL"
+fi
+
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
+$as_echo_n "checking how to associate runtime and link libraries... " >&6; }
+if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_sharedlib_from_linklib_cmd='unknown'
+
+case $host_os in
+cygwin* | mingw* | pw32* | cegcc*)
+ # two different shell functions defined in ltmain.sh
+ # decide which to use based on capabilities of $DLLTOOL
+ case `$DLLTOOL --help 2>&1` in
+ *--identify-strict*)
+ lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
+ ;;
+ *)
+ lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
+ ;;
+ esac
+ ;;
+*)
+ # fallback: assume linklib IS sharedlib
+ lt_cv_sharedlib_from_linklib_cmd="$ECHO"
+ ;;
+esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
+$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
+sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
+test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ for ac_prog in ar
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$AR"; then
ac_cv_prog_AR="$AR" # Let the user override the test.
@@ -4937,37 +5878,41 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_AR="${ac_tool_prefix}ar"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
AR=$ac_cv_prog_AR
if test -n "$AR"; then
- { echo "$as_me:$LINENO: result: $AR" >&5
-echo "${ECHO_T}$AR" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
+ test -n "$AR" && break
+ done
fi
-if test -z "$ac_cv_prog_AR"; then
+if test -z "$AR"; then
ac_ct_AR=$AR
- # Extract the first word of "ar", so it can be a program name with args.
-set dummy ar; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_AR+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ for ac_prog in ar
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_AR"; then
ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
@@ -4977,48 +5922,48 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_AR="ar"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_AR="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
ac_ct_AR=$ac_cv_prog_ac_ct_AR
if test -n "$ac_ct_AR"; then
- { echo "$as_me:$LINENO: result: $ac_ct_AR" >&5
-echo "${ECHO_T}$ac_ct_AR" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
+
+ test -n "$ac_ct_AR" && break
+done
+
if test "x$ac_ct_AR" = x; then
AR="false"
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
AR=$ac_ct_AR
fi
-else
- AR="$ac_cv_prog_AR"
fi
-test -z "$AR" && AR=ar
-test -z "$AR_FLAGS" && AR_FLAGS=cru
+: ${AR=ar}
+: ${AR_FLAGS=cru}
+
+
@@ -5028,15 +5973,71 @@ test -z "$AR_FLAGS" && AR_FLAGS=cru
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
+$as_echo_n "checking for archiver @FILE support... " >&6; }
+if ${lt_cv_ar_at_file+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_ar_at_file=no
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ echo conftest.$ac_objext > conftest.lst
+ lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
+ (eval $lt_ar_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if test "$ac_status" -eq 0; then
+ # Ensure the archiver fails upon bogus file names.
+ rm -f conftest.$ac_objext libconftest.a
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
+ (eval $lt_ar_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if test "$ac_status" -ne 0; then
+ lt_cv_ar_at_file=@
+ fi
+ fi
+ rm -f conftest.* libconftest.a
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
+$as_echo "$lt_cv_ar_at_file" >&6; }
+
+if test "x$lt_cv_ar_at_file" = xno; then
+ archiver_list_spec=
+else
+ archiver_list_spec=$lt_cv_ar_at_file
+fi
+
+
+
+
+
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_STRIP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_STRIP+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$STRIP"; then
ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
@@ -5046,25 +6047,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
STRIP=$ac_cv_prog_STRIP
if test -n "$STRIP"; then
- { echo "$as_me:$LINENO: result: $STRIP" >&5
-echo "${ECHO_T}$STRIP" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -5073,10 +6074,10 @@ if test -z "$ac_cv_prog_STRIP"; then
ac_ct_STRIP=$STRIP
# Extract the first word of "strip", so it can be a program name with args.
set dummy strip; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_STRIP"; then
ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
@@ -5086,25 +6087,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_STRIP="strip"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
if test -n "$ac_ct_STRIP"; then
- { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
-echo "${ECHO_T}$ac_ct_STRIP" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
if test "x$ac_ct_STRIP" = x; then
@@ -5112,12 +6113,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
STRIP=$ac_ct_STRIP
@@ -5136,10 +6133,10 @@ test -z "$STRIP" && STRIP=:
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_RANLIB+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$RANLIB"; then
ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
@@ -5149,25 +6146,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
RANLIB=$ac_cv_prog_RANLIB
if test -n "$RANLIB"; then
- { echo "$as_me:$LINENO: result: $RANLIB" >&5
-echo "${ECHO_T}$RANLIB" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -5176,10 +6173,10 @@ if test -z "$ac_cv_prog_RANLIB"; then
ac_ct_RANLIB=$RANLIB
# Extract the first word of "ranlib", so it can be a program name with args.
set dummy ranlib; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_RANLIB"; then
ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
@@ -5189,25 +6186,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_RANLIB="ranlib"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
if test -n "$ac_ct_RANLIB"; then
- { echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
-echo "${ECHO_T}$ac_ct_RANLIB" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
if test "x$ac_ct_RANLIB" = x; then
@@ -5215,12 +6212,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
RANLIB=$ac_ct_RANLIB
@@ -5244,15 +6237,27 @@ old_postuninstall_cmds=
if test -n "$RANLIB"; then
case $host_os in
openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
;;
*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
;;
esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
fi
+case $host_os in
+ darwin*)
+ lock_old_archive_extraction=yes ;;
+ *)
+ lock_old_archive_extraction=no ;;
+esac
+
+
+
+
+
+
@@ -5297,10 +6302,10 @@ compiler=$CC
# Check for command to grab the raw symbol name followed by C symbol from nm.
-{ echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5
-echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6; }
-if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
+if ${lt_cv_sys_global_symbol_pipe+:} false; then :
+ $as_echo_n "(cached) " >&6
else
# These are sane defaults that work on at least a few old systems.
@@ -5317,7 +6322,7 @@ case $host_os in
aix*)
symcode='[BCDT]'
;;
-cygwin* | mingw* | pw32*)
+cygwin* | mingw* | pw32* | cegcc*)
symcode='[ABCDGISTW]'
;;
hpux*)
@@ -5360,8 +6365,8 @@ esac
lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'"
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
# Handle CRLF in mingw tool chain
opt_cr=
@@ -5385,6 +6390,7 @@ for ac_symprfx in "" "_"; do
# which start with @ or ?.
lt_cv_sys_global_symbol_pipe="$AWK '"\
" {last_section=section; section=\$ 3};"\
+" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
" \$ 0!~/External *\|/{next};"\
" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
@@ -5397,6 +6403,7 @@ for ac_symprfx in "" "_"; do
else
lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
fi
+ lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
# Check to see that the pipe works correctly.
pipe_works=no
@@ -5415,18 +6422,18 @@ void nm_test_func(void){}
int main(){nm_test_var='a';nm_test_func();return(0);}
_LT_EOF
- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
# Now try to grab the symbols.
nlist=conftest.nm
- if { (eval echo "$as_me:$LINENO: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5
- (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5
+ (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && test -s "$nlist"; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s "$nlist"; then
# Try sorting and uniquifying the output.
if sort "$nlist" | uniq > "$nlist"T; then
mv -f "$nlist"T "$nlist"
@@ -5438,6 +6445,18 @@ _LT_EOF
if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
cat <<_LT_EOF > conftest.$ac_ext
+/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
+#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE)
+/* DATA imports from DLLs on WIN32 con't be const, because runtime
+ relocations are performed -- see ld's documentation on pseudo-relocs. */
+# define LT_DLSYM_CONST
+#elif defined(__osf__)
+/* This system does not cope well with relocations in const data. */
+# define LT_DLSYM_CONST
+#else
+# define LT_DLSYM_CONST const
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -5449,7 +6468,7 @@ _LT_EOF
cat <<_LT_EOF >> conftest.$ac_ext
/* The mapping between symbol names and symbols. */
-const struct {
+LT_DLSYM_CONST struct {
const char *name;
void *address;
}
@@ -5475,19 +6494,19 @@ static const void *lt_preloaded_setup() {
_LT_EOF
# Now try linking the two files.
mv conftest.$ac_objext conftstm.$ac_objext
- lt_save_LIBS="$LIBS"
- lt_save_CFLAGS="$CFLAGS"
+ lt_globsym_save_LIBS=$LIBS
+ lt_globsym_save_CFLAGS=$CFLAGS
LIBS="conftstm.$ac_objext"
CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
- if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && test -s conftest${ac_exeext}; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext}; then
pipe_works=yes
fi
- LIBS="$lt_save_LIBS"
- CFLAGS="$lt_save_CFLAGS"
+ LIBS=$lt_globsym_save_LIBS
+ CFLAGS=$lt_globsym_save_CFLAGS
else
echo "cannot find nm_test_func in $nlist" >&5
fi
@@ -5517,11 +6536,18 @@ if test -z "$lt_cv_sys_global_symbol_pipe"; then
lt_cv_sys_global_symbol_to_cdecl=
fi
if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- { echo "$as_me:$LINENO: result: failed" >&5
-echo "${ECHO_T}failed" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+$as_echo "failed" >&6; }
else
- { echo "$as_me:$LINENO: result: ok" >&5
-echo "${ECHO_T}ok" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+$as_echo "ok" >&6; }
+fi
+
+# Response file support.
+if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ nm_file_list_spec='@'
+elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then
+ nm_file_list_spec='@'
fi
@@ -5546,8 +6572,49 @@ fi
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
+$as_echo_n "checking for sysroot... " >&6; }
+
+# Check whether --with-sysroot was given.
+if test "${with_sysroot+set}" = set; then :
+ withval=$with_sysroot;
+else
+ with_sysroot=no
+fi
+
+
+lt_sysroot=
+case ${with_sysroot} in #(
+ yes)
+ if test "$GCC" = yes; then
+ lt_sysroot=`$CC --print-sysroot 2>/dev/null`
+ fi
+ ;; #(
+ /*)
+ lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
+ ;; #(
+ no|'')
+ ;; #(
+ *)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${with_sysroot}" >&5
+$as_echo "${with_sysroot}" >&6; }
+ as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
+ ;;
+esac
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
+$as_echo "${lt_sysroot:-no}" >&6; }
+
+
+
+
+
# Check whether --enable-libtool-lock was given.
-if test "${enable_libtool_lock+set}" = set; then
+if test "${enable_libtool_lock+set}" = set; then :
enableval=$enable_libtool_lock;
fi
@@ -5559,11 +6626,11 @@ case $host in
ia64-*-hpux*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
case `/usr/bin/file conftest.$ac_objext` in
*ELF-32*)
HPUX_IA64_MODE="32"
@@ -5577,12 +6644,12 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 5580 "configure"' > conftest.$ac_ext
- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ echo '#line '$LINENO' "configure"' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
if test "$lt_cv_prog_gnu_ld" = yes; then
case `/usr/bin/file conftest.$ac_objext` in
*32-bit*)
@@ -5616,11 +6683,11 @@ x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
case `/usr/bin/file conftest.o` in
*32-bit*)
case $host in
@@ -5628,7 +6695,14 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
LD="${LD-ld} -m elf_i386_fbsd"
;;
x86_64-*linux*)
- LD="${LD-ld} -m elf_i386"
+ case `/usr/bin/file conftest.o` in
+ *x86-64*)
+ LD="${LD-ld} -m elf32_x86_64"
+ ;;
+ *)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ esac
;;
ppc64-*linux*|powerpc64-*linux*)
LD="${LD-ld} -m elf32ppclinux"
@@ -5669,10 +6743,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
# On SCO OpenServer 5, we need -belf to get full-featured binaries.
SAVE_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -belf"
- { echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5
-echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6; }
-if test "${lt_cv_cc_needs_belf+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
+if ${lt_cv_cc_needs_belf+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@@ -5680,11 +6754,7 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -5695,34 +6765,13 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
+if ac_fn_c_try_link "$LINENO"; then :
lt_cv_cc_needs_belf=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- lt_cv_cc_needs_belf=no
+ lt_cv_cc_needs_belf=no
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -5730,25 +6779,38 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5
-echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+$as_echo "$lt_cv_cc_needs_belf" >&6; }
if test x"$lt_cv_cc_needs_belf" != x"yes"; then
# this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
CFLAGS="$SAVE_CFLAGS"
fi
;;
-sparc*-*solaris*)
+*-*solaris*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
case `/usr/bin/file conftest.o` in
*64-bit*)
case $lt_cv_prog_gnu_ld in
- yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ yes*)
+ case $host in
+ i?86-*-solaris*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ sparc*-*-solaris*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
+ if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
+ LD="${LD-ld}_sol2"
+ fi
+ ;;
*)
if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
LD="${LD-ld} -64"
@@ -5764,16 +6826,133 @@ esac
need_locks="$enable_libtool_lock"
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
+set dummy ${ac_tool_prefix}mt; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_MANIFEST_TOOL+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$MANIFEST_TOOL"; then
+ ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
+if test -n "$MANIFEST_TOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
+$as_echo "$MANIFEST_TOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_MANIFEST_TOOL"; then
+ ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL
+ # Extract the first word of "mt", so it can be a program name with args.
+set dummy mt; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_MANIFEST_TOOL"; then
+ ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_MANIFEST_TOOL="mt"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
+if test -n "$ac_ct_MANIFEST_TOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
+$as_echo "$ac_ct_MANIFEST_TOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_MANIFEST_TOOL" = x; then
+ MANIFEST_TOOL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL
+ fi
+else
+ MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL"
+fi
+
+test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
+$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
+if ${lt_cv_path_mainfest_tool+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_path_mainfest_tool=no
+ echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
+ $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
+ cat conftest.err >&5
+ if $GREP 'Manifest Tool' conftest.out > /dev/null; then
+ lt_cv_path_mainfest_tool=yes
+ fi
+ rm -f conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
+$as_echo "$lt_cv_path_mainfest_tool" >&6; }
+if test "x$lt_cv_path_mainfest_tool" != xyes; then
+ MANIFEST_TOOL=:
+fi
+
+
+
+
+
case $host_os in
rhapsody* | darwin*)
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_DSYMUTIL+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_DSYMUTIL+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$DSYMUTIL"; then
ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
@@ -5783,25 +6962,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
DSYMUTIL=$ac_cv_prog_DSYMUTIL
if test -n "$DSYMUTIL"; then
- { echo "$as_me:$LINENO: result: $DSYMUTIL" >&5
-echo "${ECHO_T}$DSYMUTIL" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+$as_echo "$DSYMUTIL" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -5810,10 +6989,10 @@ if test -z "$ac_cv_prog_DSYMUTIL"; then
ac_ct_DSYMUTIL=$DSYMUTIL
# Extract the first word of "dsymutil", so it can be a program name with args.
set dummy dsymutil; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_DSYMUTIL"; then
ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
@@ -5823,25 +7002,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
if test -n "$ac_ct_DSYMUTIL"; then
- { echo "$as_me:$LINENO: result: $ac_ct_DSYMUTIL" >&5
-echo "${ECHO_T}$ac_ct_DSYMUTIL" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+$as_echo "$ac_ct_DSYMUTIL" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
if test "x$ac_ct_DSYMUTIL" = x; then
@@ -5849,12 +7028,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
DSYMUTIL=$ac_ct_DSYMUTIL
@@ -5866,10 +7041,10 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
set dummy ${ac_tool_prefix}nmedit; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_NMEDIT+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_NMEDIT+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$NMEDIT"; then
ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
@@ -5879,25 +7054,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
NMEDIT=$ac_cv_prog_NMEDIT
if test -n "$NMEDIT"; then
- { echo "$as_me:$LINENO: result: $NMEDIT" >&5
-echo "${ECHO_T}$NMEDIT" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+$as_echo "$NMEDIT" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -5906,10 +7081,10 @@ if test -z "$ac_cv_prog_NMEDIT"; then
ac_ct_NMEDIT=$NMEDIT
# Extract the first word of "nmedit", so it can be a program name with args.
set dummy nmedit; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_NMEDIT"; then
ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
@@ -5919,25 +7094,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_NMEDIT="nmedit"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
if test -n "$ac_ct_NMEDIT"; then
- { echo "$as_me:$LINENO: result: $ac_ct_NMEDIT" >&5
-echo "${ECHO_T}$ac_ct_NMEDIT" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+$as_echo "$ac_ct_NMEDIT" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
if test "x$ac_ct_NMEDIT" = x; then
@@ -5945,12 +7120,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
NMEDIT=$ac_ct_NMEDIT
@@ -5962,10 +7133,10 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
set dummy ${ac_tool_prefix}lipo; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_LIPO+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_LIPO+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$LIPO"; then
ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
@@ -5975,25 +7146,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
LIPO=$ac_cv_prog_LIPO
if test -n "$LIPO"; then
- { echo "$as_me:$LINENO: result: $LIPO" >&5
-echo "${ECHO_T}$LIPO" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+$as_echo "$LIPO" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -6002,10 +7173,10 @@ if test -z "$ac_cv_prog_LIPO"; then
ac_ct_LIPO=$LIPO
# Extract the first word of "lipo", so it can be a program name with args.
set dummy lipo; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_LIPO+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_LIPO"; then
ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
@@ -6015,25 +7186,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_LIPO="lipo"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
if test -n "$ac_ct_LIPO"; then
- { echo "$as_me:$LINENO: result: $ac_ct_LIPO" >&5
-echo "${ECHO_T}$ac_ct_LIPO" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+$as_echo "$ac_ct_LIPO" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
if test "x$ac_ct_LIPO" = x; then
@@ -6041,12 +7212,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
LIPO=$ac_ct_LIPO
@@ -6058,10 +7225,10 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
set dummy ${ac_tool_prefix}otool; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_OTOOL+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_OTOOL+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$OTOOL"; then
ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
@@ -6071,25 +7238,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
OTOOL=$ac_cv_prog_OTOOL
if test -n "$OTOOL"; then
- { echo "$as_me:$LINENO: result: $OTOOL" >&5
-echo "${ECHO_T}$OTOOL" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+$as_echo "$OTOOL" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -6098,10 +7265,10 @@ if test -z "$ac_cv_prog_OTOOL"; then
ac_ct_OTOOL=$OTOOL
# Extract the first word of "otool", so it can be a program name with args.
set dummy otool; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_OTOOL+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OTOOL"; then
ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
@@ -6111,25 +7278,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OTOOL="otool"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
if test -n "$ac_ct_OTOOL"; then
- { echo "$as_me:$LINENO: result: $ac_ct_OTOOL" >&5
-echo "${ECHO_T}$ac_ct_OTOOL" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+$as_echo "$ac_ct_OTOOL" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
if test "x$ac_ct_OTOOL" = x; then
@@ -6137,12 +7304,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
OTOOL=$ac_ct_OTOOL
@@ -6154,10 +7317,10 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
set dummy ${ac_tool_prefix}otool64; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_OTOOL64+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_OTOOL64+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$OTOOL64"; then
ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
@@ -6167,25 +7330,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
OTOOL64=$ac_cv_prog_OTOOL64
if test -n "$OTOOL64"; then
- { echo "$as_me:$LINENO: result: $OTOOL64" >&5
-echo "${ECHO_T}$OTOOL64" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+$as_echo "$OTOOL64" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -6194,10 +7357,10 @@ if test -z "$ac_cv_prog_OTOOL64"; then
ac_ct_OTOOL64=$OTOOL64
# Extract the first word of "otool64", so it can be a program name with args.
set dummy otool64; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OTOOL64"; then
ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
@@ -6207,25 +7370,25 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OTOOL64="otool64"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
fi
fi
ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
if test -n "$ac_ct_OTOOL64"; then
- { echo "$as_me:$LINENO: result: $ac_ct_OTOOL64" >&5
-echo "${ECHO_T}$ac_ct_OTOOL64" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+$as_echo "$ac_ct_OTOOL64" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
if test "x$ac_ct_OTOOL64" = x; then
@@ -6233,12 +7396,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
OTOOL64=$ac_ct_OTOOL64
@@ -6273,10 +7432,10 @@ fi
- { echo "$as_me:$LINENO: checking for -single_module linker flag" >&5
-echo $ECHO_N "checking for -single_module linker flag... $ECHO_C" >&6; }
-if test "${lt_cv_apple_cc_single_mod+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+$as_echo_n "checking for -single_module linker flag... " >&6; }
+if ${lt_cv_apple_cc_single_mod+:} false; then :
+ $as_echo_n "(cached) " >&6
else
lt_cv_apple_cc_single_mod=no
if test -z "${LT_MULTI_MODULE}"; then
@@ -6291,7 +7450,13 @@ else
$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-dynamiclib -Wl,-single_module conftest.c 2>conftest.err
_lt_result=$?
- if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ # If there is a non-empty error log, and "single_module"
+ # appears in it, assume the flag caused a linker warning
+ if test -s conftest.err && $GREP single_module conftest.err; then
+ cat conftest.err >&5
+ # Otherwise, if the output was created with a 0 exit code from
+ # the compiler, it worked.
+ elif test -f libconftest.dylib && test $_lt_result -eq 0; then
lt_cv_apple_cc_single_mod=yes
else
cat conftest.err >&5
@@ -6300,22 +7465,19 @@ else
rm -f conftest.*
fi
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_apple_cc_single_mod" >&5
-echo "${ECHO_T}$lt_cv_apple_cc_single_mod" >&6; }
- { echo "$as_me:$LINENO: checking for -exported_symbols_list linker flag" >&5
-echo $ECHO_N "checking for -exported_symbols_list linker flag... $ECHO_C" >&6; }
-if test "${lt_cv_ld_exported_symbols_list+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
+if ${lt_cv_ld_exported_symbols_list+:} false; then :
+ $as_echo_n "(cached) " >&6
else
lt_cv_ld_exported_symbols_list=no
save_LDFLAGS=$LDFLAGS
echo "_main" > conftest.sym
LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -6326,39 +7488,53 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
+if ac_fn_c_try_link "$LINENO"; then :
lt_cv_ld_exported_symbols_list=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ lt_cv_ld_exported_symbols_list=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS="$save_LDFLAGS"
- lt_cv_ld_exported_symbols_list=no
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS="$save_LDFLAGS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
+$as_echo_n "checking for -force_load linker flag... " >&6; }
+if ${lt_cv_ld_force_load+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_ld_force_load=no
+ cat > conftest.c << _LT_EOF
+int forced_loaded() { return 2;}
+_LT_EOF
+ echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
+ $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
+ echo "$AR cru libconftest.a conftest.o" >&5
+ $AR cru libconftest.a conftest.o 2>&5
+ echo "$RANLIB libconftest.a" >&5
+ $RANLIB libconftest.a 2>&5
+ cat > conftest.c << _LT_EOF
+int main() { return 0;}
+_LT_EOF
+ echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
+ $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
+ _lt_result=$?
+ if test -s conftest.err && $GREP force_load conftest.err; then
+ cat conftest.err >&5
+ elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then
+ lt_cv_ld_force_load=yes
+ else
+ cat conftest.err >&5
+ fi
+ rm -f conftest.err libconftest.a conftest conftest.c
+ rm -rf conftest.dSYM
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_ld_exported_symbols_list" >&5
-echo "${ECHO_T}$lt_cv_ld_exported_symbols_list" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
+$as_echo "$lt_cv_ld_force_load" >&6; }
case $host_os in
rhapsody* | darwin1.[012])
_lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
@@ -6386,7 +7562,7 @@ echo "${ECHO_T}$lt_cv_ld_exported_symbols_list" >&6; }
else
_lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
fi
- if test "$DSYMUTIL" != ":"; then
+ if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then
_lt_dsymutil='~$DSYMUTIL $lib || :'
else
_lt_dsymutil=
@@ -6399,15 +7575,15 @@ ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
-echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
# On Suns, sometimes $CPP names a directory.
if test -n "$CPP" && test -d "$CPP"; then
CPP=
fi
if test -z "$CPP"; then
- if test "${ac_cv_prog_CPP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ if ${ac_cv_prog_CPP+:} false; then :
+ $as_echo_n "(cached) " >&6
else
# Double quotes because CPP needs to be expanded
for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
@@ -6421,11 +7597,7 @@ do
# <limits.h> exists even on freestanding compilers.
# On the NeXT, cc -E runs the code through the compiler's parser,
# not just through cpp. "Syntax error" is here to catch this case.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifdef __STDC__
# include <limits.h>
@@ -6434,76 +7606,34 @@ cat >>conftest.$ac_ext <<_ACEOF
#endif
Syntax error
_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- :
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+if ac_fn_c_try_cpp "$LINENO"; then :
+else
# Broken: fails on valid input.
continue
fi
-
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest.err conftest.i conftest.$ac_ext
# OK, works on sane cases. Now check whether nonexistent headers
# can be detected and how.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <ac_nonexistent.h>
_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
+if ac_fn_c_try_cpp "$LINENO"; then :
# Broken: success on invalid input.
continue
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
# Passes both tests.
ac_preproc_ok=:
break
fi
-
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest.err conftest.i conftest.$ac_ext
done
# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
break
fi
@@ -6515,8 +7645,8 @@ fi
else
ac_cv_prog_CPP=$CPP
fi
-{ echo "$as_me:$LINENO: result: $CPP" >&5
-echo "${ECHO_T}$CPP" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
ac_preproc_ok=false
for ac_c_preproc_warn_flag in '' yes
do
@@ -6526,11 +7656,7 @@ do
# <limits.h> exists even on freestanding compilers.
# On the NeXT, cc -E runs the code through the compiler's parser,
# not just through cpp. "Syntax error" is here to catch this case.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifdef __STDC__
# include <limits.h>
@@ -6539,83 +7665,40 @@ cat >>conftest.$ac_ext <<_ACEOF
#endif
Syntax error
_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- :
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+if ac_fn_c_try_cpp "$LINENO"; then :
+else
# Broken: fails on valid input.
continue
fi
-
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest.err conftest.i conftest.$ac_ext
# OK, works on sane cases. Now check whether nonexistent headers
# can be detected and how.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <ac_nonexistent.h>
_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
+if ac_fn_c_try_cpp "$LINENO"; then :
# Broken: success on invalid input.
continue
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
# Passes both tests.
ac_preproc_ok=:
break
fi
-
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest.err conftest.i conftest.$ac_ext
done
# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
- :
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
else
- { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details." >&5
-echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
fi
ac_ext=c
@@ -6625,16 +7708,12 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; }
-if test "${ac_cv_header_stdc+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdlib.h>
#include <stdarg.h>
@@ -6649,47 +7728,23 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
+if ac_fn_c_try_compile "$LINENO"; then :
ac_cv_header_stdc=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_header_stdc=no
+ ac_cv_header_stdc=no
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
if test $ac_cv_header_stdc = yes; then
# SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <string.h>
_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "memchr" >/dev/null 2>&1; then
- :
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
else
ac_cv_header_stdc=no
fi
@@ -6699,18 +7754,14 @@ fi
if test $ac_cv_header_stdc = yes; then
# ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdlib.h>
_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "free" >/dev/null 2>&1; then
- :
+ $EGREP "free" >/dev/null 2>&1; then :
+
else
ac_cv_header_stdc=no
fi
@@ -6720,14 +7771,10 @@ fi
if test $ac_cv_header_stdc = yes; then
# /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then
+ if test "$cross_compiling" = yes; then :
:
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <ctype.h>
#include <stdlib.h>
@@ -6754,113 +7801,35 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- :
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+if ac_fn_c_try_run "$LINENO"; then :
-( exit $ac_status )
-ac_cv_header_stdc=no
+else
+ ac_cv_header_stdc=no
fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-
fi
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
-echo "${ECHO_T}$ac_cv_header_stdc" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
if test $ac_cv_header_stdc = yes; then
-cat >>confdefs.h <<\_ACEOF
-#define STDC_HEADERS 1
-_ACEOF
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
fi
# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-
-
-
-
-
-
-
-
-
for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
inttypes.h stdint.h unistd.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- eval "$as_ac_Header=yes"
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
@@ -6868,58 +7837,13 @@ fi
done
-
for ac_header in dlfcn.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- eval "$as_ac_Header=yes"
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
+do :
+ ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_dlfcn_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+#define HAVE_DLFCN_H 1
_ACEOF
fi
@@ -6928,6 +7852,8 @@ done
+
+
# Set options
@@ -6939,7 +7865,7 @@ done
# Check whether --enable-shared was given.
-if test "${enable_shared+set}" = set; then
+if test "${enable_shared+set}" = set; then :
enableval=$enable_shared; p=${PACKAGE-default}
case $enableval in
yes) enable_shared=yes ;;
@@ -6972,8 +7898,23 @@ fi
# Check whether --with-pic was given.
-if test "${with_pic+set}" = set; then
- withval=$with_pic; pic_mode="$withval"
+if test "${with_pic+set}" = set; then :
+ withval=$with_pic; lt_p=${PACKAGE-default}
+ case $withval in
+ yes|no) pic_mode=$withval ;;
+ *)
+ pic_mode=default
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for lt_pkg in $withval; do
+ IFS="$lt_save_ifs"
+ if test "X$lt_pkg" = "X$lt_p"; then
+ pic_mode=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
else
pic_mode=default
fi
@@ -6988,7 +7929,7 @@ test -z "$pic_mode" && pic_mode=default
# Check whether --enable-fast-install was given.
-if test "${enable_fast_install+set}" = set; then
+if test "${enable_fast_install+set}" = set; then :
enableval=$enable_fast_install; p=${PACKAGE-default}
case $enableval in
yes) enable_fast_install=yes ;;
@@ -7050,6 +7991,11 @@ LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+
+
+
+
test -z "$LN_S" && LN_S="ln -s"
@@ -7069,10 +8015,10 @@ if test -n "${ZSH_VERSION+set}" ; then
setopt NO_GLOB_SUBST
fi
-{ echo "$as_me:$LINENO: checking for objdir" >&5
-echo $ECHO_N "checking for objdir... $ECHO_C" >&6; }
-if test "${lt_cv_objdir+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+$as_echo_n "checking for objdir... " >&6; }
+if ${lt_cv_objdir+:} false; then :
+ $as_echo_n "(cached) " >&6
else
rm -f .libs 2>/dev/null
mkdir .libs 2>/dev/null
@@ -7084,8 +8030,8 @@ else
fi
rmdir .libs 2>/dev/null
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5
-echo "${ECHO_T}$lt_cv_objdir" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+$as_echo "$lt_cv_objdir" >&6; }
objdir=$lt_cv_objdir
@@ -7099,19 +8045,6 @@ _ACEOF
-
-
-
-
-
-
-
-
-
-
-
-
-
case $host_os in
aix3*)
# AIX sometimes has problems with the GCC collect2 program. For some
@@ -7124,23 +8057,6 @@ aix3*)
;;
esac
-# Sed substitution that helps us do robust quoting. It backslashifies
-# metacharacters that are still active within double-quoted strings.
-sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\(["`\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-
# Global variables:
ofile=libtool
can_build_shared=yes
@@ -7169,7 +8085,7 @@ for cc_temp in $compiler""; do
*) break;;
esac
done
-cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
# Only perform the check for file, if the check method requires it
@@ -7177,10 +8093,10 @@ test -z "$MAGIC_CMD" && MAGIC_CMD=file
case $deplibs_check_method in
file_magic*)
if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- { echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5
-echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6; }
-if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
+if ${lt_cv_path_MAGIC_CMD+:} false; then :
+ $as_echo_n "(cached) " >&6
else
case $MAGIC_CMD in
[\\/*] | ?:[\\/]*)
@@ -7230,11 +8146,11 @@ fi
MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
if test -n "$MAGIC_CMD"; then
- { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
-echo "${ECHO_T}$MAGIC_CMD" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -7243,10 +8159,10 @@ fi
if test -z "$lt_cv_path_MAGIC_CMD"; then
if test -n "$ac_tool_prefix"; then
- { echo "$as_me:$LINENO: checking for file" >&5
-echo $ECHO_N "checking for file... $ECHO_C" >&6; }
-if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+$as_echo_n "checking for file... " >&6; }
+if ${lt_cv_path_MAGIC_CMD+:} false; then :
+ $as_echo_n "(cached) " >&6
else
case $MAGIC_CMD in
[\\/*] | ?:[\\/]*)
@@ -7296,11 +8212,11 @@ fi
MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
if test -n "$MAGIC_CMD"; then
- { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
-echo "${ECHO_T}$MAGIC_CMD" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -7378,12 +8294,17 @@ if test -n "$compiler"; then
lt_prog_compiler_no_builtin_flag=
if test "$GCC" = yes; then
- lt_prog_compiler_no_builtin_flag=' -fno-builtin'
+ case $cc_basename in
+ nvcc*)
+ lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;;
+ *)
+ lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;;
+ esac
- { echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; }
-if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then :
+ $as_echo_n "(cached) " >&6
else
lt_cv_prog_compiler_rtti_exceptions=no
ac_outfile=conftest.$ac_objext
@@ -7398,15 +8319,15 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7401: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7405: \$? = $ac_status" >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
$SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
lt_cv_prog_compiler_rtti_exceptions=yes
@@ -7415,8 +8336,8 @@ else
$RM conftest*
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
@@ -7435,8 +8356,6 @@ fi
lt_prog_compiler_pic=
lt_prog_compiler_static=
-{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
-echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
if test "$GCC" = yes; then
lt_prog_compiler_wl='-Wl,'
@@ -7470,7 +8389,7 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
# PIC is the default for these OSes.
;;
- mingw* | cygwin* | pw32* | os2*)
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
# This hack is so that the source file can tell whether it is being
# built for inclusion in a dll (and should export symbols for example).
# Although the cygwin gcc ignores -fPIC, still need this for old-style
@@ -7484,11 +8403,18 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
lt_prog_compiler_pic='-fno-common'
;;
+ haiku*)
+ # PIC is the default for Haiku.
+ # The "-static" flag exists, but is broken.
+ lt_prog_compiler_static=
+ ;;
+
hpux*)
- # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
- # not for PA HP-UX.
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
case $host_cpu in
- hppa*64*|ia64*)
+ hppa*64*)
# +Z the default
;;
*)
@@ -7525,6 +8451,15 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
lt_prog_compiler_pic='-fPIC'
;;
esac
+
+ case $cc_basename in
+ nvcc*) # Cuda Compiler Driver 2.2
+ lt_prog_compiler_wl='-Xlinker '
+ if test -n "$lt_prog_compiler_pic"; then
+ lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
+ fi
+ ;;
+ esac
else
# PORTME Check for flag to pass linker flags through the system compiler.
case $host_os in
@@ -7538,7 +8473,7 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
fi
;;
- mingw* | cygwin* | pw32* | os2*)
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
# This hack is so that the source file can tell whether it is being
# built for inclusion in a dll (and should export symbols for example).
lt_prog_compiler_pic='-DDLL_EXPORT'
@@ -7566,14 +8501,34 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
lt_prog_compiler_static='-non_shared'
;;
- linux* | k*bsd*-gnu)
+ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
case $cc_basename in
- icc* | ecc* | ifort*)
+ # old Intel for x86_64 which still supported -KPIC.
+ ecc*)
lt_prog_compiler_wl='-Wl,'
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-static'
;;
- pgcc* | pgf77* | pgf90* | pgf95*)
+ # icc used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ icc* | ifort*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # Lahey Fortran 8.1.
+ lf95*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='--shared'
+ lt_prog_compiler_static='--static'
+ ;;
+ nagfor*)
+ # NAG Fortran compiler
+ lt_prog_compiler_wl='-Wl,-Wl,,'
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
# Portland Group compilers (*not* the Pentium gcc compiler,
# which looks to be a dead project)
lt_prog_compiler_wl='-Wl,'
@@ -7585,25 +8540,40 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
# All Alpha code is PIC.
lt_prog_compiler_static='-non_shared'
;;
- xl*)
- # IBM XL C 8.0/Fortran 10.1 on PPC
+ xl* | bgxl* | bgf* | mpixl*)
+ # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
lt_prog_compiler_wl='-Wl,'
lt_prog_compiler_pic='-qpic'
lt_prog_compiler_static='-qstaticlink'
;;
*)
case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
+ # Sun Fortran 8.3 passes all unrecognized flags to the linker
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl=''
+ ;;
+ *Sun\ F* | *Sun*Fortran*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl='-Qoption ld '
+ ;;
*Sun\ C*)
# Sun C 5.9
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-Bstatic'
lt_prog_compiler_wl='-Wl,'
;;
- *Sun\ F*)
- # Sun Fortran 8.3 passes all unrecognized flags to the linker
- lt_prog_compiler_pic='-KPIC'
+ *Intel*\ [CF]*Compiler*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ *Portland\ Group*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl=''
;;
esac
;;
@@ -7635,7 +8605,7 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-Bstatic'
case $cc_basename in
- f77* | f90* | f95*)
+ f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
lt_prog_compiler_wl='-Qoption ld ';;
*)
lt_prog_compiler_wl='-Wl,';;
@@ -7692,22 +8662,26 @@ case $host_os in
lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
;;
esac
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5
-echo "${ECHO_T}$lt_prog_compiler_pic" >&6; }
-
-
-
-
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+if ${lt_cv_prog_compiler_pic+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
+$as_echo "$lt_cv_prog_compiler_pic" >&6; }
+lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
#
# Check to make sure the PIC flag actually works.
#
if test -n "$lt_prog_compiler_pic"; then
- { echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic works... $ECHO_C" >&6; }
-if test "${lt_cv_prog_compiler_pic_works+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if ${lt_cv_prog_compiler_pic_works+:} false; then :
+ $as_echo_n "(cached) " >&6
else
lt_cv_prog_compiler_pic_works=no
ac_outfile=conftest.$ac_objext
@@ -7722,15 +8696,15 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7725: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7729: \$? = $ac_status" >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
$SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
lt_cv_prog_compiler_pic_works=yes
@@ -7739,8 +8713,8 @@ else
$RM conftest*
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_pic_works" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_pic_works" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
if test x"$lt_cv_prog_compiler_pic_works" = xyes; then
case $lt_prog_compiler_pic in
@@ -7759,14 +8733,19 @@ fi
+
+
+
+
+
#
# Check to make sure the static flag actually works.
#
wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
-{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; }
-if test "${lt_cv_prog_compiler_static_works+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if ${lt_cv_prog_compiler_static_works+:} false; then :
+ $as_echo_n "(cached) " >&6
else
lt_cv_prog_compiler_static_works=no
save_LDFLAGS="$LDFLAGS"
@@ -7778,7 +8757,7 @@ else
if test -s conftest.err; then
# Append any errors to the config.log.
cat conftest.err 1>&5
- $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
$SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
if diff conftest.exp conftest.er2 >/dev/null; then
lt_cv_prog_compiler_static_works=yes
@@ -7791,8 +8770,8 @@ else
LDFLAGS="$save_LDFLAGS"
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_static_works" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_static_works" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
if test x"$lt_cv_prog_compiler_static_works" = xyes; then
:
@@ -7806,10 +8785,10 @@ fi
- { echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
-echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; }
-if test "${lt_cv_prog_compiler_c_o+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if ${lt_cv_prog_compiler_c_o+:} false; then :
+ $as_echo_n "(cached) " >&6
else
lt_cv_prog_compiler_c_o=no
$RM -r conftest 2>/dev/null
@@ -7827,16 +8806,16 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7830: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:7834: \$? = $ac_status" >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
$SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
lt_cv_prog_compiler_c_o=yes
@@ -7853,18 +8832,18 @@ else
$RM conftest*
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
- { echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
-echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; }
-if test "${lt_cv_prog_compiler_c_o+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if ${lt_cv_prog_compiler_c_o+:} false; then :
+ $as_echo_n "(cached) " >&6
else
lt_cv_prog_compiler_c_o=no
$RM -r conftest 2>/dev/null
@@ -7882,16 +8861,16 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7885: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:7889: \$? = $ac_status" >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
$SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
lt_cv_prog_compiler_c_o=yes
@@ -7908,8 +8887,8 @@ else
$RM conftest*
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
@@ -7917,19 +8896,19 @@ echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6; }
hard_links="nottested"
if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
# do not overwrite the value of need_locks provided by the user
- { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
-echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
hard_links=yes
$RM conftest*
ln conftest.a conftest.b 2>/dev/null && hard_links=no
touch conftest.a
ln conftest.a conftest.b 2>&5 || hard_links=no
ln conftest.a conftest.b 2>/dev/null && hard_links=no
- { echo "$as_me:$LINENO: result: $hard_links" >&5
-echo "${ECHO_T}$hard_links" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
if test "$hard_links" = no; then
- { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
-echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
need_locks=warn
fi
else
@@ -7941,8 +8920,8 @@ fi
- { echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
runpath_var=
allow_undefined_flag=
@@ -7957,7 +8936,6 @@ echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared librar
hardcode_direct=no
hardcode_direct_absolute=no
hardcode_libdir_flag_spec=
- hardcode_libdir_flag_spec_ld=
hardcode_libdir_separator=
hardcode_minus_L=no
hardcode_shlibpath_var=unsupported
@@ -7986,7 +8964,7 @@ echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared librar
extract_expsyms_cmds=
case $host_os in
- cygwin* | mingw* | pw32*)
+ cygwin* | mingw* | pw32* | cegcc*)
# FIXME: the MSVC++ port hasn't been tested in a loooong time
# When not using gcc, we currently assume that we are using
# Microsoft Visual C++.
@@ -8001,10 +8979,39 @@ echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared librar
openbsd*)
with_gnu_ld=no
;;
+ linux* | k*bsd*-gnu | gnu*)
+ link_all_deplibs=no
+ ;;
esac
ld_shlibs=yes
+
+ # On some targets, GNU ld is compatible enough with the native linker
+ # that we're better off using the native interface for both.
+ lt_use_gnu_ld_interface=no
if test "$with_gnu_ld" = yes; then
+ case $host_os in
+ aix*)
+ # The AIX port of GNU ld has always aspired to compatibility
+ # with the native linker. However, as the warning in the GNU ld
+ # block says, versions before 2.19.5* couldn't really create working
+ # shared libraries, regardless of the interface used.
+ case `$LD -v 2>&1` in
+ *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
+ *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;;
+ *\ \(GNU\ Binutils\)\ [3-9]*) ;;
+ *)
+ lt_use_gnu_ld_interface=yes
+ ;;
+ esac
+ ;;
+ *)
+ lt_use_gnu_ld_interface=yes
+ ;;
+ esac
+ fi
+
+ if test "$lt_use_gnu_ld_interface" = yes; then
# If archive_cmds runs LD, not CC, wlarc should be empty
wlarc='${wl}'
@@ -8022,6 +9029,7 @@ echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared librar
fi
supports_anon_versioning=no
case `$LD -v 2>&1` in
+ *GNU\ gold*) supports_anon_versioning=yes ;;
*\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
*\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
*\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
@@ -8037,11 +9045,12 @@ echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared librar
ld_shlibs=no
cat <<_LT_EOF 1>&2
-*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** Warning: the GNU linker, at least up to release 2.19, is reported
*** to be unable to reliably create shared libraries on AIX.
*** Therefore, libtool is disabling shared libraries support. If you
-*** really care for shared libraries, you may want to modify your PATH
-*** so that a non-GNU linker is found, and then restart.
+*** really care for shared libraries, you may want to install binutils
+*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
+*** You will then need to restart the configuration process.
_LT_EOF
fi
@@ -8073,14 +9082,16 @@ _LT_EOF
fi
;;
- cygwin* | mingw* | pw32*)
+ cygwin* | mingw* | pw32* | cegcc*)
# _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
# as there is no search path for DLLs.
hardcode_libdir_flag_spec='-L$libdir'
+ export_dynamic_flag_spec='${wl}--export-all-symbols'
allow_undefined_flag=unsupported
always_export_symbols=no
enable_shared_with_static_runtimes=yes
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
+ exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'
if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
@@ -8098,6 +9109,11 @@ _LT_EOF
fi
;;
+ haiku*)
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ link_all_deplibs=yes
+ ;;
+
interix[3-9]*)
hardcode_direct=no
hardcode_shlibpath_var=no
@@ -8113,7 +9129,7 @@ _LT_EOF
archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
;;
- gnu* | linux* | tpf* | k*bsd*-gnu)
+ gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
tmp_diet=no
if test "$host_os" = linux-dietlibc; then
case $cc_basename in
@@ -8123,15 +9139,16 @@ _LT_EOF
if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
&& test "$tmp_diet" = no
then
- tmp_addflag=
+ tmp_addflag=' $pic_flag'
tmp_sharedflag='-shared'
case $cc_basename,$host_cpu in
pgcc*) # Portland Group C compiler
- whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
tmp_addflag=' $pic_flag'
;;
- pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
- whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ pgf77* | pgf90* | pgf95* | pgfortran*)
+ # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
tmp_addflag=' $pic_flag -Mnomain' ;;
ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
tmp_addflag=' -i_dynamic' ;;
@@ -8139,13 +9156,20 @@ _LT_EOF
tmp_addflag=' -i_dynamic -nofor_main' ;;
ifc* | ifort*) # Intel Fortran compiler
tmp_addflag=' -nofor_main' ;;
- xl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+ lf95*) # Lahey Fortran 8.1
+ whole_archive_flag_spec=
+ tmp_sharedflag='--shared' ;;
+ xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
tmp_sharedflag='-qmkshrobj'
tmp_addflag= ;;
+ nvcc*) # Cuda Compiler Driver 2.2
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ compiler_needs_object=yes
+ ;;
esac
case `$CC -V 2>&1 | sed 5q` in
*Sun\ C*) # Sun C 5.9
- whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
compiler_needs_object=yes
tmp_sharedflag='-G' ;;
*Sun\ F*) # Sun Fortran 8.3
@@ -8161,17 +9185,16 @@ _LT_EOF
fi
case $cc_basename in
- xlf*)
+ xlf* | bgf* | bgxlf* | mpixlf*)
# IBM XL Fortran 10.1 on PPC cannot create shared libs itself
whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
- hardcode_libdir_flag_spec=
- hardcode_libdir_flag_spec_ld='-rpath $libdir'
- archive_cmds='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
if test "x$supports_anon_versioning" = xyes; then
archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
fi
;;
esac
@@ -8180,13 +9203,13 @@ _LT_EOF
fi
;;
- netbsd*)
+ netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
wlarc=
else
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
fi
;;
@@ -8204,8 +9227,8 @@ _LT_EOF
_LT_EOF
elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
else
ld_shlibs=no
fi
@@ -8251,8 +9274,8 @@ _LT_EOF
*)
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
else
ld_shlibs=no
fi
@@ -8292,8 +9315,10 @@ _LT_EOF
else
# If we're using GNU nm, then we don't want the "-C" option.
# -C means demangle to AIX nm, but means don't demangle with GNU nm
+ # Also, AIX nm treats weak defined symbols like other global
+ # defined symbols, whereas GNU nm marks them as "W".
if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
else
export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
fi
@@ -8355,6 +9380,7 @@ _LT_EOF
if test "$aix_use_runtimelinking" = yes; then
shared_flag="$shared_flag "'${wl}-G'
fi
+ link_all_deplibs=no
else
# not using gcc
if test "$host_cpu" = ia64; then
@@ -8370,6 +9396,7 @@ _LT_EOF
fi
fi
+ export_dynamic_flag_spec='${wl}-bexpall'
# It seems that -bexpall does not export symbols beginning with
# underscore (_), so it is better to generate a list of symbols to export.
always_export_symbols=yes
@@ -8379,11 +9406,13 @@ _LT_EOF
allow_undefined_flag='-berok'
# Determine the default libpath from the value encoded in an
# empty executable.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ if test "${lt_cv_aix_libpath+set}" = set; then
+ aix_libpath=$lt_cv_aix_libpath
+else
+ if ${lt_cv_aix_libpath_+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -8394,50 +9423,34 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
-
-lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\(.*\)$/\1/
- p
- }
- }'
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then
- aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-fi
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+if ac_fn_c_try_link "$LINENO"; then :
+ lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\([^ ]*\) *$/\1/
+ p
+ }
+ }'
+ lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+ # Check for a 64-bit object if we didn't find anything.
+ if test -z "$lt_cv_aix_libpath_"; then
+ lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+ fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ if test -z "$lt_cv_aix_libpath_"; then
+ lt_cv_aix_libpath_="/usr/lib:/lib"
+ fi
fi
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+ aix_libpath=$lt_cv_aix_libpath_
+fi
hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
- archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
else
if test "$host_cpu" = ia64; then
hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
@@ -8446,11 +9459,13 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
else
# Determine the default libpath from the value encoded in an
# empty executable.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ if test "${lt_cv_aix_libpath+set}" = set; then
+ aix_libpath=$lt_cv_aix_libpath
+else
+ if ${lt_cv_aix_libpath_+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -8461,55 +9476,44 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
-
-lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\(.*\)$/\1/
- p
- }
- }'
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then
- aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-fi
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+if ac_fn_c_try_link "$LINENO"; then :
+ lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\([^ ]*\) *$/\1/
+ p
+ }
+ }'
+ lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+ # Check for a 64-bit object if we didn't find anything.
+ if test -z "$lt_cv_aix_libpath_"; then
+ lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+ fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ if test -z "$lt_cv_aix_libpath_"; then
+ lt_cv_aix_libpath_="/usr/lib:/lib"
+ fi
fi
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+ aix_libpath=$lt_cv_aix_libpath_
+fi
hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
# Warning - without using the other run time loading flags,
# -berok will link without error, but may produce a broken library.
no_undefined_flag=' ${wl}-bernotok'
allow_undefined_flag=' ${wl}-berok'
- # Exported symbols can be pulled into shared objects from archives
- whole_archive_flag_spec='$convenience'
+ if test "$with_gnu_ld" = yes; then
+ # We only use this code for GNU lds that support --whole-archive.
+ whole_archive_flag_spec='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ else
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec='$convenience'
+ fi
archive_cmds_need_lc=yes
# This is similar to how AIX traditionally builds its shared libraries.
archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
@@ -8536,25 +9540,69 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
export_dynamic_flag_spec=-rdynamic
;;
- cygwin* | mingw* | pw32*)
+ cygwin* | mingw* | pw32* | cegcc*)
# When not using gcc, we currently assume that we are using
# Microsoft Visual C++.
# hardcode_libdir_flag_spec is actually meaningless, as there is
# no search path for DLLs.
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=".dll"
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
- # The linker will automatically build a .lib file if we build a DLL.
- old_archive_from_new_cmds='true'
- # FIXME: Should let the user specify the lib program.
- old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
- fix_srcfile_path='`cygpath -w "$srcfile"`'
- enable_shared_with_static_runtimes=yes
+ case $cc_basename in
+ cl*)
+ # Native MSVC
+ hardcode_libdir_flag_spec=' '
+ allow_undefined_flag=unsupported
+ always_export_symbols=yes
+ file_list_spec='@'
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames='
+ archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp;
+ else
+ sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp;
+ fi~
+ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+ linknames='
+ # The linker will not automatically build a static lib if we build a DLL.
+ # _LT_TAGVAR(old_archive_from_new_cmds, )='true'
+ enable_shared_with_static_runtimes=yes
+ exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
+ # Don't use ranlib
+ old_postinstall_cmds='chmod 644 $oldlib'
+ postlink_cmds='lt_outputfile="@OUTPUT@"~
+ lt_tool_outputfile="@TOOL_OUTPUT@"~
+ case $lt_outputfile in
+ *.exe|*.EXE) ;;
+ *)
+ lt_outputfile="$lt_outputfile.exe"
+ lt_tool_outputfile="$lt_tool_outputfile.exe"
+ ;;
+ esac~
+ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then
+ $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
+ $RM "$lt_outputfile.manifest";
+ fi'
+ ;;
+ *)
+ # Assume MSVC wrapper
+ hardcode_libdir_flag_spec=' '
+ allow_undefined_flag=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_from_new_cmds='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
+ enable_shared_with_static_runtimes=yes
+ ;;
+ esac
;;
darwin* | rhapsody*)
@@ -8564,11 +9612,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
hardcode_direct=no
hardcode_automatic=yes
hardcode_shlibpath_var=unsupported
- whole_archive_flag_spec=''
+ if test "$lt_cv_ld_force_load" = "yes"; then
+ whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+
+ else
+ whole_archive_flag_spec=''
+ fi
link_all_deplibs=yes
allow_undefined_flag="$_lt_dar_allow_undefined"
- if test "$GCC" = "yes"; then
- output_verbose_link_cmd=echo
+ case $cc_basename in
+ ifort*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test "$_lt_dar_can_shared" = "yes"; then
+ output_verbose_link_cmd=func_echo_all
archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
@@ -8586,10 +9643,6 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
hardcode_shlibpath_var=no
;;
- freebsd1*)
- ld_shlibs=no
- ;;
-
# FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
# support. Future versions do this automatically, but an explicit c++rt0.o
# does not break anything, and helps significantly (at the cost of a little
@@ -8602,7 +9655,7 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
;;
# Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2*)
+ freebsd2.*)
archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
hardcode_direct=yes
hardcode_minus_L=yes
@@ -8611,7 +9664,7 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
# FreeBSD 3 and greater uses gcc -shared to do shared libraries.
freebsd* | dragonfly*)
- archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
hardcode_libdir_flag_spec='-R$libdir'
hardcode_direct=yes
hardcode_shlibpath_var=no
@@ -8619,7 +9672,7 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
hpux9*)
if test "$GCC" = yes; then
- archive_cmds='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
else
archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
fi
@@ -8634,14 +9687,13 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
;;
hpux10*)
- if test "$GCC" = yes -a "$with_gnu_ld" = no; then
- archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ if test "$GCC" = yes && test "$with_gnu_ld" = no; then
+ archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
else
archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
fi
if test "$with_gnu_ld" = no; then
hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
- hardcode_libdir_flag_spec_ld='+b $libdir'
hardcode_libdir_separator=:
hardcode_direct=yes
hardcode_direct_absolute=yes
@@ -8653,16 +9705,16 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
;;
hpux11*)
- if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ if test "$GCC" = yes && test "$with_gnu_ld" = no; then
case $host_cpu in
hppa*64*)
archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
;;
ia64*)
- archive_cmds='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
;;
*)
- archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
;;
esac
else
@@ -8674,7 +9726,46 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
;;
*)
- archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+
+ # Older versions of the 11.00 compiler do not understand -b yet
+ # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
+$as_echo_n "checking if $CC understands -b... " >&6; }
+if ${lt_cv_prog_compiler__b+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler__b=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -b"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler__b=yes
+ fi
+ else
+ lt_cv_prog_compiler__b=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
+$as_echo "$lt_cv_prog_compiler__b" >&6; }
+
+if test x"$lt_cv_prog_compiler__b" = xyes; then
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+else
+ archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+fi
+
;;
esac
fi
@@ -8702,48 +9793,39 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
irix5* | irix6* | nonstopux*)
if test "$GCC" = yes; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
# Try to use the -exported_symbol ld option, if it does not
# work, assume that -exports_file does not work either and
# implicitly export all symbols.
- save_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
- cat >conftest.$ac_ext <<_ACEOF
-int foo(void) {}
+ # This should be the same for all languages, so no per-tag cache variable.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
+$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
+if ${lt_cv_irix_exported_symbol+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int foo (void) { return 0; }
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
-
+if ac_fn_c_try_link "$LINENO"; then :
+ lt_cv_irix_exported_symbol=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
+ lt_cv_irix_exported_symbol=no
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS="$save_LDFLAGS"
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS="$save_LDFLAGS"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
+$as_echo "$lt_cv_irix_exported_symbol" >&6; }
+ if test "$lt_cv_irix_exported_symbol" = yes; then
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+ fi
else
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
fi
archive_cmds_need_lc='no'
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
@@ -8752,7 +9834,7 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
link_all_deplibs=yes
;;
- netbsd*)
+ netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
else
@@ -8805,17 +9887,17 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
hardcode_libdir_flag_spec='-L$libdir'
hardcode_minus_L=yes
allow_undefined_flag=unsupported
- archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
;;
osf3*)
if test "$GCC" = yes; then
allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
- archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
else
allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
fi
archive_cmds_need_lc='no'
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
@@ -8825,13 +9907,13 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
osf4* | osf5*) # as osf3* with the addition of -msym flag
if test "$GCC" = yes; then
allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
- archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ archive_cmds='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
else
allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
# Both c and cxx compiler support -rpath directly
hardcode_libdir_flag_spec='-rpath $libdir'
@@ -8844,9 +9926,9 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
no_undefined_flag=' -z defs'
if test "$GCC" = yes; then
wlarc='${wl}'
- archive_cmds='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
else
case `$CC -V 2>&1` in
*"Compilers 5.0"*)
@@ -8995,8 +10077,8 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
fi
fi
-{ echo "$as_me:$LINENO: result: $ld_shlibs" >&5
-echo "${ECHO_T}$ld_shlibs" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+$as_echo "$ld_shlibs" >&6; }
test "$ld_shlibs" = no && can_build_shared=no
with_gnu_ld=$with_gnu_ld
@@ -9032,46 +10114,52 @@ x|xyes)
# Test whether the compiler implicitly links with -lc since on some
# systems, -lgcc has to come before -lc. If gcc already passes -lc
# to ld, don't add -lc before -lgcc.
- { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
-echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; }
- $RM conftest*
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+if ${lt_cv_archive_cmds_need_lc+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ $RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } 2>conftest.err; then
- soname=conftest
- lib=conftest
- libobjs=conftest.$ac_objext
- deplibs=
- wl=$lt_prog_compiler_wl
- pic_flag=$lt_prog_compiler_pic
- compiler_flags=-v
- linker_flags=-v
- verstring=
- output_objdir=.
- libname=conftest
- lt_save_allow_undefined_flag=$allow_undefined_flag
- allow_undefined_flag=
- if { (eval echo "$as_me:$LINENO: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\"") >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl
+ pic_flag=$lt_prog_compiler_pic
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag
+ allow_undefined_flag=
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
(eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
- then
- archive_cmds_need_lc=no
- else
- archive_cmds_need_lc=yes
- fi
- allow_undefined_flag=$lt_save_allow_undefined_flag
- else
- cat conftest.err 1>&5
- fi
- $RM conftest*
- { echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5
-echo "${ECHO_T}$archive_cmds_need_lc" >&6; }
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ then
+ lt_cv_archive_cmds_need_lc=no
+ else
+ lt_cv_archive_cmds_need_lc=yes
+ fi
+ allow_undefined_flag=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
+$as_echo "$lt_cv_archive_cmds_need_lc" >&6; }
+ archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc
;;
esac
fi
@@ -9229,29 +10317,31 @@ esac
-
-
-
-
-
- { echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
-echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
if test "$GCC" = yes; then
case $host_os in
darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
*) lt_awk_arg="/^libraries:/" ;;
esac
- lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
- if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+ case $host_os in
+ mingw* | cegcc*) lt_sed_strip_eq="s,=\([A-Za-z]:\),\1,g" ;;
+ *) lt_sed_strip_eq="s,=/,/,g" ;;
+ esac
+ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
+ case $lt_search_path_spec in
+ *\;*)
# if the path contains ";" then we assume it to be the separator
# otherwise default to the standard path separator (i.e. ":") - it is
# assumed that no part of a normal pathname contains ";" but that should
# okay in the real world where ";" in dirpaths is itself problematic.
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
- else
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
+ ;;
+ *)
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
+ ;;
+ esac
# Ok, now we have the path, separated by spaces, we can step through it
# and add multilib dir if necessary.
lt_tmp_lt_search_path_spec=
@@ -9264,7 +10354,7 @@ if test "$GCC" = yes; then
lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
fi
done
- lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+ lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
BEGIN {RS=" "; FS="/|\n";} {
lt_foo="";
lt_count=0;
@@ -9284,7 +10374,13 @@ BEGIN {RS=" "; FS="/|\n";} {
if (lt_foo != "") { lt_freq[lt_foo]++; }
if (lt_freq[lt_foo] == 1) { print lt_foo; }
}'`
- sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+ # AWK program above erroneously prepends '/' to C:/dos/paths
+ # for these hosts.
+ case $host_os in
+ mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
+ $SED 's,/\([A-Za-z]:\),\1,g'` ;;
+ esac
+ sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
else
sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
fi
@@ -9310,7 +10406,7 @@ need_version=unknown
case $host_os in
aix3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
shlibpath_var=LIBPATH
@@ -9319,7 +10415,7 @@ aix3*)
;;
aix[4-9]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
hardcode_into_libs=yes
@@ -9372,7 +10468,7 @@ amigaos*)
m68k)
library_names_spec='$libname.ixlibrary $libname.a'
# Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
;;
esac
;;
@@ -9384,7 +10480,7 @@ beos*)
;;
bsdi[45]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
@@ -9397,14 +10493,15 @@ bsdi[45]*)
# libtool to hard-code these into programs
;;
-cygwin* | mingw* | pw32*)
+cygwin* | mingw* | pw32* | cegcc*)
version_type=windows
shrext_cmds=".dll"
need_version=no
need_lib_prefix=no
- case $GCC,$host_os in
- yes,cygwin* | yes,mingw* | yes,pw32*)
+ case $GCC,$cc_basename in
+ yes,*)
+ # gcc
library_names_spec='$libname.dll.a'
# DLL is installed to $(libdir)/../bin by postinstall_cmds
postinstall_cmds='base_file=`basename \${file}`~
@@ -9425,36 +10522,83 @@ cygwin* | mingw* | pw32*)
cygwin*)
# Cygwin DLLs use 'cyg' prefix rather than 'lib'
soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
- sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
;;
- mingw*)
+ mingw* | cegcc*)
# MinGW DLLs use traditional 'lib' prefix
soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
- sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
- if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
- # It is most probably a Windows format PATH printed by
- # mingw gcc, but we are running on Cygwin. Gcc prints its search
- # path with ; separators, and with drive letters. We can handle the
- # drive letters (cygwin fileutils understands them), so leave them,
- # especially as we might pass files found there to a mingw objdump,
- # which wouldn't understand a cygwinified path. Ahh.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
- else
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
;;
pw32*)
# pw32 DLLs use 'pw' prefix rather than 'lib'
library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
;;
esac
+ dynamic_linker='Win32 ld.exe'
+ ;;
+
+ *,cl*)
+ # Native MSVC
+ libname_spec='$name'
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ library_names_spec='${libname}.dll.lib'
+
+ case $build_os in
+ mingw*)
+ sys_lib_search_path_spec=
+ lt_save_ifs=$IFS
+ IFS=';'
+ for lt_path in $LIB
+ do
+ IFS=$lt_save_ifs
+ # Let DOS variable expansion print the short 8.3 style file name.
+ lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
+ sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
+ done
+ IFS=$lt_save_ifs
+ # Convert to MSYS style.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
+ ;;
+ cygwin*)
+ # Convert to unix form, then to dos form, then back to unix form
+ # but this time dos style (no spaces!) so that the unix form looks
+ # like /cygdrive/c/PROGRA~1:/cygdr...
+ sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
+ sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
+ sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ ;;
+ *)
+ sys_lib_search_path_spec="$LIB"
+ if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ # FIXME: find the short name or the path components, as spaces are
+ # common. (e.g. "Program Files" -> "PROGRA~1")
+ ;;
+ esac
+
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+ dynamic_linker='Win32 link.exe'
;;
*)
+ # Assume MSVC wrapper
library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ dynamic_linker='Win32 ld.exe'
;;
esac
- dynamic_linker='Win32 ld.exe'
# FIXME: first we should search . and the directory the executable is in
shlibpath_var=PATH
;;
@@ -9475,7 +10619,7 @@ darwin* | rhapsody*)
;;
dgux*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
@@ -9483,10 +10627,6 @@ dgux*)
shlibpath_var=LD_LIBRARY_PATH
;;
-freebsd1*)
- dynamic_linker=no
- ;;
-
freebsd* | dragonfly*)
# DragonFly does not have aout. When/if they implement a new
# versioning mechanism, adjust this.
@@ -9494,7 +10634,7 @@ freebsd* | dragonfly*)
objformat=`/usr/bin/objformat`
else
case $host_os in
- freebsd[123]*) objformat=aout ;;
+ freebsd[23].*) objformat=aout ;;
*) objformat=elf ;;
esac
fi
@@ -9512,7 +10652,7 @@ freebsd* | dragonfly*)
esac
shlibpath_var=LD_LIBRARY_PATH
case $host_os in
- freebsd2*)
+ freebsd2.*)
shlibpath_overrides_runpath=yes
;;
freebsd3.[01]* | freebsdelf3.[01]*)
@@ -9531,13 +10671,16 @@ freebsd* | dragonfly*)
esac
;;
-gnu*)
- version_type=linux
+haiku*)
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
+ dynamic_linker="$host_os runtime_loader"
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_var=LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
hardcode_into_libs=yes
;;
@@ -9583,12 +10726,14 @@ hpux9* | hpux10* | hpux11*)
soname_spec='${libname}${release}${shared_ext}$major'
;;
esac
- # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
postinstall_cmds='chmod 555 $lib'
+ # or fails outright, so override atomically:
+ install_override_mode=555
;;
interix[3-9]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
@@ -9604,7 +10749,7 @@ irix5* | irix6* | nonstopux*)
nonstopux*) version_type=nonstopux ;;
*)
if test "$lt_cv_prog_gnu_ld" = yes; then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
else
version_type=irix
fi ;;
@@ -9641,9 +10786,9 @@ linux*oldld* | linux*aout* | linux*coff*)
dynamic_linker=no
;;
-# This must be Linux ELF.
-linux* | k*bsd*-gnu)
- version_type=linux
+# This must be glibc/ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -9651,16 +10796,17 @@ linux* | k*bsd*-gnu)
finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
+
# Some binutils ld are patched to set DT_RUNPATH
- save_LDFLAGS=$LDFLAGS
- save_libdir=$libdir
- eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
- LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ if ${lt_cv_shlibpath_overrides_runpath+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_shlibpath_overrides_runpath=no
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
+ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -9671,39 +10817,19 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then
- shlibpath_overrides_runpath=yes
+if ac_fn_c_try_link "$LINENO"; then :
+ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+ lt_cv_shlibpath_overrides_runpath=yes
fi
-
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
fi
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
- libdir=$save_libdir
+ shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
# This implies no fast_install, which is unacceptable.
# Some rework will be needed to allow for fast_install
@@ -9712,7 +10838,7 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
# Append ld.so.conf contents to the search path
if test -f /etc/ld.so.conf; then
- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
fi
@@ -9725,6 +10851,18 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
dynamic_linker='GNU/Linux ld.so'
;;
+netbsdelf*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='NetBSD ld.elf_so'
+ ;;
+
netbsd*)
version_type=sunos
need_lib_prefix=no
@@ -9744,7 +10882,7 @@ netbsd*)
;;
newsos6)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
@@ -9813,7 +10951,7 @@ rdos*)
;;
solaris*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -9838,7 +10976,7 @@ sunos4*)
;;
sysv4 | sysv4.3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -9862,7 +11000,7 @@ sysv4 | sysv4.3*)
sysv4*MP*)
if test -d /usr/nec ;then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
soname_spec='$libname${shared_ext}.$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -9893,17 +11031,17 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
tpf*)
# TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_name_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
;;
uts4*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -9913,8 +11051,8 @@ uts4*)
dynamic_linker=no
;;
esac
-{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5
-echo "${ECHO_T}$dynamic_linker" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
test "$dynamic_linker" = no && can_build_shared=no
variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
@@ -10015,8 +11153,13 @@ fi
- { echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
-echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; }
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
hardcode_action=
if test -n "$hardcode_libdir_flag_spec" ||
test -n "$runpath_var" ||
@@ -10040,8 +11183,8 @@ else
# directories.
hardcode_action=unsupported
fi
-{ echo "$as_me:$LINENO: result: $hardcode_action" >&5
-echo "${ECHO_T}$hardcode_action" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+$as_echo "$hardcode_action" >&6; }
if test "$hardcode_action" = relink ||
test "$inherit_rpath" = yes; then
@@ -10073,7 +11216,7 @@ else
lt_cv_dlopen_self=yes
;;
- mingw* | pw32*)
+ mingw* | pw32* | cegcc*)
lt_cv_dlopen="LoadLibrary"
lt_cv_dlopen_libs=
;;
@@ -10085,18 +11228,14 @@ else
darwin*)
# if libdl is installed we need to link against it
- { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
-echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; }
-if test "${ac_cv_lib_dl_dlopen+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if ${ac_cv_lib_dl_dlopen+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldl $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
@@ -10114,39 +11253,18 @@ return dlopen ();
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
+if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_dl_dlopen=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_dl_dlopen=no
+ ac_cv_lib_dl_dlopen=no
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; }
-if test $ac_cv_lib_dl_dlopen = yes; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
else
@@ -10159,102 +11277,18 @@ fi
;;
*)
- { echo "$as_me:$LINENO: checking for shl_load" >&5
-echo $ECHO_N "checking for shl_load... $ECHO_C" >&6; }
-if test "${ac_cv_func_shl_load+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define shl_load to an innocuous variant, in case <limits.h> declares shl_load.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define shl_load innocuous_shl_load
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char shl_load (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef shl_load
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shl_load ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_shl_load || defined __stub___shl_load
-choke me
-#endif
-
-int
-main ()
-{
-return shl_load ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_func_shl_load=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_func_shl_load=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5
-echo "${ECHO_T}$ac_cv_func_shl_load" >&6; }
-if test $ac_cv_func_shl_load = yes; then
+ ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
+if test "x$ac_cv_func_shl_load" = xyes; then :
lt_cv_dlopen="shl_load"
else
- { echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5
-echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6; }
-if test "${ac_cv_lib_dld_shl_load+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+$as_echo_n "checking for shl_load in -ldld... " >&6; }
+if ${ac_cv_lib_dld_shl_load+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldld $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
@@ -10272,137 +11306,32 @@ return shl_load ();
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
+if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_dld_shl_load=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_dld_shl_load=no
+ ac_cv_lib_dld_shl_load=no
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5
-echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6; }
-if test $ac_cv_lib_dld_shl_load = yes; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = xyes; then :
lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
else
- { echo "$as_me:$LINENO: checking for dlopen" >&5
-echo $ECHO_N "checking for dlopen... $ECHO_C" >&6; }
-if test "${ac_cv_func_dlopen+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define dlopen to an innocuous variant, in case <limits.h> declares dlopen.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define dlopen innocuous_dlopen
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char dlopen (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef dlopen
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_dlopen || defined __stub___dlopen
-choke me
-#endif
-
-int
-main ()
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_func_dlopen=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_func_dlopen=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5
-echo "${ECHO_T}$ac_cv_func_dlopen" >&6; }
-if test $ac_cv_func_dlopen = yes; then
+ ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+if test "x$ac_cv_func_dlopen" = xyes; then :
lt_cv_dlopen="dlopen"
else
- { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
-echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; }
-if test "${ac_cv_lib_dl_dlopen+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if ${ac_cv_lib_dl_dlopen+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldl $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
@@ -10420,53 +11349,28 @@ return dlopen ();
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
+if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_dl_dlopen=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_dl_dlopen=no
+ ac_cv_lib_dl_dlopen=no
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; }
-if test $ac_cv_lib_dl_dlopen = yes; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
else
- { echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5
-echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6; }
-if test "${ac_cv_lib_svld_dlopen+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+$as_echo_n "checking for dlopen in -lsvld... " >&6; }
+if ${ac_cv_lib_svld_dlopen+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lsvld $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
@@ -10484,53 +11388,28 @@ return dlopen ();
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
+if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_svld_dlopen=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_svld_dlopen=no
+ ac_cv_lib_svld_dlopen=no
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6; }
-if test $ac_cv_lib_svld_dlopen = yes; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = xyes; then :
lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
else
- { echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5
-echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6; }
-if test "${ac_cv_lib_dld_dld_link+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+$as_echo_n "checking for dld_link in -ldld... " >&6; }
+if ${ac_cv_lib_dld_dld_link+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldld $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
@@ -10548,39 +11427,18 @@ return dld_link ();
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
+if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_dld_dld_link=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_dld_dld_link=no
+ ac_cv_lib_dld_dld_link=no
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5
-echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6; }
-if test $ac_cv_lib_dld_dld_link = yes; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = xyes; then :
lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
fi
@@ -10619,10 +11477,10 @@ fi
save_LIBS="$LIBS"
LIBS="$lt_cv_dlopen_libs $LIBS"
- { echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5
-echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6; }
-if test "${lt_cv_dlopen_self+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+$as_echo_n "checking whether a program can dlopen itself... " >&6; }
+if ${lt_cv_dlopen_self+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test "$cross_compiling" = yes; then :
lt_cv_dlopen_self=cross
@@ -10630,7 +11488,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10633 "configure"
+#line $LINENO "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -10671,11 +11529,13 @@ else
# endif
#endif
-#ifdef __cplusplus
-extern "C" void exit (int);
+/* When -fvisbility=hidden is used, assume the code has been annotated
+ correspondingly for the symbols needed. */
+#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+int fnord () __attribute__((visibility("default")));
#endif
-void fnord() { int i=42;}
+int fnord () { return 42; }
int main ()
{
void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
@@ -10684,20 +11544,24 @@ int main ()
if (self)
{
if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ else
+ {
+ if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ else puts (dlerror ());
+ }
/* dlclose (self); */
}
else
puts (dlerror ());
- exit (status);
+ return status;
}
_LT_EOF
- if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
(./conftest; exit; ) >&5 2>/dev/null
lt_status=$?
case x$lt_status in
@@ -10714,15 +11578,15 @@ rm -fr conftest*
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5
-echo "${ECHO_T}$lt_cv_dlopen_self" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+$as_echo "$lt_cv_dlopen_self" >&6; }
if test "x$lt_cv_dlopen_self" = xyes; then
wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- { echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5
-echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6; }
-if test "${lt_cv_dlopen_self_static+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
+if ${lt_cv_dlopen_self_static+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test "$cross_compiling" = yes; then :
lt_cv_dlopen_self_static=cross
@@ -10730,7 +11594,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10733 "configure"
+#line $LINENO "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -10771,11 +11635,13 @@ else
# endif
#endif
-#ifdef __cplusplus
-extern "C" void exit (int);
+/* When -fvisbility=hidden is used, assume the code has been annotated
+ correspondingly for the symbols needed. */
+#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+int fnord () __attribute__((visibility("default")));
#endif
-void fnord() { int i=42;}
+int fnord () { return 42; }
int main ()
{
void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
@@ -10784,20 +11650,24 @@ int main ()
if (self)
{
if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ else
+ {
+ if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ else puts (dlerror ());
+ }
/* dlclose (self); */
}
else
puts (dlerror ());
- exit (status);
+ return status;
}
_LT_EOF
- if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
(./conftest; exit; ) >&5 2>/dev/null
lt_status=$?
case x$lt_status in
@@ -10814,8 +11684,8 @@ rm -fr conftest*
fi
-{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5
-echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+$as_echo "$lt_cv_dlopen_self_static" >&6; }
fi
CPPFLAGS="$save_CPPFLAGS"
@@ -10853,13 +11723,13 @@ fi
striplib=
old_striplib=
-{ echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
-echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+$as_echo_n "checking whether stripping libraries is possible... " >&6; }
if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
else
# FIXME - insert some real tests, host_os isn't really good enough
case $host_os in
@@ -10867,16 +11737,16 @@ else
if test -n "$STRIP" ; then
striplib="$STRIP -x"
old_striplib="$STRIP -S"
- { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
;;
*)
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
;;
esac
fi
@@ -10893,13 +11763,13 @@ fi
# Report which library types will actually be built
- { echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
-echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; }
- { echo "$as_me:$LINENO: result: $can_build_shared" >&5
-echo "${ECHO_T}$can_build_shared" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+$as_echo_n "checking if libtool supports shared libraries... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+$as_echo "$can_build_shared" >&6; }
- { echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
-echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+$as_echo_n "checking whether to build shared libraries... " >&6; }
test "$can_build_shared" = "no" && enable_shared=no
# On AIX, shared libraries and static libraries use the same namespace, and
@@ -10919,15 +11789,15 @@ echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; }
fi
;;
esac
- { echo "$as_me:$LINENO: result: $enable_shared" >&5
-echo "${ECHO_T}$enable_shared" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+$as_echo "$enable_shared" >&6; }
- { echo "$as_me:$LINENO: checking whether to build static libraries" >&5
-echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+$as_echo_n "checking whether to build static libraries... " >&6; }
# Make sure either enable_shared or enable_static is yes.
test "$enable_shared" = yes || enable_static=yes
- { echo "$as_me:$LINENO: result: $enable_static" >&5
-echo "${ECHO_T}$enable_static" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+$as_echo "$enable_static" >&6; }
@@ -10953,6 +11823,8 @@ CC="$lt_save_CC"
+
+
ac_config_commands="$ac_config_commands libtool"
@@ -10964,262 +11836,175 @@ CC="$lt_save_CC"
# Check whether --with-kernel was given.
-if test "${with_kernel+set}" = set; then
+if test "${with_kernel+set}" = set; then :
withval=$with_kernel; kbuilddir="$withval"; ksourcedir="$withval";
fi
# Check whether --with-kbuild was given.
-if test "${with_kbuild+set}" = set; then
+if test "${with_kbuild+set}" = set; then :
withval=$with_kbuild; kbuilddir="$withval"
fi
# Check whether --with-ksource was given.
-if test "${with_ksource+set}" = set; then
+if test "${with_ksource+set}" = set; then :
withval=$with_ksource; ksourcedir="$withval"
fi
# Check whether --with-xtlibdir was given.
-if test "${with_xtlibdir+set}" = set; then
+if test "${with_xtlibdir+set}" = set; then :
withval=$with_xtlibdir; xtlibdir="$withval"
else
- xtlibdir="${libexecdir}/xtables"
+ xtlibdir="${libdir}/xtables"
fi
# Check whether --enable-ipv4 was given.
-if test "${enable_ipv4+set}" = set; then
+if test "${enable_ipv4+set}" = set; then :
enableval=$enable_ipv4; enable_ipv4="$enableval"
else
enable_ipv4="yes"
fi
# Check whether --enable-ipv6 was given.
-if test "${enable_ipv6+set}" = set; then
+if test "${enable_ipv6+set}" = set; then :
enableval=$enable_ipv6; enable_ipv6="$enableval"
else
enable_ipv6="yes"
fi
# Check whether --enable-largefile was given.
-if test "${enable_largefile+set}" = set; then
+if test "${enable_largefile+set}" = set; then :
enableval=$enable_largefile; enable_largefile="$enableval"
else
enable_largefile="yes";
- largefile_cflags='-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64'
+ largefile_cppflags='-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64'
fi
# Check whether --enable-devel was given.
-if test "${enable_devel+set}" = set; then
+if test "${enable_devel+set}" = set; then :
enableval=$enable_devel; enable_devel="$enableval"
else
enable_devel="yes"
fi
# Check whether --enable-libipq was given.
-if test "${enable_libipq+set}" = set; then
- enableval=$enable_libipq;
+if test "${enable_libipq+set}" = set; then :
+ enableval=$enable_libipq; enable_libipq="$enableval"
+else
+ enable_libipq="no"
+fi
+
+# Check whether --enable-bpf-compiler was given.
+if test "${enable_bpf_compiler+set}" = set; then :
+ enableval=$enable_bpf_compiler; enable_bpfc="yes"
+else
+ enable_bpfc="no"
+fi
+
+# Check whether --enable-nfsynproxy was given.
+if test "${enable_nfsynproxy+set}" = set; then :
+ enableval=$enable_nfsynproxy; enable_nfsynproxy="yes"
+else
+ enable_nfsynproxy="no"
fi
# Check whether --with-pkgconfigdir was given.
-if test "${with_pkgconfigdir+set}" = set; then
+if test "${with_pkgconfigdir+set}" = set; then :
withval=$with_pkgconfigdir; pkgconfigdir="$withval"
else
pkgconfigdir='${libdir}/pkgconfig'
fi
-if test "${ac_cv_header_linux_dccp_h+set}" = set; then
- { echo "$as_me:$LINENO: checking for linux/dccp.h" >&5
-echo $ECHO_N "checking for linux/dccp.h... $ECHO_C" >&6; }
-if test "${ac_cv_header_linux_dccp_h+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_linux_dccp_h" >&5
-echo "${ECHO_T}$ac_cv_header_linux_dccp_h" >&6; }
+libiptc_LDFLAGS2="";
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,--no-as-needed" >&5
+$as_echo_n "checking whether the linker accepts -Wl,--no-as-needed... " >&6; }
+if ${ax_cv_linker_flags__Wl___no_as_needed+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- # Is the header compilable?
-{ echo "$as_me:$LINENO: checking linux/dccp.h usability" >&5
-echo $ECHO_N "checking linux/dccp.h usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+
+ ax_save_FLAGS=$LDFLAGS
+ LDFLAGS="-Wl,--no-as-needed"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
-#include <linux/dccp.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_header_compiler=yes
+if ac_fn_c_try_link "$LINENO"; then :
+ ax_cv_linker_flags__Wl___no_as_needed=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ax_cv_linker_flags__Wl___no_as_needed=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$ax_save_FLAGS
+fi
- ac_header_compiler=no
+eval ax_check_linker_flags=$ax_cv_linker_flags__Wl___no_as_needed
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_check_linker_flags" >&5
+$as_echo "$ax_check_linker_flags" >&6; }
+if test "x$ax_check_linker_flags" = xyes; then
+ libiptc_LDFLAGS2="-Wl,--no-as-needed"
+else
+ :
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-# Is the header present?
-{ echo "$as_me:$LINENO: checking linux/dccp.h presence" >&5
-echo $ECHO_N "checking linux/dccp.h presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $LD knows -Wl,--no-undefined" >&5
+$as_echo_n "checking whether $LD knows -Wl,--no-undefined... " >&6; }
+saved_LDFLAGS="$LDFLAGS";
+LDFLAGS="-Wl,--no-undefined";
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <linux/dccp.h>
+int main(void) {}
_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- ac_header_preproc=yes
+if ac_fn_c_try_link "$LINENO"; then :
+ noundef_LDFLAGS="$LDFLAGS"; { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
- ac_header_preproc=no
fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LDFLAGS="$saved_LDFLAGS";
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: linux/dccp.h: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: linux/dccp.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: linux/dccp.h: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: linux/dccp.h: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: linux/dccp.h: present but cannot be compiled" >&5
-echo "$as_me: WARNING: linux/dccp.h: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: linux/dccp.h: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: linux/dccp.h: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: linux/dccp.h: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: linux/dccp.h: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: linux/dccp.h: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: linux/dccp.h: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: linux/dccp.h: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: linux/dccp.h: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: linux/dccp.h: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: linux/dccp.h: in the future, the compiler will take precedence" >&2;}
+blacklist_modules="";
- ;;
-esac
-{ echo "$as_me:$LINENO: checking for linux/dccp.h" >&5
-echo $ECHO_N "checking for linux/dccp.h... $ECHO_C" >&6; }
-if test "${ac_cv_header_linux_dccp_h+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_cv_header_linux_dccp_h=$ac_header_preproc
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_linux_dccp_h" >&5
-echo "${ECHO_T}$ac_cv_header_linux_dccp_h" >&6; }
+for ac_header in linux/dccp.h linux/ip_vs.h linux/magic.h linux/proc_fs.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
fi
+done
-
-blacklist_modules="";
if test "$ac_cv_header_linux_dccp_h" != "yes"; then
blacklist_modules="$blacklist_modules dccp";
fi;
+if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then
+ blacklist_modules="$blacklist_modules ipvs";
+fi;
- if test "$enable_static" = "yes"; then
- ENABLE_STATIC_TRUE=
- ENABLE_STATIC_FALSE='#'
-else
- ENABLE_STATIC_TRUE='#'
- ENABLE_STATIC_FALSE=
-fi
-
- if test "$enable_shared" = "yes"; then
- ENABLE_SHARED_TRUE=
- ENABLE_SHARED_FALSE='#'
-else
- ENABLE_SHARED_TRUE='#'
- ENABLE_SHARED_FALSE=
-fi
-
- if test "$enable_ipv4" = "yes"; then
- ENABLE_IPV4_TRUE=
- ENABLE_IPV4_FALSE='#'
-else
- ENABLE_IPV4_TRUE='#'
- ENABLE_IPV4_FALSE=
-fi
-
- if test "$enable_ipv6" = "yes"; then
- ENABLE_IPV6_TRUE=
- ENABLE_IPV6_FALSE='#'
-else
- ENABLE_IPV6_TRUE='#'
- ENABLE_IPV6_FALSE=
-fi
-
- if test "$enable_largefile" = "yes"; then
- ENABLE_LARGEFILE_TRUE=
- ENABLE_LARGEFILE_FALSE='#'
-else
- ENABLE_LARGEFILE_TRUE='#'
- ENABLE_LARGEFILE_FALSE=
-fi
- if test "$enable_devel" = "yes"; then
- ENABLE_DEVEL_TRUE=
- ENABLE_DEVEL_FALSE='#'
-else
- ENABLE_DEVEL_TRUE='#'
- ENABLE_DEVEL_FALSE=
-fi
- if test "$enable_libipq" = "yes"; then
- ENABLE_LIBIPQ_TRUE=
- ENABLE_LIBIPQ_FALSE='#'
-else
- ENABLE_LIBIPQ_TRUE='#'
- ENABLE_LIBIPQ_FALSE=
-fi
@@ -11228,10 +12013,10 @@ if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PKG_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
else
case $PKG_CONFIG in
[\\/]* | ?:[\\/]*)
@@ -11243,14 +12028,14 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
;;
@@ -11258,11 +12043,11 @@ esac
fi
PKG_CONFIG=$ac_cv_path_PKG_CONFIG
if test -n "$PKG_CONFIG"; then
- { echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
-echo "${ECHO_T}$PKG_CONFIG" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
@@ -11271,10 +12056,10 @@ if test -z "$ac_cv_path_PKG_CONFIG"; then
ac_pt_PKG_CONFIG=$PKG_CONFIG
# Extract the first word of "pkg-config", so it can be a program name with args.
set dummy pkg-config; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
else
case $ac_pt_PKG_CONFIG in
[\\/]* | ?:[\\/]*)
@@ -11286,14 +12071,14 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
;;
@@ -11301,11 +12086,11 @@ esac
fi
ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
if test -n "$ac_pt_PKG_CONFIG"; then
- { echo "$as_me:$LINENO: result: $ac_pt_PKG_CONFIG" >&5
-echo "${ECHO_T}$ac_pt_PKG_CONFIG" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+$as_echo "$ac_pt_PKG_CONFIG" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
if test "x$ac_pt_PKG_CONFIG" = x; then
@@ -11313,12 +12098,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
PKG_CONFIG=$ac_pt_PKG_CONFIG
@@ -11330,63 +12111,306 @@ fi
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=0.9.0
- { echo "$as_me:$LINENO: checking pkg-config is at least version $_pkg_min_version" >&5
-echo $ECHO_N "checking pkg-config is at least version $_pkg_min_version... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; }
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
PKG_CONFIG=""
fi
-
fi
pkg_failed=no
-{ echo "$as_me:$LINENO: checking for libnfnetlink" >&5
-echo $ECHO_N "checking for libnfnetlink... $ECHO_C" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libnetfilter_conntrack" >&5
+$as_echo_n "checking for libnetfilter_conntrack... " >&6; }
+
+if test -n "$libnetfilter_conntrack_CFLAGS"; then
+ pkg_cv_libnetfilter_conntrack_CFLAGS="$libnetfilter_conntrack_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnetfilter_conntrack >= 1.0.4\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libnetfilter_conntrack >= 1.0.4") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_libnetfilter_conntrack_CFLAGS=`$PKG_CONFIG --cflags "libnetfilter_conntrack >= 1.0.4" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$libnetfilter_conntrack_LIBS"; then
+ pkg_cv_libnetfilter_conntrack_LIBS="$libnetfilter_conntrack_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnetfilter_conntrack >= 1.0.4\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libnetfilter_conntrack >= 1.0.4") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_libnetfilter_conntrack_LIBS=`$PKG_CONFIG --libs "libnetfilter_conntrack >= 1.0.4" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
-if test -n "$PKG_CONFIG"; then
- if test -n "$libnfnetlink_CFLAGS"; then
- pkg_cv_libnfnetlink_CFLAGS="$libnfnetlink_CFLAGS"
- else
- if test -n "$PKG_CONFIG" && \
- { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"libnfnetlink >= 1.0\"") >&5
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ libnetfilter_conntrack_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libnetfilter_conntrack >= 1.0.4" 2>&1`
+ else
+ libnetfilter_conntrack_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libnetfilter_conntrack >= 1.0.4" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$libnetfilter_conntrack_PKG_ERRORS" >&5
+
+ nfconntrack=0
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ nfconntrack=0
+else
+ libnetfilter_conntrack_CFLAGS=$pkg_cv_libnetfilter_conntrack_CFLAGS
+ libnetfilter_conntrack_LIBS=$pkg_cv_libnetfilter_conntrack_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ nfconntrack=1
+fi
+ if test "$nfconntrack" = 1; then
+ HAVE_LIBNETFILTER_CONNTRACK_TRUE=
+ HAVE_LIBNETFILTER_CONNTRACK_FALSE='#'
+else
+ HAVE_LIBNETFILTER_CONNTRACK_TRUE='#'
+ HAVE_LIBNETFILTER_CONNTRACK_FALSE=
+fi
+
+
+if test "$nfconntrack" -ne 1; then
+ blacklist_modules="$blacklist_modules connlabel";
+ echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
+fi;
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of struct ip6_hdr" >&5
+$as_echo_n "checking size of struct ip6_hdr... " >&6; }
+if ${ac_cv_sizeof_struct_ip6_hdr+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (struct ip6_hdr))" "ac_cv_sizeof_struct_ip6_hdr" "#include <netinet/ip6.h>
+"; then :
+
+else
+ if test "$ac_cv_type_struct_ip6_hdr" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (struct ip6_hdr)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_struct_ip6_hdr=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_struct_ip6_hdr" >&5
+$as_echo "$ac_cv_sizeof_struct_ip6_hdr" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_STRUCT_IP6_HDR $ac_cv_sizeof_struct_ip6_hdr
+_ACEOF
+
+
+
+ if test "$enable_static" = "yes"; then
+ ENABLE_STATIC_TRUE=
+ ENABLE_STATIC_FALSE='#'
+else
+ ENABLE_STATIC_TRUE='#'
+ ENABLE_STATIC_FALSE=
+fi
+
+ if test "$enable_shared" = "yes"; then
+ ENABLE_SHARED_TRUE=
+ ENABLE_SHARED_FALSE='#'
+else
+ ENABLE_SHARED_TRUE='#'
+ ENABLE_SHARED_FALSE=
+fi
+
+ if test "$enable_ipv4" = "yes"; then
+ ENABLE_IPV4_TRUE=
+ ENABLE_IPV4_FALSE='#'
+else
+ ENABLE_IPV4_TRUE='#'
+ ENABLE_IPV4_FALSE=
+fi
+
+ if test "$enable_ipv6" = "yes"; then
+ ENABLE_IPV6_TRUE=
+ ENABLE_IPV6_FALSE='#'
+else
+ ENABLE_IPV6_TRUE='#'
+ ENABLE_IPV6_FALSE=
+fi
+
+ if test "$enable_largefile" = "yes"; then
+ ENABLE_LARGEFILE_TRUE=
+ ENABLE_LARGEFILE_FALSE='#'
+else
+ ENABLE_LARGEFILE_TRUE='#'
+ ENABLE_LARGEFILE_FALSE=
+fi
+
+ if test "$enable_devel" = "yes"; then
+ ENABLE_DEVEL_TRUE=
+ ENABLE_DEVEL_FALSE='#'
+else
+ ENABLE_DEVEL_TRUE='#'
+ ENABLE_DEVEL_FALSE=
+fi
+
+ if test "$enable_libipq" = "yes"; then
+ ENABLE_LIBIPQ_TRUE=
+ ENABLE_LIBIPQ_FALSE='#'
+else
+ ENABLE_LIBIPQ_TRUE='#'
+ ENABLE_LIBIPQ_FALSE=
+fi
+
+ if test "$enable_bpfc" = "yes"; then
+ ENABLE_BPFC_TRUE=
+ ENABLE_BPFC_FALSE='#'
+else
+ ENABLE_BPFC_TRUE='#'
+ ENABLE_BPFC_FALSE=
+fi
+
+ if test "$enable_nfsynproxy" = "yes"; then
+ ENABLE_SYNCONF_TRUE=
+ ENABLE_SYNCONF_FALSE='#'
+else
+ ENABLE_SYNCONF_TRUE='#'
+ ENABLE_SYNCONF_FALSE=
+fi
+
+
+if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap_compile in -lpcap" >&5
+$as_echo_n "checking for pcap_compile in -lpcap... " >&6; }
+if ${ac_cv_lib_pcap_pcap_compile+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpcap $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pcap_compile ();
+int
+main ()
+{
+return pcap_compile ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_pcap_pcap_compile=yes
+else
+ ac_cv_lib_pcap_pcap_compile=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pcap_pcap_compile" >&5
+$as_echo "$ac_cv_lib_pcap_pcap_compile" >&6; }
+if test "x$ac_cv_lib_pcap_pcap_compile" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBPCAP 1
+_ACEOF
+
+ LIBS="-lpcap $LIBS"
+
+else
+ as_fn_error $? "missing libpcap library required by bpf compiler or nfsynproxy tool" "$LINENO" 5
+fi
+
+fi
+
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libnfnetlink" >&5
+$as_echo_n "checking for libnfnetlink... " >&6; }
+
+if test -n "$libnfnetlink_CFLAGS"; then
+ pkg_cv_libnfnetlink_CFLAGS="$libnfnetlink_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnfnetlink >= 1.0\""; } >&5
($PKG_CONFIG --exists --print-errors "libnfnetlink >= 1.0") 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
pkg_cv_libnfnetlink_CFLAGS=`$PKG_CONFIG --cflags "libnfnetlink >= 1.0" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
fi
- fi
-else
- pkg_failed=untried
+ else
+ pkg_failed=untried
fi
-if test -n "$PKG_CONFIG"; then
- if test -n "$libnfnetlink_LIBS"; then
- pkg_cv_libnfnetlink_LIBS="$libnfnetlink_LIBS"
- else
- if test -n "$PKG_CONFIG" && \
- { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"libnfnetlink >= 1.0\"") >&5
+if test -n "$libnfnetlink_LIBS"; then
+ pkg_cv_libnfnetlink_LIBS="$libnfnetlink_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnfnetlink >= 1.0\""; } >&5
($PKG_CONFIG --exists --print-errors "libnfnetlink >= 1.0") 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
pkg_cv_libnfnetlink_LIBS=`$PKG_CONFIG --libs "libnfnetlink >= 1.0" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
fi
- fi
-else
- pkg_failed=untried
+ else
+ pkg_failed=untried
fi
if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
_pkg_short_errors_supported=yes
@@ -11394,23 +12418,23 @@ else
_pkg_short_errors_supported=no
fi
if test $_pkg_short_errors_supported = yes; then
- libnfnetlink_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libnfnetlink >= 1.0"`
+ libnfnetlink_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libnfnetlink >= 1.0" 2>&1`
else
- libnfnetlink_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libnfnetlink >= 1.0"`
+ libnfnetlink_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libnfnetlink >= 1.0" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$libnfnetlink_PKG_ERRORS" >&5
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
- nfnetlink=0
+ nfnetlink=0
elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
nfnetlink=0
else
libnfnetlink_CFLAGS=$pkg_cv_libnfnetlink_CFLAGS
libnfnetlink_LIBS=$pkg_cv_libnfnetlink_LIBS
- { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
nfnetlink=1
fi
if test "$nfnetlink" = 1; then
@@ -11422,17 +12446,17 @@ else
fi
-regular_CFLAGS="${largefile_cflags} \
- -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations \
+regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \
-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
- -Winline -pipe \
+ -Winline -pipe";
+regular_CPPFLAGS="${largefile_cppflags} -D_REENTRANT \
-DXTABLES_LIBDIR=\\\"\${xtlibdir}\\\" -DXTABLES_INTERNAL";
-kinclude_CFLAGS="";
+kinclude_CPPFLAGS="";
if [ -n "$kbuilddir" ]; then
- kinclude_CFLAGS="$kinclude_CFLAGS -I $kbuilddir/include";
+ kinclude_CPPFLAGS="$kinclude_CPPFLAGS -I$kbuilddir/include/uapi -I$kbuilddir/include";
fi;
if [ -n "$ksourcedir" ]; then
- kinclude_CFLAGS="$kinclude_CFLAGS -I $ksourcedir/include";
+ kinclude_CPPFLAGS="$kinclude_CPPFLAGS -I$ksourcedir/include/uapi -I$ksourcedir/include";
fi;
pkgdatadir='${datadir}/xtables';
@@ -11445,10 +12469,13 @@ pkgdatadir='${datadir}/xtables';
+
+
+
libxtables_vmajor=$(($libxtables_vcurrent - $libxtables_vage));
-ac_config_files="$ac_config_files Makefile extensions/GNUmakefile include/Makefile libipq/Makefile utils/Makefile include/xtables.h include/iptables/internal.h libiptc.pc xtables.pc"
+ac_config_files="$ac_config_files Makefile extensions/GNUmakefile include/Makefile iptables/Makefile iptables/xtables.pc iptables/iptables.8 iptables/iptables-extensions.8.tmpl iptables/iptables-save.8 iptables/iptables-restore.8 iptables/iptables-apply.8 iptables/iptables-xml.1 libipq/Makefile libipq/libipq.pc libiptc/Makefile libiptc/libiptc.pc libiptc/libip4tc.pc libiptc/libip6tc.pc libxtables/Makefile utils/Makefile include/xtables-version.h include/iptables/internal.h"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
@@ -11477,12 +12504,13 @@ _ACEOF
case $ac_val in #(
*${as_nl}*)
case $ac_var in #(
- *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
-echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
esac
case $ac_var in #(
_ | IFS | as_nl) ;; #(
- *) $as_unset $ac_var ;;
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
esac ;;
esac
done
@@ -11490,8 +12518,8 @@ echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
(set) 2>&1 |
case $as_nl`(ac_space=' '; set) 2>&1` in #(
*${as_nl}ac_space=\ *)
- # `set' does not quote correctly, so add quotes (double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \).
+ # `set' does not quote correctly, so add quotes: double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \.
sed -n \
"s/'/'\\\\''/g;
s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
@@ -11513,13 +12541,24 @@ echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
:end' >>confcache
if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
if test -w "$cache_file"; then
- test "x$cache_file" != "x/dev/null" &&
- { echo "$as_me:$LINENO: updating cache $cache_file" >&5
-echo "$as_me: updating cache $cache_file" >&6;}
- cat confcache >$cache_file
+ if test "x$cache_file" != "x/dev/null"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+ if test ! -f "$cache_file" || test -h "$cache_file"; then
+ cat confcache >"$cache_file"
+ else
+ case $cache_file in #(
+ */* | ?:*)
+ mv -f confcache "$cache_file"$$ &&
+ mv -f "$cache_file"$$ "$cache_file" ;; #(
+ *)
+ mv -f confcache "$cache_file" ;;
+ esac
+ fi
+ fi
else
- { echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5
-echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
fi
fi
rm -f confcache
@@ -11532,97 +12571,90 @@ DEFS=-DHAVE_CONFIG_H
ac_libobjs=
ac_ltlibobjs=
+U=
for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
# 1. Remove the extension, and $U if already installed.
ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`echo "$ac_i" | sed "$ac_script"`
+ ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
# 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
# will be set to the directory where LIBOBJS objects are built.
- ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
- ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
done
LIBOBJS=$ac_libobjs
LTLIBOBJS=$ac_ltlibobjs
+ if test -n "$EXEEXT"; then
+ am__EXEEXT_TRUE=
+ am__EXEEXT_FALSE='#'
+else
+ am__EXEEXT_TRUE='#'
+ am__EXEEXT_FALSE=
+fi
+
if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
- { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
- { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_LIBNETFILTER_CONNTRACK_TRUE}" && test -z "${HAVE_LIBNETFILTER_CONNTRACK_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_LIBNETFILTER_CONNTRACK\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${ENABLE_STATIC_TRUE}" && test -z "${ENABLE_STATIC_FALSE}"; then
- { { echo "$as_me:$LINENO: error: conditional \"ENABLE_STATIC\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"ENABLE_STATIC\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "conditional \"ENABLE_STATIC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${ENABLE_SHARED_TRUE}" && test -z "${ENABLE_SHARED_FALSE}"; then
- { { echo "$as_me:$LINENO: error: conditional \"ENABLE_SHARED\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"ENABLE_SHARED\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "conditional \"ENABLE_SHARED\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${ENABLE_IPV4_TRUE}" && test -z "${ENABLE_IPV4_FALSE}"; then
- { { echo "$as_me:$LINENO: error: conditional \"ENABLE_IPV4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"ENABLE_IPV4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "conditional \"ENABLE_IPV4\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${ENABLE_IPV6_TRUE}" && test -z "${ENABLE_IPV6_FALSE}"; then
- { { echo "$as_me:$LINENO: error: conditional \"ENABLE_IPV6\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"ENABLE_IPV6\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "conditional \"ENABLE_IPV6\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${ENABLE_LARGEFILE_TRUE}" && test -z "${ENABLE_LARGEFILE_FALSE}"; then
- { { echo "$as_me:$LINENO: error: conditional \"ENABLE_LARGEFILE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"ENABLE_LARGEFILE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "conditional \"ENABLE_LARGEFILE\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${ENABLE_DEVEL_TRUE}" && test -z "${ENABLE_DEVEL_FALSE}"; then
- { { echo "$as_me:$LINENO: error: conditional \"ENABLE_DEVEL\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"ENABLE_DEVEL\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "conditional \"ENABLE_DEVEL\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${ENABLE_LIBIPQ_TRUE}" && test -z "${ENABLE_LIBIPQ_FALSE}"; then
- { { echo "$as_me:$LINENO: error: conditional \"ENABLE_LIBIPQ\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"ENABLE_LIBIPQ\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "conditional \"ENABLE_LIBIPQ\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_BPFC_TRUE}" && test -z "${ENABLE_BPFC_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_BPFC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_SYNCONF_TRUE}" && test -z "${ENABLE_SYNCONF_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_SYNCONF\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HAVE_LIBNFNETLINK_TRUE}" && test -z "${HAVE_LIBNFNETLINK_FALSE}"; then
- { { echo "$as_me:$LINENO: error: conditional \"HAVE_LIBNFNETLINK\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_LIBNFNETLINK\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "conditional \"HAVE_LIBNFNETLINK\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
-: ${CONFIG_STATUS=./config.status}
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
ac_clean_files_save=$ac_clean_files
ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
-echo "$as_me: creating $CONFIG_STATUS" >&6;}
-cat >$CONFIG_STATUS <<_ACEOF
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
#! $SHELL
# Generated by $as_me.
# Run this file to recreate the current configuration.
@@ -11632,59 +12664,79 @@ cat >$CONFIG_STATUS <<_ACEOF
debug=false
ac_cs_recheck=false
ac_cs_silent=false
-SHELL=\${CONFIG_SHELL-$SHELL}
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-## --------------------- ##
-## M4sh Initialization. ##
-## --------------------- ##
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
# Be more Bourne compatible
DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
emulate sh
NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
setopt NO_GLOB_SUBST
else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
esac
-
fi
-
-
-# PATH needs CR
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- echo "#! /bin/sh" >conf$$.sh
- echo "exit 0" >>conf$$.sh
- chmod +x conf$$.sh
- if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
- PATH_SEPARATOR=';'
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
else
- PATH_SEPARATOR=:
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
fi
- rm -f conf$$.sh
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
fi
-# Support unset when possible.
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- as_unset=unset
-else
- as_unset=false
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
fi
@@ -11693,20 +12745,19 @@ fi
# there to prevent editors from complaining about space-tab.
# (If _AS_PATH_WALK were called with IFS unset, it would disable word
# splitting by setting IFS to empty value.)
-as_nl='
-'
IFS=" "" $as_nl"
# Find who we are. Look in the path if we contain no directory separator.
-case $0 in
+as_myself=
+case $0 in #((
*[\\/]* ) as_myself=$0 ;;
*) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
IFS=$as_save_IFS
;;
@@ -11717,32 +12768,111 @@ if test "x$as_myself" = x; then
as_myself=$0
fi
if test ! -f "$as_myself"; then
- echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- { (exit 1); exit 1; }
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
fi
-# Work around bugs in pre-3.0 UWIN ksh.
-for as_var in ENV MAIL MAILPATH
-do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
done
PS1='$ '
PS2='> '
PS4='+ '
# NLS nuisances.
-for as_var in \
- LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
- LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
- LC_TELEPHONE LC_TIME
-do
- if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
- eval $as_var=C; export $as_var
- else
- ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
fi
-done
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
-# Required to use basename.
if expr a : '\(a\)' >/dev/null 2>&1 &&
test "X`expr 00001 : '.*\(...\)'`" = X001; then
as_expr=expr
@@ -11756,13 +12886,17 @@ else
as_basename=false
fi
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
-# Name of the executable.
as_me=`$as_basename -- "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-echo X/"$0" |
+$as_echo X/"$0" |
sed '/^.*\/\([^/][^/]*\)\/*$/{
s//\1/
q
@@ -11777,131 +12911,118 @@ echo X/"$0" |
}
s/.*/./; q'`
-# CDPATH.
-$as_unset CDPATH
-
-
-
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
-
- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
- # uniformly replaced by the line number. The first 'sed' inserts a
- # line-number line after each line using $LINENO; the second 'sed'
- # does the real work. The second script uses 'N' to pair each
- # line-number line with the line containing $LINENO, and appends
- # trailing '-' during substitution so that $LINENO is not a special
- # case at line end.
- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
- # scripts with optimization help from Paolo Bonzini. Blame Lee
- # E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
- { (exit 1); exit 1; }; }
-
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in
+case `echo -n x` in #(((((
-n*)
- case `echo 'x\c'` in
+ case `echo 'xy\c'` in
*c*) ECHO_T=' ';; # ECHO_T is single tab character.
- *) ECHO_C='\c';;
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
esac;;
*)
ECHO_N='-n';;
esac
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
rm -f conf$$ conf$$.exe conf$$.file
if test -d conf$$.dir; then
rm -f conf$$.dir/conf$$.file
else
rm -f conf$$.dir
- mkdir conf$$.dir
-fi
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -p'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -p'
-elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
-else
- as_ln_s='cp -p'
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -pR'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -pR'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -pR'
+ fi
+else
+ as_ln_s='cp -pR'
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
if mkdir -p . 2>/dev/null; then
- as_mkdir_p=:
+ as_mkdir_p='mkdir -p "$as_dir"'
else
test -d ./-p && rmdir ./-p
as_mkdir_p=false
fi
-if test -x / >/dev/null 2>&1; then
- as_test_x='test -x'
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option=
- fi
- as_test_x='
- eval sh -c '\''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in
- -*)set "./$1";;
- esac;
- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
- ???[sx]*):;;*)false;;esac;fi
- '\'' sh
- '
-fi
-as_executable_p=$as_test_x
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@@ -11911,13 +13032,19 @@ as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
-# Save the log message, to keep $[0] and so on meaningful, and to
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by iptables $as_me 1.4.9.1, which was
-generated by GNU Autoconf 2.61. Invocation command line was
+This file was extended by iptables $as_me 1.4.21, which was
+generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
CONFIG_HEADERS = $CONFIG_HEADERS
@@ -11930,7 +13057,16 @@ on `(hostname || uname -n) 2>/dev/null | sed 1q`
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
# Files that config.status was made for.
config_files="$ac_config_files"
config_headers="$ac_config_headers"
@@ -11938,22 +13074,25 @@ config_commands="$ac_config_commands"
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
ac_cs_usage="\
-\`$as_me' instantiates files from templates according to the
-current configuration.
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration. Unless the files
+and actions are specified as TAGs, all are instantiated by default.
-Usage: $0 [OPTIONS] [FILE]...
+Usage: $0 [OPTION]... [TAG]...
-h, --help print this help, then exit
-V, --version print version number and configuration settings, then exit
- -q, --quiet do not print progress messages
+ --config print configuration, then exit
+ -q, --quiet, --silent
+ do not print progress messages
-d, --debug don't remove temporary files
--recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
- --header=FILE[:TEMPLATE]
- instantiate the configuration header FILE
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
Configuration files:
$config_files
@@ -11964,16 +13103,17 @@ $config_headers
Configuration commands:
$config_commands
-Report bugs to <bug-autoconf@gnu.org>."
+Report bugs to the package provider."
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-iptables config.status 1.4.9.1
-configured by $0, generated by GNU Autoconf 2.61,
- with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
+iptables config.status 1.4.21
+configured by $0, generated by GNU Autoconf 2.69,
+ with options \\"\$ac_cs_config\\"
-Copyright (C) 2006 Free Software Foundation, Inc.
+Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."
@@ -11981,20 +13121,26 @@ ac_pwd='$ac_pwd'
srcdir='$srcdir'
INSTALL='$INSTALL'
MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-# If no file are specified by the user, then we need to provide default
-# value. By we need to know if files were specified by the user.
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
ac_need_defaults=:
while test $# != 0
do
case $1 in
- --*=*)
+ --*=?*)
ac_option=`expr "X$1" : 'X\([^=]*\)='`
ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
ac_shift=:
;;
+ --*=)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=
+ ac_shift=:
+ ;;
*)
ac_option=$1
ac_optarg=$2
@@ -12007,34 +13153,41 @@ do
-recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
ac_cs_recheck=: ;;
--version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- echo "$ac_cs_version"; exit ;;
+ $as_echo "$ac_cs_version"; exit ;;
+ --config | --confi | --conf | --con | --co | --c )
+ $as_echo "$ac_cs_config"; exit ;;
--debug | --debu | --deb | --de | --d | -d )
debug=: ;;
--file | --fil | --fi | --f )
$ac_shift
- CONFIG_FILES="$CONFIG_FILES $ac_optarg"
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ '') as_fn_error $? "missing file argument" ;;
+ esac
+ as_fn_append CONFIG_FILES " '$ac_optarg'"
ac_need_defaults=false;;
--header | --heade | --head | --hea )
$ac_shift
- CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_HEADERS " '$ac_optarg'"
ac_need_defaults=false;;
--he | --h)
# Conflict between --help and --header
- { echo "$as_me: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&2
- { (exit 1); exit 1; }; };;
+ as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
--help | --hel | -h )
- echo "$ac_cs_usage"; exit ;;
+ $as_echo "$ac_cs_usage"; exit ;;
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil | --si | --s)
ac_cs_silent=: ;;
# This is an error.
- -*) { echo "$as_me: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&2
- { (exit 1); exit 1; }; } ;;
+ -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
- *) ac_config_targets="$ac_config_targets $1"
+ *) as_fn_append ac_config_targets " $1"
ac_need_defaults=false ;;
esac
@@ -12049,27 +13202,29 @@ if $ac_cs_silent; then
fi
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
if \$ac_cs_recheck; then
- echo "running CONFIG_SHELL=$SHELL $SHELL $0 "$ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
- CONFIG_SHELL=$SHELL
+ set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ shift
+ \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ CONFIG_SHELL='$SHELL'
export CONFIG_SHELL
- exec $SHELL "$0"$ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ exec "\$@"
fi
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
exec 5>>config.log
{
echo
sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
## Running $as_me. ##
_ASBOX
- echo "$ac_log"
+ $as_echo "$ac_log"
} >&5
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
#
# INIT-COMMANDS
#
@@ -12083,130 +13238,154 @@ AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
sed_quote_subst='$sed_quote_subst'
double_quote_subst='$double_quote_subst'
delay_variable_subst='$delay_variable_subst'
-enable_static='`$ECHO "X$enable_static" | $Xsed -e "$delay_single_quote_subst"`'
-macro_version='`$ECHO "X$macro_version" | $Xsed -e "$delay_single_quote_subst"`'
-macro_revision='`$ECHO "X$macro_revision" | $Xsed -e "$delay_single_quote_subst"`'
-enable_shared='`$ECHO "X$enable_shared" | $Xsed -e "$delay_single_quote_subst"`'
-pic_mode='`$ECHO "X$pic_mode" | $Xsed -e "$delay_single_quote_subst"`'
-enable_fast_install='`$ECHO "X$enable_fast_install" | $Xsed -e "$delay_single_quote_subst"`'
-host_alias='`$ECHO "X$host_alias" | $Xsed -e "$delay_single_quote_subst"`'
-host='`$ECHO "X$host" | $Xsed -e "$delay_single_quote_subst"`'
-host_os='`$ECHO "X$host_os" | $Xsed -e "$delay_single_quote_subst"`'
-build_alias='`$ECHO "X$build_alias" | $Xsed -e "$delay_single_quote_subst"`'
-build='`$ECHO "X$build" | $Xsed -e "$delay_single_quote_subst"`'
-build_os='`$ECHO "X$build_os" | $Xsed -e "$delay_single_quote_subst"`'
-SED='`$ECHO "X$SED" | $Xsed -e "$delay_single_quote_subst"`'
-Xsed='`$ECHO "X$Xsed" | $Xsed -e "$delay_single_quote_subst"`'
-GREP='`$ECHO "X$GREP" | $Xsed -e "$delay_single_quote_subst"`'
-EGREP='`$ECHO "X$EGREP" | $Xsed -e "$delay_single_quote_subst"`'
-FGREP='`$ECHO "X$FGREP" | $Xsed -e "$delay_single_quote_subst"`'
-LD='`$ECHO "X$LD" | $Xsed -e "$delay_single_quote_subst"`'
-NM='`$ECHO "X$NM" | $Xsed -e "$delay_single_quote_subst"`'
-LN_S='`$ECHO "X$LN_S" | $Xsed -e "$delay_single_quote_subst"`'
-max_cmd_len='`$ECHO "X$max_cmd_len" | $Xsed -e "$delay_single_quote_subst"`'
-ac_objext='`$ECHO "X$ac_objext" | $Xsed -e "$delay_single_quote_subst"`'
-exeext='`$ECHO "X$exeext" | $Xsed -e "$delay_single_quote_subst"`'
-lt_unset='`$ECHO "X$lt_unset" | $Xsed -e "$delay_single_quote_subst"`'
-lt_SP2NL='`$ECHO "X$lt_SP2NL" | $Xsed -e "$delay_single_quote_subst"`'
-lt_NL2SP='`$ECHO "X$lt_NL2SP" | $Xsed -e "$delay_single_quote_subst"`'
-reload_flag='`$ECHO "X$reload_flag" | $Xsed -e "$delay_single_quote_subst"`'
-reload_cmds='`$ECHO "X$reload_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-deplibs_check_method='`$ECHO "X$deplibs_check_method" | $Xsed -e "$delay_single_quote_subst"`'
-file_magic_cmd='`$ECHO "X$file_magic_cmd" | $Xsed -e "$delay_single_quote_subst"`'
-AR='`$ECHO "X$AR" | $Xsed -e "$delay_single_quote_subst"`'
-AR_FLAGS='`$ECHO "X$AR_FLAGS" | $Xsed -e "$delay_single_quote_subst"`'
-STRIP='`$ECHO "X$STRIP" | $Xsed -e "$delay_single_quote_subst"`'
-RANLIB='`$ECHO "X$RANLIB" | $Xsed -e "$delay_single_quote_subst"`'
-old_postinstall_cmds='`$ECHO "X$old_postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-old_postuninstall_cmds='`$ECHO "X$old_postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-old_archive_cmds='`$ECHO "X$old_archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-CC='`$ECHO "X$CC" | $Xsed -e "$delay_single_quote_subst"`'
-CFLAGS='`$ECHO "X$CFLAGS" | $Xsed -e "$delay_single_quote_subst"`'
-compiler='`$ECHO "X$compiler" | $Xsed -e "$delay_single_quote_subst"`'
-GCC='`$ECHO "X$GCC" | $Xsed -e "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_pipe='`$ECHO "X$lt_cv_sys_global_symbol_pipe" | $Xsed -e "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_cdecl='`$ECHO "X$lt_cv_sys_global_symbol_to_cdecl" | $Xsed -e "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address" | $Xsed -e "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
-objdir='`$ECHO "X$objdir" | $Xsed -e "$delay_single_quote_subst"`'
-SHELL='`$ECHO "X$SHELL" | $Xsed -e "$delay_single_quote_subst"`'
-ECHO='`$ECHO "X$ECHO" | $Xsed -e "$delay_single_quote_subst"`'
-MAGIC_CMD='`$ECHO "X$MAGIC_CMD" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_no_builtin_flag='`$ECHO "X$lt_prog_compiler_no_builtin_flag" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_wl='`$ECHO "X$lt_prog_compiler_wl" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_pic='`$ECHO "X$lt_prog_compiler_pic" | $Xsed -e "$delay_single_quote_subst"`'
-lt_prog_compiler_static='`$ECHO "X$lt_prog_compiler_static" | $Xsed -e "$delay_single_quote_subst"`'
-lt_cv_prog_compiler_c_o='`$ECHO "X$lt_cv_prog_compiler_c_o" | $Xsed -e "$delay_single_quote_subst"`'
-need_locks='`$ECHO "X$need_locks" | $Xsed -e "$delay_single_quote_subst"`'
-DSYMUTIL='`$ECHO "X$DSYMUTIL" | $Xsed -e "$delay_single_quote_subst"`'
-NMEDIT='`$ECHO "X$NMEDIT" | $Xsed -e "$delay_single_quote_subst"`'
-LIPO='`$ECHO "X$LIPO" | $Xsed -e "$delay_single_quote_subst"`'
-OTOOL='`$ECHO "X$OTOOL" | $Xsed -e "$delay_single_quote_subst"`'
-OTOOL64='`$ECHO "X$OTOOL64" | $Xsed -e "$delay_single_quote_subst"`'
-libext='`$ECHO "X$libext" | $Xsed -e "$delay_single_quote_subst"`'
-shrext_cmds='`$ECHO "X$shrext_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-extract_expsyms_cmds='`$ECHO "X$extract_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-archive_cmds_need_lc='`$ECHO "X$archive_cmds_need_lc" | $Xsed -e "$delay_single_quote_subst"`'
-enable_shared_with_static_runtimes='`$ECHO "X$enable_shared_with_static_runtimes" | $Xsed -e "$delay_single_quote_subst"`'
-export_dynamic_flag_spec='`$ECHO "X$export_dynamic_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
-whole_archive_flag_spec='`$ECHO "X$whole_archive_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
-compiler_needs_object='`$ECHO "X$compiler_needs_object" | $Xsed -e "$delay_single_quote_subst"`'
-old_archive_from_new_cmds='`$ECHO "X$old_archive_from_new_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-old_archive_from_expsyms_cmds='`$ECHO "X$old_archive_from_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-archive_cmds='`$ECHO "X$archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-archive_expsym_cmds='`$ECHO "X$archive_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-module_cmds='`$ECHO "X$module_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-module_expsym_cmds='`$ECHO "X$module_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-with_gnu_ld='`$ECHO "X$with_gnu_ld" | $Xsed -e "$delay_single_quote_subst"`'
-allow_undefined_flag='`$ECHO "X$allow_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
-no_undefined_flag='`$ECHO "X$no_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec='`$ECHO "X$hardcode_libdir_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec_ld='`$ECHO "X$hardcode_libdir_flag_spec_ld" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_libdir_separator='`$ECHO "X$hardcode_libdir_separator" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_direct='`$ECHO "X$hardcode_direct" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_direct_absolute='`$ECHO "X$hardcode_direct_absolute" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_minus_L='`$ECHO "X$hardcode_minus_L" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_shlibpath_var='`$ECHO "X$hardcode_shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_automatic='`$ECHO "X$hardcode_automatic" | $Xsed -e "$delay_single_quote_subst"`'
-inherit_rpath='`$ECHO "X$inherit_rpath" | $Xsed -e "$delay_single_quote_subst"`'
-link_all_deplibs='`$ECHO "X$link_all_deplibs" | $Xsed -e "$delay_single_quote_subst"`'
-fix_srcfile_path='`$ECHO "X$fix_srcfile_path" | $Xsed -e "$delay_single_quote_subst"`'
-always_export_symbols='`$ECHO "X$always_export_symbols" | $Xsed -e "$delay_single_quote_subst"`'
-export_symbols_cmds='`$ECHO "X$export_symbols_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-exclude_expsyms='`$ECHO "X$exclude_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
-include_expsyms='`$ECHO "X$include_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
-prelink_cmds='`$ECHO "X$prelink_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-file_list_spec='`$ECHO "X$file_list_spec" | $Xsed -e "$delay_single_quote_subst"`'
-variables_saved_for_relink='`$ECHO "X$variables_saved_for_relink" | $Xsed -e "$delay_single_quote_subst"`'
-need_lib_prefix='`$ECHO "X$need_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
-need_version='`$ECHO "X$need_version" | $Xsed -e "$delay_single_quote_subst"`'
-version_type='`$ECHO "X$version_type" | $Xsed -e "$delay_single_quote_subst"`'
-runpath_var='`$ECHO "X$runpath_var" | $Xsed -e "$delay_single_quote_subst"`'
-shlibpath_var='`$ECHO "X$shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
-shlibpath_overrides_runpath='`$ECHO "X$shlibpath_overrides_runpath" | $Xsed -e "$delay_single_quote_subst"`'
-libname_spec='`$ECHO "X$libname_spec" | $Xsed -e "$delay_single_quote_subst"`'
-library_names_spec='`$ECHO "X$library_names_spec" | $Xsed -e "$delay_single_quote_subst"`'
-soname_spec='`$ECHO "X$soname_spec" | $Xsed -e "$delay_single_quote_subst"`'
-postinstall_cmds='`$ECHO "X$postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-postuninstall_cmds='`$ECHO "X$postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-finish_cmds='`$ECHO "X$finish_cmds" | $Xsed -e "$delay_single_quote_subst"`'
-finish_eval='`$ECHO "X$finish_eval" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_into_libs='`$ECHO "X$hardcode_into_libs" | $Xsed -e "$delay_single_quote_subst"`'
-sys_lib_search_path_spec='`$ECHO "X$sys_lib_search_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
-sys_lib_dlsearch_path_spec='`$ECHO "X$sys_lib_dlsearch_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
-hardcode_action='`$ECHO "X$hardcode_action" | $Xsed -e "$delay_single_quote_subst"`'
-enable_dlopen='`$ECHO "X$enable_dlopen" | $Xsed -e "$delay_single_quote_subst"`'
-enable_dlopen_self='`$ECHO "X$enable_dlopen_self" | $Xsed -e "$delay_single_quote_subst"`'
-enable_dlopen_self_static='`$ECHO "X$enable_dlopen_self_static" | $Xsed -e "$delay_single_quote_subst"`'
-old_striplib='`$ECHO "X$old_striplib" | $Xsed -e "$delay_single_quote_subst"`'
-striplib='`$ECHO "X$striplib" | $Xsed -e "$delay_single_quote_subst"`'
+enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`'
+macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`'
+macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`'
+enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`'
+pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
+enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
+SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`'
+ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`'
+PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
+host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`'
+host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`'
+host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`'
+build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`'
+build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`'
+build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`'
+SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`'
+Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`'
+GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`'
+EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`'
+FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`'
+LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`'
+NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`'
+LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`'
+max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`'
+ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`'
+exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`'
+lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`'
+lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`'
+lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`'
+lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`'
+lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`'
+reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`'
+reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`'
+OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`'
+deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`'
+file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`'
+file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`'
+want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`'
+DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`'
+sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`'
+AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`'
+AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`'
+archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`'
+STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`'
+RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`'
+old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`'
+old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
+old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`'
+lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`'
+CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`'
+CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`'
+compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`'
+GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`'
+nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`'
+lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`'
+objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`'
+MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`'
+need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`'
+MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`'
+DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`'
+NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`'
+LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`'
+OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`'
+OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`'
+libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`'
+shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`'
+extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
+archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`'
+export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`'
+whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`'
+compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`'
+old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
+archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`'
+archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`'
+module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`'
+module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`'
+with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`'
+allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`'
+no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`'
+hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`'
+hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`'
+hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`'
+hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`'
+hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`'
+hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`'
+inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`'
+link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`'
+always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`'
+export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`'
+exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`'
+include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`'
+prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`'
+postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`'
+file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`'
+variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`'
+need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`'
+need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`'
+version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`'
+runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`'
+shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`'
+shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`'
+libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`'
+library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`'
+soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`'
+install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`'
+postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`'
+postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
+finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`'
+finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`'
+hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`'
+sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`'
+sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`'
+hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`'
+enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`'
+enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`'
+enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`'
+old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`'
+striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`'
LTCC='$LTCC'
LTCFLAGS='$LTCFLAGS'
compiler='$compiler_DEFAULT'
+# A function that is used when there is no print builtin or printf.
+func_fallback_echo ()
+{
+ eval 'cat <<_LTECHO_EOF
+\$1
+_LTECHO_EOF'
+}
+
# Quote evaled strings.
-for var in SED \
+for var in SHELL \
+ECHO \
+PATH_SEPARATOR \
+SED \
GREP \
EGREP \
FGREP \
@@ -12216,10 +13395,16 @@ LN_S \
lt_SP2NL \
lt_NL2SP \
reload_flag \
+OBJDUMP \
deplibs_check_method \
file_magic_cmd \
+file_magic_glob \
+want_nocaseglob \
+DLLTOOL \
+sharedlib_from_linklib_cmd \
AR \
AR_FLAGS \
+archiver_list_spec \
STRIP \
RANLIB \
CC \
@@ -12229,14 +13414,14 @@ lt_cv_sys_global_symbol_pipe \
lt_cv_sys_global_symbol_to_cdecl \
lt_cv_sys_global_symbol_to_c_name_address \
lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
-SHELL \
-ECHO \
+nm_file_list_spec \
lt_prog_compiler_no_builtin_flag \
-lt_prog_compiler_wl \
lt_prog_compiler_pic \
+lt_prog_compiler_wl \
lt_prog_compiler_static \
lt_cv_prog_compiler_c_o \
need_locks \
+MANIFEST_TOOL \
DSYMUTIL \
NMEDIT \
LIPO \
@@ -12250,9 +13435,7 @@ with_gnu_ld \
allow_undefined_flag \
no_undefined_flag \
hardcode_libdir_flag_spec \
-hardcode_libdir_flag_spec_ld \
hardcode_libdir_separator \
-fix_srcfile_path \
exclude_expsyms \
include_expsyms \
file_list_spec \
@@ -12260,12 +13443,13 @@ variables_saved_for_relink \
libname_spec \
library_names_spec \
soname_spec \
+install_override_mode \
finish_eval \
old_striplib \
striplib; do
- case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
*[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
;;
*)
eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
@@ -12287,14 +13471,15 @@ module_cmds \
module_expsym_cmds \
export_symbols_cmds \
prelink_cmds \
+postlink_cmds \
postinstall_cmds \
postuninstall_cmds \
finish_cmds \
sys_lib_search_path_spec \
sys_lib_dlsearch_path_spec; do
- case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
*[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
;;
*)
eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
@@ -12302,12 +13487,6 @@ sys_lib_dlsearch_path_spec; do
esac
done
-# Fix-up fallback echo if it was mangled by the above quoting rules.
-case \$lt_ECHO in
-*'\\\$0 --fallback-echo"') lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\$0 --fallback-echo"\$/\$0 --fallback-echo"/'\`
- ;;
-esac
-
ac_aux_dir='$ac_aux_dir'
xsi_shell='$xsi_shell'
lt_shell_append='$lt_shell_append'
@@ -12330,7 +13509,7 @@ fi
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# Handling of arguments.
for ac_config_target in $ac_config_targets
@@ -12342,16 +13521,26 @@ do
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"extensions/GNUmakefile") CONFIG_FILES="$CONFIG_FILES extensions/GNUmakefile" ;;
"include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
+ "iptables/Makefile") CONFIG_FILES="$CONFIG_FILES iptables/Makefile" ;;
+ "iptables/xtables.pc") CONFIG_FILES="$CONFIG_FILES iptables/xtables.pc" ;;
+ "iptables/iptables.8") CONFIG_FILES="$CONFIG_FILES iptables/iptables.8" ;;
+ "iptables/iptables-extensions.8.tmpl") CONFIG_FILES="$CONFIG_FILES iptables/iptables-extensions.8.tmpl" ;;
+ "iptables/iptables-save.8") CONFIG_FILES="$CONFIG_FILES iptables/iptables-save.8" ;;
+ "iptables/iptables-restore.8") CONFIG_FILES="$CONFIG_FILES iptables/iptables-restore.8" ;;
+ "iptables/iptables-apply.8") CONFIG_FILES="$CONFIG_FILES iptables/iptables-apply.8" ;;
+ "iptables/iptables-xml.1") CONFIG_FILES="$CONFIG_FILES iptables/iptables-xml.1" ;;
"libipq/Makefile") CONFIG_FILES="$CONFIG_FILES libipq/Makefile" ;;
+ "libipq/libipq.pc") CONFIG_FILES="$CONFIG_FILES libipq/libipq.pc" ;;
+ "libiptc/Makefile") CONFIG_FILES="$CONFIG_FILES libiptc/Makefile" ;;
+ "libiptc/libiptc.pc") CONFIG_FILES="$CONFIG_FILES libiptc/libiptc.pc" ;;
+ "libiptc/libip4tc.pc") CONFIG_FILES="$CONFIG_FILES libiptc/libip4tc.pc" ;;
+ "libiptc/libip6tc.pc") CONFIG_FILES="$CONFIG_FILES libiptc/libip6tc.pc" ;;
+ "libxtables/Makefile") CONFIG_FILES="$CONFIG_FILES libxtables/Makefile" ;;
"utils/Makefile") CONFIG_FILES="$CONFIG_FILES utils/Makefile" ;;
- "include/xtables.h") CONFIG_FILES="$CONFIG_FILES include/xtables.h" ;;
+ "include/xtables-version.h") CONFIG_FILES="$CONFIG_FILES include/xtables-version.h" ;;
"include/iptables/internal.h") CONFIG_FILES="$CONFIG_FILES include/iptables/internal.h" ;;
- "libiptc.pc") CONFIG_FILES="$CONFIG_FILES libiptc.pc" ;;
- "xtables.pc") CONFIG_FILES="$CONFIG_FILES xtables.pc" ;;
- *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
-echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
- { (exit 1); exit 1; }; };;
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
esac
done
@@ -12374,286 +13563,302 @@ fi
# after its creation but before its name has been assigned to `$tmp'.
$debug ||
{
- tmp=
+ tmp= ac_tmp=
trap 'exit_status=$?
- { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+ : "${ac_tmp:=$tmp}"
+ { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
' 0
- trap '{ (exit 1); exit 1; }' 1 2 13 15
+ trap 'as_fn_exit 1' 1 2 13 15
}
# Create a (secure) tmp directory for tmp files.
{
tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -n "$tmp" && test -d "$tmp"
+ test -d "$tmp"
} ||
{
tmp=./conf$$-$RANDOM
(umask 077 && mkdir "$tmp")
-} ||
-{
- echo "$me: cannot create a temporary directory in ." >&2
- { (exit 1); exit 1; }
-}
-
-#
-# Set up the sed scripts for CONFIG_FILES section.
-#
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
-# No need to generate the scripts if there are no CONFIG_FILES.
-# This happens for instance when ./config.status config.h
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
if test -n "$CONFIG_FILES"; then
-_ACEOF
-
-
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
- cat >conf$$subs.sed <<_ACEOF
-SHELL!$SHELL$ac_delim
-PATH_SEPARATOR!$PATH_SEPARATOR$ac_delim
-PACKAGE_NAME!$PACKAGE_NAME$ac_delim
-PACKAGE_TARNAME!$PACKAGE_TARNAME$ac_delim
-PACKAGE_VERSION!$PACKAGE_VERSION$ac_delim
-PACKAGE_STRING!$PACKAGE_STRING$ac_delim
-PACKAGE_BUGREPORT!$PACKAGE_BUGREPORT$ac_delim
-exec_prefix!$exec_prefix$ac_delim
-prefix!$prefix$ac_delim
-program_transform_name!$program_transform_name$ac_delim
-bindir!$bindir$ac_delim
-sbindir!$sbindir$ac_delim
-libexecdir!$libexecdir$ac_delim
-datarootdir!$datarootdir$ac_delim
-datadir!$datadir$ac_delim
-sysconfdir!$sysconfdir$ac_delim
-sharedstatedir!$sharedstatedir$ac_delim
-localstatedir!$localstatedir$ac_delim
-includedir!$includedir$ac_delim
-oldincludedir!$oldincludedir$ac_delim
-docdir!$docdir$ac_delim
-infodir!$infodir$ac_delim
-htmldir!$htmldir$ac_delim
-dvidir!$dvidir$ac_delim
-pdfdir!$pdfdir$ac_delim
-psdir!$psdir$ac_delim
-libdir!$libdir$ac_delim
-localedir!$localedir$ac_delim
-mandir!$mandir$ac_delim
-DEFS!$DEFS$ac_delim
-ECHO_C!$ECHO_C$ac_delim
-ECHO_N!$ECHO_N$ac_delim
-ECHO_T!$ECHO_T$ac_delim
-LIBS!$LIBS$ac_delim
-build_alias!$build_alias$ac_delim
-host_alias!$host_alias$ac_delim
-target_alias!$target_alias$ac_delim
-INSTALL_PROGRAM!$INSTALL_PROGRAM$ac_delim
-INSTALL_SCRIPT!$INSTALL_SCRIPT$ac_delim
-INSTALL_DATA!$INSTALL_DATA$ac_delim
-am__isrc!$am__isrc$ac_delim
-CYGPATH_W!$CYGPATH_W$ac_delim
-PACKAGE!$PACKAGE$ac_delim
-VERSION!$VERSION$ac_delim
-ACLOCAL!$ACLOCAL$ac_delim
-AUTOCONF!$AUTOCONF$ac_delim
-AUTOMAKE!$AUTOMAKE$ac_delim
-AUTOHEADER!$AUTOHEADER$ac_delim
-MAKEINFO!$MAKEINFO$ac_delim
-install_sh!$install_sh$ac_delim
-STRIP!$STRIP$ac_delim
-INSTALL_STRIP_PROGRAM!$INSTALL_STRIP_PROGRAM$ac_delim
-mkdir_p!$mkdir_p$ac_delim
-AWK!$AWK$ac_delim
-SET_MAKE!$SET_MAKE$ac_delim
-am__leading_dot!$am__leading_dot$ac_delim
-AMTAR!$AMTAR$ac_delim
-am__tar!$am__tar$ac_delim
-am__untar!$am__untar$ac_delim
-CC!$CC$ac_delim
-CFLAGS!$CFLAGS$ac_delim
-LDFLAGS!$LDFLAGS$ac_delim
-CPPFLAGS!$CPPFLAGS$ac_delim
-ac_ct_CC!$ac_ct_CC$ac_delim
-EXEEXT!$EXEEXT$ac_delim
-OBJEXT!$OBJEXT$ac_delim
-DEPDIR!$DEPDIR$ac_delim
-am__include!$am__include$ac_delim
-am__quote!$am__quote$ac_delim
-AMDEP_TRUE!$AMDEP_TRUE$ac_delim
-AMDEP_FALSE!$AMDEP_FALSE$ac_delim
-AMDEPBACKSLASH!$AMDEPBACKSLASH$ac_delim
-CCDEPMODE!$CCDEPMODE$ac_delim
-am__fastdepCC_TRUE!$am__fastdepCC_TRUE$ac_delim
-am__fastdepCC_FALSE!$am__fastdepCC_FALSE$ac_delim
-LIBTOOL!$LIBTOOL$ac_delim
-build!$build$ac_delim
-build_cpu!$build_cpu$ac_delim
-build_vendor!$build_vendor$ac_delim
-build_os!$build_os$ac_delim
-host!$host$ac_delim
-host_cpu!$host_cpu$ac_delim
-host_vendor!$host_vendor$ac_delim
-host_os!$host_os$ac_delim
-SED!$SED$ac_delim
-GREP!$GREP$ac_delim
-EGREP!$EGREP$ac_delim
-FGREP!$FGREP$ac_delim
-LD!$LD$ac_delim
-DUMPBIN!$DUMPBIN$ac_delim
-ac_ct_DUMPBIN!$ac_ct_DUMPBIN$ac_delim
-NM!$NM$ac_delim
-LN_S!$LN_S$ac_delim
-AR!$AR$ac_delim
-RANLIB!$RANLIB$ac_delim
-lt_ECHO!$lt_ECHO$ac_delim
-DSYMUTIL!$DSYMUTIL$ac_delim
-_ACEOF
-
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
- break
- elif $ac_last_try; then
- { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
- { (exit 1); exit 1; }; }
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-
-ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
-if test -n "$ac_eof"; then
- ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
- ac_eof=`expr $ac_eof + 1`
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+ eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+ ac_cs_awk_cr='\\r'
+else
+ ac_cs_awk_cr=$ac_cr
fi
-cat >>$CONFIG_STATUS <<_ACEOF
-cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-_ACEOF
-sed '
-s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
-s/^/s,@/; s/!/@,|#_!!_#|/
-:n
-t n
-s/'"$ac_delim"'$/,g/; t
-s/$/\\/; p
-N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
-' >>$CONFIG_STATUS <conf$$subs.sed
-rm -f conf$$subs.sed
-cat >>$CONFIG_STATUS <<_ACEOF
-CEOF$ac_eof
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
_ACEOF
+{
+ echo "cat >conf$$subs.awk <<_ACEOF" &&
+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+ echo "_ACEOF"
+} >conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
ac_delim='%!_!# '
for ac_last_try in false false false false false :; do
- cat >conf$$subs.sed <<_ACEOF
-NMEDIT!$NMEDIT$ac_delim
-LIPO!$LIPO$ac_delim
-OTOOL!$OTOOL$ac_delim
-OTOOL64!$OTOOL64$ac_delim
-CPP!$CPP$ac_delim
-blacklist_modules!$blacklist_modules$ac_delim
-ENABLE_STATIC_TRUE!$ENABLE_STATIC_TRUE$ac_delim
-ENABLE_STATIC_FALSE!$ENABLE_STATIC_FALSE$ac_delim
-ENABLE_SHARED_TRUE!$ENABLE_SHARED_TRUE$ac_delim
-ENABLE_SHARED_FALSE!$ENABLE_SHARED_FALSE$ac_delim
-ENABLE_IPV4_TRUE!$ENABLE_IPV4_TRUE$ac_delim
-ENABLE_IPV4_FALSE!$ENABLE_IPV4_FALSE$ac_delim
-ENABLE_IPV6_TRUE!$ENABLE_IPV6_TRUE$ac_delim
-ENABLE_IPV6_FALSE!$ENABLE_IPV6_FALSE$ac_delim
-ENABLE_LARGEFILE_TRUE!$ENABLE_LARGEFILE_TRUE$ac_delim
-ENABLE_LARGEFILE_FALSE!$ENABLE_LARGEFILE_FALSE$ac_delim
-ENABLE_DEVEL_TRUE!$ENABLE_DEVEL_TRUE$ac_delim
-ENABLE_DEVEL_FALSE!$ENABLE_DEVEL_FALSE$ac_delim
-ENABLE_LIBIPQ_TRUE!$ENABLE_LIBIPQ_TRUE$ac_delim
-ENABLE_LIBIPQ_FALSE!$ENABLE_LIBIPQ_FALSE$ac_delim
-PKG_CONFIG!$PKG_CONFIG$ac_delim
-libnfnetlink_CFLAGS!$libnfnetlink_CFLAGS$ac_delim
-libnfnetlink_LIBS!$libnfnetlink_LIBS$ac_delim
-HAVE_LIBNFNETLINK_TRUE!$HAVE_LIBNFNETLINK_TRUE$ac_delim
-HAVE_LIBNFNETLINK_FALSE!$HAVE_LIBNFNETLINK_FALSE$ac_delim
-regular_CFLAGS!$regular_CFLAGS$ac_delim
-kinclude_CFLAGS!$kinclude_CFLAGS$ac_delim
-kbuilddir!$kbuilddir$ac_delim
-ksourcedir!$ksourcedir$ac_delim
-xtlibdir!$xtlibdir$ac_delim
-pkgconfigdir!$pkgconfigdir$ac_delim
-pkgdatadir!$pkgdatadir$ac_delim
-libxtables_vcurrent!$libxtables_vcurrent$ac_delim
-libxtables_vage!$libxtables_vage$ac_delim
-libxtables_vmajor!$libxtables_vmajor$ac_delim
-LIBOBJS!$LIBOBJS$ac_delim
-LTLIBOBJS!$LTLIBOBJS$ac_delim
-_ACEOF
+ . ./conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 37; then
+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+ if test $ac_delim_n = $ac_delim_num; then
break
elif $ac_last_try; then
- { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
else
ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
fi
done
+rm -f conf$$subs.sh
-ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
-if test -n "$ac_eof"; then
- ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
- ac_eof=`expr $ac_eof + 1`
-fi
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+ N
+ s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+ for (key in S) S_is_set[key] = 1
+ FS = ""
-cat >>$CONFIG_STATUS <<_ACEOF
-cat >"\$tmp/subs-2.sed" <<\CEOF$ac_eof
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b end
+}
+{
+ line = $ 0
+ nfields = split(line, field, "@")
+ substed = 0
+ len = length(field[1])
+ for (i = 2; i < nfields; i++) {
+ key = field[i]
+ keylen = length(key)
+ if (S_is_set[key]) {
+ value = S[key]
+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+ len += length(value) + length(field[++i])
+ substed = 1
+ } else
+ len += 1 + keylen
+ }
+
+ print line
+}
+
+_ACAWK
_ACEOF
-sed '
-s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
-s/^/s,@/; s/!/@,|#_!!_#|/
-:n
-t n
-s/'"$ac_delim"'$/,g/; t
-s/$/\\/; p
-N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
-' >>$CONFIG_STATUS <conf$$subs.sed
-rm -f conf$$subs.sed
-cat >>$CONFIG_STATUS <<_ACEOF
-:end
-s/|#_!!_#|//g
-CEOF$ac_eof
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+ cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
_ACEOF
-
-# VPATH may cause trouble with some makes, so we remove $(srcdir),
-# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
# trailing colons and then remove the whole line if VPATH becomes empty
# (actually we leave an empty line to preserve line numbers).
if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=/{
-s/:*\$(srcdir):*/:/
-s/:*\${srcdir}:*/:/
-s/:*@srcdir@:*/:/
-s/^\([^=]*=[ ]*\):*/\1/
+ ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
+h
+s///
+s/^/:/
+s/[ ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
s/:*$//
+x
+s/\(=[ ]*\).*/\1/
+G
+s/\n//
s/^[^=]*=[ ]*$//
}'
fi
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
fi # test -n "$CONFIG_FILES"
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+ ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_tt"; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any. Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[ ]*#[ ]*define[ ][ ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ for (key in D) D_is_set[key] = 1
+ FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+ line = \$ 0
+ split(line, arg, " ")
+ if (arg[1] == "#") {
+ defundef = arg[2]
+ mac1 = arg[3]
+ } else {
+ defundef = substr(arg[1], 2)
+ mac1 = arg[2]
+ }
+ split(mac1, mac2, "(") #)
+ macro = mac2[1]
+ prefix = substr(line, 1, index(line, defundef) - 1)
+ if (D_is_set[macro]) {
+ # Preserve the white space surrounding the "#".
+ print prefix "define", macro P[macro] D[macro]
+ next
+ } else {
+ # Replace #undef with comments. This is necessary, for example,
+ # in the case of _POSIX_SOURCE, which is predefined and required
+ # on some systems where configure will not decide to define it.
+ if (defundef == "undef") {
+ print "/*", prefix defundef, macro, "*/"
+ next
+ }
+ }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
-for ac_tag in :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS
+eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS"
+shift
+for ac_tag
do
case $ac_tag in
:[FHLC]) ac_mode=$ac_tag; continue;;
esac
case $ac_mode$ac_tag in
:[FHL]*:*);;
- :L* | :C*:*) { { echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5
-echo "$as_me: error: Invalid tag $ac_tag." >&2;}
- { (exit 1); exit 1; }; };;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
:[FH]-) ac_tag=-:-;;
:[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
esac
@@ -12672,7 +13877,7 @@ echo "$as_me: error: Invalid tag $ac_tag." >&2;}
for ac_f
do
case $ac_f in
- -) ac_f="$tmp/stdin";;
+ -) ac_f="$ac_tmp/stdin";;
*) # Look for the file first in the build tree, then in the source tree
# (if the path is not absolute). The absolute path cannot be DOS-style,
# because $ac_f cannot contain `:'.
@@ -12681,26 +13886,34 @@ echo "$as_me: error: Invalid tag $ac_tag." >&2;}
[\\/$]*) false;;
*) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
esac ||
- { { echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
-echo "$as_me: error: cannot find input file: $ac_f" >&2;}
- { (exit 1); exit 1; }; };;
+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
esac
- ac_file_inputs="$ac_file_inputs $ac_f"
+ case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ as_fn_append ac_file_inputs " '$ac_f'"
done
# Let's still pretend it is `configure' which instantiates (i.e., don't
# use $as_me), people would be surprised to read:
# /* config.h. Generated by config.status. */
- configure_input="Generated from "`IFS=:
- echo $* | sed 's|^[^:]*/||;s|:[^:]*/|, |g'`" by configure."
+ configure_input='Generated from '`
+ $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ `' by configure.'
if test x"$ac_file" != x-; then
configure_input="$ac_file. $configure_input"
- { echo "$as_me:$LINENO: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
fi
+ # Neutralize special characters interpreted by sed in replacement strings.
+ case $configure_input in #(
+ *\&* | *\|* | *\\* )
+ ac_sed_conf_input=`$as_echo "$configure_input" |
+ sed 's/[\\\\&|]/\\\\&/g'`;; #(
+ *) ac_sed_conf_input=$configure_input;;
+ esac
case $ac_tag in
- *:-:* | *:-) cat >"$tmp/stdin";;
+ *:-:* | *:-) cat >"$ac_tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
esac
;;
esac
@@ -12710,7 +13923,7 @@ $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$ac_file" : 'X\(//\)[^/]' \| \
X"$ac_file" : 'X\(//\)$' \| \
X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$ac_file" |
+$as_echo X"$ac_file" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -12728,55 +13941,15 @@ echo X"$ac_file" |
q
}
s/.*/./; q'`
- { as_dir="$ac_dir"
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
-echo "$as_me: error: cannot create directory $as_dir" >&2;}
- { (exit 1); exit 1; }; }; }
+ as_dir="$ac_dir"; as_fn_mkdir_p
ac_builddir=.
case "$ac_dir" in
.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
*)
- ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
# A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'`
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
case $ac_top_builddir_sub in
"") ac_top_builddir_sub=. ac_top_build_prefix= ;;
*) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
@@ -12821,12 +13994,12 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
esac
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# If the template does not know about datarootdir, expand it.
# FIXME: This hack should be removed a few years after 2.60.
ac_datarootdir_hack=; ac_datarootdir_seen=
-
-case `sed -n '/datarootdir/ {
+ac_sed_dataroot='
+/datarootdir/ {
p
q
}
@@ -12834,36 +14007,37 @@ case `sed -n '/datarootdir/ {
/@docdir@/p
/@infodir@/p
/@localedir@/p
-/@mandir@/p
-' $ac_file_inputs` in
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
*datarootdir*) ac_datarootdir_seen=yes;;
*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_datarootdir_hack='
s&@datadir@&$datadir&g
s&@docdir@&$docdir&g
s&@infodir@&$infodir&g
s&@localedir@&$localedir&g
s&@mandir@&$mandir&g
- s&\\\${datarootdir}&$datarootdir&g' ;;
+ s&\\\${datarootdir}&$datarootdir&g' ;;
esac
_ACEOF
# Neutralize VPATH when `$srcdir' = `.'.
# Shell code in configure.ac might set extrasub.
# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF
- sed "$ac_vpsub
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
$extrasub
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
:t
/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s&@configure_input@&$configure_input&;t t
+s|@configure_input@|$ac_sed_conf_input|;t t
s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
s&@srcdir@&$ac_srcdir&;t t
s&@abs_srcdir@&$ac_abs_srcdir&;t t
s&@top_srcdir@&$ac_top_srcdir&;t t
@@ -12874,121 +14048,51 @@ s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
s&@INSTALL@&$ac_INSTALL&;t t
s&@MKDIR_P@&$ac_MKDIR_P&;t t
$ac_datarootdir_hack
-" $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" >$tmp/out
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
- { echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined." >&5
-echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined." >&2;}
-
- rm -f "$tmp/stdin"
+ { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
+ "$ac_tmp/out"`; test -z "$ac_out"; } &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&2;}
+
+ rm -f "$ac_tmp/stdin"
case $ac_file in
- -) cat "$tmp/out"; rm -f "$tmp/out";;
- *) rm -f "$ac_file"; mv "$tmp/out" $ac_file;;
- esac
+ -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+ *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+ esac \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
;;
:H)
#
# CONFIG_HEADER
#
-_ACEOF
-
-# Transform confdefs.h into a sed script `conftest.defines', that
-# substitutes the proper values into config.h.in to produce config.h.
-rm -f conftest.defines conftest.tail
-# First, append a space to every undef/define line, to ease matching.
-echo 's/$/ /' >conftest.defines
-# Then, protect against being on the right side of a sed subst, or in
-# an unquoted here document, in config.status. If some macros were
-# called several times there might be several #defines for the same
-# symbol, which is useless. But do not sort them, since the last
-# AC_DEFINE must be honored.
-ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
-# These sed commands are passed to sed as "A NAME B PARAMS C VALUE D", where
-# NAME is the cpp macro being defined, VALUE is the value it is being given.
-# PARAMS is the parameter list in the macro definition--in most cases, it's
-# just an empty string.
-ac_dA='s,^\\([ #]*\\)[^ ]*\\([ ]*'
-ac_dB='\\)[ (].*,\\1define\\2'
-ac_dC=' '
-ac_dD=' ,'
-
-uniq confdefs.h |
- sed -n '
- t rset
- :rset
- s/^[ ]*#[ ]*define[ ][ ]*//
- t ok
- d
- :ok
- s/[\\&,]/\\&/g
- s/^\('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/ '"$ac_dA"'\1'"$ac_dB"'\2'"${ac_dC}"'\3'"$ac_dD"'/p
- s/^\('"$ac_word_re"'\)[ ]*\(.*\)/'"$ac_dA"'\1'"$ac_dB$ac_dC"'\2'"$ac_dD"'/p
- ' >>conftest.defines
-
-# Remove the space that was appended to ease matching.
-# Then replace #undef with comments. This is necessary, for
-# example, in the case of _POSIX_SOURCE, which is predefined and required
-# on some systems where configure will not decide to define it.
-# (The regexp can be short, since the line contains either #define or #undef.)
-echo 's/ $//
-s,^[ #]*u.*,/* & */,' >>conftest.defines
-
-# Break up conftest.defines:
-ac_max_sed_lines=50
-
-# First sed command is: sed -f defines.sed $ac_file_inputs >"$tmp/out1"
-# Second one is: sed -f defines.sed "$tmp/out1" >"$tmp/out2"
-# Third one will be: sed -f defines.sed "$tmp/out2" >"$tmp/out1"
-# et cetera.
-ac_in='$ac_file_inputs'
-ac_out='"$tmp/out1"'
-ac_nxt='"$tmp/out2"'
-
-while :
-do
- # Write a here document:
- cat >>$CONFIG_STATUS <<_ACEOF
- # First, check the format of the line:
- cat >"\$tmp/defines.sed" <<\\CEOF
-/^[ ]*#[ ]*undef[ ][ ]*$ac_word_re[ ]*\$/b def
-/^[ ]*#[ ]*define[ ][ ]*$ac_word_re[( ]/b def
-b
-:def
-_ACEOF
- sed ${ac_max_sed_lines}q conftest.defines >>$CONFIG_STATUS
- echo 'CEOF
- sed -f "$tmp/defines.sed"' "$ac_in >$ac_out" >>$CONFIG_STATUS
- ac_in=$ac_out; ac_out=$ac_nxt; ac_nxt=$ac_in
- sed 1,${ac_max_sed_lines}d conftest.defines >conftest.tail
- grep . conftest.tail >/dev/null || break
- rm -f conftest.defines
- mv conftest.tail conftest.defines
-done
-rm -f conftest.defines conftest.tail
-
-echo "ac_result=$ac_in" >>$CONFIG_STATUS
-cat >>$CONFIG_STATUS <<\_ACEOF
if test x"$ac_file" != x-; then
- echo "/* $configure_input */" >"$tmp/config.h"
- cat "$ac_result" >>"$tmp/config.h"
- if diff $ac_file "$tmp/config.h" >/dev/null 2>&1; then
- { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
-echo "$as_me: $ac_file is unchanged" >&6;}
+ {
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
+ } >"$ac_tmp/config.h" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
else
- rm -f $ac_file
- mv "$tmp/config.h" $ac_file
+ rm -f "$ac_file"
+ mv "$ac_tmp/config.h" "$ac_file" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
fi
else
- echo "/* $configure_input */"
- cat "$ac_result"
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
+ || as_fn_error $? "could not create -" "$LINENO" 5
fi
- rm -f "$tmp/out12"
-# Compute $ac_file's index in $config_headers.
-_am_arg=$ac_file
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
_am_stamp_count=1
for _am_header in $config_headers :; do
case $_am_header in
@@ -13003,7 +14107,7 @@ $as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$_am_arg" : 'X\(//\)[^/]' \| \
X"$_am_arg" : 'X\(//\)$' \| \
X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$_am_arg" |
+$as_echo X"$_am_arg" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -13023,39 +14127,40 @@ echo X"$_am_arg" |
s/.*/./; q'`/stamp-h$_am_stamp_count
;;
- :C) { echo "$as_me:$LINENO: executing $ac_file commands" >&5
-echo "$as_me: executing $ac_file commands" >&6;}
+ :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
;;
esac
case $ac_file$ac_mode in
- "depfiles":C) test x"$AMDEP_TRUE" != x"" || # Autoconf 2.62 quotes --file arguments for eval, but not when files
-# are listed without --file. Let's play safe and only enable the eval
-# if we detect the quoting.
-case $CONFIG_FILES in
-*\'*) eval set x "$CONFIG_FILES" ;;
-*) set x $CONFIG_FILES ;;
-esac
-shift
-for mf
-do
- # Strip MF so we end up with the name of the file.
- mf=`echo "$mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile or not.
- # We used to match only the files named `Makefile.in', but
- # some people rename them; so instead we look at the file content.
- # Grep'ing the first line is not enough: some people post-process
- # each Makefile.in and add a new line on top of each file to say so.
- # Grep'ing the whole file is not good either: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
- dirpart=`$as_dirname -- "$mf" ||
+ "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+ # Autoconf 2.62 quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ case $CONFIG_FILES in
+ *\'*) eval set x "$CONFIG_FILES" ;;
+ *) set x $CONFIG_FILES ;;
+ esac
+ shift
+ for mf
+ do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # Grep'ing the whole file is not good either: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.
+ if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+ dirpart=`$as_dirname -- "$mf" ||
$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$mf" : 'X\(//\)[^/]' \| \
X"$mf" : 'X\(//\)$' \| \
X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$mf" |
+$as_echo X"$mf" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -13073,68 +14178,33 @@ echo X"$mf" |
q
}
s/.*/./; q'`
- else
- continue
- fi
- # Extract the definition of DEPDIR, am__include, and am__quote
- # from the Makefile without running `make'.
- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
- test -z "$DEPDIR" && continue
- am__include=`sed -n 's/^am__include = //p' < "$mf"`
- test -z "am__include" && continue
- am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
- # When using ansi2knr, U may be empty or an underscore; expand it
- U=`sed -n 's/^U = //p' < "$mf"`
- # Find all dependency output files, they are included files with
- # $(DEPDIR) in their names. We invoke sed twice because it is the
- # simplest approach to changing $(DEPDIR) to its actual value in the
- # expansion.
- for file in `sed -n "
- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
- # Make sure the directory exists.
- test -f "$dirpart/$file" && continue
- fdir=`$as_dirname -- "$file" ||
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`$as_dirname -- "$file" ||
$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$file" : 'X\(//\)[^/]' \| \
X"$file" : 'X\(//\)$' \| \
X"$file" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- { as_dir=$dirpart/$fdir
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$as_dir" |
+$as_echo X"$file" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -13152,16 +14222,12 @@ echo X"$as_dir" |
q
}
s/.*/./; q'`
- test -d "$as_dir" && break
+ as_dir=$dirpart/$fdir; as_fn_mkdir_p
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
-echo "$as_me: error: cannot create directory $as_dir" >&2;}
- { (exit 1); exit 1; }; }; }
- # echo "creating $dirpart/$file"
- echo '# dummy' > "$dirpart/$file"
done
-done
+}
;;
"libtool":C)
@@ -13184,7 +14250,8 @@ done
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
#
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008 Free Software Foundation, Inc.
+# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is part of GNU Libtool.
@@ -13232,6 +14299,15 @@ pic_mode=$pic_mode
# Whether or not to optimize for fast installation.
fast_install=$enable_fast_install
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# An echo program that protects backslashes.
+ECHO=$lt_ECHO
+
+# The PATH separator for the build system.
+PATH_SEPARATOR=$lt_PATH_SEPARATOR
+
# The host system.
host_alias=$host_alias
host=$host
@@ -13281,20 +14357,42 @@ SP2NL=$lt_lt_SP2NL
# turn newlines into spaces.
NL2SP=$lt_lt_NL2SP
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
+# convert \$build file names to \$host format.
+to_host_file_cmd=$lt_cv_to_host_file_cmd
+
+# convert \$build files to toolchain format.
+to_tool_file_cmd=$lt_cv_to_tool_file_cmd
+
+# An object symbol dumper.
+OBJDUMP=$lt_OBJDUMP
# Method to check whether dependent libraries are shared objects.
deplibs_check_method=$lt_deplibs_check_method
-# Command to use when deplibs_check_method == "file_magic".
+# Command to use when deplibs_check_method = "file_magic".
file_magic_cmd=$lt_file_magic_cmd
+# How to find potential files when deplibs_check_method = "file_magic".
+file_magic_glob=$lt_file_magic_glob
+
+# Find potential files using nocaseglob when deplibs_check_method = "file_magic".
+want_nocaseglob=$lt_want_nocaseglob
+
+# DLL creation program.
+DLLTOOL=$lt_DLLTOOL
+
+# Command to associate shared and link libraries.
+sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd
+
# The archiver.
AR=$lt_AR
+
+# Flags to create an archive.
AR_FLAGS=$lt_AR_FLAGS
+# How to feed a file listing to the archiver.
+archiver_list_spec=$lt_archiver_list_spec
+
# A symbol stripping program.
STRIP=$lt_STRIP
@@ -13303,6 +14401,9 @@ RANLIB=$lt_RANLIB
old_postinstall_cmds=$lt_old_postinstall_cmds
old_postuninstall_cmds=$lt_old_postuninstall_cmds
+# Whether to use a lock for old archive extraction.
+lock_old_archive_extraction=$lock_old_archive_extraction
+
# A C compiler.
LTCC=$lt_CC
@@ -13321,14 +14422,14 @@ global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
# Transform the output of nm in a C name address pair when lib prefix is needed.
global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
+# Specify filename containing input files for \$NM.
+nm_file_list_spec=$lt_nm_file_list_spec
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
+# The root where to search for dependent libraries,and in which our libraries should be installed.
+lt_sysroot=$lt_sysroot
-# An echo program that does not interpret backslashes.
-ECHO=$lt_ECHO
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
# Used to examine libraries when file_magic_cmd begins with "file".
MAGIC_CMD=$MAGIC_CMD
@@ -13336,6 +14437,9 @@ MAGIC_CMD=$MAGIC_CMD
# Must we lock files when doing compilation?
need_locks=$lt_need_locks
+# Manifest tool.
+MANIFEST_TOOL=$lt_MANIFEST_TOOL
+
# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
DSYMUTIL=$lt_DSYMUTIL
@@ -13392,6 +14496,9 @@ library_names_spec=$lt_library_names_spec
# The coded name of the library, if different from the real name.
soname_spec=$lt_soname_spec
+# Permission mode override for installation of shared libraries.
+install_override_mode=$lt_install_override_mode
+
# Command to use after installation of a shared archive.
postinstall_cmds=$lt_postinstall_cmds
@@ -13431,6 +14538,10 @@ striplib=$lt_striplib
# The linker used to build libraries.
LD=$lt_LD
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
# Commands used to build an old-style archive.
old_archive_cmds=$lt_old_archive_cmds
@@ -13443,12 +14554,12 @@ with_gcc=$GCC
# Compiler flag to turn off builtin functions.
no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl
-
# Additional compiler flags for building library objects.
pic_flag=$lt_lt_prog_compiler_pic
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
# Compiler flag to prevent dynamic linking.
link_static_flag=$lt_lt_prog_compiler_static
@@ -13498,10 +14609,6 @@ no_undefined_flag=$lt_no_undefined_flag
# This must work even if \$libdir does not exist
hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-# If ld is used when linking, flag to hardcode \$libdir into a binary
-# during linking. This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
-
# Whether we need a single "-rpath" flag with a separated argument.
hardcode_libdir_separator=$lt_hardcode_libdir_separator
@@ -13535,9 +14642,6 @@ inherit_rpath=$inherit_rpath
# Whether libtool must link a program against all its dependency libraries.
link_all_deplibs=$link_all_deplibs
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path=$lt_fix_srcfile_path
-
# Set to "yes" if exported symbols are required.
always_export_symbols=$always_export_symbols
@@ -13553,6 +14657,9 @@ include_expsyms=$lt_include_expsyms
# Commands necessary for linking programs (against libraries) with templates.
prelink_cmds=$lt_prelink_cmds
+# Commands necessary for finishing linking programs.
+postlink_cmds=$lt_postlink_cmds
+
# Specify filename containing input files.
file_list_spec=$lt_file_list_spec
@@ -13585,212 +14692,169 @@ ltmain="$ac_aux_dir/ltmain.sh"
# if finds mixed CR/LF and LF-only lines. Since sed operates in
# text mode, it properly converts lines to CR/LF. This bash problem
# is reportedly fixed, but why not run on old versions too?
- sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- case $xsi_shell in
- yes)
- cat << \_LT_EOF >> "$cfgfile"
-
-# func_dirname file append nondir_replacement
-# Compute the dirname of FILE. If nonempty, add APPEND to the result,
-# otherwise set result to NONDIR_REPLACEMENT.
-func_dirname ()
-{
- case ${1} in
- */*) func_dirname_result="${1%/*}${2}" ;;
- * ) func_dirname_result="${3}" ;;
- esac
-}
-
-# func_basename file
-func_basename ()
-{
- func_basename_result="${1##*/}"
-}
-
-# func_dirname_and_basename file append nondir_replacement
-# perform func_basename and func_dirname in a single function
-# call:
-# dirname: Compute the dirname of FILE. If nonempty,
-# add APPEND to the result, otherwise set result
-# to NONDIR_REPLACEMENT.
-# value returned in "$func_dirname_result"
-# basename: Compute filename of FILE.
-# value retuned in "$func_basename_result"
-# Implementation must be kept synchronized with func_dirname
-# and func_basename. For efficiency, we do not delegate to
-# those functions but instead duplicate the functionality here.
-func_dirname_and_basename ()
-{
- case ${1} in
- */*) func_dirname_result="${1%/*}${2}" ;;
- * ) func_dirname_result="${3}" ;;
- esac
- func_basename_result="${1##*/}"
-}
-
-# func_stripname prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-func_stripname ()
-{
- # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
- # positional parameters, so assign one to ordinary parameter first.
- func_stripname_result=${3}
- func_stripname_result=${func_stripname_result#"${1}"}
- func_stripname_result=${func_stripname_result%"${2}"}
-}
-
-# func_opt_split
-func_opt_split ()
-{
- func_opt_split_opt=${1%%=*}
- func_opt_split_arg=${1#*=}
-}
-
-# func_lo2o object
-func_lo2o ()
-{
- case ${1} in
- *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
- *) func_lo2o_result=${1} ;;
- esac
-}
-
-# func_xform libobj-or-source
-func_xform ()
-{
- func_xform_result=${1%.*}.lo
-}
-
-# func_arith arithmetic-term...
-func_arith ()
-{
- func_arith_result=$(( $* ))
-}
-
-# func_len string
-# STRING may not start with a hyphen.
-func_len ()
-{
- func_len_result=${#1}
-}
-
-_LT_EOF
- ;;
- *) # Bourne compatible functions.
- cat << \_LT_EOF >> "$cfgfile"
-
-# func_dirname file append nondir_replacement
-# Compute the dirname of FILE. If nonempty, add APPEND to the result,
-# otherwise set result to NONDIR_REPLACEMENT.
-func_dirname ()
-{
- # Extract subdirectory from the argument.
- func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
- if test "X$func_dirname_result" = "X${1}"; then
- func_dirname_result="${3}"
- else
- func_dirname_result="$func_dirname_result${2}"
- fi
-}
-
-# func_basename file
-func_basename ()
-{
- func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
-}
-
-
-# func_stripname prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-# func_strip_suffix prefix name
-func_stripname ()
-{
- case ${2} in
- .*) func_stripname_result=`$ECHO "X${3}" \
- | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
- *) func_stripname_result=`$ECHO "X${3}" \
- | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
- esac
-}
-
-# sed scripts:
-my_sed_long_opt='1s/^\(-[^=]*\)=.*/\1/;q'
-my_sed_long_arg='1s/^-[^=]*=//'
-
-# func_opt_split
-func_opt_split ()
-{
- func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
- func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
-}
-
-# func_lo2o object
-func_lo2o ()
-{
- func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
-}
-
-# func_xform libobj-or-source
-func_xform ()
-{
- func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[^.]*$/.lo/'`
-}
-
-# func_arith arithmetic-term...
-func_arith ()
-{
- func_arith_result=`expr "$@"`
-}
-
-# func_len string
-# STRING may not start with a hyphen.
-func_len ()
-{
- func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
-}
-
-_LT_EOF
-esac
-
-case $lt_shell_append in
- yes)
- cat << \_LT_EOF >> "$cfgfile"
-
-# func_append var value
-# Append VALUE to the end of shell variable VAR.
-func_append ()
-{
- eval "$1+=\$2"
-}
-_LT_EOF
- ;;
- *)
- cat << \_LT_EOF >> "$cfgfile"
-
-# func_append var value
-# Append VALUE to the end of shell variable VAR.
-func_append ()
-{
- eval "$1=\$$1\$2"
-}
-
-_LT_EOF
- ;;
- esac
-
-
- sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- mv -f "$cfgfile" "$ofile" ||
+ sed '$q' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ if test x"$xsi_shell" = xyes; then
+ sed -e '/^func_dirname ()$/,/^} # func_dirname /c\
+func_dirname ()\
+{\
+\ case ${1} in\
+\ */*) func_dirname_result="${1%/*}${2}" ;;\
+\ * ) func_dirname_result="${3}" ;;\
+\ esac\
+} # Extended-shell func_dirname implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+
+ sed -e '/^func_basename ()$/,/^} # func_basename /c\
+func_basename ()\
+{\
+\ func_basename_result="${1##*/}"\
+} # Extended-shell func_basename implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+
+ sed -e '/^func_dirname_and_basename ()$/,/^} # func_dirname_and_basename /c\
+func_dirname_and_basename ()\
+{\
+\ case ${1} in\
+\ */*) func_dirname_result="${1%/*}${2}" ;;\
+\ * ) func_dirname_result="${3}" ;;\
+\ esac\
+\ func_basename_result="${1##*/}"\
+} # Extended-shell func_dirname_and_basename implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+
+ sed -e '/^func_stripname ()$/,/^} # func_stripname /c\
+func_stripname ()\
+{\
+\ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are\
+\ # positional parameters, so assign one to ordinary parameter first.\
+\ func_stripname_result=${3}\
+\ func_stripname_result=${func_stripname_result#"${1}"}\
+\ func_stripname_result=${func_stripname_result%"${2}"}\
+} # Extended-shell func_stripname implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+
+ sed -e '/^func_split_long_opt ()$/,/^} # func_split_long_opt /c\
+func_split_long_opt ()\
+{\
+\ func_split_long_opt_name=${1%%=*}\
+\ func_split_long_opt_arg=${1#*=}\
+} # Extended-shell func_split_long_opt implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+
+ sed -e '/^func_split_short_opt ()$/,/^} # func_split_short_opt /c\
+func_split_short_opt ()\
+{\
+\ func_split_short_opt_arg=${1#??}\
+\ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}\
+} # Extended-shell func_split_short_opt implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+
+ sed -e '/^func_lo2o ()$/,/^} # func_lo2o /c\
+func_lo2o ()\
+{\
+\ case ${1} in\
+\ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;\
+\ *) func_lo2o_result=${1} ;;\
+\ esac\
+} # Extended-shell func_lo2o implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+
+ sed -e '/^func_xform ()$/,/^} # func_xform /c\
+func_xform ()\
+{\
+ func_xform_result=${1%.*}.lo\
+} # Extended-shell func_xform implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+
+ sed -e '/^func_arith ()$/,/^} # func_arith /c\
+func_arith ()\
+{\
+ func_arith_result=$(( $* ))\
+} # Extended-shell func_arith implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+
+ sed -e '/^func_len ()$/,/^} # func_len /c\
+func_len ()\
+{\
+ func_len_result=${#1}\
+} # Extended-shell func_len implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+fi
+
+if test x"$lt_shell_append" = xyes; then
+ sed -e '/^func_append ()$/,/^} # func_append /c\
+func_append ()\
+{\
+ eval "${1}+=\\${2}"\
+} # Extended-shell func_append implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+
+ sed -e '/^func_append_quoted ()$/,/^} # func_append_quoted /c\
+func_append_quoted ()\
+{\
+\ func_quote_for_eval "${2}"\
+\ eval "${1}+=\\\\ \\$func_quote_for_eval_result"\
+} # Extended-shell func_append_quoted implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+
+
+ # Save a `func_append' function call where possible by direct use of '+='
+ sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+ test 0 -eq $? || _lt_function_replace_fail=:
+else
+ # Save a `func_append' function call even when '+=' is not available
+ sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+ test 0 -eq $? || _lt_function_replace_fail=:
+fi
+
+if test x"$_lt_function_replace_fail" = x":"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to substitute extended shell functions in $ofile" >&5
+$as_echo "$as_me: WARNING: Unable to substitute extended shell functions in $ofile" >&2;}
+fi
+
+
+ mv -f "$cfgfile" "$ofile" ||
(rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
chmod +x "$ofile"
@@ -13800,11 +14864,13 @@ _LT_EOF
done # for ac_tag
-{ (exit 0); exit 0; }
+as_fn_exit 0
_ACEOF
-chmod +x $CONFIG_STATUS
ac_clean_files=$ac_clean_files_save
+test $ac_write_fail = 0 ||
+ as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
# configure is writing to config.log, and then calls config.status.
# config.status does its own redirection, appending to config.log.
@@ -13824,6 +14890,66 @@ if test "$no_create" != yes; then
exec 5>>config.log
# Use ||, not &&, to avoid exiting from the if with $? = 1, which
# would make configure fail if this is the last instruction.
- $ac_cs_success || { (exit 1); exit 1; }
+ $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
+
+e_xtlibdir=$xtlibdir
+if test $prefix = 'NONE'; then
+ prefix="/usr/local"
fi
+while true; do
+ case "$e_xtlibdir" in
+ *\$* ) eval "e_xtlibdir=$e_xtlibdir" ;;
+ *) break ;;
+ esac
+done
+eval "e_xtlibdir=$e_xtlibdir"
+
+e_pkgconfigdir=$pkgconfigdir
+if test $prefix = 'NONE'; then
+ prefix="/usr/local"
+fi
+while true; do
+ case "$e_pkgconfigdir" in
+ *\$* ) eval "e_pkgconfigdir=$e_pkgconfigdir" ;;
+ *) break ;;
+ esac
+done
+eval "e_pkgconfigdir=$e_pkgconfigdir"
+
+
+echo "
+Iptables Configuration:
+ IPv4 support: ${enable_ipv4}
+ IPv6 support: ${enable_ipv6}
+ Devel support: ${enable_devel}
+ IPQ support: ${enable_libipq}
+ Large file support: ${enable_largefile}
+ BPF utils support: ${enable_bpfc}
+ nfsynproxy util support: ${enable_nfsynproxy}
+
+Build parameters:
+ Put plugins into executable (static): ${enable_static}
+ Support plugins via dlopen (shared): ${enable_shared}
+ Installation prefix (--prefix): ${prefix}
+ Xtables extension directory: ${e_xtlibdir}
+ Pkg-config directory: ${e_pkgconfigdir}"
+
+if [ -n "$ksourcedir" ]; then
+ echo " Kernel source directory: ${ksourcedir}"
+fi;
+if [ -n "$kbuilddir" ]; then
+ echo " Kernel build directory: ${kbuilddir}"
+fi;
+
+echo " Host: ${host}
+ GCC binary: ${CC}"
+test x"$blacklist_modules" = "x" || echo "
+Iptables modules that will not be built: $blacklist_modules"
diff --git a/configure.ac b/configure.ac
index e9042fb..e83304c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,10 +1,11 @@
-AC_INIT([iptables], [1.4.9.1])
+AC_INIT([iptables], [1.4.21])
# See libtool.info "Libtool's versioning system"
-libxtables_vcurrent=5
+libxtables_vcurrent=10
libxtables_vage=0
+AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
AC_PROG_INSTALL
@@ -12,6 +13,7 @@ AM_INIT_AUTOMAKE([-Wall])
AC_PROG_CC
AM_PROG_CC_C_O
AC_DISABLE_STATIC
+m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
AM_PROG_LIBTOOL
AC_ARG_WITH([kernel],
@@ -30,7 +32,7 @@ AC_ARG_WITH([xtlibdir],
AS_HELP_STRING([--with-xtlibdir=PATH],
[Path where to install Xtables extensions [[LIBEXECDIR/xtables]]]),
[xtlibdir="$withval"],
- [xtlibdir="${libexecdir}/xtables"])
+ [xtlibdir="${libdir}/xtables"])
AC_ARG_ENABLE([ipv4],
AS_HELP_STRING([--disable-ipv4], [Do not build iptables]),
[enable_ipv4="$enableval"], [enable_ipv4="yes"])
@@ -41,24 +43,59 @@ AC_ARG_ENABLE([largefile],
AS_HELP_STRING([--disable-largefile], [Do not build largefile support]),
[enable_largefile="$enableval"],
[enable_largefile="yes";
- largefile_cflags='-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64'])
+ largefile_cppflags='-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64'])
AC_ARG_ENABLE([devel],
AS_HELP_STRING([--enable-devel],
[Install Xtables development headers]),
[enable_devel="$enableval"], [enable_devel="yes"])
AC_ARG_ENABLE([libipq],
- AS_HELP_STRING([--enable-libipq], [Build and install libipq]))
+ AS_HELP_STRING([--enable-libipq], [Build and install libipq]),
+ [enable_libipq="$enableval"], [enable_libipq="no"])
+AC_ARG_ENABLE([bpf-compiler],
+ AS_HELP_STRING([--enable-bpf-compiler], [Build bpf compiler]),
+ [enable_bpfc="yes"], [enable_bpfc="no"])
+AC_ARG_ENABLE([nfsynproxy],
+ AS_HELP_STRING([--enable-nfsynproxy], [Build SYNPROXY configuration tool]),
+ [enable_nfsynproxy="yes"], [enable_nfsynproxy="no"])
AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
[Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]),
[pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig'])
-AC_CHECK_HEADER([linux/dccp.h])
+libiptc_LDFLAGS2="";
+AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
+ [libiptc_LDFLAGS2="-Wl,--no-as-needed"])
+AC_SUBST([libiptc_LDFLAGS2])
+
+AC_MSG_CHECKING([whether $LD knows -Wl,--no-undefined])
+saved_LDFLAGS="$LDFLAGS";
+LDFLAGS="-Wl,--no-undefined";
+AC_LINK_IFELSE([AC_LANG_SOURCE([int main(void) {}])],
+ [noundef_LDFLAGS="$LDFLAGS"; AC_MSG_RESULT([yes])],
+ [AC_MSG_RESULT([no])]
+)
+LDFLAGS="$saved_LDFLAGS";
blacklist_modules="";
+
+AC_CHECK_HEADERS([linux/dccp.h linux/ip_vs.h linux/magic.h linux/proc_fs.h])
if test "$ac_cv_header_linux_dccp_h" != "yes"; then
blacklist_modules="$blacklist_modules dccp";
fi;
+if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then
+ blacklist_modules="$blacklist_modules ipvs";
+fi;
+
+PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4],
+ [nfconntrack=1], [nfconntrack=0])
+AM_CONDITIONAL([HAVE_LIBNETFILTER_CONNTRACK], [test "$nfconntrack" = 1])
+
+if test "$nfconntrack" -ne 1; then
+ blacklist_modules="$blacklist_modules connlabel";
+ echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
+fi;
+
AC_SUBST([blacklist_modules])
+AC_CHECK_SIZEOF([struct ip6_hdr], [], [#include <netinet/ip6.h>])
AM_CONDITIONAL([ENABLE_STATIC], [test "$enable_static" = "yes"])
AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" = "yes"])
@@ -67,27 +104,49 @@ AM_CONDITIONAL([ENABLE_IPV6], [test "$enable_ipv6" = "yes"])
AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"])
AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"])
AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"])
+AM_CONDITIONAL([ENABLE_BPFC], [test "$enable_bpfc" = "yes"])
+AM_CONDITIONAL([ENABLE_SYNCONF], [test "$enable_nfsynproxy" = "yes"])
+
+if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then
+ AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
+fi
PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
[nfnetlink=1], [nfnetlink=0])
AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
-regular_CFLAGS="${largefile_cflags} \
- -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations \
+regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \
-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
- -Winline -pipe \
+ -Winline -pipe";
+regular_CPPFLAGS="${largefile_cppflags} -D_REENTRANT \
-DXTABLES_LIBDIR=\\\"\${xtlibdir}\\\" -DXTABLES_INTERNAL";
-kinclude_CFLAGS="";
+kinclude_CPPFLAGS="";
if [[ -n "$kbuilddir" ]]; then
- kinclude_CFLAGS="$kinclude_CFLAGS -I $kbuilddir/include";
+ kinclude_CPPFLAGS="$kinclude_CPPFLAGS -I$kbuilddir/include/uapi -I$kbuilddir/include";
fi;
if [[ -n "$ksourcedir" ]]; then
- kinclude_CFLAGS="$kinclude_CFLAGS -I $ksourcedir/include";
+ kinclude_CPPFLAGS="$kinclude_CPPFLAGS -I$ksourcedir/include/uapi -I$ksourcedir/include";
fi;
pkgdatadir='${datadir}/xtables';
+define([EXPAND_VARIABLE],
+[$2=[$]$1
+if test $prefix = 'NONE'; then
+ prefix="/usr/local"
+fi
+while true; do
+ case "[$]$2" in
+ *\[$]* ) eval "$2=[$]$2" ;;
+ *) break ;;
+ esac
+done
+eval "$2=[$]$2"
+])dnl EXPAND_VARIABLE
+
AC_SUBST([regular_CFLAGS])
-AC_SUBST([kinclude_CFLAGS])
+AC_SUBST([regular_CPPFLAGS])
+AC_SUBST([noundef_LDFLAGS])
+AC_SUBST([kinclude_CPPFLAGS])
AC_SUBST([kbuilddir])
AC_SUBST([ksourcedir])
AC_SUBST([xtlibdir])
@@ -99,6 +158,47 @@ libxtables_vmajor=$(($libxtables_vcurrent - $libxtables_vage));
AC_SUBST([libxtables_vmajor])
AC_CONFIG_FILES([Makefile extensions/GNUmakefile include/Makefile
- libipq/Makefile utils/Makefile
- include/xtables.h include/iptables/internal.h libiptc.pc xtables.pc])
+ iptables/Makefile iptables/xtables.pc
+ iptables/iptables.8 iptables/iptables-extensions.8.tmpl
+ iptables/iptables-save.8 iptables/iptables-restore.8
+ iptables/iptables-apply.8 iptables/iptables-xml.1
+ libipq/Makefile libipq/libipq.pc
+ libiptc/Makefile libiptc/libiptc.pc
+ libiptc/libip4tc.pc libiptc/libip6tc.pc
+ libxtables/Makefile utils/Makefile
+ include/xtables-version.h include/iptables/internal.h])
AC_OUTPUT
+
+
+EXPAND_VARIABLE(xtlibdir, e_xtlibdir)
+EXPAND_VARIABLE(pkgconfigdir, e_pkgconfigdir)
+
+echo "
+Iptables Configuration:
+ IPv4 support: ${enable_ipv4}
+ IPv6 support: ${enable_ipv6}
+ Devel support: ${enable_devel}
+ IPQ support: ${enable_libipq}
+ Large file support: ${enable_largefile}
+ BPF utils support: ${enable_bpfc}
+ nfsynproxy util support: ${enable_nfsynproxy}
+
+Build parameters:
+ Put plugins into executable (static): ${enable_static}
+ Support plugins via dlopen (shared): ${enable_shared}
+ Installation prefix (--prefix): ${prefix}
+ Xtables extension directory: ${e_xtlibdir}
+ Pkg-config directory: ${e_pkgconfigdir}"
+
+if [[ -n "$ksourcedir" ]]; then
+ echo " Kernel source directory: ${ksourcedir}"
+fi;
+if [[ -n "$kbuilddir" ]]; then
+ echo " Kernel build directory: ${kbuilddir}"
+fi;
+
+echo " Host: ${host}
+ GCC binary: ${CC}"
+
+test x"$blacklist_modules" = "x" || echo "
+Iptables modules that will not be built: $blacklist_modules"
diff --git a/debian/changelog b/debian/changelog
deleted file mode 100644
index a709a92..0000000
--- a/debian/changelog
+++ /dev/null
@@ -1,13 +0,0 @@
-iptables (1.4.9.1-slp2+2) unstable; urgency=low
-
- * Version is updated
- * Git: pkgs/i/iptables
- * Tag: iptables_1.4.9.1-slp2+2
-
- -- Seungyoun Ju <sy39.ju@samsung.com> Thu, 22 Dec 2011 19:19:34 +0900
-
-iptables (1.4.9.1-slp2+1) unstable; urgency=low
-
- * Initial version release
-
- -- Seungyoun Ju <sy39.ju@samsung.com> Wed, 07 Dec 2011 13:03:19 +0900
diff --git a/debian/compat b/debian/compat
deleted file mode 100644
index 7ed6ff8..0000000
--- a/debian/compat
+++ /dev/null
@@ -1 +0,0 @@
-5
diff --git a/debian/control b/debian/control
deleted file mode 100644
index 63c7eb3..0000000
--- a/debian/control
+++ /dev/null
@@ -1,32 +0,0 @@
-Source: iptables
-Section: net
-Priority: important
-Maintainer: Seungyoun Ju <sy39.ju@samsung.com>, Hocheol Seo <hocheol.seo@samsung.com>
-Build-Depends: debhelper (>= 5), autotools-dev
-Standards-Version: 3.7.2
-
-Package: iptables
-Architecture: any
-Priority: important
-Section: net
-Depends: ${shlibs:Depends}
-Description: administration tools for packet filtering and NAT
- These are the user-space administration tools for the Linux
- kernel's netfilter and iptables. netfilter and iptables provide
- a framework for stateful and stateless packet filtering, network
- and port address translation, and other IP packet manipulation.
- The framework is the successor to ipchains.
- netfilter and iptables are used in applications such as Internet
- connection sharing, firewalls, IP accounting, transparent proxying,
- advanced routing and traffic control.
-
-Package: iptables-dev
-XB-Public-Package: no
-Architecture: any
-Priority: optional
-Depends: ${shlibs:Depends}, ${misc:Depends}, iptables (= ${Source-Version})
-Section: devel
-Description: development files for iptable's libipq
- Header files, static libs and documentation for libipq, iptables'
- user-space packet queuing library.
-
diff --git a/debian/iptables-dev.install b/debian/iptables-dev.install
deleted file mode 100644
index 1af545f..0000000
--- a/debian/iptables-dev.install
+++ /dev/null
@@ -1,3 +0,0 @@
-usr/include/*
-usr/lib/*.la
-usr/lib/pkgconfig/*
diff --git a/debian/iptables.install b/debian/iptables.install
deleted file mode 100644
index 5245967..0000000
--- a/debian/iptables.install
+++ /dev/null
@@ -1,5 +0,0 @@
-usr/lib/*.so
-usr/lib/lib*.so.*
-usr/libexec/*
-usr/sbin/iptables*
-
diff --git a/debian/rules b/debian/rules
deleted file mode 100755
index d10ad57..0000000
--- a/debian/rules
+++ /dev/null
@@ -1,119 +0,0 @@
-#!/usr/bin/make -f
-# -*- makefile -*-
-# Sample debian/rules that uses debhelper.
-# This file was originally written by Joey Hess and Craig Small.
-# As a special exception, when this file is copied by dh-make into a
-# dh-make output file, you may use that output file without restriction.
-# This special exception was added by Craig Small in version 0.37 of dh-make.
-
-# Uncomment this to turn on verbose mode.
-#export DH_VERBOSE=1
-
-LDFLAGS ?=
-
-# These are used for cross-compiling and for saving the configure script
-# from having to guess our platform (since we know it already)
-DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
-DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
-
-
-CFLAGS = -Wall -g
-LDFLAGS += -Wl,--as-needed
-
-
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
-else
- CFLAGS += -O2
-endif
-
-# shared library versions, option 1
-version=2.0.5
-major=2
-# option 2, assuming the library is created as src/.libs/libfoo.so.2.0.5 or so
-#version=`ls src/.libs/lib*.so.* | \
-# awk '{if (match($$0,/[0-9]+\.[0-9]+\.[0-9]+$$/)) print substr($$0,RSTART)}'`
-#major=`ls src/.libs/lib*.so.* | \
-# awk '{if (match($$0,/\.so\.[0-9]+$$/)) print substr($$0,RSTART+4)}'`
-
-config.status: configure
- dh_testdir
- # Add here commands to configure the package.
- ./configure --prefix=/usr
- #--mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs"
-#--host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE)
-
-build: build-stamp
-
-build-stamp: config.status
- dh_testdir
-
- # Add here commands to compile the package.
- $(MAKE)
-
- touch $@
-
-clean:
- dh_testdir
- dh_testroot
- rm -f build-stamp
-
- # Add here commands to clean up after the build process.
- -$(MAKE) distclean
-ifneq "$(wildcard /usr/share/misc/config.sub)" ""
- cp -f /usr/share/misc/config.sub config.sub
-endif
-ifneq "$(wildcard /usr/share/misc/config.guess)" ""
- cp -f /usr/share/misc/config.guess config.guess
-endif
-
-
- dh_clean
-
-install: build
- dh_testdir
- dh_testroot
- dh_clean -k
- dh_installdirs
-
- # Add here commands to install the package into debian/tmp
- $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
-
-
-# Build architecture-independent files here.
-binary-indep: build install
-# We have nothing to do by default.
-
-# Build architecture-dependent files here.
-binary-arch: build install
- dh_testdir
- dh_testroot
- dh_installchangelogs
- dh_installdocs
- dh_installexamples
- dh_install --sourcedir=debian/tmp
-# dh_installmenu
-# dh_installdebconf
-# dh_installlogrotate
-# dh_installemacsen
-# dh_installpam
-# dh_installmime
-# dh_installinit
-# dh_installcron
-# dh_installinfo
- dh_installman
- dh_link
- dh_strip
- dh_compress
- dh_fixperms
-# dh_perl
-# dh_python
- dh_makeshlibs
- dh_installdeb
- dh_shlibdeps
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install
diff --git a/extensions/.gitignore b/extensions/.gitignore
new file mode 100644
index 0000000..b1260f0
--- /dev/null
+++ b/extensions/.gitignore
@@ -0,0 +1,9 @@
+.*.d
+.*.dd
+*.oo
+
+/GNUmakefile
+/initext.c
+/initext?.c
+/matches.man
+/targets.man
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
index 709366a..c5d8844 100644
--- a/extensions/GNUmakefile.in
+++ b/extensions/GNUmakefile.in
@@ -1,25 +1,29 @@
# -*- Makefile -*-
-top_builddir := @top_builddir@
-builddir := @builddir@
-top_srcdir := @top_srcdir@
-srcdir := @srcdir@
-ksourcedir := @ksourcedir@
-prefix := @prefix@
-exec_prefix := @exec_prefix@
-libdir := @libdir@
-libexecdir := @libexecdir@
-xtlibdir := @xtlibdir@
-
-CC := @CC@
-CCLD := ${CC}
-CFLAGS := @CFLAGS@
-LDFLAGS := @LDFLAGS@
-regular_CFLAGS := @regular_CFLAGS@
-kinclude_CFLAGS := @kinclude_CFLAGS@
-
-AM_CFLAGS := ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include ${kinclude_CFLAGS}
+top_builddir = @top_builddir@
+builddir = @builddir@
+top_srcdir = @top_srcdir@
+srcdir = @srcdir@
+ksourcedir = @ksourcedir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+xtlibdir = @xtlibdir@
+
+CC = @CC@
+CCLD = ${CC}
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+regular_CFLAGS = @regular_CFLAGS@
+regular_CPPFLAGS = @regular_CPPFLAGS@
+kinclude_CPPFLAGS = @kinclude_CPPFLAGS@
+
+AM_CFLAGS = ${regular_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_builddir} -I${top_srcdir}/include ${kinclude_CPPFLAGS} ${CPPFLAGS}
AM_DEPFLAGS = -Wp,-MMD,$(@D)/.$(@F).d,-MT,$@
+AM_LDFLAGS = @noundef_LDFLAGS@
ifeq (${V},)
AM_LIBTOOL_SILENT = --silent
@@ -34,16 +38,17 @@ endif
#
# Wildcard module list
#
-pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(wildcard ${srcdir}/libxt_*.c))
-@ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(wildcard ${srcdir}/libipt_*.c))
-@ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(wildcard ${srcdir}/libip6t_*.c))
+pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c)))
+pfx_symlinks := NOTRACK state
+@ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c)))
+@ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c)))
pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod})
pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod})
pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod})
pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod})
-pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod})
+pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks})
pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod})
pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
@@ -51,11 +56,11 @@ pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
#
# Building blocks
#
-targets := libext4.a libext6.a matches4.man matches6.man \
- targets4.man targets6.man
+targets := libext.a libext4.a libext6.a matches.man targets.man
targets_install :=
-@ENABLE_STATIC_TRUE@ libext4_objs := ${pfx_objs} ${pf4_objs}
-@ENABLE_STATIC_TRUE@ libext6_objs := ${pfx_objs} ${pf6_objs}
+@ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
+@ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
+@ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
@@ -70,13 +75,13 @@ install: ${targets_install}
if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
clean:
- rm -f *.o *.oo *.so *.a {matches,targets}[46].man initext4.c initext6.c;
+ rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
+ rm -f .*.d .*.dd;
distclean: clean
- rm -f .*.d .*.dd;
init%.o: init%.c
- ${AM_VERBOSE_CC} ${CC} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=$*_init ${CFLAGS} -o $@ -c $<;
+ ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=$*_init ${CFLAGS} -o $@ -c $<;
-include .*.d
@@ -85,11 +90,22 @@ init%.o: init%.c
# Shared libraries
#
lib%.so: lib%.oo
- ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $<;
+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD};
lib%.oo: ${srcdir}/lib%.c
- ${AM_VERBOSE_CC} ${CC} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<;
+ ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} ${$*_CFLAGADD} -o $@ -c $<;
+
+libxt_NOTRACK.so: libxt_CT.so
+ ln -fs $< $@
+libxt_state.so: libxt_conntrack.so
+ ln -fs $< $@
+# Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
+xt_RATEEST_LIBADD = -lm
+xt_statistic_LIBADD = -lm
+@HAVE_LIBNETFILTER_CONNTRACK_TRUE@xt_connlabel_LIBADD = @libnetfilter_conntrack_LIBS@
+
+@HAVE_LIBNETFILTER_CONNTRACK_TRUE@xt_connlabel_CFLAGADD = @libnetfilter_conntrack_CFLAGS@
#
# Static bits
@@ -99,7 +115,10 @@ lib%.oo: ${srcdir}/lib%.c
# handling code in the Makefiles.
#
lib%.o: ${srcdir}/lib%.c
- ${AM_VERBOSE_CC} ${CC} ${AM_DEPFLAGS} ${AM_CFLAGS} -DNO_SHARED_LIBS=1 -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<;
+ ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -DNO_SHARED_LIBS=1 -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<;
+
+libext.a: initext.o ${libext_objs}
+ ${AM_VERBOSE_AR} ${AR} crs $@ $^;
libext4.a: initext4.o ${libext4_objs}
${AM_VERBOSE_AR} ${AR} crs $@ $^;
@@ -107,20 +126,26 @@ libext4.a: initext4.o ${libext4_objs}
libext6.a: initext6.o ${libext6_objs}
${AM_VERBOSE_AR} ${AR} crs $@ $^;
-initext_func := $(addprefix xt_,${pfx_build_mod}) $(addprefix ipt_,${pf4_build_mod})
-initext6_func := $(addprefix xt_,${pfx_build_mod}) $(addprefix ip6t_,${pf6_build_mod})
+initext_func := $(addprefix xt_,${pfx_build_mod})
+initext4_func := $(addprefix ipt_,${pf4_build_mod})
+initext6_func := $(addprefix ip6t_,${pf6_build_mod})
-.initext4.dd: FORCE
+.initext.dd: FORCE
@echo "${initext_func}" >$@.tmp; \
cmp -s $@ $@.tmp || mv $@.tmp $@; \
rm -f $@.tmp;
+.initext4.dd: FORCE
+ @echo "${initext4_func}" >$@.tmp; \
+ cmp -s $@ $@.tmp || mv $@.tmp $@; \
+ rm -f $@.tmp;
+
.initext6.dd: FORCE
@echo "${initext6_func}" >$@.tmp; \
cmp -s $@ $@.tmp || mv $@.tmp $@; \
rm -f $@.tmp;
-initext4.c: .initext4.dd
+initext.c: .initext.dd
${AM_VERBOSE_GEN}
@( \
echo "" >$@; \
@@ -136,6 +161,22 @@ initext4.c: .initext4.dd
echo "}" >>$@; \
);
+initext4.c: .initext4.dd
+ ${AM_VERBOSE_GEN}
+ @( \
+ echo "" >$@; \
+ for i in ${initext4_func}; do \
+ echo "extern void lib$${i}_init(void);" >>$@; \
+ done; \
+ echo "void init_extensions4(void);" >>$@; \
+ echo "void init_extensions4(void)" >>$@; \
+ echo "{" >>$@; \
+ for i in ${initext4_func}; do \
+ echo " ""lib$${i}_init();" >>$@; \
+ done; \
+ echo "}" >>$@; \
+ );
+
initext6.c: .initext6.dd
${AM_VERBOSE_GEN}
@( \
@@ -143,8 +184,8 @@ initext6.c: .initext6.dd
for i in ${initext6_func}; do \
echo "extern void lib$${i}_init(void);" >>$@; \
done; \
- echo "void init_extensions(void);" >>$@; \
- echo "void init_extensions(void)" >>$@; \
+ echo "void init_extensions6(void);" >>$@; \
+ echo "void init_extensions6(void)" >>$@; \
echo "{" >>$@; \
for i in ${initext6_func}; do \
echo " ""lib$${i}_init();" >>$@; \
@@ -155,36 +196,33 @@ initext6.c: .initext6.dd
#
# Manual pages
#
-ex_matches = $(sort $(shell echo $(1) | grep -Eo '\b[a-z0-9]+\b'))
-ex_targets = $(sort $(shell echo $(1) | grep -Eo '\b[A-Z0-9]+\b'))
+ex_matches = $(shell echo ${1} | LC_ALL=POSIX grep -Eo '\b[[:lower:][:digit:]_]+\b')
+ex_targets = $(shell echo ${1} | LC_ALL=POSIX grep -Eo '\b[[:upper:][:digit:]_]+\b')
man_run = \
${AM_VERBOSE_GEN} \
- for ext in $(1); do \
+ for ext in $(sort ${1}); do \
f="${srcdir}/libxt_$$ext.man"; \
- cf="${srcdir}/libxt_$$ext.c"; \
- if [ -f "$$f" ] && grep -Eq "$(3)|NFPROTO_UNSPEC" "$$cf"; then \
+ if [ -f "$$f" ]; then \
echo -e "\t+ $$f" >&2; \
echo ".SS $$ext"; \
- cat "$$f"; \
- continue; \
+ cat "$$f" || exit $$?; \
fi; \
- f="${srcdir}/lib$(2)t_$$ext.man"; \
+ f="${srcdir}/libip6t_$$ext.man"; \
if [ -f "$$f" ]; then \
echo -e "\t+ $$f" >&2; \
- echo ".SS $$ext"; \
- cat "$$f"; \
- continue; \
+ echo ".SS $$ext (IPv6-specific)"; \
+ cat "$$f" || exit $$?; \
+ fi; \
+ f="${srcdir}/libipt_$$ext.man"; \
+ if [ -f "$$f" ]; then \
+ echo -e "\t+ $$f" >&2; \
+ echo ".SS $$ext (IPv4-specific)"; \
+ cat "$$f" || exit $$?; \
fi; \
done >$@;
-matches4.man: .initext4.dd $(wildcard ${srcdir}/lib*.man)
- $(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod}),ip,NFPROTO_IPV4)
-
-matches6.man: .initext6.dd $(wildcard ${srcdir}/lib*.man)
- $(call man_run,$(call ex_matches,${pfx_build_mod} ${pf6_build_mod}),ip6,NFPROTO_IPV6)
-
-targets4.man: .initext4.dd $(wildcard ${srcdir}/lib*.man)
- $(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod}),ip,NFPROTO_IPV4)
+matches.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
+ $(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
-targets6.man: .initext6.dd $(wildcard ${srcdir}/lib*.man)
- $(call man_run,$(call ex_targets,${pfx_build_mod} ${pf6_build_mod}),ip6,NFPROTO_IPV6)
+targets.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
+ $(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
diff --git a/extensions/libip6t_DNAT.c b/extensions/libip6t_DNAT.c
new file mode 100644
index 0000000..eaa6bf1
--- /dev/null
+++ b/extensions/libip6t_DNAT.c
@@ -0,0 +1,252 @@
+/*
+ * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
+ *
+ * Based on Rusty Russell's IPv4 DNAT target. Development of IPv6 NAT
+ * funded by Astaro.
+ */
+
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <xtables.h>
+#include <iptables.h>
+#include <limits.h> /* INT_MAX in ip_tables.h */
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter/nf_nat.h>
+
+enum {
+ O_TO_DEST = 0,
+ O_RANDOM,
+ O_PERSISTENT,
+ O_X_TO_DEST,
+ F_TO_DEST = 1 << O_TO_DEST,
+ F_RANDOM = 1 << O_RANDOM,
+ F_X_TO_DEST = 1 << O_X_TO_DEST,
+};
+
+static void DNAT_help(void)
+{
+ printf(
+"DNAT target options:\n"
+" --to-destination [<ipaddr>[-<ipaddr>]][:port[-port]]\n"
+" Address to map destination to.\n"
+"[--random] [--persistent]\n");
+}
+
+static const struct xt_option_entry DNAT_opts[] = {
+ {.name = "to-destination", .id = O_TO_DEST, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_MULTI},
+ {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
+ {.name = "persistent", .id = O_PERSISTENT, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
+};
+
+/* Ranges expected in network order. */
+static void
+parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
+{
+ char *arg, *start, *end = NULL, *colon = NULL, *dash, *error;
+ const struct in6_addr *ip;
+
+ arg = strdup(orig_arg);
+ if (arg == NULL)
+ xtables_error(RESOURCE_PROBLEM, "strdup");
+
+ start = strchr(arg, '[');
+ if (start == NULL) {
+ start = arg;
+ /* Lets assume one colon is port information. Otherwise its an IPv6 address */
+ colon = strchr(arg, ':');
+ if (colon && strchr(colon+1, ':'))
+ colon = NULL;
+ }
+ else {
+ start++;
+ end = strchr(start, ']');
+ if (end == NULL)
+ xtables_error(PARAMETER_PROBLEM,
+ "Invalid address format");
+
+ *end = '\0';
+ colon = strchr(end + 1, ':');
+ }
+
+ if (colon) {
+ int port;
+
+ if (!portok)
+ xtables_error(PARAMETER_PROBLEM,
+ "Need TCP, UDP, SCTP or DCCP with port specification");
+
+ range->flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
+
+ port = atoi(colon+1);
+ if (port <= 0 || port > 65535)
+ xtables_error(PARAMETER_PROBLEM,
+ "Port `%s' not valid\n", colon+1);
+
+ error = strchr(colon+1, ':');
+ if (error)
+ xtables_error(PARAMETER_PROBLEM,
+ "Invalid port:port syntax - use dash\n");
+
+ dash = strchr(colon, '-');
+ if (!dash) {
+ range->min_proto.tcp.port
+ = range->max_proto.tcp.port
+ = htons(port);
+ } else {
+ int maxport;
+
+ maxport = atoi(dash + 1);
+ if (maxport <= 0 || maxport > 65535)
+ xtables_error(PARAMETER_PROBLEM,
+ "Port `%s' not valid\n", dash+1);
+ if (maxport < port)
+ /* People are stupid. */
+ xtables_error(PARAMETER_PROBLEM,
+ "Port range `%s' funky\n", colon+1);
+ range->min_proto.tcp.port = htons(port);
+ range->max_proto.tcp.port = htons(maxport);
+ }
+ /* Starts with colon or [] colon? No IP info...*/
+ if (colon == arg || colon == arg+2) {
+ free(arg);
+ return;
+ }
+ *colon = '\0';
+ }
+
+ range->flags |= NF_NAT_RANGE_MAP_IPS;
+ dash = strchr(start, '-');
+ if (colon && dash && dash > colon)
+ dash = NULL;
+
+ if (dash)
+ *dash = '\0';
+
+ ip = xtables_numeric_to_ip6addr(start);
+ if (!ip)
+ xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
+ start);
+ range->min_addr.in6 = *ip;
+ if (dash) {
+ ip = xtables_numeric_to_ip6addr(dash + 1);
+ if (!ip)
+ xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
+ dash+1);
+ range->max_addr.in6 = *ip;
+ } else
+ range->max_addr = range->min_addr;
+
+ free(arg);
+ return;
+}
+
+static void DNAT_parse(struct xt_option_call *cb)
+{
+ const struct ip6t_entry *entry = cb->xt_entry;
+ struct nf_nat_range *range = cb->data;
+ int portok;
+
+ if (entry->ipv6.proto == IPPROTO_TCP ||
+ entry->ipv6.proto == IPPROTO_UDP ||
+ entry->ipv6.proto == IPPROTO_SCTP ||
+ entry->ipv6.proto == IPPROTO_DCCP ||
+ entry->ipv6.proto == IPPROTO_ICMP)
+ portok = 1;
+ else
+ portok = 0;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TO_DEST:
+ if (cb->xflags & F_X_TO_DEST) {
+ if (!kernel_version)
+ get_kernel_version();
+ if (kernel_version > LINUX_VERSION(2, 6, 10))
+ xtables_error(PARAMETER_PROBLEM,
+ "DNAT: Multiple --to-destination not supported");
+ }
+ parse_to(cb->arg, portok, range);
+ break;
+ case O_PERSISTENT:
+ range->flags |= NF_NAT_RANGE_PERSISTENT;
+ break;
+ }
+}
+
+static void DNAT_fcheck(struct xt_fcheck_call *cb)
+{
+ static const unsigned int f = F_TO_DEST | F_RANDOM;
+ struct nf_nat_range *mr = cb->data;
+
+ if ((cb->xflags & f) == f)
+ mr->flags |= NF_NAT_RANGE_PROTO_RANDOM;
+}
+
+static void print_range(const struct nf_nat_range *range)
+{
+ if (range->flags & NF_NAT_RANGE_MAP_IPS) {
+ if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
+ printf("[");
+ printf("%s", xtables_ip6addr_to_numeric(&range->min_addr.in6));
+ if (memcmp(&range->min_addr, &range->max_addr,
+ sizeof(range->min_addr)))
+ printf("-%s", xtables_ip6addr_to_numeric(&range->max_addr.in6));
+ if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
+ printf("]");
+ }
+ if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+ printf(":");
+ printf("%hu", ntohs(range->min_proto.tcp.port));
+ if (range->max_proto.tcp.port != range->min_proto.tcp.port)
+ printf("-%hu", ntohs(range->max_proto.tcp.port));
+ }
+}
+
+static void DNAT_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct nf_nat_range *range = (const void *)target->data;
+
+ printf(" to:");
+ print_range(range);
+ if (range->flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" random");
+ if (range->flags & NF_NAT_RANGE_PERSISTENT)
+ printf(" persistent");
+}
+
+static void DNAT_save(const void *ip, const struct xt_entry_target *target)
+{
+ const struct nf_nat_range *range = (const void *)target->data;
+
+ printf(" --to-destination ");
+ print_range(range);
+ if (range->flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" --random");
+ if (range->flags & NF_NAT_RANGE_PERSISTENT)
+ printf(" --persistent");
+}
+
+static struct xtables_target snat_tg_reg = {
+ .name = "DNAT",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct nf_nat_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_range)),
+ .help = DNAT_help,
+ .x6_parse = DNAT_parse,
+ .x6_fcheck = DNAT_fcheck,
+ .print = DNAT_print,
+ .save = DNAT_save,
+ .x6_options = DNAT_opts,
+};
+
+void _init(void)
+{
+ xtables_register_target(&snat_tg_reg);
+}
diff --git a/extensions/libip6t_DNPT.c b/extensions/libip6t_DNPT.c
new file mode 100644
index 0000000..a442de6
--- /dev/null
+++ b/extensions/libip6t_DNPT.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2012-2013 Patrick McHardy <kaber@trash.net>
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <xtables.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv6/ip6t_NPT.h>
+
+enum {
+ O_SRC_PFX = 1 << 0,
+ O_DST_PFX = 1 << 1,
+};
+
+static const struct xt_option_entry DNPT_options[] = {
+ { .name = "src-pfx", .id = O_SRC_PFX, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_MAND },
+ { .name = "dst-pfx", .id = O_DST_PFX, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_MAND },
+ { }
+};
+
+static void DNPT_help(void)
+{
+ printf("DNPT target options:"
+ "\n"
+ " --src-pfx prefix/length\n"
+ " --dst-pfx prefix/length\n"
+ "\n");
+}
+
+static void DNPT_parse(struct xt_option_call *cb)
+{
+ struct ip6t_npt_tginfo *npt = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SRC_PFX:
+ npt->src_pfx = cb->val.haddr;
+ npt->src_pfx_len = cb->val.hlen;
+ break;
+ case O_DST_PFX:
+ npt->dst_pfx = cb->val.haddr;
+ npt->dst_pfx_len = cb->val.hlen;
+ break;
+ }
+}
+
+static void DNPT_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct ip6t_npt_tginfo *npt = (const void *)target->data;
+
+ printf("src-pfx %s/%u ", xtables_ip6addr_to_numeric(&npt->src_pfx.in6),
+ npt->src_pfx_len);
+ printf("dst-pfx %s/%u ", xtables_ip6addr_to_numeric(&npt->dst_pfx.in6),
+ npt->dst_pfx_len);
+}
+
+static void DNPT_save(const void *ip, const struct xt_entry_target *target)
+{
+ static const struct in6_addr zero_addr;
+ const struct ip6t_npt_tginfo *info = (const void *)target->data;
+
+ if (memcmp(&info->src_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 ||
+ info->src_pfx_len != 0)
+ printf("--src-pfx %s/%u ",
+ xtables_ip6addr_to_numeric(&info->src_pfx.in6),
+ info->src_pfx_len);
+ if (memcmp(&info->dst_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 ||
+ info->dst_pfx_len != 0)
+ printf("--dst-pfx %s/%u ",
+ xtables_ip6addr_to_numeric(&info->dst_pfx.in6),
+ info->dst_pfx_len);
+}
+
+static struct xtables_target snpt_tg_reg = {
+ .name = "DNPT",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct ip6t_npt_tginfo)),
+ .userspacesize = offsetof(struct ip6t_npt_tginfo, adjustment),
+ .help = DNPT_help,
+ .x6_parse = DNPT_parse,
+ .print = DNPT_print,
+ .save = DNPT_save,
+ .x6_options = DNPT_options,
+};
+
+void _init(void)
+{
+ xtables_register_target(&snpt_tg_reg);
+}
diff --git a/extensions/libip6t_DNPT.man b/extensions/libip6t_DNPT.man
new file mode 100644
index 0000000..61beeee
--- /dev/null
+++ b/extensions/libip6t_DNPT.man
@@ -0,0 +1,30 @@
+Provides stateless destination IPv6-to-IPv6 Network Prefix Translation (as
+described by RFC 6296).
+.PP
+You have to use this target in the
+.B mangle
+table, not in the
+.B nat
+table. It takes the following options:
+.TP
+\fB\-\-src\-pfx\fP [\fIprefix/\fP\fIlength]
+Set source prefix that you want to translate and length
+.TP
+\fB\-\-dst\-pfx\fP [\fIprefix/\fP\fIlength]
+Set destination prefix that you want to use in the translation and length
+.PP
+You have to use the SNPT target to undo the translation. Example:
+.IP
+ip6tables \-t mangle \-I POSTROUTING \-s fd00::/64 \! \-o vboxnet0
+\-j SNPT \-\-src-pfx fd00::/64 \-\-dst-pfx 2001:e20:2000:40f::/64
+.IP
+ip6tables \-t mangle \-I PREROUTING \-i wlan0 \-d 2001:e20:2000:40f::/64
+\-j DNPT \-\-src-pfx 2001:e20:2000:40f::/64 \-\-dst-pfx fd00::/64
+.PP
+You may need to enable IPv6 neighbor proxy:
+.IP
+sysctl -w net.ipv6.conf.all.proxy_ndp=1
+.PP
+You also have to use the
+.B NOTRACK
+target to disable connection tracking for translated flows.
diff --git a/extensions/libip6t_HL.c b/extensions/libip6t_HL.c
index bff0611..52ca5d3 100644
--- a/extensions/libip6t_HL.c
+++ b/extensions/libip6t_HL.c
@@ -4,16 +4,33 @@
* Based on HW's ttl target
* This program is distributed under the terms of GNU GPL
*/
-
-#include <getopt.h>
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
#include <xtables.h>
-
#include <linux/netfilter_ipv6/ip6t_HL.h>
-#define IP6T_HL_USED 1
+enum {
+ O_HL_SET = 0,
+ O_HL_INC,
+ O_HL_DEC,
+ F_HL_SET = 1 << O_HL_SET,
+ F_HL_INC = 1 << O_HL_INC,
+ F_HL_DEC = 1 << O_HL_DEC,
+ F_ANY = F_HL_SET | F_HL_INC | F_HL_DEC,
+};
+
+#define s struct ip6t_HL_info
+static const struct xt_option_entry HL_opts[] = {
+ {.name = "hl-set", .type = XTTYPE_UINT8, .id = O_HL_SET,
+ .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)},
+ {.name = "hl-dec", .type = XTTYPE_UINT8, .id = O_HL_DEC,
+ .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit),
+ .min = 1},
+ {.name = "hl-inc", .type = XTTYPE_UINT8, .id = O_HL_INC,
+ .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit),
+ .min = 1},
+ XTOPT_TABLEEND,
+};
+#undef s
static void HL_help(void)
{
@@ -24,67 +41,27 @@ static void HL_help(void)
" --hl-inc value Increment HL by <value 1-255>\n");
}
-static int HL_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void HL_parse(struct xt_option_call *cb)
{
- struct ip6t_HL_info *info = (struct ip6t_HL_info *) (*target)->data;
- unsigned int value;
-
- if (*flags & IP6T_HL_USED) {
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify HL option twice");
+ struct ip6t_HL_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_HL_SET:
+ info->mode = IP6T_HL_SET;
+ break;
+ case O_HL_INC:
+ info->mode = IP6T_HL_INC;
+ break;
+ case O_HL_DEC:
+ info->mode = IP6T_HL_DEC;
+ break;
}
-
- if (!optarg)
- xtables_error(PARAMETER_PROBLEM,
- "HL: You must specify a value");
-
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "HL: unexpected `!'");
-
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "HL: Expected value between 0 and 255");
-
- switch (c) {
-
- case '1':
- info->mode = IP6T_HL_SET;
- break;
-
- case '2':
- if (value == 0) {
- xtables_error(PARAMETER_PROBLEM,
- "HL: decreasing by 0?");
- }
-
- info->mode = IP6T_HL_DEC;
- break;
-
- case '3':
- if (value == 0) {
- xtables_error(PARAMETER_PROBLEM,
- "HL: increasing by 0?");
- }
-
- info->mode = IP6T_HL_INC;
- break;
-
- default:
- return 0;
-
- }
-
- info->hop_limit = value;
- *flags |= IP6T_HL_USED;
-
- return 1;
}
-static void HL_check(unsigned int flags)
+static void HL_check(struct xt_fcheck_call *cb)
{
- if (!(flags & IP6T_HL_USED))
+ if (!(cb->xflags & F_ANY))
xtables_error(PARAMETER_PROBLEM,
"HL: You must specify an action");
}
@@ -96,17 +73,17 @@ static void HL_save(const void *ip, const struct xt_entry_target *target)
switch (info->mode) {
case IP6T_HL_SET:
- printf("--hl-set ");
+ printf(" --hl-set");
break;
case IP6T_HL_DEC:
- printf("--hl-dec ");
+ printf(" --hl-dec");
break;
case IP6T_HL_INC:
- printf("--hl-inc ");
+ printf(" --hl-inc");
break;
}
- printf("%u ", info->hop_limit);
+ printf(" %u", info->hop_limit);
}
static void HL_print(const void *ip, const struct xt_entry_target *target,
@@ -115,28 +92,21 @@ static void HL_print(const void *ip, const struct xt_entry_target *target,
const struct ip6t_HL_info *info =
(struct ip6t_HL_info *) target->data;
- printf("HL ");
+ printf(" HL ");
switch (info->mode) {
case IP6T_HL_SET:
- printf("set to ");
+ printf("set to");
break;
case IP6T_HL_DEC:
- printf("decrement by ");
+ printf("decrement by");
break;
case IP6T_HL_INC:
- printf("increment by ");
+ printf("increment by");
break;
}
- printf("%u ", info->hop_limit);
+ printf(" %u", info->hop_limit);
}
-static const struct option HL_opts[] = {
- { "hl-set", 1, NULL, '1' },
- { "hl-dec", 1, NULL, '2' },
- { "hl-inc", 1, NULL, '3' },
- { .name = NULL }
-};
-
static struct xtables_target hl_tg6_reg = {
.name = "HL",
.version = XTABLES_VERSION,
@@ -144,11 +114,11 @@ static struct xtables_target hl_tg6_reg = {
.size = XT_ALIGN(sizeof(struct ip6t_HL_info)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_HL_info)),
.help = HL_help,
- .parse = HL_parse,
- .final_check = HL_check,
.print = HL_print,
.save = HL_save,
- .extra_opts = HL_opts,
+ .x6_parse = HL_parse,
+ .x6_fcheck = HL_check,
+ .x6_options = HL_opts,
};
void _init(void)
diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c
index 423d988..4639268 100644
--- a/extensions/libip6t_LOG.c
+++ b/extensions/libip6t_LOG.c
@@ -1,10 +1,6 @@
-/* Shared library add-on to ip6tables to add LOG support. */
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
#include <syslog.h>
-#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter_ipv6/ip6t_LOG.h>
@@ -16,6 +12,16 @@
#define LOG_DEFAULT_LEVEL LOG_WARNING
+enum {
+ O_LOG_LEVEL = 0,
+ O_LOG_PREFIX,
+ O_LOG_TCPSEQ,
+ O_LOG_TCPOPTS,
+ O_LOG_IPOPTS,
+ O_LOG_UID,
+ O_LOG_MAC,
+};
+
static void LOG_help(void)
{
printf(
@@ -25,18 +31,24 @@ static void LOG_help(void)
" --log-tcp-sequence Log TCP sequence numbers.\n"
" --log-tcp-options Log TCP options.\n"
" --log-ip-options Log IP options.\n"
-" --log-uid Log UID owning the local socket.\n");
+" --log-uid Log UID owning the local socket.\n"
+" --log-macdecode Decode MAC addresses and protocol.\n");
}
-static const struct option LOG_opts[] = {
- { .name = "log-level", .has_arg = 1, .val = '!' },
- { .name = "log-prefix", .has_arg = 1, .val = '#' },
- { .name = "log-tcp-sequence", .has_arg = 0, .val = '1' },
- { .name = "log-tcp-options", .has_arg = 0, .val = '2' },
- { .name = "log-ip-options", .has_arg = 0, .val = '3' },
- { .name = "log-uid", .has_arg = 0, .val = '4' },
- { .name = NULL }
+#define s struct ip6t_log_info
+static const struct xt_option_entry LOG_opts[] = {
+ {.name = "log-level", .id = O_LOG_LEVEL, .type = XTTYPE_SYSLOGLEVEL,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, level)},
+ {.name = "log-prefix", .id = O_LOG_PREFIX, .type = XTTYPE_STRING,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, prefix), .min = 1},
+ {.name = "log-tcp-sequence", .id = O_LOG_TCPSEQ, .type = XTTYPE_NONE},
+ {.name = "log-tcp-options", .id = O_LOG_TCPOPTS, .type = XTTYPE_NONE},
+ {.name = "log-ip-options", .id = O_LOG_IPOPTS, .type = XTTYPE_NONE},
+ {.name = "log-uid", .id = O_LOG_UID, .type = XTTYPE_NONE},
+ {.name = "log-macdecode", .id = O_LOG_MAC, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
+#undef s
static void LOG_init(struct xt_entry_target *t)
{
@@ -63,127 +75,33 @@ static const struct ip6t_log_names ip6t_log_names[]
{ .name = "warning", .level = LOG_WARNING }
};
-static u_int8_t
-parse_level(const char *level)
+static void LOG_parse(struct xt_option_call *cb)
{
- unsigned int lev = -1;
- unsigned int set = 0;
-
- if (!xtables_strtoui(level, NULL, &lev, 0, 7)) {
- unsigned int i = 0;
-
- for (i = 0; i < ARRAY_SIZE(ip6t_log_names); ++i)
- if (strncasecmp(level, ip6t_log_names[i].name,
- strlen(level)) == 0) {
- if (set++)
- xtables_error(PARAMETER_PROBLEM,
- "log-level `%s' ambiguous",
- level);
- lev = ip6t_log_names[i].level;
- }
-
- if (!set)
- xtables_error(PARAMETER_PROBLEM,
- "log-level `%s' unknown", level);
- }
-
- return lev;
-}
-
-#define IP6T_LOG_OPT_LEVEL 0x01
-#define IP6T_LOG_OPT_PREFIX 0x02
-#define IP6T_LOG_OPT_TCPSEQ 0x04
-#define IP6T_LOG_OPT_TCPOPT 0x08
-#define IP6T_LOG_OPT_IPOPT 0x10
-#define IP6T_LOG_OPT_UID 0x20
-
-static int LOG_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- struct ip6t_log_info *loginfo = (struct ip6t_log_info *)(*target)->data;
-
- switch (c) {
- case '!':
- if (*flags & IP6T_LOG_OPT_LEVEL)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-level twice");
-
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --log-level");
-
- loginfo->level = parse_level(optarg);
- *flags |= IP6T_LOG_OPT_LEVEL;
- break;
-
- case '#':
- if (*flags & IP6T_LOG_OPT_PREFIX)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-prefix twice");
-
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --log-prefix");
-
- if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
- xtables_error(PARAMETER_PROBLEM,
- "Maximum prefix length %u for --log-prefix",
- (unsigned int)sizeof(loginfo->prefix) - 1);
+ struct ip6t_log_info *info = cb->data;
- if (strlen(optarg) == 0)
- xtables_error(PARAMETER_PROBLEM,
- "No prefix specified for --log-prefix");
-
- if (strlen(optarg) != strlen(strtok(optarg, "\n")))
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_LOG_PREFIX:
+ if (strchr(cb->arg, '\n') != NULL)
xtables_error(PARAMETER_PROBLEM,
"Newlines not allowed in --log-prefix");
-
- strcpy(loginfo->prefix, optarg);
- *flags |= IP6T_LOG_OPT_PREFIX;
break;
-
- case '1':
- if (*flags & IP6T_LOG_OPT_TCPSEQ)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-tcp-sequence "
- "twice");
-
- loginfo->logflags |= IP6T_LOG_TCPSEQ;
- *flags |= IP6T_LOG_OPT_TCPSEQ;
+ case O_LOG_TCPSEQ:
+ info->logflags |= IP6T_LOG_TCPSEQ;
break;
-
- case '2':
- if (*flags & IP6T_LOG_OPT_TCPOPT)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-tcp-options twice");
-
- loginfo->logflags |= IP6T_LOG_TCPOPT;
- *flags |= IP6T_LOG_OPT_TCPOPT;
+ case O_LOG_TCPOPTS:
+ info->logflags |= IP6T_LOG_TCPOPT;
break;
-
- case '3':
- if (*flags & IP6T_LOG_OPT_IPOPT)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-ip-options twice");
-
- loginfo->logflags |= IP6T_LOG_IPOPT;
- *flags |= IP6T_LOG_OPT_IPOPT;
+ case O_LOG_IPOPTS:
+ info->logflags |= IP6T_LOG_IPOPT;
break;
-
- case '4':
- if (*flags & IP6T_LOG_OPT_UID)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-uid twice");
-
- loginfo->logflags |= IP6T_LOG_UID;
- *flags |= IP6T_LOG_OPT_UID;
+ case O_LOG_UID:
+ info->logflags |= IP6T_LOG_UID;
+ break;
+ case O_LOG_MAC:
+ info->logflags |= IP6T_LOG_MACDECODE;
break;
-
- default:
- return 0;
}
-
- return 1;
}
static void LOG_print(const void *ip, const struct xt_entry_target *target,
@@ -193,32 +111,34 @@ static void LOG_print(const void *ip, const struct xt_entry_target *target,
= (const struct ip6t_log_info *)target->data;
unsigned int i = 0;
- printf("LOG ");
+ printf(" LOG");
if (numeric)
- printf("flags %u level %u ",
+ printf(" flags %u level %u",
loginfo->logflags, loginfo->level);
else {
for (i = 0; i < ARRAY_SIZE(ip6t_log_names); ++i)
if (loginfo->level == ip6t_log_names[i].level) {
- printf("level %s ", ip6t_log_names[i].name);
+ printf(" level %s", ip6t_log_names[i].name);
break;
}
if (i == ARRAY_SIZE(ip6t_log_names))
- printf("UNKNOWN level %u ", loginfo->level);
+ printf(" UNKNOWN level %u", loginfo->level);
if (loginfo->logflags & IP6T_LOG_TCPSEQ)
- printf("tcp-sequence ");
+ printf(" tcp-sequence");
if (loginfo->logflags & IP6T_LOG_TCPOPT)
- printf("tcp-options ");
+ printf(" tcp-options");
if (loginfo->logflags & IP6T_LOG_IPOPT)
- printf("ip-options ");
+ printf(" ip-options");
if (loginfo->logflags & IP6T_LOG_UID)
- printf("uid ");
+ printf(" uid");
+ if (loginfo->logflags & IP6T_LOG_MACDECODE)
+ printf(" macdecode");
if (loginfo->logflags & ~(IP6T_LOG_MASK))
- printf("unknown-flags ");
+ printf(" unknown-flags");
}
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
+ printf(" prefix \"%s\"", loginfo->prefix);
}
static void LOG_save(const void *ip, const struct xt_entry_target *target)
@@ -226,34 +146,38 @@ static void LOG_save(const void *ip, const struct xt_entry_target *target)
const struct ip6t_log_info *loginfo
= (const struct ip6t_log_info *)target->data;
- if (strcmp(loginfo->prefix, "") != 0)
- printf("--log-prefix \"%s\" ", loginfo->prefix);
+ if (strcmp(loginfo->prefix, "") != 0) {
+ printf(" --log-prefix");
+ xtables_save_string(loginfo->prefix);
+ }
if (loginfo->level != LOG_DEFAULT_LEVEL)
- printf("--log-level %d ", loginfo->level);
+ printf(" --log-level %d", loginfo->level);
if (loginfo->logflags & IP6T_LOG_TCPSEQ)
- printf("--log-tcp-sequence ");
+ printf(" --log-tcp-sequence");
if (loginfo->logflags & IP6T_LOG_TCPOPT)
- printf("--log-tcp-options ");
+ printf(" --log-tcp-options");
if (loginfo->logflags & IP6T_LOG_IPOPT)
- printf("--log-ip-options ");
+ printf(" --log-ip-options");
if (loginfo->logflags & IP6T_LOG_UID)
- printf("--log-uid ");
+ printf(" --log-uid");
+ if (loginfo->logflags & IP6T_LOG_MACDECODE)
+ printf(" --log-macdecode");
}
static struct xtables_target log_tg6_reg = {
- .name = "LOG",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct ip6t_log_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ip6t_log_info)),
- .help = LOG_help,
- .init = LOG_init,
- .parse = LOG_parse,
- .print = LOG_print,
- .save = LOG_save,
- .extra_opts = LOG_opts,
+ .name = "LOG",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct ip6t_log_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_log_info)),
+ .help = LOG_help,
+ .init = LOG_init,
+ .print = LOG_print,
+ .save = LOG_save,
+ .x6_parse = LOG_parse,
+ .x6_options = LOG_opts,
};
void _init(void)
diff --git a/extensions/libip6t_MASQUERADE.c b/extensions/libip6t_MASQUERADE.c
new file mode 100644
index 0000000..eb9213e
--- /dev/null
+++ b/extensions/libip6t_MASQUERADE.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
+ *
+ * Based on Rusty Russell's IPv4 MASQUERADE target. Development of IPv6 NAT
+ * funded by Astaro.
+ */
+
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <xtables.h>
+#include <limits.h> /* INT_MAX in ip_tables.h */
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter/nf_nat.h>
+
+enum {
+ O_TO_PORTS = 0,
+ O_RANDOM,
+};
+
+static void MASQUERADE_help(void)
+{
+ printf(
+"MASQUERADE target options:\n"
+" --to-ports <port>[-<port>]\n"
+" Port (range) to map to.\n"
+" --random\n"
+" Randomize source port.\n");
+}
+
+static const struct xt_option_entry MASQUERADE_opts[] = {
+ {.name = "to-ports", .id = O_TO_PORTS, .type = XTTYPE_STRING},
+ {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
+};
+
+/* Parses ports */
+static void
+parse_ports(const char *arg, struct nf_nat_range *r)
+{
+ char *end;
+ unsigned int port, maxport;
+
+ r->flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
+
+ if (!xtables_strtoui(arg, &end, &port, 0, UINT16_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "MASQUERADE", "--to-ports", arg);
+
+ switch (*end) {
+ case '\0':
+ r->min_proto.tcp.port
+ = r->max_proto.tcp.port
+ = htons(port);
+ return;
+ case '-':
+ if (!xtables_strtoui(end + 1, NULL, &maxport, 0, UINT16_MAX))
+ break;
+
+ if (maxport < port)
+ break;
+
+ r->min_proto.tcp.port = htons(port);
+ r->max_proto.tcp.port = htons(maxport);
+ return;
+ default:
+ break;
+ }
+ xtables_param_act(XTF_BAD_VALUE, "MASQUERADE", "--to-ports", arg);
+}
+
+static void MASQUERADE_parse(struct xt_option_call *cb)
+{
+ const struct ip6t_entry *entry = cb->xt_entry;
+ struct nf_nat_range *r = cb->data;
+ int portok;
+
+ if (entry->ipv6.proto == IPPROTO_TCP ||
+ entry->ipv6.proto == IPPROTO_UDP ||
+ entry->ipv6.proto == IPPROTO_SCTP ||
+ entry->ipv6.proto == IPPROTO_DCCP ||
+ entry->ipv6.proto == IPPROTO_ICMP)
+ portok = 1;
+ else
+ portok = 0;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TO_PORTS:
+ if (!portok)
+ xtables_error(PARAMETER_PROBLEM,
+ "Need TCP, UDP, SCTP or DCCP with port specification");
+ parse_ports(cb->arg, r);
+ break;
+ case O_RANDOM:
+ r->flags |= NF_NAT_RANGE_PROTO_RANDOM;
+ break;
+ }
+}
+
+static void
+MASQUERADE_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct nf_nat_range *r = (const void *)target->data;
+
+ if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+ printf(" masq ports: ");
+ printf("%hu", ntohs(r->min_proto.tcp.port));
+ if (r->max_proto.tcp.port != r->min_proto.tcp.port)
+ printf("-%hu", ntohs(r->max_proto.tcp.port));
+ }
+
+ if (r->flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" random");
+}
+
+static void
+MASQUERADE_save(const void *ip, const struct xt_entry_target *target)
+{
+ const struct nf_nat_range *r = (const void *)target->data;
+
+ if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+ printf(" --to-ports %hu", ntohs(r->min_proto.tcp.port));
+ if (r->max_proto.tcp.port != r->min_proto.tcp.port)
+ printf("-%hu", ntohs(r->max_proto.tcp.port));
+ }
+
+ if (r->flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" --random");
+}
+
+static struct xtables_target masquerade_tg_reg = {
+ .name = "MASQUERADE",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct nf_nat_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_range)),
+ .help = MASQUERADE_help,
+ .x6_parse = MASQUERADE_parse,
+ .print = MASQUERADE_print,
+ .save = MASQUERADE_save,
+ .x6_options = MASQUERADE_opts,
+};
+
+void _init(void)
+{
+ xtables_register_target(&masquerade_tg_reg);
+}
diff --git a/extensions/libip6t_NETMAP.c b/extensions/libip6t_NETMAP.c
new file mode 100644
index 0000000..a4df70e
--- /dev/null
+++ b/extensions/libip6t_NETMAP.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
+ *
+ * Based on Svenning Soerensen's IPv4 NETMAP target. Development of IPv6 NAT
+ * funded by Astaro.
+ */
+
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <xtables.h>
+#include <libiptc/libip6tc.h>
+#include <linux/netfilter/nf_nat.h>
+
+#define MODULENAME "NETMAP"
+
+enum {
+ O_TO = 0,
+};
+
+static const struct xt_option_entry NETMAP_opts[] = {
+ {.name = "to", .id = O_TO, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_MAND},
+ XTOPT_TABLEEND,
+};
+
+static void NETMAP_help(void)
+{
+ printf(MODULENAME" target options:\n"
+ " --%s address[/mask]\n"
+ " Network address to map to.\n\n",
+ NETMAP_opts[0].name);
+}
+
+static void NETMAP_parse(struct xt_option_call *cb)
+{
+ struct nf_nat_range *range = cb->data;
+ unsigned int i;
+
+ xtables_option_parse(cb);
+ range->flags |= NF_NAT_RANGE_MAP_IPS;
+ for (i = 0; i < 4; i++) {
+ range->min_addr.ip6[i] = cb->val.haddr.ip6[i] &
+ cb->val.hmask.ip6[i];
+ range->max_addr.ip6[i] = range->min_addr.ip6[i] |
+ ~cb->val.hmask.ip6[i];
+ }
+}
+
+static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct nf_nat_range *r = (const void *)target->data;
+ struct in6_addr a;
+ unsigned int i;
+ int bits;
+
+ a = r->min_addr.in6;
+ printf("%s", xtables_ip6addr_to_numeric(&a));
+ for (i = 0; i < 4; i++)
+ a.s6_addr32[i] = ~(r->min_addr.ip6[i] ^ r->max_addr.ip6[i]);
+ bits = xtables_ip6mask_to_cidr(&a);
+ if (bits < 0)
+ printf("/%s", xtables_ip6addr_to_numeric(&a));
+ else
+ printf("/%d", bits);
+}
+
+static void NETMAP_save(const void *ip, const struct xt_entry_target *target)
+{
+ printf(" --%s ", NETMAP_opts[0].name);
+ NETMAP_print(ip, target, 0);
+}
+
+static struct xtables_target netmap_tg_reg = {
+ .name = MODULENAME,
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct nf_nat_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_range)),
+ .help = NETMAP_help,
+ .x6_parse = NETMAP_parse,
+ .print = NETMAP_print,
+ .save = NETMAP_save,
+ .x6_options = NETMAP_opts,
+};
+
+void _init(void)
+{
+ xtables_register_target(&netmap_tg_reg);
+}
diff --git a/extensions/libip6t_REDIRECT.c b/extensions/libip6t_REDIRECT.c
new file mode 100644
index 0000000..1724aa6
--- /dev/null
+++ b/extensions/libip6t_REDIRECT.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
+ *
+ * Based on Rusty Russell's IPv4 REDIRECT target. Development of IPv6 NAT
+ * funded by Astaro.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <xtables.h>
+#include <limits.h> /* INT_MAX in ip_tables.h */
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter/nf_nat.h>
+
+enum {
+ O_TO_PORTS = 0,
+ O_RANDOM,
+ F_TO_PORTS = 1 << O_TO_PORTS,
+ F_RANDOM = 1 << O_RANDOM,
+};
+
+static void REDIRECT_help(void)
+{
+ printf(
+"REDIRECT target options:\n"
+" --to-ports <port>[-<port>]\n"
+" Port (range) to map to.\n"
+" [--random]\n");
+}
+
+static const struct xt_option_entry REDIRECT_opts[] = {
+ {.name = "to-ports", .id = O_TO_PORTS, .type = XTTYPE_STRING},
+ {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
+};
+
+/* Parses ports */
+static void
+parse_ports(const char *arg, struct nf_nat_range *range)
+{
+ char *end = "";
+ unsigned int port, maxport;
+
+ range->flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
+
+ if (!xtables_strtoui(arg, &end, &port, 0, UINT16_MAX) &&
+ (port = xtables_service_to_port(arg, NULL)) == (unsigned)-1)
+ xtables_param_act(XTF_BAD_VALUE, "REDIRECT", "--to-ports", arg);
+
+ switch (*end) {
+ case '\0':
+ range->min_proto.tcp.port
+ = range->max_proto.tcp.port
+ = htons(port);
+ return;
+ case '-':
+ if (!xtables_strtoui(end + 1, NULL, &maxport, 0, UINT16_MAX) &&
+ (maxport = xtables_service_to_port(end + 1, NULL)) == (unsigned)-1)
+ break;
+
+ if (maxport < port)
+ break;
+
+ range->min_proto.tcp.port = htons(port);
+ range->max_proto.tcp.port = htons(maxport);
+ return;
+ default:
+ break;
+ }
+ xtables_param_act(XTF_BAD_VALUE, "REDIRECT", "--to-ports", arg);
+}
+
+static void REDIRECT_parse(struct xt_option_call *cb)
+{
+ const struct ip6t_entry *entry = cb->xt_entry;
+ struct nf_nat_range *range = (void *)(*cb->target)->data;
+ int portok;
+
+ if (entry->ipv6.proto == IPPROTO_TCP
+ || entry->ipv6.proto == IPPROTO_UDP
+ || entry->ipv6.proto == IPPROTO_SCTP
+ || entry->ipv6.proto == IPPROTO_DCCP
+ || entry->ipv6.proto == IPPROTO_ICMP)
+ portok = 1;
+ else
+ portok = 0;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TO_PORTS:
+ if (!portok)
+ xtables_error(PARAMETER_PROBLEM,
+ "Need TCP, UDP, SCTP or DCCP with port specification");
+ parse_ports(cb->arg, range);
+ if (cb->xflags & F_RANDOM)
+ range->flags |= NF_NAT_RANGE_PROTO_RANDOM;
+ break;
+ case O_RANDOM:
+ if (cb->xflags & F_TO_PORTS)
+ range->flags |= NF_NAT_RANGE_PROTO_RANDOM;
+ break;
+ }
+}
+
+static void REDIRECT_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct nf_nat_range *range = (const void *)target->data;
+
+ if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+ printf(" redir ports ");
+ printf("%hu", ntohs(range->min_proto.tcp.port));
+ if (range->max_proto.tcp.port != range->min_proto.tcp.port)
+ printf("-%hu", ntohs(range->max_proto.tcp.port));
+ if (range->flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" random");
+ }
+}
+
+static void REDIRECT_save(const void *ip, const struct xt_entry_target *target)
+{
+ const struct nf_nat_range *range = (const void *)target->data;
+
+ if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+ printf(" --to-ports ");
+ printf("%hu", ntohs(range->min_proto.tcp.port));
+ if (range->max_proto.tcp.port != range->min_proto.tcp.port)
+ printf("-%hu", ntohs(range->max_proto.tcp.port));
+ if (range->flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" --random");
+ }
+}
+
+static struct xtables_target redirect_tg_reg = {
+ .name = "REDIRECT",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct nf_nat_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_range)),
+ .help = REDIRECT_help,
+ .x6_parse = REDIRECT_parse,
+ .print = REDIRECT_print,
+ .save = REDIRECT_save,
+ .x6_options = REDIRECT_opts,
+};
+
+void _init(void)
+{
+ xtables_register_target(&redirect_tg_reg);
+}
diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c
index b8195d7..8085321 100644
--- a/extensions/libip6t_REJECT.c
+++ b/extensions/libip6t_REJECT.c
@@ -7,8 +7,6 @@
*/
#include <stdio.h>
#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter_ipv6/ip6t_REJECT.h>
@@ -19,6 +17,10 @@ struct reject_names {
const char *desc;
};
+enum {
+ O_REJECT_WITH = 0,
+};
+
static const struct reject_names reject_table[] = {
{"icmp6-no-route", "no-route",
IP6T_ICMP6_NO_ROUTE, "ICMPv6 no route"},
@@ -60,9 +62,9 @@ static void REJECT_help(void)
print_reject_types();
}
-static const struct option REJECT_opts[] = {
- { "reject-with", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry REJECT_opts[] = {
+ {.name = "reject-with", .id = O_REJECT_WITH, .type = XTTYPE_STRING},
+ XTOPT_TABLEEND,
};
static void REJECT_init(struct xt_entry_target *t)
@@ -74,30 +76,22 @@ static void REJECT_init(struct xt_entry_target *t)
}
-static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void REJECT_parse(struct xt_option_call *cb)
{
- struct ip6t_reject_info *reject =
- (struct ip6t_reject_info *)(*target)->data;
+ struct ip6t_reject_info *reject = cb->data;
unsigned int i;
- switch(c) {
- case '1':
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --reject-with");
- for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
- if ((strncasecmp(reject_table[i].name, optarg, strlen(optarg)) == 0)
- || (strncasecmp(reject_table[i].alias, optarg, strlen(optarg)) == 0)) {
- reject->with = reject_table[i].with;
- return 1;
- }
- xtables_error(PARAMETER_PROBLEM, "unknown reject type \"%s\"", optarg);
- default:
- /* Fall through */
- break;
- }
- return 0;
+ xtables_option_parse(cb);
+ for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
+ if (strncasecmp(reject_table[i].name,
+ cb->arg, strlen(cb->arg)) == 0 ||
+ strncasecmp(reject_table[i].alias,
+ cb->arg, strlen(cb->arg)) == 0) {
+ reject->with = reject_table[i].with;
+ return;
+ }
+ xtables_error(PARAMETER_PROBLEM,
+ "unknown reject type \"%s\"", cb->arg);
}
static void REJECT_print(const void *ip, const struct xt_entry_target *target,
@@ -110,7 +104,7 @@ static void REJECT_print(const void *ip, const struct xt_entry_target *target,
for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
if (reject_table[i].with == reject->with)
break;
- printf("reject-with %s ", reject_table[i].name);
+ printf(" reject-with %s", reject_table[i].name);
}
static void REJECT_save(const void *ip, const struct xt_entry_target *target)
@@ -123,7 +117,7 @@ static void REJECT_save(const void *ip, const struct xt_entry_target *target)
if (reject_table[i].with == reject->with)
break;
- printf("--reject-with %s ", reject_table[i].name);
+ printf(" --reject-with %s", reject_table[i].name);
}
static struct xtables_target reject_tg6_reg = {
@@ -134,10 +128,10 @@ static struct xtables_target reject_tg6_reg = {
.userspacesize = XT_ALIGN(sizeof(struct ip6t_reject_info)),
.help = REJECT_help,
.init = REJECT_init,
- .parse = REJECT_parse,
.print = REJECT_print,
.save = REJECT_save,
- .extra_opts = REJECT_opts,
+ .x6_parse = REJECT_parse,
+ .x6_options = REJECT_opts,
};
void _init(void)
diff --git a/extensions/libip6t_REJECT.man b/extensions/libip6t_REJECT.man
index 2d09e05..0030a51 100644
--- a/extensions/libip6t_REJECT.man
+++ b/extensions/libip6t_REJECT.man
@@ -18,10 +18,9 @@ The type given can be
\fBicmp6\-adm\-prohibited\fP,
\fBadm\-prohibited\fP,
\fBicmp6\-addr\-unreachable\fP,
-\fBaddr\-unreach\fP,
-\fBicmp6\-port\-unreachable\fP or
-\fBport\-unreach\fP
-which return the appropriate ICMPv6 error message (\fBport\-unreach\fP is
+\fBaddr\-unreach\fP, or
+\fBicmp6\-port\-unreachable\fP,
+which return the appropriate ICMPv6 error message (\fBicmp6\-port\-unreachable\fP is
the default). Finally, the option
\fBtcp\-reset\fP
can be used on rules which only match the TCP protocol: this causes a
diff --git a/extensions/libip6t_SNAT.c b/extensions/libip6t_SNAT.c
new file mode 100644
index 0000000..7382ad0
--- /dev/null
+++ b/extensions/libip6t_SNAT.c
@@ -0,0 +1,252 @@
+/*
+ * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
+ *
+ * Based on Rusty Russell's IPv4 SNAT target. Development of IPv6 NAT
+ * funded by Astaro.
+ */
+
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <xtables.h>
+#include <iptables.h>
+#include <limits.h> /* INT_MAX in ip_tables.h */
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter/nf_nat.h>
+
+enum {
+ O_TO_SRC = 0,
+ O_RANDOM,
+ O_PERSISTENT,
+ O_X_TO_SRC,
+ F_TO_SRC = 1 << O_TO_SRC,
+ F_RANDOM = 1 << O_RANDOM,
+ F_X_TO_SRC = 1 << O_X_TO_SRC,
+};
+
+static void SNAT_help(void)
+{
+ printf(
+"SNAT target options:\n"
+" --to-source [<ipaddr>[-<ipaddr>]][:port[-port]]\n"
+" Address to map source to.\n"
+"[--random] [--persistent]\n");
+}
+
+static const struct xt_option_entry SNAT_opts[] = {
+ {.name = "to-source", .id = O_TO_SRC, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_MULTI},
+ {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
+ {.name = "persistent", .id = O_PERSISTENT, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
+};
+
+/* Ranges expected in network order. */
+static void
+parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
+{
+ char *arg, *start, *end = NULL, *colon = NULL, *dash, *error;
+ const struct in6_addr *ip;
+
+ arg = strdup(orig_arg);
+ if (arg == NULL)
+ xtables_error(RESOURCE_PROBLEM, "strdup");
+
+ start = strchr(arg, '[');
+ if (start == NULL) {
+ start = arg;
+ /* Lets assume one colon is port information. Otherwise its an IPv6 address */
+ colon = strchr(arg, ':');
+ if (colon && strchr(colon+1, ':'))
+ colon = NULL;
+ }
+ else {
+ start++;
+ end = strchr(start, ']');
+ if (end == NULL)
+ xtables_error(PARAMETER_PROBLEM,
+ "Invalid address format");
+
+ *end = '\0';
+ colon = strchr(end + 1, ':');
+ }
+
+ if (colon) {
+ int port;
+
+ if (!portok)
+ xtables_error(PARAMETER_PROBLEM,
+ "Need TCP, UDP, SCTP or DCCP with port specification");
+
+ range->flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
+
+ port = atoi(colon+1);
+ if (port <= 0 || port > 65535)
+ xtables_error(PARAMETER_PROBLEM,
+ "Port `%s' not valid\n", colon+1);
+
+ error = strchr(colon+1, ':');
+ if (error)
+ xtables_error(PARAMETER_PROBLEM,
+ "Invalid port:port syntax - use dash\n");
+
+ dash = strchr(colon, '-');
+ if (!dash) {
+ range->min_proto.tcp.port
+ = range->max_proto.tcp.port
+ = htons(port);
+ } else {
+ int maxport;
+
+ maxport = atoi(dash + 1);
+ if (maxport <= 0 || maxport > 65535)
+ xtables_error(PARAMETER_PROBLEM,
+ "Port `%s' not valid\n", dash+1);
+ if (maxport < port)
+ /* People are stupid. */
+ xtables_error(PARAMETER_PROBLEM,
+ "Port range `%s' funky\n", colon+1);
+ range->min_proto.tcp.port = htons(port);
+ range->max_proto.tcp.port = htons(maxport);
+ }
+ /* Starts with colon or [] colon? No IP info...*/
+ if (colon == arg || colon == arg+2) {
+ free(arg);
+ return;
+ }
+ *colon = '\0';
+ }
+
+ range->flags |= NF_NAT_RANGE_MAP_IPS;
+ dash = strchr(start, '-');
+ if (colon && dash && dash > colon)
+ dash = NULL;
+
+ if (dash)
+ *dash = '\0';
+
+ ip = xtables_numeric_to_ip6addr(start);
+ if (!ip)
+ xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
+ start);
+ range->min_addr.in6 = *ip;
+ if (dash) {
+ ip = xtables_numeric_to_ip6addr(dash + 1);
+ if (!ip)
+ xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
+ dash+1);
+ range->max_addr.in6 = *ip;
+ } else
+ range->max_addr = range->min_addr;
+
+ free(arg);
+ return;
+}
+
+static void SNAT_parse(struct xt_option_call *cb)
+{
+ const struct ip6t_entry *entry = cb->xt_entry;
+ struct nf_nat_range *range = cb->data;
+ int portok;
+
+ if (entry->ipv6.proto == IPPROTO_TCP ||
+ entry->ipv6.proto == IPPROTO_UDP ||
+ entry->ipv6.proto == IPPROTO_SCTP ||
+ entry->ipv6.proto == IPPROTO_DCCP ||
+ entry->ipv6.proto == IPPROTO_ICMP)
+ portok = 1;
+ else
+ portok = 0;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TO_SRC:
+ if (cb->xflags & F_X_TO_SRC) {
+ if (!kernel_version)
+ get_kernel_version();
+ if (kernel_version > LINUX_VERSION(2, 6, 10))
+ xtables_error(PARAMETER_PROBLEM,
+ "SNAT: Multiple --to-source not supported");
+ }
+ parse_to(cb->arg, portok, range);
+ break;
+ case O_PERSISTENT:
+ range->flags |= NF_NAT_RANGE_PERSISTENT;
+ break;
+ }
+}
+
+static void SNAT_fcheck(struct xt_fcheck_call *cb)
+{
+ static const unsigned int f = F_TO_SRC | F_RANDOM;
+ struct nf_nat_range *range = cb->data;
+
+ if ((cb->xflags & f) == f)
+ range->flags |= NF_NAT_RANGE_PROTO_RANDOM;
+}
+
+static void print_range(const struct nf_nat_range *range)
+{
+ if (range->flags & NF_NAT_RANGE_MAP_IPS) {
+ if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
+ printf("[");
+ printf("%s", xtables_ip6addr_to_numeric(&range->min_addr.in6));
+ if (memcmp(&range->min_addr, &range->max_addr,
+ sizeof(range->min_addr)))
+ printf("-%s", xtables_ip6addr_to_numeric(&range->max_addr.in6));
+ if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
+ printf("]");
+ }
+ if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+ printf(":");
+ printf("%hu", ntohs(range->min_proto.tcp.port));
+ if (range->max_proto.tcp.port != range->min_proto.tcp.port)
+ printf("-%hu", ntohs(range->max_proto.tcp.port));
+ }
+}
+
+static void SNAT_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct nf_nat_range *range = (const void *)target->data;
+
+ printf(" to:");
+ print_range(range);
+ if (range->flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" random");
+ if (range->flags & NF_NAT_RANGE_PERSISTENT)
+ printf(" persistent");
+}
+
+static void SNAT_save(const void *ip, const struct xt_entry_target *target)
+{
+ const struct nf_nat_range *range = (const void *)target->data;
+
+ printf(" --to-source ");
+ print_range(range);
+ if (range->flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" --random");
+ if (range->flags & NF_NAT_RANGE_PERSISTENT)
+ printf(" --persistent");
+}
+
+static struct xtables_target snat_tg_reg = {
+ .name = "SNAT",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct nf_nat_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_range)),
+ .help = SNAT_help,
+ .x6_parse = SNAT_parse,
+ .x6_fcheck = SNAT_fcheck,
+ .print = SNAT_print,
+ .save = SNAT_save,
+ .x6_options = SNAT_opts,
+};
+
+void _init(void)
+{
+ xtables_register_target(&snat_tg_reg);
+}
diff --git a/extensions/libip6t_SNPT.c b/extensions/libip6t_SNPT.c
new file mode 100644
index 0000000..4f10de0
--- /dev/null
+++ b/extensions/libip6t_SNPT.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2012-2013 Patrick McHardy <kaber@trash.net>
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <xtables.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv6/ip6t_NPT.h>
+
+enum {
+ O_SRC_PFX = 1 << 0,
+ O_DST_PFX = 1 << 1,
+};
+
+static const struct xt_option_entry SNPT_options[] = {
+ { .name = "src-pfx", .id = O_SRC_PFX, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_MAND },
+ { .name = "dst-pfx", .id = O_DST_PFX, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_MAND },
+ { }
+};
+
+static void SNPT_help(void)
+{
+ printf("SNPT target options:"
+ "\n"
+ " --src-pfx prefix/length\n"
+ " --dst-pfx prefix/length\n"
+ "\n");
+}
+
+static void SNPT_parse(struct xt_option_call *cb)
+{
+ struct ip6t_npt_tginfo *npt = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SRC_PFX:
+ npt->src_pfx = cb->val.haddr;
+ npt->src_pfx_len = cb->val.hlen;
+ break;
+ case O_DST_PFX:
+ npt->dst_pfx = cb->val.haddr;
+ npt->dst_pfx_len = cb->val.hlen;
+ break;
+ }
+}
+
+static void SNPT_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct ip6t_npt_tginfo *npt = (const void *)target->data;
+
+ printf("src-pfx %s/%u ", xtables_ip6addr_to_numeric(&npt->src_pfx.in6),
+ npt->src_pfx_len);
+ printf("dst-pfx %s/%u ", xtables_ip6addr_to_numeric(&npt->dst_pfx.in6),
+ npt->dst_pfx_len);
+}
+
+static void SNPT_save(const void *ip, const struct xt_entry_target *target)
+{
+ static const struct in6_addr zero_addr;
+ const struct ip6t_npt_tginfo *info = (const void *)target->data;
+
+ if (memcmp(&info->src_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 ||
+ info->src_pfx_len != 0)
+ printf("--src-pfx %s/%u ",
+ xtables_ip6addr_to_numeric(&info->src_pfx.in6),
+ info->src_pfx_len);
+ if (memcmp(&info->dst_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 ||
+ info->dst_pfx_len != 0)
+ printf("--dst-pfx %s/%u ",
+ xtables_ip6addr_to_numeric(&info->dst_pfx.in6),
+ info->dst_pfx_len);
+}
+
+static struct xtables_target snpt_tg_reg = {
+ .name = "SNPT",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct ip6t_npt_tginfo)),
+ .userspacesize = offsetof(struct ip6t_npt_tginfo, adjustment),
+ .help = SNPT_help,
+ .x6_parse = SNPT_parse,
+ .print = SNPT_print,
+ .save = SNPT_save,
+ .x6_options = SNPT_options,
+};
+
+void _init(void)
+{
+ xtables_register_target(&snpt_tg_reg);
+}
diff --git a/extensions/libip6t_SNPT.man b/extensions/libip6t_SNPT.man
new file mode 100644
index 0000000..78d644a
--- /dev/null
+++ b/extensions/libip6t_SNPT.man
@@ -0,0 +1,30 @@
+Provides stateless source IPv6-to-IPv6 Network Prefix Translation (as described
+by RFC 6296).
+.PP
+You have to use this target in the
+.B mangle
+table, not in the
+.B nat
+table. It takes the following options:
+.TP
+\fB\-\-src\-pfx\fP [\fIprefix/\fP\fIlength]
+Set source prefix that you want to translate and length
+.TP
+\fB\-\-dst\-pfx\fP [\fIprefix/\fP\fIlength]
+Set destination prefix that you want to use in the translation and length
+.PP
+You have to use the DNPT target to undo the translation. Example:
+.IP
+ip6tables \-t mangle \-I POSTROUTING \-s fd00::/64 \! \-o vboxnet0
+\-j SNPT \-\-src-pfx fd00::/64 \-\-dst-pfx 2001:e20:2000:40f::/64
+.IP
+ip6tables \-t mangle \-I PREROUTING \-i wlan0 \-d 2001:e20:2000:40f::/64
+\-j DNPT \-\-src-pfx 2001:e20:2000:40f::/64 \-\-dst-pfx fd00::/64
+.PP
+You may need to enable IPv6 neighbor proxy:
+.IP
+sysctl -w net.ipv6.conf.all.proxy_ndp=1
+.PP
+You also have to use the
+.B NOTRACK
+target to disable connection tracking for translated flows.
diff --git a/extensions/libip6t_ah.c b/extensions/libip6t_ah.c
index 285704c..26f8140 100644
--- a/extensions/libip6t_ah.c
+++ b/extensions/libip6t_ah.c
@@ -1,142 +1,76 @@
-/* Shared library add-on to ip6tables to add AH support. */
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <errno.h>
#include <xtables.h>
#include <linux/netfilter_ipv6/ip6t_ah.h>
+enum {
+ O_AHSPI = 0,
+ O_AHLEN,
+ O_AHRES,
+};
+
static void ah_help(void)
{
printf(
"ah match options:\n"
"[!] --ahspi spi[:spi] match spi (range)\n"
"[!] --ahlen length total length of this header\n"
-" --ahres check the reserved filed, too\n");
+" --ahres check the reserved field too\n");
}
-static const struct option ah_opts[] = {
- { .name = "ahspi", .has_arg = 1, .val = '1' },
- { .name = "ahlen", .has_arg = 1, .val = '2' },
- { .name = "ahres", .has_arg = 0, .val = '3' },
- { .name = NULL }
+#define s struct ip6t_ah
+static const struct xt_option_entry ah_opts[] = {
+ {.name = "ahspi", .id = O_AHSPI, .type = XTTYPE_UINT32RC,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spis)},
+ {.name = "ahlen", .id = O_AHLEN, .type = XTTYPE_UINT32,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdrlen)},
+ {.name = "ahres", .id = O_AHRES, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
+#undef s
-static u_int32_t
-parse_ah_spi(const char *spistr, const char *typestr)
-{
- unsigned long int spi;
- char* ep;
-
- spi = strtoul(spistr, &ep, 0);
-
- if ( spistr == ep )
- xtables_error(PARAMETER_PROBLEM,
- "AH no valid digits in %s `%s'", typestr, spistr);
-
- if ( spi == ULONG_MAX && errno == ERANGE )
- xtables_error(PARAMETER_PROBLEM,
- "%s `%s' specified too big: would overflow",
- typestr, spistr);
-
- if ( *spistr != '\0' && *ep != '\0' )
- xtables_error(PARAMETER_PROBLEM,
- "AH error parsing %s `%s'", typestr, spistr);
-
- return spi;
-}
-
-static void
-parse_ah_spis(const char *spistring, u_int32_t *spis)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(spistring);
- if ((cp = strchr(buffer, ':')) == NULL)
- spis[0] = spis[1] = parse_ah_spi(buffer, "spi");
- else {
- *cp = '\0';
- cp++;
-
- spis[0] = buffer[0] ? parse_ah_spi(buffer, "spi") : 0;
- spis[1] = cp[0] ? parse_ah_spi(cp, "spi") : 0xFFFFFFFF;
- }
- free(buffer);
-}
-
-static void ah_init(struct xt_entry_match *m)
+static void ah_parse(struct xt_option_call *cb)
{
- struct ip6t_ah *ahinfo = (struct ip6t_ah *)m->data;
-
- ahinfo->spis[1] = 0xFFFFFFFF;
- ahinfo->hdrlen = 0;
- ahinfo->hdrres = 0;
-}
-
-static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct ip6t_ah *ahinfo = (struct ip6t_ah *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & IP6T_AH_SPI)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--ahspi' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_ah_spis(optarg, ahinfo->spis);
- if (invert)
+ struct ip6t_ah *ahinfo = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_AHSPI:
+ if (cb->nvals == 1)
+ ahinfo->spis[1] = ahinfo->spis[0];
+ if (cb->invert)
ahinfo->invflags |= IP6T_AH_INV_SPI;
- *flags |= IP6T_AH_SPI;
break;
- case '2':
- if (*flags & IP6T_AH_LEN)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--ahlen' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- ahinfo->hdrlen = parse_ah_spi(optarg, "length");
- if (invert)
+ case O_AHLEN:
+ if (cb->invert)
ahinfo->invflags |= IP6T_AH_INV_LEN;
- *flags |= IP6T_AH_LEN;
break;
- case '3':
- if (*flags & IP6T_AH_RES)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--ahres' allowed");
+ case O_AHRES:
ahinfo->hdrres = 1;
- *flags |= IP6T_AH_RES;
break;
- default:
- return 0;
}
-
- return 1;
}
static void
-print_spis(const char *name, u_int32_t min, u_int32_t max,
+print_spis(const char *name, uint32_t min, uint32_t max,
int invert)
{
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFFFFFF || invert) {
if (min == max)
- printf("%s:%s%u ", name, inv, min);
+ printf("%s:%s%u", name, inv, min);
else
- printf("%ss:%s%u:%u ", name, inv, min, max);
+ printf("%ss:%s%u:%u", name, inv, min, max);
}
}
static void
-print_len(const char *name, u_int32_t len, int invert)
+print_len(const char *name, uint32_t len, int invert)
{
const char *inv = invert ? "!" : "";
if (len != 0 || invert)
- printf("%s:%s%u ", name, inv, len);
+ printf("%s:%s%u", name, inv, len);
}
static void ah_print(const void *ip, const struct xt_entry_match *match,
@@ -144,17 +78,17 @@ static void ah_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_ah *ah = (struct ip6t_ah *)match->data;
- printf("ah ");
+ printf(" ah ");
print_spis("spi", ah->spis[0], ah->spis[1],
ah->invflags & IP6T_AH_INV_SPI);
print_len("length", ah->hdrlen,
ah->invflags & IP6T_AH_INV_LEN);
if (ah->hdrres)
- printf("reserved ");
+ printf(" reserved");
if (ah->invflags & ~IP6T_AH_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
ah->invflags & ~IP6T_AH_INV_MASK);
}
@@ -164,26 +98,26 @@ static void ah_save(const void *ip, const struct xt_entry_match *match)
if (!(ahinfo->spis[0] == 0
&& ahinfo->spis[1] == 0xFFFFFFFF)) {
- printf("%s--ahspi ",
- (ahinfo->invflags & IP6T_AH_INV_SPI) ? "! " : "");
+ printf("%s --ahspi ",
+ (ahinfo->invflags & IP6T_AH_INV_SPI) ? " !" : "");
if (ahinfo->spis[0]
!= ahinfo->spis[1])
- printf("%u:%u ",
+ printf("%u:%u",
ahinfo->spis[0],
ahinfo->spis[1]);
else
- printf("%u ",
+ printf("%u",
ahinfo->spis[0]);
}
if (ahinfo->hdrlen != 0 || (ahinfo->invflags & IP6T_AH_INV_LEN) ) {
- printf("%s--ahlen %u ",
- (ahinfo->invflags & IP6T_AH_INV_LEN) ? "! " : "",
+ printf("%s --ahlen %u",
+ (ahinfo->invflags & IP6T_AH_INV_LEN) ? " !" : "",
ahinfo->hdrlen);
}
if (ahinfo->hdrres != 0 )
- printf("--ahres ");
+ printf(" --ahres");
}
static struct xtables_match ah_mt6_reg = {
@@ -193,11 +127,10 @@ static struct xtables_match ah_mt6_reg = {
.size = XT_ALIGN(sizeof(struct ip6t_ah)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_ah)),
.help = ah_help,
- .init = ah_init,
- .parse = ah_parse,
.print = ah_print,
.save = ah_save,
- .extra_opts = ah_opts,
+ .x6_parse = ah_parse,
+ .x6_options = ah_opts,
};
void
diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c
index 72df6ad..3fd4c01 100644
--- a/extensions/libip6t_dst.c
+++ b/extensions/libip6t_dst.c
@@ -1,15 +1,14 @@
-/* Shared library add-on to ip6tables to add Dst header support. */
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <errno.h>
#include <xtables.h>
#include <linux/netfilter_ipv6/ip6t_opts.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <arpa/inet.h>
+
+enum {
+ O_DSTLEN = 0,
+ O_DSTOPTS,
+};
static void dst_help(void)
{
@@ -21,14 +20,15 @@ static void dst_help(void)
IP6T_OPTS_OPTSNR);
}
-static const struct option dst_opts[] = {
- { .name = "dst-len", .has_arg = 1, .val = '1' },
- { .name = "dst-opts", .has_arg = 1, .val = '2' },
- { .name = "dst-not-strict", .has_arg = 1, .val = '3' },
- { .name = NULL }
+static const struct xt_option_entry dst_opts[] = {
+ {.name = "dst-len", .id = O_DSTLEN, .type = XTTYPE_UINT32,
+ .flags = XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(struct ip6t_opts, hdrlen)},
+ {.name = "dst-opts", .id = O_DSTOPTS, .type = XTTYPE_STRING},
+ XTOPT_TABLEEND,
};
-static u_int32_t
+static uint32_t
parse_opts_num(const char *idstr, const char *typestr)
{
unsigned long int id;
@@ -53,7 +53,7 @@ parse_opts_num(const char *idstr, const char *typestr)
}
static int
-parse_options(const char *optsstr, u_int16_t *opts)
+parse_options(const char *optsstr, uint16_t *opts)
{
char *buffer, *cp, *next, *range;
unsigned int i;
@@ -105,68 +105,28 @@ parse_options(const char *optsstr, u_int16_t *opts)
return i;
}
-static void dst_init(struct xt_entry_match *m)
+static void dst_parse(struct xt_option_call *cb)
{
- struct ip6t_opts *optinfo = (struct ip6t_opts *)m->data;
+ struct ip6t_opts *optinfo = cb->data;
- optinfo->hdrlen = 0;
- optinfo->flags = 0;
- optinfo->invflags = 0;
- optinfo->optsnr = 0;
-}
-
-static int dst_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct ip6t_opts *optinfo = (struct ip6t_opts *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & IP6T_OPTS_LEN)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--dst-len' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- optinfo->hdrlen = parse_opts_num(optarg, "length");
- if (invert)
- optinfo->invflags |= IP6T_OPTS_INV_LEN;
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_DSTLEN:
optinfo->flags |= IP6T_OPTS_LEN;
- *flags |= IP6T_OPTS_LEN;
break;
- case '2':
- if (*flags & IP6T_OPTS_OPTS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--dst-opts' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- " '!' not allowed with `--dst-opts'");
- optinfo->optsnr = parse_options(optarg, optinfo->opts);
+ case O_DSTOPTS:
+ optinfo->optsnr = parse_options(cb->arg, optinfo->opts);
optinfo->flags |= IP6T_OPTS_OPTS;
- *flags |= IP6T_OPTS_OPTS;
break;
- case '3':
- if (*flags & IP6T_OPTS_NSTRICT)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--dst-not-strict' allowed");
- if ( !(*flags & IP6T_OPTS_OPTS) )
- xtables_error(PARAMETER_PROBLEM,
- "`--dst-opts ...' required before "
- "`--dst-not-strict'");
- optinfo->flags |= IP6T_OPTS_NSTRICT;
- *flags |= IP6T_OPTS_NSTRICT;
- break;
- default:
- return 0;
}
-
- return 1;
}
static void
-print_options(unsigned int optsnr, u_int16_t *optsp)
+print_options(unsigned int optsnr, uint16_t *optsp)
{
unsigned int i;
+ printf(" ");
for(i = 0; i < optsnr; i++) {
printf("%d", (optsp[i] & 0xFF00) >> 8);
@@ -182,22 +142,19 @@ static void dst_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
- printf("dst ");
+ printf(" dst");
if (optinfo->flags & IP6T_OPTS_LEN)
- printf("length:%s%u ",
+ printf(" length:%s%u",
optinfo->invflags & IP6T_OPTS_INV_LEN ? "!" : "",
optinfo->hdrlen);
if (optinfo->flags & IP6T_OPTS_OPTS)
- printf("opts ");
+ printf(" opts");
- print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts);
-
- if (optinfo->flags & IP6T_OPTS_NSTRICT)
- printf("not-strict ");
+ print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->invflags & ~IP6T_OPTS_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
optinfo->invflags & ~IP6T_OPTS_INV_MASK);
}
@@ -206,18 +163,15 @@ static void dst_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
if (optinfo->flags & IP6T_OPTS_LEN) {
- printf("%s--dst-len %u ",
- (optinfo->invflags & IP6T_OPTS_INV_LEN) ? "! " : "",
+ printf("%s --dst-len %u",
+ (optinfo->invflags & IP6T_OPTS_INV_LEN) ? " !" : "",
optinfo->hdrlen);
}
if (optinfo->flags & IP6T_OPTS_OPTS)
- printf("--dst-opts ");
-
- print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts);
+ printf(" --dst-opts");
- if (optinfo->flags & IP6T_OPTS_NSTRICT)
- printf("--dst-not-strict ");
+ print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
}
static struct xtables_match dst_mt6_reg = {
@@ -227,11 +181,10 @@ static struct xtables_match dst_mt6_reg = {
.size = XT_ALIGN(sizeof(struct ip6t_opts)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_opts)),
.help = dst_help,
- .init = dst_init,
- .parse = dst_parse,
.print = dst_print,
.save = dst_save,
- .extra_opts = dst_opts,
+ .x6_parse = dst_parse,
+ .x6_options = dst_opts,
};
void
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index 5a280cc..023df62 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -1,154 +1,96 @@
-/* Shared library add-on to ip6tables to add Fragmentation header support. */
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <errno.h>
#include <xtables.h>
#include <linux/netfilter_ipv6/ip6t_frag.h>
+enum {
+ O_FRAGID = 0,
+ O_FRAGLEN,
+ O_FRAGRES,
+ O_FRAGFIRST,
+ O_FRAGMORE,
+ O_FRAGLAST,
+ F_FRAGMORE = 1 << O_FRAGMORE,
+ F_FRAGLAST = 1 << O_FRAGLAST,
+};
+
static void frag_help(void)
{
printf(
"frag match options:\n"
"[!] --fragid id[:id] match the id (range)\n"
"[!] --fraglen length total length of this header\n"
-" --fragres check the reserved filed, too\n"
+" --fragres check the reserved field too\n"
" --fragfirst matches on the first fragment\n"
" [--fragmore|--fraglast] there are more fragments or this\n"
" is the last one\n");
}
-static const struct option frag_opts[] = {
- { .name = "fragid", .has_arg = 1, .val = '1' },
- { .name = "fraglen", .has_arg = 1, .val = '2' },
- { .name = "fragres", .has_arg = 0, .val = '3' },
- { .name = "fragfirst", .has_arg = 0, .val = '4' },
- { .name = "fragmore", .has_arg = 0, .val = '5' },
- { .name = "fraglast", .has_arg = 0, .val = '6' },
- { .name = NULL }
+#define s struct ip6t_frag
+static const struct xt_option_entry frag_opts[] = {
+ {.name = "fragid", .id = O_FRAGID, .type = XTTYPE_UINT32RC,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, ids)},
+ {.name = "fraglen", .id = O_FRAGLEN, .type = XTTYPE_UINT32,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdrlen)},
+ {.name = "fragres", .id = O_FRAGRES, .type = XTTYPE_NONE},
+ {.name = "fragfirst", .id = O_FRAGFIRST, .type = XTTYPE_NONE},
+ {.name = "fragmore", .id = O_FRAGMORE, .type = XTTYPE_NONE,
+ .excl = F_FRAGLAST},
+ {.name = "fraglast", .id = O_FRAGLAST, .type = XTTYPE_NONE,
+ .excl = F_FRAGMORE},
+ XTOPT_TABLEEND,
};
-
-static u_int32_t
-parse_frag_id(const char *idstr, const char *typestr)
-{
- unsigned long int id;
- char* ep;
-
- id = strtoul(idstr, &ep, 0);
-
- if ( idstr == ep ) {
- xtables_error(PARAMETER_PROBLEM,
- "FRAG no valid digits in %s `%s'", typestr, idstr);
- }
- if ( id == ULONG_MAX && errno == ERANGE ) {
- xtables_error(PARAMETER_PROBLEM,
- "%s `%s' specified too big: would overflow",
- typestr, idstr);
- }
- if ( *idstr != '\0' && *ep != '\0' ) {
- xtables_error(PARAMETER_PROBLEM,
- "FRAG error parsing %s `%s'", typestr, idstr);
- }
- return id;
-}
-
-static void
-parse_frag_ids(const char *idstring, u_int32_t *ids)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(idstring);
- if ((cp = strchr(buffer, ':')) == NULL)
- ids[0] = ids[1] = parse_frag_id(buffer,"id");
- else {
- *cp = '\0';
- cp++;
-
- ids[0] = buffer[0] ? parse_frag_id(buffer,"id") : 0;
- ids[1] = cp[0] ? parse_frag_id(cp,"id") : 0xFFFFFFFF;
- }
- free(buffer);
-}
+#undef s
static void frag_init(struct xt_entry_match *m)
{
- struct ip6t_frag *fraginfo = (struct ip6t_frag *)m->data;
+ struct ip6t_frag *fraginfo = (void *)m->data;
- fraginfo->ids[0] = 0x0L;
- fraginfo->ids[1] = 0xFFFFFFFF;
- fraginfo->hdrlen = 0;
- fraginfo->flags = 0;
- fraginfo->invflags = 0;
+ fraginfo->ids[1] = ~0U;
}
-static int frag_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void frag_parse(struct xt_option_call *cb)
{
- struct ip6t_frag *fraginfo = (struct ip6t_frag *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & IP6T_FRAG_IDS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--fragid' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_frag_ids(optarg, fraginfo->ids);
- if (invert)
+ struct ip6t_frag *fraginfo = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_FRAGID:
+ if (cb->nvals == 1)
+ fraginfo->ids[1] = fraginfo->ids[0];
+ if (cb->invert)
fraginfo->invflags |= IP6T_FRAG_INV_IDS;
+ /*
+ * Note however that IP6T_FRAG_IDS is not tested by anything,
+ * so it is merely here for completeness.
+ */
fraginfo->flags |= IP6T_FRAG_IDS;
- *flags |= IP6T_FRAG_IDS;
break;
- case '2':
- if (*flags & IP6T_FRAG_LEN)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--fraglen' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- fraginfo->hdrlen = parse_frag_id(optarg, "length");
- if (invert)
+ case O_FRAGLEN:
+ /*
+ * As of Linux 3.0, the kernel does not check for
+ * fraglen at all.
+ */
+ if (cb->invert)
fraginfo->invflags |= IP6T_FRAG_INV_LEN;
fraginfo->flags |= IP6T_FRAG_LEN;
- *flags |= IP6T_FRAG_LEN;
break;
- case '3':
- if (*flags & IP6T_FRAG_RES)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--fragres' allowed");
+ case O_FRAGRES:
fraginfo->flags |= IP6T_FRAG_RES;
- *flags |= IP6T_FRAG_RES;
break;
- case '4':
- if (*flags & IP6T_FRAG_FST)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--fragfirst' allowed");
+ case O_FRAGFIRST:
fraginfo->flags |= IP6T_FRAG_FST;
- *flags |= IP6T_FRAG_FST;
break;
- case '5':
- if (*flags & (IP6T_FRAG_MF|IP6T_FRAG_NMF))
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--fragmore' or `--fraglast' allowed");
+ case O_FRAGMORE:
fraginfo->flags |= IP6T_FRAG_MF;
- *flags |= IP6T_FRAG_MF;
break;
- case '6':
- if (*flags & (IP6T_FRAG_MF|IP6T_FRAG_NMF))
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--fragmore' or `--fraglast' allowed");
+ case O_FRAGLAST:
fraginfo->flags |= IP6T_FRAG_NMF;
- *flags |= IP6T_FRAG_NMF;
break;
- default:
- return 0;
}
-
- return 1;
}
static void
-print_ids(const char *name, u_int32_t min, u_int32_t max,
+print_ids(const char *name, uint32_t min, uint32_t max,
int invert)
{
const char *inv = invert ? "!" : "";
@@ -156,9 +98,9 @@ print_ids(const char *name, u_int32_t min, u_int32_t max,
if (min != 0 || max != 0xFFFFFFFF || invert) {
printf("%s", name);
if (min == max)
- printf(":%s%u ", inv, min);
+ printf(":%s%u", inv, min);
else
- printf("s:%s%u:%u ", inv, min, max);
+ printf("s:%s%u:%u", inv, min, max);
}
}
@@ -167,30 +109,30 @@ static void frag_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_frag *frag = (struct ip6t_frag *)match->data;
- printf("frag ");
+ printf(" frag ");
print_ids("id", frag->ids[0], frag->ids[1],
frag->invflags & IP6T_FRAG_INV_IDS);
if (frag->flags & IP6T_FRAG_LEN) {
- printf("length:%s%u ",
+ printf(" length:%s%u",
frag->invflags & IP6T_FRAG_INV_LEN ? "!" : "",
frag->hdrlen);
}
if (frag->flags & IP6T_FRAG_RES)
- printf("reserved ");
+ printf(" reserved");
if (frag->flags & IP6T_FRAG_FST)
- printf("first ");
+ printf(" first");
if (frag->flags & IP6T_FRAG_MF)
- printf("more ");
+ printf(" more");
if (frag->flags & IP6T_FRAG_NMF)
- printf("last ");
+ printf(" last");
if (frag->invflags & ~IP6T_FRAG_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
frag->invflags & ~IP6T_FRAG_INV_MASK);
}
@@ -200,35 +142,35 @@ static void frag_save(const void *ip, const struct xt_entry_match *match)
if (!(fraginfo->ids[0] == 0
&& fraginfo->ids[1] == 0xFFFFFFFF)) {
- printf("%s--fragid ",
- (fraginfo->invflags & IP6T_FRAG_INV_IDS) ? "! " : "");
+ printf("%s --fragid ",
+ (fraginfo->invflags & IP6T_FRAG_INV_IDS) ? " !" : "");
if (fraginfo->ids[0]
!= fraginfo->ids[1])
- printf("%u:%u ",
+ printf("%u:%u",
fraginfo->ids[0],
fraginfo->ids[1]);
else
- printf("%u ",
+ printf("%u",
fraginfo->ids[0]);
}
if (fraginfo->flags & IP6T_FRAG_LEN) {
- printf("%s--fraglen %u ",
- (fraginfo->invflags & IP6T_FRAG_INV_LEN) ? "! " : "",
+ printf("%s --fraglen %u",
+ (fraginfo->invflags & IP6T_FRAG_INV_LEN) ? " !" : "",
fraginfo->hdrlen);
}
if (fraginfo->flags & IP6T_FRAG_RES)
- printf("--fragres ");
+ printf(" --fragres");
if (fraginfo->flags & IP6T_FRAG_FST)
- printf("--fragfirst ");
+ printf(" --fragfirst");
if (fraginfo->flags & IP6T_FRAG_MF)
- printf("--fragmore ");
+ printf(" --fragmore");
if (fraginfo->flags & IP6T_FRAG_NMF)
- printf("--fraglast ");
+ printf(" --fraglast");
}
static struct xtables_match frag_mt6_reg = {
@@ -239,10 +181,10 @@ static struct xtables_match frag_mt6_reg = {
.userspacesize = XT_ALIGN(sizeof(struct ip6t_frag)),
.help = frag_help,
.init = frag_init,
- .parse = frag_parse,
.print = frag_print,
.save = frag_save,
- .extra_opts = frag_opts,
+ .x6_parse = frag_parse,
+ .x6_options = frag_opts,
};
void
diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c
index 520ec9e..c0389ed 100644
--- a/extensions/libip6t_hbh.c
+++ b/extensions/libip6t_hbh.c
@@ -1,19 +1,17 @@
-/* Shared library add-on to ip6tables to add Hop-by-Hop header support. */
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <errno.h>
#include <xtables.h>
-/*#include <linux/in6.h>*/
#include <linux/netfilter_ipv6/ip6t_opts.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <arpa/inet.h>
#define DEBUG 0
+enum {
+ O_HBH_LEN = 0,
+ O_HBH_OPTS,
+};
+
static void hbh_help(void)
{
printf(
@@ -24,14 +22,15 @@ static void hbh_help(void)
IP6T_OPTS_OPTSNR);
}
-static const struct option hbh_opts[] = {
- { "hbh-len", 1, NULL, '1' },
- { "hbh-opts", 1, NULL, '2' },
- { "hbh-not-strict", 1, NULL, '3' },
- { .name = NULL }
+static const struct xt_option_entry hbh_opts[] = {
+ {.name = "hbh-len", .id = O_HBH_LEN, .type = XTTYPE_UINT32,
+ .flags = XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(struct ip6t_opts, hdrlen)},
+ {.name = "hbh-opts", .id = O_HBH_OPTS, .type = XTTYPE_STRING},
+ XTOPT_TABLEEND,
};
-static u_int32_t
+static uint32_t
parse_opts_num(const char *idstr, const char *typestr)
{
unsigned long int id;
@@ -56,7 +55,7 @@ parse_opts_num(const char *idstr, const char *typestr)
}
static int
-parse_options(const char *optsstr, u_int16_t *opts)
+parse_options(const char *optsstr, uint16_t *opts)
{
char *buffer, *cp, *next, *range;
unsigned int i;
@@ -100,73 +99,35 @@ parse_options(const char *optsstr, u_int16_t *opts)
return i;
}
-static void hbh_init(struct xt_entry_match *m)
+static void hbh_parse(struct xt_option_call *cb)
{
- struct ip6t_opts *optinfo = (struct ip6t_opts *)m->data;
-
- optinfo->hdrlen = 0;
- optinfo->flags = 0;
- optinfo->invflags = 0;
- optinfo->optsnr = 0;
-}
+ struct ip6t_opts *optinfo = cb->data;
-static int hbh_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct ip6t_opts *optinfo = (struct ip6t_opts *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & IP6T_OPTS_LEN)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--hbh-len' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- optinfo->hdrlen = parse_opts_num(optarg, "length");
- if (invert)
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_HBH_LEN:
+ if (cb->invert)
optinfo->invflags |= IP6T_OPTS_INV_LEN;
optinfo->flags |= IP6T_OPTS_LEN;
- *flags |= IP6T_OPTS_LEN;
break;
- case '2':
- if (*flags & IP6T_OPTS_OPTS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--hbh-opts' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- " '!' not allowed with `--hbh-opts'");
- optinfo->optsnr = parse_options(optarg, optinfo->opts);
+ case O_HBH_OPTS:
+ optinfo->optsnr = parse_options(cb->arg, optinfo->opts);
optinfo->flags |= IP6T_OPTS_OPTS;
- *flags |= IP6T_OPTS_OPTS;
- break;
- case '3':
- if (*flags & IP6T_OPTS_NSTRICT)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--hbh-not-strict' allowed");
- if ( !(*flags & IP6T_OPTS_OPTS) )
- xtables_error(PARAMETER_PROBLEM,
- "`--hbh-opts ...' required before `--hbh-not-strict'");
- optinfo->flags |= IP6T_OPTS_NSTRICT;
- *flags |= IP6T_OPTS_NSTRICT;
break;
- default:
- return 0;
}
-
- return 1;
}
static void
-print_options(unsigned int optsnr, u_int16_t *optsp)
+print_options(unsigned int optsnr, uint16_t *optsp)
{
unsigned int i;
for(i=0; i<optsnr; i++){
+ printf("%c", (i==0)?' ':',');
printf("%d", (optsp[i] & 0xFF00)>>8);
if ((optsp[i] & 0x00FF) != 0x00FF){
printf(":%d", (optsp[i] & 0x00FF));
}
- printf("%c", (i!=optsnr-1)?',':' ');
}
}
@@ -175,18 +136,16 @@ static void hbh_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
- printf("hbh ");
+ printf(" hbh");
if (optinfo->flags & IP6T_OPTS_LEN) {
- printf("length");
+ printf(" length");
printf(":%s", optinfo->invflags & IP6T_OPTS_INV_LEN ? "!" : "");
printf("%u", optinfo->hdrlen);
- printf(" ");
}
- if (optinfo->flags & IP6T_OPTS_OPTS) printf("opts ");
- print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts);
- if (optinfo->flags & IP6T_OPTS_NSTRICT) printf("not-strict ");
+ if (optinfo->flags & IP6T_OPTS_OPTS) printf(" opts");
+ print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->invflags & ~IP6T_OPTS_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
optinfo->invflags & ~IP6T_OPTS_INV_MASK);
}
@@ -195,16 +154,14 @@ static void hbh_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
if (optinfo->flags & IP6T_OPTS_LEN) {
- printf("%s--hbh-len %u ",
- (optinfo->invflags & IP6T_OPTS_INV_LEN) ? "! " : "",
+ printf("%s --hbh-len %u",
+ (optinfo->invflags & IP6T_OPTS_INV_LEN) ? " !" : "",
optinfo->hdrlen);
}
if (optinfo->flags & IP6T_OPTS_OPTS)
- printf("--hbh-opts ");
- print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts);
- if (optinfo->flags & IP6T_OPTS_NSTRICT)
- printf("--hbh-not-strict ");
+ printf(" --hbh-opts");
+ print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
}
static struct xtables_match hbh_mt6_reg = {
@@ -214,11 +171,10 @@ static struct xtables_match hbh_mt6_reg = {
.size = XT_ALIGN(sizeof(struct ip6t_opts)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_opts)),
.help = hbh_help,
- .init = hbh_init,
- .parse = hbh_parse,
.print = hbh_print,
.save = hbh_save,
- .extra_opts = hbh_opts,
+ .x6_parse = hbh_parse,
+ .x6_options = hbh_opts,
};
void
diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c
index 09589b1..3559db4 100644
--- a/extensions/libip6t_hl.c
+++ b/extensions/libip6t_hl.c
@@ -5,15 +5,20 @@
* This program is released under the terms of GNU GPL
* Cleanups by Stephane Ouellette <ouellettes@videotron.ca>
*/
-
#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <getopt.h>
#include <xtables.h>
-
#include <linux/netfilter_ipv6/ip6t_hl.h>
+enum {
+ O_HL_EQ = 0,
+ O_HL_LT,
+ O_HL_GT,
+ F_HL_EQ = 1 << O_HL_EQ,
+ F_HL_LT = 1 << O_HL_LT,
+ F_HL_GT = 1 << O_HL_GT,
+ F_ANY = F_HL_EQ | F_HL_LT | F_HL_GT,
+};
+
static void hl_help(void)
{
printf(
@@ -23,64 +28,27 @@ static void hl_help(void)
" --hl-gt value Match HL > value\n");
}
-static int hl_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void hl_parse(struct xt_option_call *cb)
{
- struct ip6t_hl_info *info = (struct ip6t_hl_info *) (*match)->data;
- u_int8_t value;
-
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- value = atoi(optarg);
-
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify HL option twice");
-
- if (!optarg)
- xtables_error(PARAMETER_PROBLEM,
- "hl: You must specify a value");
- switch (c) {
- case '2':
- if (invert)
- info->mode = IP6T_HL_NE;
- else
- info->mode = IP6T_HL_EQ;
-
- /* is 0 allowed? */
- info->hop_limit = value;
- *flags = 1;
-
- break;
- case '3':
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "hl: unexpected `!'");
-
- info->mode = IP6T_HL_LT;
- info->hop_limit = value;
- *flags = 1;
-
- break;
- case '4':
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "hl: unexpected `!'");
-
- info->mode = IP6T_HL_GT;
- info->hop_limit = value;
- *flags = 1;
-
- break;
- default:
- return 0;
+ struct ip6t_hl_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_HL_EQ:
+ info->mode = cb->invert ? IP6T_HL_NE : IP6T_HL_EQ;
+ break;
+ case O_HL_LT:
+ info->mode = IP6T_HL_LT;
+ break;
+ case O_HL_GT:
+ info->mode = IP6T_HL_GT;
+ break;
}
-
- return 1;
}
-static void hl_check(unsigned int flags)
+static void hl_check(struct xt_fcheck_call *cb)
{
- if (!flags)
+ if (!(cb->xflags & F_ANY))
xtables_error(PARAMETER_PROBLEM,
"HL match: You must specify one of "
"`--hl-eq', `--hl-lt', `--hl-gt'");
@@ -98,7 +66,7 @@ static void hl_print(const void *ip, const struct xt_entry_match *match,
const struct ip6t_hl_info *info =
(struct ip6t_hl_info *) match->data;
- printf("HL match HL %s %u ", op[info->mode], info->hop_limit);
+ printf(" HL match HL %s %u", op[info->mode], info->hop_limit);
}
static void hl_save(const void *ip, const struct xt_entry_match *match)
@@ -112,16 +80,22 @@ static void hl_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_hl_info *info =
(struct ip6t_hl_info *) match->data;
- printf("%s %u ", op[info->mode], info->hop_limit);
+ printf(" %s %u", op[info->mode], info->hop_limit);
}
-static const struct option hl_opts[] = {
- { .name = "hl", .has_arg = 1, .val = '2' },
- { .name = "hl-eq", .has_arg = 1, .val = '2' },
- { .name = "hl-lt", .has_arg = 1, .val = '3' },
- { .name = "hl-gt", .has_arg = 1, .val = '4' },
- { .name = NULL }
+#define s struct ip6t_hl_info
+static const struct xt_option_entry hl_opts[] = {
+ {.name = "hl-lt", .id = O_HL_LT, .excl = F_ANY, .type = XTTYPE_UINT8,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)},
+ {.name = "hl-gt", .id = O_HL_GT, .excl = F_ANY, .type = XTTYPE_UINT8,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)},
+ {.name = "hl-eq", .id = O_HL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hop_limit)},
+ {.name = "hl", .id = O_HL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)},
+ XTOPT_TABLEEND,
};
+#undef s
static struct xtables_match hl_mt6_reg = {
.name = "hl",
@@ -130,11 +104,11 @@ static struct xtables_match hl_mt6_reg = {
.size = XT_ALIGN(sizeof(struct ip6t_hl_info)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_hl_info)),
.help = hl_help,
- .parse = hl_parse,
- .final_check = hl_check,
.print = hl_print,
.save = hl_save,
- .extra_opts = hl_opts,
+ .x6_parse = hl_parse,
+ .x6_fcheck = hl_check,
+ .x6_options = hl_opts,
};
diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
index fb321b3..68b940b 100644
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -1,17 +1,18 @@
-/* Shared library add-on to ip6tables to add ICMP support. */
+#include <stdint.h>
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
#include <limits.h> /* INT_MAX in ip6_tables.h */
#include <linux/netfilter_ipv6/ip6_tables.h>
+enum {
+ O_ICMPV6_TYPE = 0,
+};
+
struct icmpv6_names {
const char *name;
- u_int8_t type;
- u_int8_t code_min, code_max;
+ uint8_t type;
+ uint8_t code_min, code_max;
};
static const struct icmpv6_names icmpv6_codes[] = {
@@ -83,13 +84,14 @@ static void icmp6_help(void)
print_icmpv6types();
}
-static const struct option icmp6_opts[] = {
- { "icmpv6-type", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry icmp6_opts[] = {
+ {.name = "icmpv6-type", .id = O_ICMPV6_TYPE, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
static void
-parse_icmpv6(const char *icmpv6type, u_int8_t *type, u_int8_t code[])
+parse_icmpv6(const char *icmpv6type, uint8_t *type, uint8_t code[])
{
static const unsigned int limit = ARRAY_SIZE(icmpv6_codes);
unsigned int match = limit;
@@ -148,33 +150,18 @@ static void icmp6_init(struct xt_entry_match *m)
icmpv6info->code[1] = 0xFF;
}
-static int icmp6_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void icmp6_parse(struct xt_option_call *cb)
{
- struct ip6t_icmp *icmpv6info = (struct ip6t_icmp *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags == 1)
- xtables_error(PARAMETER_PROBLEM,
- "icmpv6 match: only use --icmpv6-type once!");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_icmpv6(optarg, &icmpv6info->type,
- icmpv6info->code);
- if (invert)
- icmpv6info->invflags |= IP6T_ICMP_INV;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
+ struct ip6t_icmp *icmpv6info = cb->data;
- return 1;
+ xtables_option_parse(cb);
+ parse_icmpv6(cb->arg, &icmpv6info->type, icmpv6info->code);
+ if (cb->invert)
+ icmpv6info->invflags |= IP6T_ICMP_INV;
}
-static void print_icmpv6type(u_int8_t type,
- u_int8_t code_min, u_int8_t code_max,
+static void print_icmpv6type(uint8_t type,
+ uint8_t code_min, uint8_t code_max,
int invert,
int numeric)
{
@@ -188,7 +175,7 @@ static void print_icmpv6type(u_int8_t type,
break;
if (i != ARRAY_SIZE(icmpv6_codes)) {
- printf("%s%s ",
+ printf(" %s%s",
invert ? "!" : "",
icmpv6_codes[i].name);
return;
@@ -196,15 +183,13 @@ static void print_icmpv6type(u_int8_t type,
}
if (invert)
- printf("!");
+ printf(" !");
printf("type %u", type);
- if (code_min == 0 && code_max == 0xFF)
- printf(" ");
- else if (code_min == code_max)
- printf(" code %u ", code_min);
- else
- printf(" codes %u-%u ", code_min, code_max);
+ if (code_min == code_max)
+ printf(" code %u", code_min);
+ else if (code_min != 0 || code_max != 0xFF)
+ printf(" codes %u-%u", code_min, code_max);
}
static void icmp6_print(const void *ip, const struct xt_entry_match *match,
@@ -212,13 +197,13 @@ static void icmp6_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_icmp *icmpv6 = (struct ip6t_icmp *)match->data;
- printf("ipv6-icmp ");
+ printf(" ipv6-icmp");
print_icmpv6type(icmpv6->type, icmpv6->code[0], icmpv6->code[1],
icmpv6->invflags & IP6T_ICMP_INV,
numeric);
if (icmpv6->invflags & ~IP6T_ICMP_INV)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
icmpv6->invflags & ~IP6T_ICMP_INV);
}
@@ -227,19 +212,11 @@ static void icmp6_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_icmp *icmpv6 = (struct ip6t_icmp *)match->data;
if (icmpv6->invflags & IP6T_ICMP_INV)
- printf("! ");
+ printf(" !");
- printf("--icmpv6-type %u", icmpv6->type);
+ printf(" --icmpv6-type %u", icmpv6->type);
if (icmpv6->code[0] != 0 || icmpv6->code[1] != 0xFF)
printf("/%u", icmpv6->code[0]);
- printf(" ");
-}
-
-static void icmp6_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM,
- "icmpv6 match: You must specify `--icmpv6-type'");
}
static struct xtables_match icmp6_mt6_reg = {
@@ -250,11 +227,10 @@ static struct xtables_match icmp6_mt6_reg = {
.userspacesize = XT_ALIGN(sizeof(struct ip6t_icmp)),
.help = icmp6_help,
.init = icmp6_init,
- .parse = icmp6_parse,
- .final_check = icmp6_check,
.print = icmp6_print,
.save = icmp6_save,
- .extra_opts = icmp6_opts,
+ .x6_parse = icmp6_parse,
+ .x6_options = icmp6_opts,
};
void _init(void)
diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
index af1f5ef..00d5d5b 100644
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -3,34 +3,29 @@ on whether they contain certain headers */
/* Original idea: Brad Chapman
* Rewritten by: Andras Kis-Szabo <kisza@sch.bme.hu> */
-
-#include <getopt.h>
-#include <xtables.h>
-#include <stddef.h>
+#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
-#include <sys/types.h>
-
+#include <xtables.h>
#include <linux/netfilter_ipv6/ip6t_ipv6header.h>
-/* This maybe required
-#include <linux/in.h>
-#include <linux/in6.h>
-*/
-
+enum {
+ O_HEADER = 0,
+ O_SOFT,
+};
/* A few hardcoded protocols for 'all' and in case the user has no
* /etc/protocols */
struct pprot {
char *name;
- u_int8_t num;
+ uint8_t num;
};
struct numflag {
- u_int8_t proto;
- u_int8_t flag;
+ uint8_t proto;
+ uint8_t flag;
};
static const struct pprot chain_protos[] = {
@@ -66,13 +61,13 @@ static const struct numflag chain_flags[] = {
{ IPPROTO_RAW, MASK_PROTO },
};
-static char *
-proto_to_name(u_int8_t proto, int nolookup)
+static const char *
+proto_to_name(uint8_t proto, int nolookup)
{
unsigned int i;
if (proto && !nolookup) {
- struct protoent *pent = getprotobynumber(proto);
+ const struct protoent *pent = getprotobynumber(proto);
if (pent)
return pent->p_name;
}
@@ -84,11 +79,11 @@ proto_to_name(u_int8_t proto, int nolookup)
return NULL;
}
-static u_int16_t
+static uint16_t
name_to_proto(const char *s)
{
unsigned int proto=0;
- struct protoent *pent;
+ const struct protoent *pent;
if ((pent = getprotobyname(s)))
proto = pent->p_proto;
@@ -139,21 +134,13 @@ static void ipv6header_help(void)
"--soft The header CONTAINS the specified extensions\n");
}
-static const struct option ipv6header_opts[] = {
- { "header", 1, NULL, '1' },
- { "soft", 0, NULL, '2' },
- { .name = NULL }
+static const struct xt_option_entry ipv6header_opts[] = {
+ {.name = "header", .id = O_HEADER, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ {.name = "soft", .id = O_SOFT, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
-static void ipv6header_init(struct xt_entry_match *m)
-{
- struct ip6t_ipv6header_info *info = (struct ip6t_ipv6header_info *)m->data;
-
- info->matchflags = 0x00;
- info->invflags = 0x00;
- info->modeflag = 0x00;
-}
-
static unsigned int
parse_header(const char *flags) {
unsigned int ret = 0;
@@ -169,54 +156,26 @@ parse_header(const char *flags) {
return ret;
}
-#define IPV6_HDR_HEADER 0x01
-#define IPV6_HDR_SOFT 0x02
-
-static int
-ipv6header_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void ipv6header_parse(struct xt_option_call *cb)
{
- struct ip6t_ipv6header_info *info = (struct ip6t_ipv6header_info *)(*match)->data;
-
- switch (c) {
- case '1' :
- /* Parse the provided header names */
- if (*flags & IPV6_HDR_HEADER)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--header' allowed");
-
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- if (! (info->matchflags = parse_header(optarg)) )
- xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names");
-
- if (invert)
- info->invflags |= 0xFF;
- *flags |= IPV6_HDR_HEADER;
- break;
- case '2' :
- /* Soft-mode requested? */
- if (*flags & IPV6_HDR_SOFT)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--soft' allowed");
-
- info->modeflag |= 0xFF;
- *flags |= IPV6_HDR_SOFT;
- break;
- default:
- return 0;
+ struct ip6t_ipv6header_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_HEADER:
+ if (!(info->matchflags = parse_header(cb->arg)))
+ xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names");
+ if (cb->invert)
+ info->invflags |= 0xFF;
+ break;
+ case O_SOFT:
+ info->modeflag |= 0xFF;
+ break;
}
-
- return 1;
-}
-
-static void ipv6header_check(unsigned int flags)
-{
- if (!flags) xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: no options specified");
}
static void
-print_header(u_int8_t flags){
+print_header(uint8_t flags){
int have_flag = 0;
while (flags) {
@@ -241,20 +200,19 @@ static void ipv6header_print(const void *ip,
const struct xt_entry_match *match, int numeric)
{
const struct ip6t_ipv6header_info *info = (const struct ip6t_ipv6header_info *)match->data;
- printf("ipv6header ");
+ printf(" ipv6header");
if (info->matchflags || info->invflags) {
- printf("flags:%s", info->invflags ? "!" : "");
+ printf(" flags:%s", info->invflags ? "!" : "");
if (numeric)
- printf("0x%02X ", info->matchflags);
+ printf("0x%02X", info->matchflags);
else {
print_header(info->matchflags);
- printf(" ");
}
}
if (info->modeflag)
- printf("soft ");
+ printf(" soft");
}
static void ipv6header_save(const void *ip, const struct xt_entry_match *match)
@@ -262,11 +220,10 @@ static void ipv6header_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_ipv6header_info *info = (const struct ip6t_ipv6header_info *)match->data;
- printf("%s--header ", info->invflags ? "! " : "");
+ printf("%s --header ", info->invflags ? " !" : "");
print_header(info->matchflags);
- printf(" ");
if (info->modeflag)
- printf("--soft ");
+ printf(" --soft");
}
static struct xtables_match ipv6header_mt6_reg = {
@@ -276,12 +233,10 @@ static struct xtables_match ipv6header_mt6_reg = {
.size = XT_ALIGN(sizeof(struct ip6t_ipv6header_info)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_ipv6header_info)),
.help = ipv6header_help,
- .init = ipv6header_init,
- .parse = ipv6header_parse,
- .final_check = ipv6header_check,
.print = ipv6header_print,
.save = ipv6header_save,
- .extra_opts = ipv6header_opts,
+ .x6_parse = ipv6header_parse,
+ .x6_options = ipv6header_opts,
};
void _init(void)
diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c
index 95cd65d..686a293 100644
--- a/extensions/libip6t_mh.c
+++ b/extensions/libip6t_mh.c
@@ -11,17 +11,20 @@
*
* Based on libip6t_{icmpv6,udp}.c
*/
+#include <stdint.h>
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter_ipv6/ip6t_mh.h>
+enum {
+ O_MH_TYPE = 0,
+};
+
struct mh_name {
const char *name;
- u_int8_t type;
+ uint8_t type;
};
static const struct mh_name mh_names[] = {
@@ -99,7 +102,7 @@ static unsigned int name_to_type(const char *name)
}
}
-static void parse_mh_types(const char *mhtype, u_int8_t *types)
+static void parse_mh_types(const char *mhtype, uint8_t *types)
{
char *buffer;
char *cp;
@@ -121,33 +124,17 @@ static void parse_mh_types(const char *mhtype, u_int8_t *types)
free(buffer);
}
-#define MH_TYPES 0x01
-
-static int mh_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void mh_parse(struct xt_option_call *cb)
{
- struct ip6t_mh *mhinfo = (struct ip6t_mh *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & MH_TYPES)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--mh-type' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_mh_types(optarg, mhinfo->types);
- if (invert)
- mhinfo->invflags |= IP6T_MH_INV_TYPE;
- *flags |= MH_TYPES;
- break;
-
- default:
- return 0;
- }
+ struct ip6t_mh *mhinfo = cb->data;
- return 1;
+ xtables_option_parse(cb);
+ parse_mh_types(cb->arg, mhinfo->types);
+ if (cb->invert)
+ mhinfo->invflags |= IP6T_MH_INV_TYPE;
}
-static const char *type_to_name(u_int8_t type)
+static const char *type_to_name(uint8_t type)
{
unsigned int i;
@@ -158,7 +145,7 @@ static const char *type_to_name(u_int8_t type)
return NULL;
}
-static void print_type(u_int8_t type, int numeric)
+static void print_type(uint8_t type, int numeric)
{
const char *name;
if (numeric || !(name = type_to_name(type)))
@@ -167,11 +154,12 @@ static void print_type(u_int8_t type, int numeric)
printf("%s", name);
}
-static void print_types(u_int8_t min, u_int8_t max, int invert, int numeric)
+static void print_types(uint8_t min, uint8_t max, int invert, int numeric)
{
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFF || invert) {
+ printf(" ");
if (min == max) {
printf("%s", inv);
print_type(min, numeric);
@@ -181,7 +169,6 @@ static void print_types(u_int8_t min, u_int8_t max, int invert, int numeric)
printf(":");
print_type(max, numeric);
}
- printf(" ");
}
}
@@ -190,12 +177,12 @@ static void mh_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_mh *mhinfo = (struct ip6t_mh *)match->data;
- printf("mh ");
+ printf(" mh");
print_types(mhinfo->types[0], mhinfo->types[1],
mhinfo->invflags & IP6T_MH_INV_TYPE,
numeric);
if (mhinfo->invflags & ~IP6T_MH_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
mhinfo->invflags & ~IP6T_MH_INV_MASK);
}
@@ -207,17 +194,18 @@ static void mh_save(const void *ip, const struct xt_entry_match *match)
return;
if (mhinfo->invflags & IP6T_MH_INV_TYPE)
- printf("! ");
+ printf(" !");
if (mhinfo->types[0] != mhinfo->types[1])
- printf("--mh-type %u:%u ", mhinfo->types[0], mhinfo->types[1]);
+ printf(" --mh-type %u:%u", mhinfo->types[0], mhinfo->types[1]);
else
- printf("--mh-type %u ", mhinfo->types[0]);
+ printf(" --mh-type %u", mhinfo->types[0]);
}
-static const struct option mh_opts[] = {
- { "mh-type", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry mh_opts[] = {
+ {.name = "mh-type", .id = O_MH_TYPE, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
static struct xtables_match mh_mt6_reg = {
@@ -228,10 +216,10 @@ static struct xtables_match mh_mt6_reg = {
.userspacesize = XT_ALIGN(sizeof(struct ip6t_mh)),
.help = mh_help,
.init = mh_init,
- .parse = mh_parse,
+ .x6_parse = mh_parse,
.print = mh_print,
.save = mh_save,
- .extra_opts = mh_opts,
+ .x6_options = mh_opts,
};
void _init(void)
diff --git a/extensions/libip6t_mh.man b/extensions/libip6t_mh.man
index 4559e78..8ec08c6 100644
--- a/extensions/libip6t_mh.man
+++ b/extensions/libip6t_mh.man
@@ -8,5 +8,5 @@ a numeric MH
.IR type
or one of the MH type names shown by the command
.nf
- ip6tables \-p ipv6\-mh \-h
+ ip6tables \-p mh \-h
.fi
diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c
index a04023d..d470488 100644
--- a/extensions/libip6t_rt.c
+++ b/extensions/libip6t_rt.c
@@ -1,18 +1,20 @@
-/* Shared library add-on to ip6tables to add Routing header support. */
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
-#include <errno.h>
#include <xtables.h>
-/*#include <linux/in6.h>*/
#include <linux/netfilter_ipv6/ip6t_rt.h>
-#include <sys/types.h>
-#include <sys/socket.h>
#include <arpa/inet.h>
-/*#define DEBUG 1*/
+enum {
+ O_RT_TYPE = 0,
+ O_RT_SEGSLEFT,
+ O_RT_LEN,
+ O_RT0RES,
+ O_RT0ADDRS,
+ O_RT0NSTRICT,
+ F_RT_TYPE = 1 << O_RT_TYPE,
+ F_RT0ADDRS = 1 << O_RT0ADDRS,
+};
static void rt_help(void)
{
@@ -21,70 +23,32 @@ static void rt_help(void)
"[!] --rt-type type match the type\n"
"[!] --rt-segsleft num[:num] match the Segments Left field (range)\n"
"[!] --rt-len length total length of this header\n"
-" --rt-0-res check the reserved filed, too (type 0)\n"
+" --rt-0-res check the reserved field too (type 0)\n"
" --rt-0-addrs ADDR[,ADDR...] Type=0 addresses (list, max: %d)\n"
" --rt-0-not-strict List of Type=0 addresses not a strict list\n",
IP6T_RT_HOPS);
}
-static const struct option rt_opts[] = {
- { "rt-type", 1, NULL, '1' },
- { "rt-segsleft", 1, NULL, '2' },
- { "rt-len", 1, NULL, '3' },
- { "rt-0-res", 0, NULL, '4' },
- { "rt-0-addrs", 1, NULL, '5' },
- { "rt-0-not-strict", 0, NULL, '6' },
- { .name = NULL }
+#define s struct ip6t_rt
+static const struct xt_option_entry rt_opts[] = {
+ {.name = "rt-type", .id = O_RT_TYPE, .type = XTTYPE_UINT32,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, rt_type)},
+ {.name = "rt-segsleft", .id = O_RT_SEGSLEFT, .type = XTTYPE_UINT32RC,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, segsleft)},
+ {.name = "rt-len", .id = O_RT_LEN, .type = XTTYPE_UINT32,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdrlen)},
+ {.name = "rt-0-res", .id = O_RT0RES, .type = XTTYPE_NONE},
+ {.name = "rt-0-addrs", .id = O_RT0ADDRS, .type = XTTYPE_STRING},
+ {.name = "rt-0-not-strict", .id = O_RT0NSTRICT, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
+#undef s
-static u_int32_t
-parse_rt_num(const char *idstr, const char *typestr)
-{
- unsigned long int id;
- char* ep;
-
- id = strtoul(idstr,&ep,0) ;
-
- if ( idstr == ep ) {
- xtables_error(PARAMETER_PROBLEM,
- "RT no valid digits in %s `%s'", typestr, idstr);
- }
- if ( id == ULONG_MAX && errno == ERANGE ) {
- xtables_error(PARAMETER_PROBLEM,
- "%s `%s' specified too big: would overflow",
- typestr, idstr);
- }
- if ( *idstr != '\0' && *ep != '\0' ) {
- xtables_error(PARAMETER_PROBLEM,
- "RT error parsing %s `%s'", typestr, idstr);
- }
- return id;
-}
-
-static void
-parse_rt_segsleft(const char *idstring, u_int32_t *ids)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(idstring);
- if ((cp = strchr(buffer, ':')) == NULL)
- ids[0] = ids[1] = parse_rt_num(buffer,"segsleft");
- else {
- *cp = '\0';
- cp++;
-
- ids[0] = buffer[0] ? parse_rt_num(buffer,"segsleft") : 0;
- ids[1] = cp[0] ? parse_rt_num(cp,"segsleft") : 0xFFFFFFFF;
- }
- free(buffer);
-}
-
-static char *
+static const char *
addr_to_numeric(const struct in6_addr *addrp)
{
static char buf[50+1];
- return (char *)inet_ntop(AF_INET6, addrp, buf, sizeof(buf));
+ return inet_ntop(AF_INET6, addrp, buf, sizeof(buf));
}
static struct in6_addr *
@@ -135,108 +99,61 @@ parse_addresses(const char *addrstr, struct in6_addr *addrp)
return i;
}
-static void rt_init(struct xt_entry_match *m)
+static void rt_parse(struct xt_option_call *cb)
{
- struct ip6t_rt *rtinfo = (struct ip6t_rt *)m->data;
-
- rtinfo->rt_type = 0x0L;
- rtinfo->segsleft[0] = 0x0L;
- rtinfo->segsleft[1] = 0xFFFFFFFF;
- rtinfo->hdrlen = 0;
- rtinfo->flags = 0;
- rtinfo->invflags = 0;
- rtinfo->addrnr = 0;
-}
+ struct ip6t_rt *rtinfo = cb->data;
-static int rt_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct ip6t_rt *rtinfo = (struct ip6t_rt *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & IP6T_RT_TYP)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--rt-type' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- rtinfo->rt_type = parse_rt_num(optarg, "type");
- if (invert)
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_RT_TYPE:
+ if (cb->invert)
rtinfo->invflags |= IP6T_RT_INV_TYP;
rtinfo->flags |= IP6T_RT_TYP;
- *flags |= IP6T_RT_TYP;
break;
- case '2':
- if (*flags & IP6T_RT_SGS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--rt-segsleft' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_rt_segsleft(optarg, rtinfo->segsleft);
- if (invert)
+ case O_RT_SEGSLEFT:
+ if (cb->nvals == 1)
+ rtinfo->segsleft[1] = rtinfo->segsleft[0];
+ if (cb->invert)
rtinfo->invflags |= IP6T_RT_INV_SGS;
rtinfo->flags |= IP6T_RT_SGS;
- *flags |= IP6T_RT_SGS;
break;
- case '3':
- if (*flags & IP6T_RT_LEN)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--rt-len' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- rtinfo->hdrlen = parse_rt_num(optarg, "length");
- if (invert)
+ case O_RT_LEN:
+ if (cb->invert)
rtinfo->invflags |= IP6T_RT_INV_LEN;
rtinfo->flags |= IP6T_RT_LEN;
- *flags |= IP6T_RT_LEN;
break;
- case '4':
- if (*flags & IP6T_RT_RES)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--rt-0-res' allowed");
- if ( !(*flags & IP6T_RT_TYP) || (rtinfo->rt_type != 0) || (rtinfo->invflags & IP6T_RT_INV_TYP) )
+ case O_RT0RES:
+ if (!(cb->xflags & F_RT_TYPE) || rtinfo->rt_type != 0 ||
+ rtinfo->invflags & IP6T_RT_INV_TYP)
xtables_error(PARAMETER_PROBLEM,
"`--rt-type 0' required before `--rt-0-res'");
rtinfo->flags |= IP6T_RT_RES;
- *flags |= IP6T_RT_RES;
break;
- case '5':
- if (*flags & IP6T_RT_FST)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--rt-0-addrs' allowed");
- if ( !(*flags & IP6T_RT_TYP) || (rtinfo->rt_type != 0) || (rtinfo->invflags & IP6T_RT_INV_TYP) )
+ case O_RT0ADDRS:
+ if (!(cb->xflags & F_RT_TYPE) || rtinfo->rt_type != 0 ||
+ rtinfo->invflags & IP6T_RT_INV_TYP)
xtables_error(PARAMETER_PROBLEM,
"`--rt-type 0' required before `--rt-0-addrs'");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- " '!' not allowed with `--rt-0-addrs'");
- rtinfo->addrnr = parse_addresses(optarg, rtinfo->addrs);
+ rtinfo->addrnr = parse_addresses(cb->arg, rtinfo->addrs);
rtinfo->flags |= IP6T_RT_FST;
- *flags |= IP6T_RT_FST;
break;
- case '6':
- if (*flags & IP6T_RT_FST_NSTRICT)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--rt-0-not-strict' allowed");
- if ( !(*flags & IP6T_RT_FST) )
+ case O_RT0NSTRICT:
+ if (!(cb->xflags & F_RT0ADDRS))
xtables_error(PARAMETER_PROBLEM,
"`--rt-0-addr ...' required before `--rt-0-not-strict'");
rtinfo->flags |= IP6T_RT_FST_NSTRICT;
- *flags |= IP6T_RT_FST_NSTRICT;
break;
- default:
- return 0;
}
-
- return 1;
}
static void
-print_nums(const char *name, u_int32_t min, u_int32_t max,
+print_nums(const char *name, uint32_t min, uint32_t max,
int invert)
{
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFFFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
printf("%u", min);
@@ -246,7 +163,6 @@ print_nums(const char *name, u_int32_t min, u_int32_t max,
printf(":");
printf("%u",max);
}
- printf(" ");
}
}
@@ -256,7 +172,7 @@ print_addresses(unsigned int addrnr, struct in6_addr *addrp)
unsigned int i;
for(i=0; i<addrnr; i++){
- printf("%s%c", addr_to_numeric(&(addrp[i])), (i!=addrnr-1)?',':' ');
+ printf("%c%s", (i==0)?' ':',', addr_to_numeric(&(addrp[i])));
}
}
@@ -265,24 +181,23 @@ static void rt_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_rt *rtinfo = (struct ip6t_rt *)match->data;
- printf("rt ");
+ printf(" rt");
if (rtinfo->flags & IP6T_RT_TYP)
- printf("type:%s%d ", rtinfo->invflags & IP6T_RT_INV_TYP ? "!" : "",
+ printf(" type:%s%d", rtinfo->invflags & IP6T_RT_INV_TYP ? "!" : "",
rtinfo->rt_type);
print_nums("segsleft", rtinfo->segsleft[0], rtinfo->segsleft[1],
rtinfo->invflags & IP6T_RT_INV_SGS);
if (rtinfo->flags & IP6T_RT_LEN) {
- printf("length");
+ printf(" length");
printf(":%s", rtinfo->invflags & IP6T_RT_INV_LEN ? "!" : "");
printf("%u", rtinfo->hdrlen);
- printf(" ");
}
- if (rtinfo->flags & IP6T_RT_RES) printf("reserved ");
- if (rtinfo->flags & IP6T_RT_FST) printf("0-addrs ");
+ if (rtinfo->flags & IP6T_RT_RES) printf(" reserved");
+ if (rtinfo->flags & IP6T_RT_FST) printf(" 0-addrs");
print_addresses(rtinfo->addrnr, (struct in6_addr *)rtinfo->addrs);
- if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf("0-not-strict ");
+ if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf(" 0-not-strict");
if (rtinfo->invflags & ~IP6T_RT_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
rtinfo->invflags & ~IP6T_RT_INV_MASK);
}
@@ -291,35 +206,35 @@ static void rt_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_rt *rtinfo = (struct ip6t_rt *)match->data;
if (rtinfo->flags & IP6T_RT_TYP) {
- printf("%s--rt-type %u ",
- (rtinfo->invflags & IP6T_RT_INV_TYP) ? "! " : "",
+ printf("%s --rt-type %u",
+ (rtinfo->invflags & IP6T_RT_INV_TYP) ? " !" : "",
rtinfo->rt_type);
}
if (!(rtinfo->segsleft[0] == 0
&& rtinfo->segsleft[1] == 0xFFFFFFFF)) {
- printf("%s--rt-segsleft ",
- (rtinfo->invflags & IP6T_RT_INV_SGS) ? "! " : "");
+ printf("%s --rt-segsleft ",
+ (rtinfo->invflags & IP6T_RT_INV_SGS) ? " !" : "");
if (rtinfo->segsleft[0]
!= rtinfo->segsleft[1])
- printf("%u:%u ",
+ printf("%u:%u",
rtinfo->segsleft[0],
rtinfo->segsleft[1]);
else
- printf("%u ",
+ printf("%u",
rtinfo->segsleft[0]);
}
if (rtinfo->flags & IP6T_RT_LEN) {
- printf("%s--rt-len %u ",
- (rtinfo->invflags & IP6T_RT_INV_LEN) ? "! " : "",
+ printf("%s --rt-len %u",
+ (rtinfo->invflags & IP6T_RT_INV_LEN) ? " !" : "",
rtinfo->hdrlen);
}
- if (rtinfo->flags & IP6T_RT_RES) printf("--rt-0-res ");
- if (rtinfo->flags & IP6T_RT_FST) printf("--rt-0-addrs ");
+ if (rtinfo->flags & IP6T_RT_RES) printf(" --rt-0-res");
+ if (rtinfo->flags & IP6T_RT_FST) printf(" --rt-0-addrs");
print_addresses(rtinfo->addrnr, (struct in6_addr *)rtinfo->addrs);
- if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf("--rt-0-not-strict ");
+ if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf(" --rt-0-not-strict");
}
@@ -330,11 +245,10 @@ static struct xtables_match rt_mt6_reg = {
.size = XT_ALIGN(sizeof(struct ip6t_rt)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_rt)),
.help = rt_help,
- .init = rt_init,
- .parse = rt_parse,
+ .x6_parse = rt_parse,
.print = rt_print,
.save = rt_save,
- .extra_opts = rt_opts,
+ .x6_options = rt_opts,
};
void
diff --git a/extensions/libipt_CLUSTERIP.c b/extensions/libipt_CLUSTERIP.c
index 279aacf..f4b638b 100644
--- a/extensions/libipt_CLUSTERIP.c
+++ b/extensions/libipt_CLUSTERIP.c
@@ -3,6 +3,7 @@
*
* Development of this code was funded by SuSE AG, http://www.suse.com/
*/
+#include <stdbool.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -18,6 +19,22 @@
#include <xtables.h>
#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>
+enum {
+ O_NEW = 0,
+ O_HASHMODE,
+ O_CLUSTERMAC,
+ O_TOTAL_NODES,
+ O_LOCAL_NODE,
+ O_HASH_INIT,
+ F_NEW = 1 << O_NEW,
+ F_HASHMODE = 1 << O_HASHMODE,
+ F_CLUSTERMAC = 1 << O_CLUSTERMAC,
+ F_TOTAL_NODES = 1 << O_TOTAL_NODES,
+ F_LOCAL_NODE = 1 << O_LOCAL_NODE,
+ F_FULL = F_NEW | F_HASHMODE | F_CLUSTERMAC |
+ F_TOTAL_NODES | F_LOCAL_NODE,
+};
+
static void CLUSTERIP_help(void)
{
printf(
@@ -33,140 +50,69 @@ static void CLUSTERIP_help(void)
" --hash-init <num> Set init value of the Jenkins hash\n");
}
-#define PARAM_NEW 0x0001
-#define PARAM_HMODE 0x0002
-#define PARAM_MAC 0x0004
-#define PARAM_TOTALNODE 0x0008
-#define PARAM_LOCALNODE 0x0010
-#define PARAM_HASHINIT 0x0020
-
-static const struct option CLUSTERIP_opts[] = {
- { "new", 0, NULL, '1' },
- { "hashmode", 1, NULL, '2' },
- { "clustermac", 1, NULL, '3' },
- { "total-nodes", 1, NULL, '4' },
- { "local-node", 1, NULL, '5' },
- { "hash-init", 1, NULL, '6' },
- { .name = NULL }
+#define s struct ipt_clusterip_tgt_info
+static const struct xt_option_entry CLUSTERIP_opts[] = {
+ {.name = "new", .id = O_NEW, .type = XTTYPE_NONE},
+ {.name = "hashmode", .id = O_HASHMODE, .type = XTTYPE_STRING,
+ .also = O_NEW},
+ {.name = "clustermac", .id = O_CLUSTERMAC, .type = XTTYPE_ETHERMAC,
+ .also = O_NEW, .flags = XTOPT_PUT, XTOPT_POINTER(s, clustermac)},
+ {.name = "total-nodes", .id = O_TOTAL_NODES, .type = XTTYPE_UINT16,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, num_total_nodes),
+ .also = O_NEW, .max = CLUSTERIP_MAX_NODES},
+ {.name = "local-node", .id = O_LOCAL_NODE, .type = XTTYPE_UINT16,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, local_nodes[0]),
+ .also = O_NEW, .max = CLUSTERIP_MAX_NODES},
+ {.name = "hash-init", .id = O_HASH_INIT, .type = XTTYPE_UINT32,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, hash_initval),
+ .also = O_NEW, .max = UINT_MAX},
+ XTOPT_TABLEEND,
};
+#undef s
-static void
-parse_mac(const char *mac, char *macbuf)
+static void CLUSTERIP_parse(struct xt_option_call *cb)
{
- unsigned int i = 0;
-
- if (strlen(mac) != ETH_ALEN*3-1)
- xtables_error(PARAMETER_PROBLEM, "Bad mac address \"%s\"", mac);
-
- for (i = 0; i < ETH_ALEN; i++) {
- long number;
- char *end;
+ struct ipt_clusterip_tgt_info *cipinfo = cb->data;
- number = strtol(mac + i*3, &end, 16);
-
- if (end == mac + i*3 + 2
- && number >= 0
- && number <= 255)
- macbuf[i] = number;
- else
- xtables_error(PARAMETER_PROBLEM,
- "Bad mac address `%s'", mac);
- }
-}
-
-static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- struct ipt_clusterip_tgt_info *cipinfo
- = (struct ipt_clusterip_tgt_info *)(*target)->data;
-
- switch (c) {
- unsigned int num;
- case '1':
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_NEW:
cipinfo->flags |= CLUSTERIP_FLAG_NEW;
- if (*flags & PARAM_NEW)
- xtables_error(PARAMETER_PROBLEM, "Can only specify \"--new\" once\n");
- *flags |= PARAM_NEW;
break;
- case '2':
- if (!(*flags & PARAM_NEW))
- xtables_error(PARAMETER_PROBLEM, "Can only specify hashmode combined with \"--new\"\n");
- if (*flags & PARAM_HMODE)
- xtables_error(PARAMETER_PROBLEM, "Can only specify hashmode once\n");
- if (!strcmp(optarg, "sourceip"))
+ case O_HASHMODE:
+ if (strcmp(cb->arg, "sourceip") == 0)
cipinfo->hash_mode = CLUSTERIP_HASHMODE_SIP;
- else if (!strcmp(optarg, "sourceip-sourceport"))
+ else if (strcmp(cb->arg, "sourceip-sourceport") == 0)
cipinfo->hash_mode = CLUSTERIP_HASHMODE_SIP_SPT;
- else if (!strcmp(optarg, "sourceip-sourceport-destport"))
+ else if (strcmp(cb->arg, "sourceip-sourceport-destport") == 0)
cipinfo->hash_mode = CLUSTERIP_HASHMODE_SIP_SPT_DPT;
else
xtables_error(PARAMETER_PROBLEM, "Unknown hashmode \"%s\"\n",
- optarg);
- *flags |= PARAM_HMODE;
+ cb->arg);
break;
- case '3':
- if (!(*flags & PARAM_NEW))
- xtables_error(PARAMETER_PROBLEM, "Can only specify MAC combined with \"--new\"\n");
- if (*flags & PARAM_MAC)
- xtables_error(PARAMETER_PROBLEM, "Can only specify MAC once\n");
- parse_mac(optarg, (char *)cipinfo->clustermac);
+ case O_CLUSTERMAC:
if (!(cipinfo->clustermac[0] & 0x01))
xtables_error(PARAMETER_PROBLEM, "MAC has to be a multicast ethernet address\n");
- *flags |= PARAM_MAC;
- break;
- case '4':
- if (!(*flags & PARAM_NEW))
- xtables_error(PARAMETER_PROBLEM, "Can only specify node number combined with \"--new\"\n");
- if (*flags & PARAM_TOTALNODE)
- xtables_error(PARAMETER_PROBLEM, "Can only specify total node number once\n");
- if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES))
- xtables_error(PARAMETER_PROBLEM, "Unable to parse \"%s\"\n", optarg);
- cipinfo->num_total_nodes = num;
- *flags |= PARAM_TOTALNODE;
break;
- case '5':
- if (!(*flags & PARAM_NEW))
- xtables_error(PARAMETER_PROBLEM, "Can only specify node number combined with \"--new\"\n");
- if (*flags & PARAM_LOCALNODE)
- xtables_error(PARAMETER_PROBLEM, "Can only specify local node number once\n");
- if (!xtables_strtoui(optarg, NULL, &num, 1, CLUSTERIP_MAX_NODES))
- xtables_error(PARAMETER_PROBLEM, "Unable to parse \"%s\"\n", optarg);
+ case O_LOCAL_NODE:
cipinfo->num_local_nodes = 1;
- cipinfo->local_nodes[0] = num;
- *flags |= PARAM_LOCALNODE;
break;
- case '6':
- if (!(*flags & PARAM_NEW))
- xtables_error(PARAMETER_PROBLEM, "Can only specify hash init value combined with \"--new\"\n");
- if (*flags & PARAM_HASHINIT)
- xtables_error(PARAMETER_PROBLEM, "Can specify hash init value only once\n");
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT_MAX))
- xtables_error(PARAMETER_PROBLEM, "Unable to parse \"%s\"\n", optarg);
- cipinfo->hash_initval = num;
- *flags |= PARAM_HASHINIT;
- break;
- default:
- return 0;
}
-
- return 1;
}
-static void CLUSTERIP_check(unsigned int flags)
+static void CLUSTERIP_check(struct xt_fcheck_call *cb)
{
- if (flags == 0)
+ if (cb->xflags == 0)
return;
-
- if ((flags & (PARAM_NEW|PARAM_HMODE|PARAM_MAC|PARAM_TOTALNODE|PARAM_LOCALNODE))
- == (PARAM_NEW|PARAM_HMODE|PARAM_MAC|PARAM_TOTALNODE|PARAM_LOCALNODE))
+ if ((cb->xflags & F_FULL) == F_FULL)
return;
xtables_error(PARAMETER_PROBLEM, "CLUSTERIP target: Invalid parameter combination\n");
}
-static char *hashmode2str(enum clusterip_hashmode mode)
+static const char *hashmode2str(enum clusterip_hashmode mode)
{
- char *retstr;
+ const char *retstr;
switch (mode) {
case CLUSTERIP_HASHMODE_SIP:
retstr = "sourceip";
@@ -184,7 +130,7 @@ static char *hashmode2str(enum clusterip_hashmode mode)
return retstr;
}
-static char *mac2str(const u_int8_t mac[ETH_ALEN])
+static const char *mac2str(const uint8_t mac[ETH_ALEN])
{
static char buf[ETH_ALEN*3];
sprintf(buf, "%02X:%02X:%02X:%02X:%02X:%02X",
@@ -198,12 +144,12 @@ static void CLUSTERIP_print(const void *ip,
const struct ipt_clusterip_tgt_info *cipinfo =
(const struct ipt_clusterip_tgt_info *)target->data;
- if (!cipinfo->flags & CLUSTERIP_FLAG_NEW) {
- printf("CLUSTERIP");
+ if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
+ printf(" CLUSTERIP");
return;
}
- printf("CLUSTERIP hashmode=%s clustermac=%s total_nodes=%u local_node=%u hash_init=%u",
+ printf(" CLUSTERIP hashmode=%s clustermac=%s total_nodes=%u local_node=%u hash_init=%u",
hashmode2str(cipinfo->hash_mode),
mac2str(cipinfo->clustermac),
cipinfo->num_total_nodes,
@@ -218,10 +164,10 @@ static void CLUSTERIP_save(const void *ip, const struct xt_entry_target *target)
/* if this is not a new entry, we don't need to save target
* parameters */
- if (!cipinfo->flags & CLUSTERIP_FLAG_NEW)
+ if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW))
return;
- printf("--new --hashmode %s --clustermac %s --total-nodes %d --local-node %d --hash-init %u",
+ printf(" --new --hashmode %s --clustermac %s --total-nodes %d --local-node %d --hash-init %u",
hashmode2str(cipinfo->hash_mode),
mac2str(cipinfo->clustermac),
cipinfo->num_total_nodes,
@@ -236,11 +182,11 @@ static struct xtables_target clusterip_tg_reg = {
.size = XT_ALIGN(sizeof(struct ipt_clusterip_tgt_info)),
.userspacesize = offsetof(struct ipt_clusterip_tgt_info, config),
.help = CLUSTERIP_help,
- .parse = CLUSTERIP_parse,
- .final_check = CLUSTERIP_check,
+ .x6_parse = CLUSTERIP_parse,
+ .x6_fcheck = CLUSTERIP_check,
.print = CLUSTERIP_print,
.save = CLUSTERIP_save,
- .extra_opts = CLUSTERIP_opts,
+ .x6_options = CLUSTERIP_opts,
};
void _init(void)
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index 57c5888..ff18799 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -1,44 +1,50 @@
-/* Shared library add-on to iptables to add destination-NAT support. */
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
#include <iptables.h> /* get_kernel_version */
#include <limits.h> /* INT_MAX in ip_tables.h */
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <net/netfilter/nf_nat.h>
-
-#define IPT_DNAT_OPT_DEST 0x1
-#define IPT_DNAT_OPT_RANDOM 0x2
+#include <linux/netfilter/nf_nat.h>
+
+enum {
+ O_TO_DEST = 0,
+ O_RANDOM,
+ O_PERSISTENT,
+ O_X_TO_DEST, /* hidden flag */
+ F_TO_DEST = 1 << O_TO_DEST,
+ F_RANDOM = 1 << O_RANDOM,
+ F_X_TO_DEST = 1 << O_X_TO_DEST,
+};
/* Dest NAT data consists of a multi-range, indicating where to map
to. */
struct ipt_natinfo
{
struct xt_entry_target t;
- struct nf_nat_multi_range mr;
+ struct nf_nat_ipv4_multi_range_compat mr;
};
static void DNAT_help(void)
{
printf(
"DNAT target options:\n"
-" --to-destination <ipaddr>[-<ipaddr>][:port-port]\n"
+" --to-destination [<ipaddr>[-<ipaddr>]][:port[-port]]\n"
" Address to map destination to.\n"
"[--random] [--persistent]\n");
}
-static const struct option DNAT_opts[] = {
- { "to-destination", 1, NULL, '1' },
- { "random", 0, NULL, '2' },
- { "persistent", 0, NULL, '3' },
- { .name = NULL }
+static const struct xt_option_entry DNAT_opts[] = {
+ {.name = "to-destination", .id = O_TO_DEST, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_MULTI},
+ {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
+ {.name = "persistent", .id = O_PERSISTENT, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
static struct ipt_natinfo *
-append_range(struct ipt_natinfo *info, const struct nf_nat_range *range)
+append_range(struct ipt_natinfo *info, const struct nf_nat_ipv4_range *range)
{
unsigned int size;
@@ -58,12 +64,15 @@ append_range(struct ipt_natinfo *info, const struct nf_nat_range *range)
/* Ranges expected in network order. */
static struct xt_entry_target *
-parse_to(char *arg, int portok, struct ipt_natinfo *info)
+parse_to(const char *orig_arg, int portok, struct ipt_natinfo *info)
{
- struct nf_nat_range range;
- char *colon, *dash, *error;
+ struct nf_nat_ipv4_range range;
+ char *arg, *colon, *dash, *error;
const struct in_addr *ip;
+ arg = strdup(orig_arg);
+ if (arg == NULL)
+ xtables_error(RESOURCE_PROBLEM, "strdup");
memset(&range, 0, sizeof(range));
colon = strchr(arg, ':');
@@ -74,7 +83,7 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info)
xtables_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
- range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
+ range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
port = atoi(colon+1);
if (port <= 0 || port > 65535)
@@ -106,12 +115,14 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info)
range.max.tcp.port = htons(maxport);
}
/* Starts with a colon? No IP info...*/
- if (colon == arg)
+ if (colon == arg) {
+ free(arg);
return &(append_range(info, &range)->t);
+ }
*colon = '\0';
}
- range.flags |= IP_NAT_RANGE_MAP_IPS;
+ range.flags |= NF_NAT_RANGE_MAP_IPS;
dash = strchr(arg, '-');
if (colon && dash && dash > colon)
dash = NULL;
@@ -133,14 +144,14 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info)
} else
range.max_ip = range.min_ip;
+ free(arg);
return &(append_range(info, &range)->t);
}
-static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *e, struct xt_entry_target **target)
+static void DNAT_parse(struct xt_option_call *cb)
{
- const struct ipt_entry *entry = e;
- struct ipt_natinfo *info = (void *)*target;
+ const struct ipt_entry *entry = cb->xt_entry;
+ struct ipt_natinfo *info = (void *)(*cb->target);
int portok;
if (entry->ip.proto == IPPROTO_TCP
@@ -152,53 +163,37 @@ static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags,
else
portok = 0;
- switch (c) {
- case '1':
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --to-destination");
-
- if (*flags & IPT_DNAT_OPT_DEST) {
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TO_DEST:
+ if (cb->xflags & F_X_TO_DEST) {
if (!kernel_version)
get_kernel_version();
if (kernel_version > LINUX_VERSION(2, 6, 10))
xtables_error(PARAMETER_PROBLEM,
- "Multiple --to-destination not supported");
+ "DNAT: Multiple --to-destination not supported");
}
- *target = parse_to(optarg, portok, info);
- /* WTF do we need this for?? */
- if (*flags & IPT_DNAT_OPT_RANDOM)
- info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
- *flags |= IPT_DNAT_OPT_DEST;
- return 1;
-
- case '2':
- if (*flags & IPT_DNAT_OPT_DEST) {
- info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
- *flags |= IPT_DNAT_OPT_RANDOM;
- } else
- *flags |= IPT_DNAT_OPT_RANDOM;
- return 1;
-
- case '3':
- info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT;
- return 1;
-
- default:
- return 0;
+ *cb->target = parse_to(cb->arg, portok, info);
+ cb->xflags |= F_X_TO_DEST;
+ break;
+ case O_PERSISTENT:
+ info->mr.range[0].flags |= NF_NAT_RANGE_PERSISTENT;
+ break;
}
}
-static void DNAT_check(unsigned int flags)
+static void DNAT_fcheck(struct xt_fcheck_call *cb)
{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM,
- "You must specify --to-destination");
+ static const unsigned int f = F_TO_DEST | F_RANDOM;
+ struct nf_nat_ipv4_multi_range_compat *mr = cb->data;
+
+ if ((cb->xflags & f) == f)
+ mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM;
}
-static void print_range(const struct nf_nat_range *r)
+static void print_range(const struct nf_nat_ipv4_range *r)
{
- if (r->flags & IP_NAT_RANGE_MAP_IPS) {
+ if (r->flags & NF_NAT_RANGE_MAP_IPS) {
struct in_addr a;
a.s_addr = r->min_ip;
@@ -208,7 +203,7 @@ static void print_range(const struct nf_nat_range *r)
printf("-%s", xtables_ipaddr_to_numeric(&a));
}
}
- if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
+ if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
printf(":");
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
@@ -222,14 +217,13 @@ static void DNAT_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_natinfo *info = (const void *)target;
unsigned int i = 0;
- printf("to:");
+ printf(" to:");
for (i = 0; i < info->mr.rangesize; i++) {
print_range(&info->mr.range[i]);
- printf(" ");
- if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
- if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("persistent ");
+ if (info->mr.range[i].flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" random");
+ if (info->mr.range[i].flags & NF_NAT_RANGE_PERSISTENT)
+ printf(" persistent");
}
}
@@ -239,13 +233,12 @@ static void DNAT_save(const void *ip, const struct xt_entry_target *target)
unsigned int i = 0;
for (i = 0; i < info->mr.rangesize; i++) {
- printf("--to-destination ");
+ printf(" --to-destination ");
print_range(&info->mr.range[i]);
- printf(" ");
- if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
- if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("--persistent ");
+ if (info->mr.range[i].flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" --random");
+ if (info->mr.range[i].flags & NF_NAT_RANGE_PERSISTENT)
+ printf(" --persistent");
}
}
@@ -253,14 +246,14 @@ static struct xtables_target dnat_tg_reg = {
.name = "DNAT",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
.help = DNAT_help,
- .parse = DNAT_parse,
- .final_check = DNAT_check,
+ .x6_parse = DNAT_parse,
+ .x6_fcheck = DNAT_fcheck,
.print = DNAT_print,
.save = DNAT_save,
- .extra_opts = DNAT_opts,
+ .x6_options = DNAT_opts,
};
void _init(void)
diff --git a/extensions/libipt_ECN.c b/extensions/libipt_ECN.c
index bf1f8a5..ee09f29 100644
--- a/extensions/libipt_ECN.c
+++ b/extensions/libipt_ECN.c
@@ -5,17 +5,21 @@
* This program is distributed under the terms of GNU GPL v2, 1991
*
* libipt_ECN.c borrowed heavily from libipt_DSCP.c
- *
- * $Id$
*/
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
#include <linux/netfilter_ipv4/ipt_ECN.h>
+enum {
+ O_ECN_TCP_REMOVE = 0,
+ O_ECN_TCP_CWR,
+ O_ECN_TCP_ECE,
+ O_ECN_IP_ECT,
+ F_ECN_TCP_REMOVE = 1 << O_ECN_TCP_REMOVE,
+ F_ECN_TCP_CWR = 1 << O_ECN_TCP_CWR,
+ F_ECN_TCP_ECE = 1 << O_ECN_TCP_ECE,
+};
+
static void ECN_help(void)
{
printf(
@@ -30,77 +34,49 @@ static void ECN_help(void)
" --ecn-tcp-ece Set the IPv4 ECE bit (0 or 1)\n",
#endif
-
-static const struct option ECN_opts[] = {
- { "ecn-tcp-remove", 0, NULL, 'F' },
- { "ecn-tcp-cwr", 1, NULL, 'G' },
- { "ecn-tcp-ece", 1, NULL, 'H' },
- { "ecn-ip-ect", 1, NULL, '9' },
- { .name = NULL }
+static const struct xt_option_entry ECN_opts[] = {
+ {.name = "ecn-tcp-remove", .id = O_ECN_TCP_REMOVE, .type = XTTYPE_NONE,
+ .excl = F_ECN_TCP_CWR | F_ECN_TCP_ECE},
+ {.name = "ecn-tcp-cwr", .id = O_ECN_TCP_CWR, .type = XTTYPE_UINT8,
+ .min = 0, .max = 1, .excl = F_ECN_TCP_REMOVE},
+ {.name = "ecn-tcp-ece", .id = O_ECN_TCP_ECE, .type = XTTYPE_UINT8,
+ .min = 0, .max = 1, .excl = F_ECN_TCP_REMOVE},
+ {.name = "ecn-ip-ect", .id = O_ECN_IP_ECT, .type = XTTYPE_UINT8,
+ .min = 0, .max = 3},
+ XTOPT_TABLEEND,
};
-static int ECN_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void ECN_parse(struct xt_option_call *cb)
{
- unsigned int result;
- struct ipt_ECN_info *einfo
- = (struct ipt_ECN_info *)(*target)->data;
-
- switch (c) {
- case 'F':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "ECN target: Only use --ecn-tcp-remove ONCE!");
+ struct ipt_ECN_info *einfo = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_ECN_TCP_REMOVE:
einfo->operation = IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR;
einfo->proto.tcp.ece = 0;
einfo->proto.tcp.cwr = 0;
- *flags = 1;
break;
- case 'G':
- if (*flags & IPT_ECN_OP_SET_CWR)
- xtables_error(PARAMETER_PROBLEM,
- "ECN target: Only use --ecn-tcp-cwr ONCE!");
- if (!xtables_strtoui(optarg, NULL, &result, 0, 1))
- xtables_error(PARAMETER_PROBLEM,
- "ECN target: Value out of range");
+ case O_ECN_TCP_CWR:
einfo->operation |= IPT_ECN_OP_SET_CWR;
- einfo->proto.tcp.cwr = result;
- *flags |= IPT_ECN_OP_SET_CWR;
+ einfo->proto.tcp.cwr = cb->val.u8;
break;
- case 'H':
- if (*flags & IPT_ECN_OP_SET_ECE)
- xtables_error(PARAMETER_PROBLEM,
- "ECN target: Only use --ecn-tcp-ece ONCE!");
- if (!xtables_strtoui(optarg, NULL, &result, 0, 1))
- xtables_error(PARAMETER_PROBLEM,
- "ECN target: Value out of range");
+ case O_ECN_TCP_ECE:
einfo->operation |= IPT_ECN_OP_SET_ECE;
- einfo->proto.tcp.ece = result;
- *flags |= IPT_ECN_OP_SET_ECE;
+ einfo->proto.tcp.ece = cb->val.u8;
break;
- case '9':
- if (*flags & IPT_ECN_OP_SET_IP)
- xtables_error(PARAMETER_PROBLEM,
- "ECN target: Only use --ecn-ip-ect ONCE!");
- if (!xtables_strtoui(optarg, NULL, &result, 0, 3))
- xtables_error(PARAMETER_PROBLEM,
- "ECN target: Value out of range");
+ case O_ECN_IP_ECT:
einfo->operation |= IPT_ECN_OP_SET_IP;
- einfo->ip_ect = result;
- *flags |= IPT_ECN_OP_SET_IP;
+ einfo->ip_ect = cb->val.u8;
break;
- default:
- return 0;
}
-
- return 1;
}
-static void ECN_check(unsigned int flags)
+static void ECN_check(struct xt_fcheck_call *cb)
{
- if (!flags)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM,
- "ECN target: Parameter --ecn-tcp-remove is required");
+ "ECN target: An operation is required");
}
static void ECN_print(const void *ip, const struct xt_entry_target *target,
@@ -109,21 +85,21 @@ static void ECN_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_ECN_info *einfo =
(const struct ipt_ECN_info *)target->data;
- printf("ECN ");
+ printf(" ECN");
if (einfo->operation == (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)
&& einfo->proto.tcp.ece == 0
&& einfo->proto.tcp.cwr == 0)
- printf("TCP remove ");
+ printf(" TCP remove");
else {
if (einfo->operation & IPT_ECN_OP_SET_ECE)
- printf("ECE=%u ", einfo->proto.tcp.ece);
+ printf(" ECE=%u", einfo->proto.tcp.ece);
if (einfo->operation & IPT_ECN_OP_SET_CWR)
- printf("CWR=%u ", einfo->proto.tcp.cwr);
+ printf(" CWR=%u", einfo->proto.tcp.cwr);
if (einfo->operation & IPT_ECN_OP_SET_IP)
- printf("ECT codepoint=%u ", einfo->ip_ect);
+ printf(" ECT codepoint=%u", einfo->ip_ect);
}
}
@@ -135,17 +111,17 @@ static void ECN_save(const void *ip, const struct xt_entry_target *target)
if (einfo->operation == (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)
&& einfo->proto.tcp.ece == 0
&& einfo->proto.tcp.cwr == 0)
- printf("--ecn-tcp-remove ");
+ printf(" --ecn-tcp-remove");
else {
if (einfo->operation & IPT_ECN_OP_SET_ECE)
- printf("--ecn-tcp-ece %d ", einfo->proto.tcp.ece);
+ printf(" --ecn-tcp-ece %d", einfo->proto.tcp.ece);
if (einfo->operation & IPT_ECN_OP_SET_CWR)
- printf("--ecn-tcp-cwr %d ", einfo->proto.tcp.cwr);
+ printf(" --ecn-tcp-cwr %d", einfo->proto.tcp.cwr);
if (einfo->operation & IPT_ECN_OP_SET_IP)
- printf("--ecn-ip-ect %d ", einfo->ip_ect);
+ printf(" --ecn-ip-ect %d", einfo->ip_ect);
}
}
@@ -156,11 +132,11 @@ static struct xtables_target ecn_tg_reg = {
.size = XT_ALIGN(sizeof(struct ipt_ECN_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_ECN_info)),
.help = ECN_help,
- .parse = ECN_parse,
- .final_check = ECN_check,
.print = ECN_print,
.save = ECN_save,
- .extra_opts = ECN_opts,
+ .x6_parse = ECN_parse,
+ .x6_fcheck = ECN_check,
+ .x6_options = ECN_opts,
};
void _init(void)
diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index 9afb91d..77f16d1 100644
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -1,10 +1,6 @@
-/* Shared library add-on to iptables to add LOG support. */
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
#include <syslog.h>
-#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter_ipv4/ipt_LOG.h>
@@ -16,6 +12,16 @@
#define IPT_LOG_MASK 0x0f
#endif
+enum {
+ O_LOG_LEVEL = 0,
+ O_LOG_PREFIX,
+ O_LOG_TCPSEQ,
+ O_LOG_TCPOPTS,
+ O_LOG_IPOPTS,
+ O_LOG_UID,
+ O_LOG_MAC,
+};
+
static void LOG_help(void)
{
printf(
@@ -25,18 +31,24 @@ static void LOG_help(void)
" --log-tcp-sequence Log TCP sequence numbers.\n\n"
" --log-tcp-options Log TCP options.\n\n"
" --log-ip-options Log IP options.\n\n"
-" --log-uid Log UID owning the local socket.\n\n");
+" --log-uid Log UID owning the local socket.\n\n"
+" --log-macdecode Decode MAC addresses and protocol.\n\n");
}
-static const struct option LOG_opts[] = {
- { .name = "log-level", .has_arg = 1, .val = '!' },
- { .name = "log-prefix", .has_arg = 1, .val = '#' },
- { .name = "log-tcp-sequence", .has_arg = 0, .val = '1' },
- { .name = "log-tcp-options", .has_arg = 0, .val = '2' },
- { .name = "log-ip-options", .has_arg = 0, .val = '3' },
- { .name = "log-uid", .has_arg = 0, .val = '4' },
- { .name = NULL }
+#define s struct ipt_log_info
+static const struct xt_option_entry LOG_opts[] = {
+ {.name = "log-level", .id = O_LOG_LEVEL, .type = XTTYPE_SYSLOGLEVEL,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, level)},
+ {.name = "log-prefix", .id = O_LOG_PREFIX, .type = XTTYPE_STRING,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, prefix), .min = 1},
+ {.name = "log-tcp-sequence", .id = O_LOG_TCPSEQ, .type = XTTYPE_NONE},
+ {.name = "log-tcp-options", .id = O_LOG_TCPOPTS, .type = XTTYPE_NONE},
+ {.name = "log-ip-options", .id = O_LOG_IPOPTS, .type = XTTYPE_NONE},
+ {.name = "log-uid", .id = O_LOG_UID, .type = XTTYPE_NONE},
+ {.name = "log-macdecode", .id = O_LOG_MAC, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
+#undef s
static void LOG_init(struct xt_entry_target *t)
{
@@ -63,127 +75,33 @@ static const struct ipt_log_names ipt_log_names[]
{ .name = "warning", .level = LOG_WARNING }
};
-static u_int8_t
-parse_level(const char *level)
-{
- unsigned int lev = -1;
- unsigned int set = 0;
-
- if (!xtables_strtoui(level, NULL, &lev, 0, 7)) {
- unsigned int i = 0;
-
- for (i = 0; i < ARRAY_SIZE(ipt_log_names); ++i)
- if (strncasecmp(level, ipt_log_names[i].name,
- strlen(level)) == 0) {
- if (set++)
- xtables_error(PARAMETER_PROBLEM,
- "log-level `%s' ambiguous",
- level);
- lev = ipt_log_names[i].level;
- }
-
- if (!set)
- xtables_error(PARAMETER_PROBLEM,
- "log-level `%s' unknown", level);
- }
-
- return lev;
-}
-
-#define IPT_LOG_OPT_LEVEL 0x01
-#define IPT_LOG_OPT_PREFIX 0x02
-#define IPT_LOG_OPT_TCPSEQ 0x04
-#define IPT_LOG_OPT_TCPOPT 0x08
-#define IPT_LOG_OPT_IPOPT 0x10
-#define IPT_LOG_OPT_UID 0x20
-
-static int LOG_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void LOG_parse(struct xt_option_call *cb)
{
- struct ipt_log_info *loginfo = (struct ipt_log_info *)(*target)->data;
-
- switch (c) {
- case '!':
- if (*flags & IPT_LOG_OPT_LEVEL)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-level twice");
-
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --log-level");
-
- loginfo->level = parse_level(optarg);
- *flags |= IPT_LOG_OPT_LEVEL;
- break;
-
- case '#':
- if (*flags & IPT_LOG_OPT_PREFIX)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-prefix twice");
+ struct ipt_log_info *info = cb->data;
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --log-prefix");
-
- if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
- xtables_error(PARAMETER_PROBLEM,
- "Maximum prefix length %u for --log-prefix",
- (unsigned int)sizeof(loginfo->prefix) - 1);
-
- if (strlen(optarg) == 0)
- xtables_error(PARAMETER_PROBLEM,
- "No prefix specified for --log-prefix");
-
- if (strlen(optarg) != strlen(strtok(optarg, "\n")))
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_LOG_PREFIX:
+ if (strchr(cb->arg, '\n') != NULL)
xtables_error(PARAMETER_PROBLEM,
"Newlines not allowed in --log-prefix");
-
- strcpy(loginfo->prefix, optarg);
- *flags |= IPT_LOG_OPT_PREFIX;
break;
-
- case '1':
- if (*flags & IPT_LOG_OPT_TCPSEQ)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-tcp-sequence "
- "twice");
-
- loginfo->logflags |= IPT_LOG_TCPSEQ;
- *flags |= IPT_LOG_OPT_TCPSEQ;
+ case O_LOG_TCPSEQ:
+ info->logflags |= IPT_LOG_TCPSEQ;
break;
-
- case '2':
- if (*flags & IPT_LOG_OPT_TCPOPT)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-tcp-options twice");
-
- loginfo->logflags |= IPT_LOG_TCPOPT;
- *flags |= IPT_LOG_OPT_TCPOPT;
+ case O_LOG_TCPOPTS:
+ info->logflags |= IPT_LOG_TCPOPT;
break;
-
- case '3':
- if (*flags & IPT_LOG_OPT_IPOPT)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-ip-options twice");
-
- loginfo->logflags |= IPT_LOG_IPOPT;
- *flags |= IPT_LOG_OPT_IPOPT;
+ case O_LOG_IPOPTS:
+ info->logflags |= IPT_LOG_IPOPT;
break;
-
- case '4':
- if (*flags & IPT_LOG_OPT_UID)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --log-uid twice");
-
- loginfo->logflags |= IPT_LOG_UID;
- *flags |= IPT_LOG_OPT_UID;
+ case O_LOG_UID:
+ info->logflags |= IPT_LOG_UID;
+ break;
+ case O_LOG_MAC:
+ info->logflags |= IPT_LOG_MACDECODE;
break;
-
- default:
- return 0;
}
-
- return 1;
}
static void LOG_print(const void *ip, const struct xt_entry_target *target,
@@ -193,32 +111,34 @@ static void LOG_print(const void *ip, const struct xt_entry_target *target,
= (const struct ipt_log_info *)target->data;
unsigned int i = 0;
- printf("LOG ");
+ printf(" LOG");
if (numeric)
- printf("flags %u level %u ",
+ printf(" flags %u level %u",
loginfo->logflags, loginfo->level);
else {
for (i = 0; i < ARRAY_SIZE(ipt_log_names); ++i)
if (loginfo->level == ipt_log_names[i].level) {
- printf("level %s ", ipt_log_names[i].name);
+ printf(" level %s", ipt_log_names[i].name);
break;
}
if (i == ARRAY_SIZE(ipt_log_names))
- printf("UNKNOWN level %u ", loginfo->level);
+ printf(" UNKNOWN level %u", loginfo->level);
if (loginfo->logflags & IPT_LOG_TCPSEQ)
- printf("tcp-sequence ");
+ printf(" tcp-sequence");
if (loginfo->logflags & IPT_LOG_TCPOPT)
- printf("tcp-options ");
+ printf(" tcp-options");
if (loginfo->logflags & IPT_LOG_IPOPT)
- printf("ip-options ");
+ printf(" ip-options");
if (loginfo->logflags & IPT_LOG_UID)
- printf("uid ");
+ printf(" uid");
+ if (loginfo->logflags & IPT_LOG_MACDECODE)
+ printf(" macdecode");
if (loginfo->logflags & ~(IPT_LOG_MASK))
- printf("unknown-flags ");
+ printf(" unknown-flags");
}
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
+ printf(" prefix \"%s\"", loginfo->prefix);
}
static void LOG_save(const void *ip, const struct xt_entry_target *target)
@@ -227,35 +147,37 @@ static void LOG_save(const void *ip, const struct xt_entry_target *target)
= (const struct ipt_log_info *)target->data;
if (strcmp(loginfo->prefix, "") != 0) {
- printf("--log-prefix ");
+ printf(" --log-prefix");
xtables_save_string(loginfo->prefix);
}
if (loginfo->level != LOG_DEFAULT_LEVEL)
- printf("--log-level %d ", loginfo->level);
+ printf(" --log-level %d", loginfo->level);
if (loginfo->logflags & IPT_LOG_TCPSEQ)
- printf("--log-tcp-sequence ");
+ printf(" --log-tcp-sequence");
if (loginfo->logflags & IPT_LOG_TCPOPT)
- printf("--log-tcp-options ");
+ printf(" --log-tcp-options");
if (loginfo->logflags & IPT_LOG_IPOPT)
- printf("--log-ip-options ");
+ printf(" --log-ip-options");
if (loginfo->logflags & IPT_LOG_UID)
- printf("--log-uid ");
+ printf(" --log-uid");
+ if (loginfo->logflags & IPT_LOG_MACDECODE)
+ printf(" --log-macdecode");
}
static struct xtables_target log_tg_reg = {
- .name = "LOG",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_log_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_log_info)),
- .help = LOG_help,
- .init = LOG_init,
- .parse = LOG_parse,
- .print = LOG_print,
- .save = LOG_save,
- .extra_opts = LOG_opts,
+ .name = "LOG",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct ipt_log_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_log_info)),
+ .help = LOG_help,
+ .init = LOG_init,
+ .print = LOG_print,
+ .save = LOG_save,
+ .x6_parse = LOG_parse,
+ .x6_options = LOG_opts,
};
void _init(void)
diff --git a/extensions/libipt_LOG.man b/extensions/libipt_LOG.man
deleted file mode 100644
index 47c35e0..0000000
--- a/extensions/libipt_LOG.man
+++ /dev/null
@@ -1,31 +0,0 @@
-Turn on kernel logging of matching packets. When this option is set
-for a rule, the Linux kernel will print some information on all
-matching packets (like most IP header fields) via the kernel log
-(where it can be read with
-.I dmesg
-or
-.IR syslogd (8)).
-This is a "non-terminating target", i.e. rule traversal continues at
-the next rule. So if you want to LOG the packets you refuse, use two
-separate rules with the same matching criteria, first using target LOG
-then DROP (or REJECT).
-.TP
-\fB\-\-log\-level\fP \fIlevel\fP
-Level of logging (numeric or see \fIsyslog.conf\fP(5)).
-.TP
-\fB\-\-log\-prefix\fP \fIprefix\fP
-Prefix log messages with the specified prefix; up to 29 letters long,
-and useful for distinguishing messages in the logs.
-.TP
-\fB\-\-log\-tcp\-sequence\fP
-Log TCP sequence numbers. This is a security risk if the log is
-readable by users.
-.TP
-\fB\-\-log\-tcp\-options\fP
-Log options from the TCP packet header.
-.TP
-\fB\-\-log\-ip\-options\fP
-Log options from the IP packet header.
-.TP
-\fB\-\-log\-uid\fP
-Log the userid of the process which generated the packet.
diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c
index 3386ff3..ea07445 100644
--- a/extensions/libipt_MASQUERADE.c
+++ b/extensions/libipt_MASQUERADE.c
@@ -1,4 +1,3 @@
-/* Shared library add-on to iptables to add masquerade support. */
#include <stdio.h>
#include <netdb.h>
#include <string.h>
@@ -7,7 +6,12 @@
#include <xtables.h>
#include <limits.h> /* INT_MAX in ip_tables.h */
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <net/netfilter/nf_nat.h>
+#include <linux/netfilter/nf_nat.h>
+
+enum {
+ O_TO_PORTS = 0,
+ O_RANDOM,
+};
static void MASQUERADE_help(void)
{
@@ -19,29 +23,28 @@ static void MASQUERADE_help(void)
" Randomize source port.\n");
}
-static const struct option MASQUERADE_opts[] = {
- { "to-ports", 1, NULL, '1' },
- { "random", 0, NULL, '2' },
- { .name = NULL }
+static const struct xt_option_entry MASQUERADE_opts[] = {
+ {.name = "to-ports", .id = O_TO_PORTS, .type = XTTYPE_STRING},
+ {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
static void MASQUERADE_init(struct xt_entry_target *t)
{
- struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
+ struct nf_nat_ipv4_multi_range_compat *mr = (struct nf_nat_ipv4_multi_range_compat *)t->data;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
-
}
/* Parses ports */
static void
-parse_ports(const char *arg, struct nf_nat_multi_range *mr)
+parse_ports(const char *arg, struct nf_nat_ipv4_multi_range_compat *mr)
{
char *end;
unsigned int port, maxport;
- mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
+ mr->range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
if (!xtables_strtoui(arg, &end, &port, 0, UINT16_MAX))
xtables_param_act(XTF_BAD_VALUE, "MASQUERADE", "--to-ports", arg);
@@ -68,13 +71,11 @@ parse_ports(const char *arg, struct nf_nat_multi_range *mr)
xtables_param_act(XTF_BAD_VALUE, "MASQUERADE", "--to-ports", arg);
}
-static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *e, struct xt_entry_target **target)
+static void MASQUERADE_parse(struct xt_option_call *cb)
{
- const struct ipt_entry *entry = e;
+ const struct ipt_entry *entry = cb->xt_entry;
int portok;
- struct nf_nat_multi_range *mr
- = (struct nf_nat_multi_range *)(*target)->data;
+ struct nf_nat_ipv4_multi_range_compat *mr = cb->data;
if (entry->ip.proto == IPPROTO_TCP
|| entry->ip.proto == IPPROTO_UDP
@@ -85,25 +86,17 @@ static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags,
else
portok = 0;
- switch (c) {
- case '1':
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TO_PORTS:
if (!portok)
xtables_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
-
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --to-ports");
-
- parse_ports(optarg, mr);
- return 1;
-
- case '2':
- mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
- return 1;
-
- default:
- return 0;
+ parse_ports(cb->arg, mr);
+ break;
+ case O_RANDOM:
+ mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM;
+ break;
}
}
@@ -111,50 +104,48 @@ static void
MASQUERADE_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
- const struct nf_nat_multi_range *mr = (const void *)target->data;
- const struct nf_nat_range *r = &mr->range[0];
+ const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data;
+ const struct nf_nat_ipv4_range *r = &mr->range[0];
- if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("masq ports: ");
+ if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+ printf(" masq ports: ");
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
}
- if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
+ if (r->flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" random");
}
static void
MASQUERADE_save(const void *ip, const struct xt_entry_target *target)
{
- const struct nf_nat_multi_range *mr = (const void *)target->data;
- const struct nf_nat_range *r = &mr->range[0];
+ const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data;
+ const struct nf_nat_ipv4_range *r = &mr->range[0];
- if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("--to-ports %hu", ntohs(r->min.tcp.port));
+ if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+ printf(" --to-ports %hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
}
- if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
+ if (r->flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" --random");
}
static struct xtables_target masquerade_tg_reg = {
.name = "MASQUERADE",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
.help = MASQUERADE_help,
.init = MASQUERADE_init,
- .parse = MASQUERADE_parse,
+ .x6_parse = MASQUERADE_parse,
.print = MASQUERADE_print,
.save = MASQUERADE_save,
- .extra_opts = MASQUERADE_opts,
+ .x6_options = MASQUERADE_opts,
};
void _init(void)
diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c
index b05022b..dee7b01 100644
--- a/extensions/libipt_NETMAP.c
+++ b/extensions/libipt_NETMAP.c
@@ -1,20 +1,24 @@
/* Shared library add-on to iptables to add static NAT support.
Author: Svenning Soerensen <svenning@post5.tele.dk>
*/
-
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <getopt.h>
#include <xtables.h>
-#include <net/netfilter/nf_nat.h>
+#include <linux/netfilter/nf_nat.h>
#define MODULENAME "NETMAP"
-static const struct option NETMAP_opts[] = {
- { "to", 1, NULL, '1' },
- { .name = NULL }
+enum {
+ O_TO = 0,
+};
+
+static const struct xt_option_entry NETMAP_opts[] = {
+ {.name = "to", .id = O_TO, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_MAND},
+ XTOPT_TABLEEND,
};
static void NETMAP_help(void)
@@ -25,22 +29,10 @@ static void NETMAP_help(void)
NETMAP_opts[0].name);
}
-static u_int32_t
-bits2netmask(int bits)
-{
- u_int32_t netmask, bm;
-
- if (bits >= 32 || bits < 0)
- return(~0);
- for (netmask = 0, bm = 0x80000000; bits; bits--, bm >>= 1)
- netmask |= bm;
- return htonl(netmask);
-}
-
static int
-netmask2bits(u_int32_t netmask)
+netmask2bits(uint32_t netmask)
{
- u_int32_t bm;
+ uint32_t bm;
int bits;
netmask = ntohl(netmask);
@@ -53,95 +45,28 @@ netmask2bits(u_int32_t netmask)
static void NETMAP_init(struct xt_entry_target *t)
{
- struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
+ struct nf_nat_ipv4_multi_range_compat *mr = (struct nf_nat_ipv4_multi_range_compat *)t->data;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
-
-}
-
-/* Parses network address */
-static void
-parse_to(char *arg, struct nf_nat_range *range)
-{
- char *slash;
- const struct in_addr *ip;
- u_int32_t netmask;
- unsigned int bits;
-
- range->flags |= IP_NAT_RANGE_MAP_IPS;
- slash = strchr(arg, '/');
- if (slash)
- *slash = '\0';
-
- ip = xtables_numeric_to_ipaddr(arg);
- if (!ip)
- xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
- arg);
- range->min_ip = ip->s_addr;
- if (slash) {
- if (strchr(slash+1, '.')) {
- ip = xtables_numeric_to_ipmask(slash+1);
- if (!ip)
- xtables_error(PARAMETER_PROBLEM, "Bad netmask \"%s\"\n",
- slash+1);
- netmask = ip->s_addr;
- }
- else {
- if (!xtables_strtoui(slash+1, NULL, &bits, 0, 32))
- xtables_error(PARAMETER_PROBLEM, "Bad netmask \"%s\"\n",
- slash+1);
- netmask = bits2netmask(bits);
- }
- /* Don't allow /0 (/1 is probably insane, too) */
- if (netmask == 0)
- xtables_error(PARAMETER_PROBLEM, "Netmask needed\n");
- }
- else
- netmask = ~0;
-
- if (range->min_ip & ~netmask) {
- if (slash)
- *slash = '/';
- xtables_error(PARAMETER_PROBLEM, "Bad network address \"%s\"\n",
- arg);
- }
- range->max_ip = range->min_ip | ~netmask;
}
-static int NETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void NETMAP_parse(struct xt_option_call *cb)
{
- struct nf_nat_multi_range *mr
- = (struct nf_nat_multi_range *)(*target)->data;
+ struct nf_nat_ipv4_multi_range_compat *mr = cb->data;
+ struct nf_nat_ipv4_range *range = &mr->range[0];
- switch (c) {
- case '1':
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --%s", NETMAP_opts[0].name);
-
- parse_to(optarg, &mr->range[0]);
- *flags = 1;
- return 1;
-
- default:
- return 0;
- }
-}
-
-static void NETMAP_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM,
- MODULENAME" needs --%s", NETMAP_opts[0].name);
+ xtables_option_parse(cb);
+ range->flags |= NF_NAT_RANGE_MAP_IPS;
+ range->min_ip = cb->val.haddr.ip & cb->val.hmask.ip;
+ range->max_ip = range->min_ip | ~cb->val.hmask.ip;
}
static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
- const struct nf_nat_multi_range *mr = (const void *)target->data;
- const struct nf_nat_range *r = &mr->range[0];
+ const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data;
+ const struct nf_nat_ipv4_range *r = &mr->range[0];
struct in_addr a;
int bits;
@@ -157,7 +82,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
static void NETMAP_save(const void *ip, const struct xt_entry_target *target)
{
- printf("--%s ", NETMAP_opts[0].name);
+ printf(" --%s ", NETMAP_opts[0].name);
NETMAP_print(ip, target, 0);
}
@@ -165,15 +90,14 @@ static struct xtables_target netmap_tg_reg = {
.name = MODULENAME,
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
.help = NETMAP_help,
.init = NETMAP_init,
- .parse = NETMAP_parse,
- .final_check = NETMAP_check,
+ .x6_parse = NETMAP_parse,
.print = NETMAP_print,
.save = NETMAP_save,
- .extra_opts = NETMAP_opts,
+ .x6_options = NETMAP_opts,
};
void _init(void)
diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c
index 324d0eb..610a949 100644
--- a/extensions/libipt_REDIRECT.c
+++ b/extensions/libipt_REDIRECT.c
@@ -1,16 +1,17 @@
-/* Shared library add-on to iptables to add redirect support. */
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
#include <limits.h> /* INT_MAX in ip_tables.h */
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <net/netfilter/nf_nat.h>
+#include <linux/netfilter/nf_nat.h>
-#define IPT_REDIRECT_OPT_DEST 0x01
-#define IPT_REDIRECT_OPT_RANDOM 0x02
+enum {
+ O_TO_PORTS = 0,
+ O_RANDOM,
+ F_TO_PORTS = 1 << O_TO_PORTS,
+ F_RANDOM = 1 << O_RANDOM,
+};
static void REDIRECT_help(void)
{
@@ -21,29 +22,28 @@ static void REDIRECT_help(void)
" [--random]\n");
}
-static const struct option REDIRECT_opts[] = {
- { "to-ports", 1, NULL, '1' },
- { "random", 0, NULL, '2' },
- { .name = NULL }
+static const struct xt_option_entry REDIRECT_opts[] = {
+ {.name = "to-ports", .id = O_TO_PORTS, .type = XTTYPE_STRING},
+ {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
static void REDIRECT_init(struct xt_entry_target *t)
{
- struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
+ struct nf_nat_ipv4_multi_range_compat *mr = (struct nf_nat_ipv4_multi_range_compat *)t->data;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
-
}
/* Parses ports */
static void
-parse_ports(const char *arg, struct nf_nat_multi_range *mr)
+parse_ports(const char *arg, struct nf_nat_ipv4_multi_range_compat *mr)
{
- char *end;
+ char *end = "";
unsigned int port, maxport;
- mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
+ mr->range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
if (!xtables_strtoui(arg, &end, &port, 0, UINT16_MAX) &&
(port = xtables_service_to_port(arg, NULL)) == (unsigned)-1)
@@ -72,12 +72,10 @@ parse_ports(const char *arg, struct nf_nat_multi_range *mr)
xtables_param_act(XTF_BAD_VALUE, "REDIRECT", "--to-ports", arg);
}
-static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *e, struct xt_entry_target **target)
+static void REDIRECT_parse(struct xt_option_call *cb)
{
- const struct ipt_entry *entry = e;
- struct nf_nat_multi_range *mr
- = (struct nf_nat_multi_range *)(*target)->data;
+ const struct ipt_entry *entry = cb->xt_entry;
+ struct nf_nat_ipv4_multi_range_compat *mr = (void *)(*cb->target)->data;
int portok;
if (entry->ip.proto == IPPROTO_TCP
@@ -89,65 +87,51 @@ static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags,
else
portok = 0;
- switch (c) {
- case '1':
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TO_PORTS:
if (!portok)
xtables_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
-
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --to-ports");
-
- parse_ports(optarg, mr);
- if (*flags & IPT_REDIRECT_OPT_RANDOM)
- mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
- *flags |= IPT_REDIRECT_OPT_DEST;
- return 1;
-
- case '2':
- if (*flags & IPT_REDIRECT_OPT_DEST) {
- mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
- *flags |= IPT_REDIRECT_OPT_RANDOM;
- } else
- *flags |= IPT_REDIRECT_OPT_RANDOM;
- return 1;
-
- default:
- return 0;
+ parse_ports(cb->arg, mr);
+ if (cb->xflags & F_RANDOM)
+ mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM;
+ break;
+ case O_RANDOM:
+ if (cb->xflags & F_TO_PORTS)
+ mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM;
+ break;
}
}
static void REDIRECT_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
- const struct nf_nat_multi_range *mr = (const void *)target->data;
- const struct nf_nat_range *r = &mr->range[0];
+ const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data;
+ const struct nf_nat_ipv4_range *r = &mr->range[0];
- if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("redir ports ");
+ if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+ printf(" redir ports ");
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
- if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
+ if (mr->range[0].flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" random");
}
}
static void REDIRECT_save(const void *ip, const struct xt_entry_target *target)
{
- const struct nf_nat_multi_range *mr = (const void *)target->data;
- const struct nf_nat_range *r = &mr->range[0];
+ const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data;
+ const struct nf_nat_ipv4_range *r = &mr->range[0];
- if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("--to-ports ");
+ if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+ printf(" --to-ports ");
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
- if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
+ if (mr->range[0].flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" --random");
}
}
@@ -155,14 +139,14 @@ static struct xtables_target redirect_tg_reg = {
.name = "REDIRECT",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
.help = REDIRECT_help,
.init = REDIRECT_init,
- .parse = REDIRECT_parse,
+ .x6_parse = REDIRECT_parse,
.print = REDIRECT_print,
.save = REDIRECT_save,
- .extra_opts = REDIRECT_opts,
+ .x6_options = REDIRECT_opts,
};
void _init(void)
diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
index 85d9e53..362c65e 100644
--- a/extensions/libipt_REJECT.c
+++ b/extensions/libipt_REJECT.c
@@ -4,8 +4,6 @@
*/
#include <stdio.h>
#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter_ipv4/ipt_REJECT.h>
#include <linux/version.h>
@@ -26,6 +24,10 @@ struct reject_names {
const char *desc;
};
+enum {
+ O_REJECT_WITH = 0,
+};
+
static const struct reject_names reject_table[] = {
{"icmp-net-unreachable", "net-unreach",
IPT_ICMP_NET_UNREACHABLE, "ICMP network unreachable"},
@@ -75,9 +77,9 @@ static void REJECT_help(void)
printf("(*) See man page or read the INCOMPATIBILITES file for compatibility issues.\n");
}
-static const struct option REJECT_opts[] = {
- { "reject-with", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry REJECT_opts[] = {
+ {.name = "reject-with", .id = O_REJECT_WITH, .type = XTTYPE_STRING},
+ XTOPT_TABLEEND,
};
static void REJECT_init(struct xt_entry_target *t)
@@ -89,36 +91,27 @@ static void REJECT_init(struct xt_entry_target *t)
}
-static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void REJECT_parse(struct xt_option_call *cb)
{
- struct ipt_reject_info *reject = (struct ipt_reject_info *)(*target)->data;
- static const unsigned int limit = ARRAY_SIZE(reject_table);
+ struct ipt_reject_info *reject = cb->data;
unsigned int i;
- switch(c) {
- case '1':
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --reject-with");
- for (i = 0; i < limit; i++) {
- if ((strncasecmp(reject_table[i].name, optarg, strlen(optarg)) == 0)
- || (strncasecmp(reject_table[i].alias, optarg, strlen(optarg)) == 0)) {
- reject->with = reject_table[i].with;
- return 1;
- }
+ xtables_option_parse(cb);
+ for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
+ if (strncasecmp(reject_table[i].name,
+ cb->arg, strlen(cb->arg)) == 0 ||
+ strncasecmp(reject_table[i].alias,
+ cb->arg, strlen(cb->arg)) == 0) {
+ reject->with = reject_table[i].with;
+ return;
}
- /* This due to be dropped late in 2.4 pre-release cycle --RR */
- if (strncasecmp("echo-reply", optarg, strlen(optarg)) == 0
- || strncasecmp("echoreply", optarg, strlen(optarg)) == 0)
- fprintf(stderr, "--reject-with echo-reply no longer"
- " supported\n");
- xtables_error(PARAMETER_PROBLEM, "unknown reject type \"%s\"", optarg);
- default:
- /* Fall through */
- break;
- }
- return 0;
+ /* This due to be dropped late in 2.4 pre-release cycle --RR */
+ if (strncasecmp("echo-reply", cb->arg, strlen(cb->arg)) == 0 ||
+ strncasecmp("echoreply", cb->arg, strlen(cb->arg)) == 0)
+ fprintf(stderr, "--reject-with echo-reply no longer"
+ " supported\n");
+ xtables_error(PARAMETER_PROBLEM,
+ "unknown reject type \"%s\"", cb->arg);
}
static void REJECT_print(const void *ip, const struct xt_entry_target *target,
@@ -131,7 +124,7 @@ static void REJECT_print(const void *ip, const struct xt_entry_target *target,
for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
if (reject_table[i].with == reject->with)
break;
- printf("reject-with %s ", reject_table[i].name);
+ printf(" reject-with %s", reject_table[i].name);
}
static void REJECT_save(const void *ip, const struct xt_entry_target *target)
@@ -144,7 +137,7 @@ static void REJECT_save(const void *ip, const struct xt_entry_target *target)
if (reject_table[i].with == reject->with)
break;
- printf("--reject-with %s ", reject_table[i].name);
+ printf(" --reject-with %s", reject_table[i].name);
}
static struct xtables_target reject_tg_reg = {
@@ -155,10 +148,10 @@ static struct xtables_target reject_tg_reg = {
.userspacesize = XT_ALIGN(sizeof(struct ipt_reject_info)),
.help = REJECT_help,
.init = REJECT_init,
- .parse = REJECT_parse,
.print = REJECT_print,
.save = REJECT_save,
- .extra_opts = REJECT_opts,
+ .x6_parse = REJECT_parse,
+ .x6_options = REJECT_opts,
};
void _init(void)
diff --git a/extensions/libipt_REJECT.man b/extensions/libipt_REJECT.man
index c419a85..926da03 100644
--- a/extensions/libipt_REJECT.man
+++ b/extensions/libipt_REJECT.man
@@ -18,9 +18,9 @@ The type given can be
\fBicmp\-port\-unreachable\fP,
\fBicmp\-proto\-unreachable\fP,
\fBicmp\-net\-prohibited\fP,
-\fBicmp\-host\-prohibited\fP or
-\fBicmp\-admin\-prohibited\fP (*)
-which return the appropriate ICMP error message (\fBport\-unreachable\fP is
+\fBicmp\-host\-prohibited\fP, or
+\fBicmp\-admin\-prohibited\fP (*),
+which return the appropriate ICMP error message (\fBicmp\-port\-unreachable\fP is
the default). The option
\fBtcp\-reset\fP
can be used on rules which only match the TCP protocol: this causes a
diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index ed02ef9..5d5bf63 100644
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -1,14 +1,18 @@
-/* Shared library add-on to iptables to add simple non load-balancing SNAT support. */
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
-#include <net/netfilter/nf_nat.h>
-/* For 64bit kernel / 32bit userspace */
+#include <linux/netfilter/nf_nat.h>
#include <linux/netfilter_ipv4/ipt_SAME.h>
+enum {
+ O_TO_ADDR = 0,
+ O_NODST,
+ O_RANDOM,
+ F_TO_ADDR = 1 << O_TO_ADDR,
+ F_RANDOM = 1 << O_RANDOM,
+};
+
static void SAME_help(void)
{
printf(
@@ -24,32 +28,24 @@ static void SAME_help(void)
" Randomize source port\n");
}
-static const struct option SAME_opts[] = {
- { "to", 1, NULL, '1' },
- { "nodst", 0, NULL, '2'},
- { "random", 0, NULL, '3' },
- { .name = NULL }
+static const struct xt_option_entry SAME_opts[] = {
+ {.name = "to", .id = O_TO_ADDR, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND},
+ {.name = "nodst", .id = O_NODST, .type = XTTYPE_NONE},
+ {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
-static void SAME_init(struct xt_entry_target *t)
-{
- struct ipt_same_info *mr = (struct ipt_same_info *)t->data;
-
- /* Set default to 0 */
- mr->rangesize = 0;
- mr->info = 0;
- mr->ipnum = 0;
-
-}
-
/* Parses range of IPs */
-static void
-parse_to(char *arg, struct nf_nat_range *range)
+static void parse_to(const char *orig_arg, struct nf_nat_ipv4_range *range)
{
- char *dash;
+ char *dash, *arg;
const struct in_addr *ip;
- range->flags |= IP_NAT_RANGE_MAP_IPS;
+ arg = strdup(orig_arg);
+ if (arg == NULL)
+ xtables_error(RESOURCE_PROBLEM, "strdup");
+ range->flags |= NF_NAT_RANGE_MAP_IPS;
dash = strchr(arg, '-');
if (dash)
@@ -72,66 +68,44 @@ parse_to(char *arg, struct nf_nat_range *range)
if (range->min_ip > range->max_ip)
xtables_error(PARAMETER_PROBLEM, "Bad IP range \"%s-%s\"\n",
arg, dash+1);
+ free(arg);
}
-#define IPT_SAME_OPT_TO 0x01
-#define IPT_SAME_OPT_NODST 0x02
-#define IPT_SAME_OPT_RANDOM 0x04
-
-static int SAME_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void SAME_parse(struct xt_option_call *cb)
{
- struct ipt_same_info *mr
- = (struct ipt_same_info *)(*target)->data;
+ struct ipt_same_info *mr = cb->data;
unsigned int count;
- switch (c) {
- case '1':
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TO_ADDR:
if (mr->rangesize == IPT_SAME_MAX_RANGE)
xtables_error(PARAMETER_PROBLEM,
"Too many ranges specified, maximum "
"is %i ranges.\n",
IPT_SAME_MAX_RANGE);
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --to");
-
- parse_to(optarg, &mr->range[mr->rangesize]);
- /* WTF do we need this for? */
- if (*flags & IPT_SAME_OPT_RANDOM)
- mr->range[mr->rangesize].flags
- |= IP_NAT_RANGE_PROTO_RANDOM;
+ parse_to(cb->arg, &mr->range[mr->rangesize]);
mr->rangesize++;
- *flags |= IPT_SAME_OPT_TO;
break;
-
- case '2':
- if (*flags & IPT_SAME_OPT_NODST)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --nodst twice");
-
+ case O_NODST:
mr->info |= IPT_SAME_NODST;
- *flags |= IPT_SAME_OPT_NODST;
break;
-
- case '3':
- *flags |= IPT_SAME_OPT_RANDOM;
+ case O_RANDOM:
for (count=0; count < mr->rangesize; count++)
- mr->range[count].flags |= IP_NAT_RANGE_PROTO_RANDOM;
+ mr->range[count].flags |= NF_NAT_RANGE_PROTO_RANDOM;
break;
-
- default:
- return 0;
}
-
- return 1;
}
-static void SAME_check(unsigned int flags)
+static void SAME_fcheck(struct xt_fcheck_call *cb)
{
- if (!(flags & IPT_SAME_OPT_TO))
- xtables_error(PARAMETER_PROBLEM,
- "SAME needs --to");
+ static const unsigned int f = F_TO_ADDR | F_RANDOM;
+ struct ipt_same_info *mr = cb->data;
+ unsigned int count;
+
+ if ((cb->xflags & f) == f)
+ for (count = 0; count < mr->rangesize; ++count)
+ mr->range[count].flags |= NF_NAT_RANGE_PROTO_RANDOM;
}
static void SAME_print(const void *ip, const struct xt_entry_target *target,
@@ -141,10 +115,10 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_same_info *mr = (const void *)target->data;
int random_selection = 0;
- printf("same:");
-
+ printf(" same:");
+
for (count = 0; count < mr->rangesize; count++) {
- const struct nf_nat_range *r = &mr->range[count];
+ const struct nf_nat_ipv4_range *r = &mr->range[count];
struct in_addr a;
a.s_addr = r->min_ip;
@@ -152,19 +126,17 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target,
printf("%s", xtables_ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
- if (r->min_ip == r->max_ip)
- printf(" ");
- else
- printf("-%s ", xtables_ipaddr_to_numeric(&a));
- if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
+ if (r->min_ip != r->max_ip)
+ printf("-%s", xtables_ipaddr_to_numeric(&a));
+ if (r->flags & NF_NAT_RANGE_PROTO_RANDOM)
random_selection = 1;
}
if (mr->info & IPT_SAME_NODST)
- printf("nodst ");
+ printf(" nodst");
if (random_selection)
- printf("random ");
+ printf(" random");
}
static void SAME_save(const void *ip, const struct xt_entry_target *target)
@@ -174,26 +146,24 @@ static void SAME_save(const void *ip, const struct xt_entry_target *target)
int random_selection = 0;
for (count = 0; count < mr->rangesize; count++) {
- const struct nf_nat_range *r = &mr->range[count];
+ const struct nf_nat_ipv4_range *r = &mr->range[count];
struct in_addr a;
a.s_addr = r->min_ip;
- printf("--to %s", xtables_ipaddr_to_numeric(&a));
+ printf(" --to %s", xtables_ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
- if (r->min_ip == r->max_ip)
- printf(" ");
- else
- printf("-%s ", xtables_ipaddr_to_numeric(&a));
- if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
+ if (r->min_ip != r->max_ip)
+ printf("-%s", xtables_ipaddr_to_numeric(&a));
+ if (r->flags & NF_NAT_RANGE_PROTO_RANDOM)
random_selection = 1;
}
if (mr->info & IPT_SAME_NODST)
- printf("--nodst ");
+ printf(" --nodst");
if (random_selection)
- printf("--random ");
+ printf(" --random");
}
static struct xtables_target same_tg_reg = {
@@ -203,12 +173,11 @@ static struct xtables_target same_tg_reg = {
.size = XT_ALIGN(sizeof(struct ipt_same_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_same_info)),
.help = SAME_help,
- .init = SAME_init,
- .parse = SAME_parse,
- .final_check = SAME_check,
+ .x6_parse = SAME_parse,
+ .x6_fcheck = SAME_fcheck,
.print = SAME_print,
.save = SAME_save,
- .extra_opts = SAME_opts,
+ .x6_options = SAME_opts,
};
void _init(void)
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index f7c93d8..1a24f3d 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -1,44 +1,50 @@
-/* Shared library add-on to iptables to add source-NAT support. */
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
#include <iptables.h>
#include <limits.h> /* INT_MAX in ip_tables.h */
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <net/netfilter/nf_nat.h>
-
-#define IPT_SNAT_OPT_SOURCE 0x01
-#define IPT_SNAT_OPT_RANDOM 0x02
+#include <linux/netfilter/nf_nat.h>
+
+enum {
+ O_TO_SRC = 0,
+ O_RANDOM,
+ O_PERSISTENT,
+ O_X_TO_SRC,
+ F_TO_SRC = 1 << O_TO_SRC,
+ F_RANDOM = 1 << O_RANDOM,
+ F_X_TO_SRC = 1 << O_X_TO_SRC,
+};
/* Source NAT data consists of a multi-range, indicating where to map
to. */
struct ipt_natinfo
{
struct xt_entry_target t;
- struct nf_nat_multi_range mr;
+ struct nf_nat_ipv4_multi_range_compat mr;
};
static void SNAT_help(void)
{
printf(
"SNAT target options:\n"
-" --to-source <ipaddr>[-<ipaddr>][:port-port]\n"
+" --to-source [<ipaddr>[-<ipaddr>]][:port[-port]]\n"
" Address to map source to.\n"
"[--random] [--persistent]\n");
}
-static const struct option SNAT_opts[] = {
- { "to-source", 1, NULL, '1' },
- { "random", 0, NULL, '2' },
- { "persistent", 0, NULL, '3' },
- { .name = NULL }
+static const struct xt_option_entry SNAT_opts[] = {
+ {.name = "to-source", .id = O_TO_SRC, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_MULTI},
+ {.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
+ {.name = "persistent", .id = O_PERSISTENT, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
static struct ipt_natinfo *
-append_range(struct ipt_natinfo *info, const struct nf_nat_range *range)
+append_range(struct ipt_natinfo *info, const struct nf_nat_ipv4_range *range)
{
unsigned int size;
@@ -58,12 +64,15 @@ append_range(struct ipt_natinfo *info, const struct nf_nat_range *range)
/* Ranges expected in network order. */
static struct xt_entry_target *
-parse_to(char *arg, int portok, struct ipt_natinfo *info)
+parse_to(const char *orig_arg, int portok, struct ipt_natinfo *info)
{
- struct nf_nat_range range;
- char *colon, *dash, *error;
+ struct nf_nat_ipv4_range range;
+ char *arg, *colon, *dash, *error;
const struct in_addr *ip;
+ arg = strdup(orig_arg);
+ if (arg == NULL)
+ xtables_error(RESOURCE_PROBLEM, "strdup");
memset(&range, 0, sizeof(range));
colon = strchr(arg, ':');
@@ -74,7 +83,7 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info)
xtables_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
- range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
+ range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
port = atoi(colon+1);
if (port <= 0 || port > 65535)
@@ -106,12 +115,14 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info)
range.max.tcp.port = htons(maxport);
}
/* Starts with a colon? No IP info...*/
- if (colon == arg)
+ if (colon == arg) {
+ free(arg);
return &(append_range(info, &range)->t);
+ }
*colon = '\0';
}
- range.flags |= IP_NAT_RANGE_MAP_IPS;
+ range.flags |= NF_NAT_RANGE_MAP_IPS;
dash = strchr(arg, '-');
if (colon && dash && dash > colon)
dash = NULL;
@@ -133,14 +144,14 @@ parse_to(char *arg, int portok, struct ipt_natinfo *info)
} else
range.max_ip = range.min_ip;
+ free(arg);
return &(append_range(info, &range)->t);
}
-static int SNAT_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *e, struct xt_entry_target **target)
+static void SNAT_parse(struct xt_option_call *cb)
{
- const struct ipt_entry *entry = e;
- struct ipt_natinfo *info = (void *)*target;
+ const struct ipt_entry *entry = cb->xt_entry;
+ struct ipt_natinfo *info = (void *)(*cb->target);
int portok;
if (entry->ip.proto == IPPROTO_TCP
@@ -152,53 +163,37 @@ static int SNAT_parse(int c, char **argv, int invert, unsigned int *flags,
else
portok = 0;
- switch (c) {
- case '1':
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --to-source");
-
- if (*flags & IPT_SNAT_OPT_SOURCE) {
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TO_SRC:
+ if (cb->xflags & F_X_TO_SRC) {
if (!kernel_version)
get_kernel_version();
if (kernel_version > LINUX_VERSION(2, 6, 10))
xtables_error(PARAMETER_PROBLEM,
- "Multiple --to-source not supported");
+ "SNAT: Multiple --to-source not supported");
}
- *target = parse_to(optarg, portok, info);
- /* WTF do we need this for?? */
- if (*flags & IPT_SNAT_OPT_RANDOM)
- info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
- *flags |= IPT_SNAT_OPT_SOURCE;
- return 1;
-
- case '2':
- if (*flags & IPT_SNAT_OPT_SOURCE) {
- info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
- *flags |= IPT_SNAT_OPT_RANDOM;
- } else
- *flags |= IPT_SNAT_OPT_RANDOM;
- return 1;
-
- case '3':
- info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT;
- return 1;
-
- default:
- return 0;
+ *cb->target = parse_to(cb->arg, portok, info);
+ cb->xflags |= F_X_TO_SRC;
+ break;
+ case O_PERSISTENT:
+ info->mr.range[0].flags |= NF_NAT_RANGE_PERSISTENT;
+ break;
}
}
-static void SNAT_check(unsigned int flags)
+static void SNAT_fcheck(struct xt_fcheck_call *cb)
{
- if (!(flags & IPT_SNAT_OPT_SOURCE))
- xtables_error(PARAMETER_PROBLEM,
- "You must specify --to-source");
+ static const unsigned int f = F_TO_SRC | F_RANDOM;
+ struct nf_nat_ipv4_multi_range_compat *mr = cb->data;
+
+ if ((cb->xflags & f) == f)
+ mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM;
}
-static void print_range(const struct nf_nat_range *r)
+static void print_range(const struct nf_nat_ipv4_range *r)
{
- if (r->flags & IP_NAT_RANGE_MAP_IPS) {
+ if (r->flags & NF_NAT_RANGE_MAP_IPS) {
struct in_addr a;
a.s_addr = r->min_ip;
@@ -208,7 +203,7 @@ static void print_range(const struct nf_nat_range *r)
printf("-%s", xtables_ipaddr_to_numeric(&a));
}
}
- if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
+ if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
printf(":");
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
@@ -222,14 +217,13 @@ static void SNAT_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_natinfo *info = (const void *)target;
unsigned int i = 0;
- printf("to:");
+ printf(" to:");
for (i = 0; i < info->mr.rangesize; i++) {
print_range(&info->mr.range[i]);
- printf(" ");
- if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
- if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("persistent ");
+ if (info->mr.range[i].flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" random");
+ if (info->mr.range[i].flags & NF_NAT_RANGE_PERSISTENT)
+ printf(" persistent");
}
}
@@ -239,13 +233,12 @@ static void SNAT_save(const void *ip, const struct xt_entry_target *target)
unsigned int i = 0;
for (i = 0; i < info->mr.rangesize; i++) {
- printf("--to-source ");
+ printf(" --to-source ");
print_range(&info->mr.range[i]);
- printf(" ");
- if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
- if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("--persistent ");
+ if (info->mr.range[i].flags & NF_NAT_RANGE_PROTO_RANDOM)
+ printf(" --random");
+ if (info->mr.range[i].flags & NF_NAT_RANGE_PERSISTENT)
+ printf(" --persistent");
}
}
@@ -253,14 +246,14 @@ static struct xtables_target snat_tg_reg = {
.name = "SNAT",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
.help = SNAT_help,
- .parse = SNAT_parse,
- .final_check = SNAT_check,
+ .x6_parse = SNAT_parse,
+ .x6_fcheck = SNAT_fcheck,
.print = SNAT_print,
.save = SNAT_save,
- .extra_opts = SNAT_opts,
+ .x6_options = SNAT_opts,
};
void _init(void)
diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c
index 4db9bbe..0f81280 100644
--- a/extensions/libipt_TTL.c
+++ b/extensions/libipt_TTL.c
@@ -1,19 +1,35 @@
/* Shared library add-on to iptables for the TTL target
* (C) 2000 by Harald Welte <laforge@gnumonks.org>
*
- * $Id$
- *
* This program is distributed under the terms of GNU GPL
*/
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
-
#include <linux/netfilter_ipv4/ipt_TTL.h>
-#define IPT_TTL_USED 1
+enum {
+ O_TTL_SET = 0,
+ O_TTL_INC,
+ O_TTL_DEC,
+ F_TTL_SET = 1 << O_TTL_SET,
+ F_TTL_INC = 1 << O_TTL_INC,
+ F_TTL_DEC = 1 << O_TTL_DEC,
+ F_ANY = F_TTL_SET | F_TTL_INC | F_TTL_DEC,
+};
+
+#define s struct ipt_TTL_info
+static const struct xt_option_entry TTL_opts[] = {
+ {.name = "ttl-set", .type = XTTYPE_UINT8, .id = O_TTL_SET,
+ .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)},
+ {.name = "ttl-dec", .type = XTTYPE_UINT8, .id = O_TTL_DEC,
+ .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl),
+ .min = 1},
+ {.name = "ttl-inc", .type = XTTYPE_UINT8, .id = O_TTL_INC,
+ .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl),
+ .min = 1},
+ XTOPT_TABLEEND,
+};
+#undef s
static void TTL_help(void)
{
@@ -24,67 +40,27 @@ static void TTL_help(void)
" --ttl-inc value Increment TTL by <value 1-255>\n");
}
-static int TTL_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void TTL_parse(struct xt_option_call *cb)
{
- struct ipt_TTL_info *info = (struct ipt_TTL_info *) (*target)->data;
- unsigned int value;
-
- if (*flags & IPT_TTL_USED) {
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify TTL option twice");
+ struct ipt_TTL_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TTL_SET:
+ info->mode = IPT_TTL_SET;
+ break;
+ case O_TTL_DEC:
+ info->mode = IPT_TTL_DEC;
+ break;
+ case O_TTL_INC:
+ info->mode = IPT_TTL_INC;
+ break;
}
-
- if (!optarg)
- xtables_error(PARAMETER_PROBLEM,
- "TTL: You must specify a value");
-
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "TTL: unexpected `!'");
-
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "TTL: Expected value between 0 and 255");
-
- switch (c) {
-
- case '1':
- info->mode = IPT_TTL_SET;
- break;
-
- case '2':
- if (value == 0) {
- xtables_error(PARAMETER_PROBLEM,
- "TTL: decreasing by 0?");
- }
-
- info->mode = IPT_TTL_DEC;
- break;
-
- case '3':
- if (value == 0) {
- xtables_error(PARAMETER_PROBLEM,
- "TTL: increasing by 0?");
- }
-
- info->mode = IPT_TTL_INC;
- break;
-
- default:
- return 0;
-
- }
-
- info->ttl = value;
- *flags |= IPT_TTL_USED;
-
- return 1;
}
-static void TTL_check(unsigned int flags)
+static void TTL_check(struct xt_fcheck_call *cb)
{
- if (!(flags & IPT_TTL_USED))
+ if (!(cb->xflags & F_ANY))
xtables_error(PARAMETER_PROBLEM,
"TTL: You must specify an action");
}
@@ -96,17 +72,17 @@ static void TTL_save(const void *ip, const struct xt_entry_target *target)
switch (info->mode) {
case IPT_TTL_SET:
- printf("--ttl-set ");
+ printf(" --ttl-set");
break;
case IPT_TTL_DEC:
- printf("--ttl-dec ");
+ printf(" --ttl-dec");
break;
case IPT_TTL_INC:
- printf("--ttl-inc ");
+ printf(" --ttl-inc");
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
static void TTL_print(const void *ip, const struct xt_entry_target *target,
@@ -115,28 +91,21 @@ static void TTL_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_TTL_info *info =
(struct ipt_TTL_info *) target->data;
- printf("TTL ");
+ printf(" TTL ");
switch (info->mode) {
case IPT_TTL_SET:
- printf("set to ");
+ printf("set to");
break;
case IPT_TTL_DEC:
- printf("decrement by ");
+ printf("decrement by");
break;
case IPT_TTL_INC:
- printf("increment by ");
+ printf("increment by");
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
-static const struct option TTL_opts[] = {
- { "ttl-set", 1, NULL, '1' },
- { "ttl-dec", 1, NULL, '2' },
- { "ttl-inc", 1, NULL, '3' },
- { .name = NULL }
-};
-
static struct xtables_target ttl_tg_reg = {
.name = "TTL",
.version = XTABLES_VERSION,
@@ -144,11 +113,11 @@ static struct xtables_target ttl_tg_reg = {
.size = XT_ALIGN(sizeof(struct ipt_TTL_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_TTL_info)),
.help = TTL_help,
- .parse = TTL_parse,
- .final_check = TTL_check,
.print = TTL_print,
.save = TTL_save,
- .extra_opts = TTL_opts,
+ .x6_parse = TTL_parse,
+ .x6_fcheck = TTL_check,
+ .x6_options = TTL_opts,
};
void _init(void)
diff --git a/extensions/libipt_TTL.man b/extensions/libipt_TTL.man
index 89fc18f..cf3d1a2 100644
--- a/extensions/libipt_TTL.man
+++ b/extensions/libipt_TTL.man
@@ -3,11 +3,11 @@ how many hops (routers) a packet can traverse until it's time to live is
exceeded.
.PP
Setting or incrementing the TTL field can potentially be very dangerous,
-so it should be avoided at any cost.
-.PP
-.B Don't ever set or increment the value on packets that leave your local network!
+so it should be avoided at any cost. This target is only valid in
.B mangle
table.
+.PP
+.B Don't ever set or increment the value on packets that leave your local network!
.TP
\fB\-\-ttl\-set\fP \fIvalue\fP
Set the TTL value to `value'.
diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c
index 4d009b7..fafb220 100644
--- a/extensions/libipt_ULOG.c
+++ b/extensions/libipt_ULOG.c
@@ -10,27 +10,17 @@
* libipt_ULOG.c,v 1.7 2001/01/30 11:55:02 laforge Exp
*/
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
-#include <syslog.h>
-#include <getopt.h>
#include <xtables.h>
/* For 64bit kernel / 32bit userspace */
#include <linux/netfilter_ipv4/ipt_ULOG.h>
-
-static void print_groups(unsigned int gmask)
-{
- int b;
- unsigned int test;
-
- for (b = 31; b >= 0; b--) {
- test = (1 << b);
- if (gmask & test)
- printf("%d ", b + 1);
- }
-}
+enum {
+ O_ULOG_NLGROUP = 0,
+ O_ULOG_PREFIX,
+ O_ULOG_CPRANGE,
+ O_ULOG_QTHR,
+};
static void ULOG_help(void)
{
@@ -41,12 +31,16 @@ static void ULOG_help(void)
" --ulog-prefix prefix Prefix log messages with this prefix.\n");
}
-static const struct option ULOG_opts[] = {
- {"ulog-nlgroup", 1, NULL, '!'},
- {"ulog-prefix", 1, NULL, '#'},
- {"ulog-cprange", 1, NULL, 'A'},
- {"ulog-qthreshold", 1, NULL, 'B'},
- { .name = NULL }
+static const struct xt_option_entry ULOG_opts[] = {
+ {.name = "ulog-nlgroup", .id = O_ULOG_NLGROUP, .type = XTTYPE_UINT8,
+ .min = 1, .max = 32},
+ {.name = "ulog-prefix", .id = O_ULOG_PREFIX, .type = XTTYPE_STRING,
+ .flags = XTOPT_PUT, XTOPT_POINTER(struct ipt_ulog_info, prefix),
+ .min = 1},
+ {.name = "ulog-cprange", .id = O_ULOG_CPRANGE, .type = XTTYPE_UINT64},
+ {.name = "ulog-qthreshold", .id = O_ULOG_QTHR, .type = XTTYPE_UINT64,
+ .min = 1, .max = ULOG_MAX_QLEN},
+ XTOPT_TABLEEND,
};
static void ULOG_init(struct xt_entry_target *t)
@@ -58,89 +52,27 @@ static void ULOG_init(struct xt_entry_target *t)
}
-#define IPT_LOG_OPT_NLGROUP 0x01
-#define IPT_LOG_OPT_PREFIX 0x02
-#define IPT_LOG_OPT_CPRANGE 0x04
-#define IPT_LOG_OPT_QTHRESHOLD 0x08
-
-static int ULOG_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void ULOG_parse(struct xt_option_call *cb)
{
- struct ipt_ulog_info *loginfo =
- (struct ipt_ulog_info *) (*target)->data;
- int group_d;
+ struct ipt_ulog_info *loginfo = cb->data;
- switch (c) {
- case '!':
- if (*flags & IPT_LOG_OPT_NLGROUP)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --ulog-nlgroup twice");
-
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --ulog-nlgroup");
- group_d = atoi(optarg);
- if (group_d > 32 || group_d < 1)
- xtables_error(PARAMETER_PROBLEM,
- "--ulog-nlgroup has to be between 1 and 32");
-
- loginfo->nl_group = (1 << (group_d - 1));
-
- *flags |= IPT_LOG_OPT_NLGROUP;
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_ULOG_NLGROUP:
+ loginfo->nl_group = 1 << (cb->val.u8 - 1);
break;
-
- case '#':
- if (*flags & IPT_LOG_OPT_PREFIX)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --ulog-prefix twice");
-
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --ulog-prefix");
-
- if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
- xtables_error(PARAMETER_PROBLEM,
- "Maximum prefix length %u for --ulog-prefix",
- (unsigned int)sizeof(loginfo->prefix) - 1);
-
- if (strlen(optarg) == 0)
- xtables_error(PARAMETER_PROBLEM,
- "No prefix specified for --ulog-prefix");
-
- if (strlen(optarg) != strlen(strtok(optarg, "\n")))
+ case O_ULOG_PREFIX:
+ if (strchr(cb->arg, '\n') != NULL)
xtables_error(PARAMETER_PROBLEM,
"Newlines not allowed in --ulog-prefix");
-
- strcpy(loginfo->prefix, optarg);
- *flags |= IPT_LOG_OPT_PREFIX;
break;
- case 'A':
- if (*flags & IPT_LOG_OPT_CPRANGE)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --ulog-cprange twice");
- if (atoi(optarg) < 0)
- xtables_error(PARAMETER_PROBLEM,
- "Negative copy range?");
- loginfo->copy_range = atoi(optarg);
- *flags |= IPT_LOG_OPT_CPRANGE;
+ case O_ULOG_CPRANGE:
+ loginfo->copy_range = cb->val.u64;
break;
- case 'B':
- if (*flags & IPT_LOG_OPT_QTHRESHOLD)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --ulog-qthreshold twice");
- if (atoi(optarg) < 1)
- xtables_error(PARAMETER_PROBLEM,
- "Negative or zero queue threshold ?");
- if (atoi(optarg) > ULOG_MAX_QLEN)
- xtables_error(PARAMETER_PROBLEM,
- "Maximum queue length exceeded");
- loginfo->qthreshold = atoi(optarg);
- *flags |= IPT_LOG_OPT_QTHRESHOLD;
+ case O_ULOG_QTHR:
+ loginfo->qthreshold = cb->val.u64;
break;
- default:
- return 0;
}
- return 1;
}
static void ULOG_save(const void *ip, const struct xt_entry_target *target)
@@ -149,19 +81,17 @@ static void ULOG_save(const void *ip, const struct xt_entry_target *target)
= (const struct ipt_ulog_info *) target->data;
if (strcmp(loginfo->prefix, "") != 0) {
- fputs("--ulog-prefix ", stdout);
+ fputs(" --ulog-prefix", stdout);
xtables_save_string(loginfo->prefix);
}
- if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) {
- printf("--ulog-nlgroup ");
- print_groups(loginfo->nl_group);
- }
+ if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP)
+ printf(" --ulog-nlgroup %d", ffs(loginfo->nl_group));
if (loginfo->copy_range)
- printf("--ulog-cprange %u ", (unsigned int)loginfo->copy_range);
+ printf(" --ulog-cprange %u", (unsigned int)loginfo->copy_range);
if (loginfo->qthreshold != ULOG_DEFAULT_QTHRESHOLD)
- printf("--ulog-qthreshold %u ", (unsigned int)loginfo->qthreshold);
+ printf(" --ulog-qthreshold %u", (unsigned int)loginfo->qthreshold);
}
static void ULOG_print(const void *ip, const struct xt_entry_target *target,
@@ -170,12 +100,12 @@ static void ULOG_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_ulog_info *loginfo
= (const struct ipt_ulog_info *) target->data;
- printf("ULOG ");
- printf("copy_range %u nlgroup ", (unsigned int)loginfo->copy_range);
- print_groups(loginfo->nl_group);
+ printf(" ULOG ");
+ printf("copy_range %u nlgroup %d", (unsigned int)loginfo->copy_range,
+ ffs(loginfo->nl_group));
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
- printf("queue_threshold %u ", (unsigned int)loginfo->qthreshold);
+ printf(" prefix \"%s\"", loginfo->prefix);
+ printf(" queue_threshold %u", (unsigned int)loginfo->qthreshold);
}
static struct xtables_target ulog_tg_reg = {
@@ -186,10 +116,10 @@ static struct xtables_target ulog_tg_reg = {
.userspacesize = XT_ALIGN(sizeof(struct ipt_ulog_info)),
.help = ULOG_help,
.init = ULOG_init,
- .parse = ULOG_parse,
.print = ULOG_print,
.save = ULOG_save,
- .extra_opts = ULOG_opts,
+ .x6_parse = ULOG_parse,
+ .x6_options = ULOG_opts,
};
void _init(void)
diff --git a/extensions/libipt_ULOG.man b/extensions/libipt_ULOG.man
index 649b6e3..c91f776 100644
--- a/extensions/libipt_ULOG.man
+++ b/extensions/libipt_ULOG.man
@@ -1,4 +1,5 @@
-This target provides userspace logging of matching packets. When this
+This is the deprecated ipv4-only predecessor of the NFLOG target.
+It provides userspace logging of matching packets. When this
target is set for a rule, the Linux kernel will multicast this packet
through a
.IR netlink
diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c
deleted file mode 100644
index ad63dcf..0000000
--- a/extensions/libipt_addrtype.c
+++ /dev/null
@@ -1,360 +0,0 @@
-/* Shared library add-on to iptables to add addrtype matching support
- *
- * This program is released under the terms of GNU GPL */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <getopt.h>
-#include <xtables.h>
-
-#include <linux/netfilter_ipv4/ipt_addrtype.h>
-
-/* from linux/rtnetlink.h, must match order of enumeration */
-static const char *const rtn_names[] = {
- "UNSPEC",
- "UNICAST",
- "LOCAL",
- "BROADCAST",
- "ANYCAST",
- "MULTICAST",
- "BLACKHOLE",
- "UNREACHABLE",
- "PROHIBIT",
- "THROW",
- "NAT",
- "XRESOLVE",
- NULL
-};
-
-static void addrtype_help_types(void)
-{
- int i;
-
- for (i = 0; rtn_names[i]; i++)
- printf(" %s\n", rtn_names[i]);
-}
-
-static void addrtype_help_v0(void)
-{
- printf(
-"Address type match options:\n"
-" [!] --src-type type[,...] Match source address type\n"
-" [!] --dst-type type[,...] Match destination address type\n"
-"\n"
-"Valid types: \n");
- addrtype_help_types();
-}
-
-static void addrtype_help_v1(void)
-{
- printf(
-"Address type match options:\n"
-" [!] --src-type type[,...] Match source address type\n"
-" [!] --dst-type type[,...] Match destination address type\n"
-" --limit-iface-in Match only on the packet's incoming device\n"
-" --limit-iface-out Match only on the packet's incoming device\n"
-"\n"
-"Valid types: \n");
- addrtype_help_types();
-}
-
-static int
-parse_type(const char *name, size_t len, u_int16_t *mask)
-{
- int i;
-
- for (i = 0; rtn_names[i]; i++)
- if (strncasecmp(name, rtn_names[i], len) == 0) {
- /* build up bitmask for kernel module */
- *mask |= (1 << i);
- return 1;
- }
-
- return 0;
-}
-
-static void parse_types(const char *arg, u_int16_t *mask)
-{
- const char *comma;
-
- while ((comma = strchr(arg, ',')) != NULL) {
- if (comma == arg || !parse_type(arg, comma-arg, mask))
- xtables_error(PARAMETER_PROBLEM,
- "addrtype: bad type `%s'", arg);
- arg = comma + 1;
- }
-
- if (strlen(arg) == 0 || !parse_type(arg, strlen(arg), mask))
- xtables_error(PARAMETER_PROBLEM, "addrtype: bad type \"%s\"", arg);
-}
-
-#define IPT_ADDRTYPE_OPT_SRCTYPE 0x1
-#define IPT_ADDRTYPE_OPT_DSTTYPE 0x2
-#define IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN 0x4
-#define IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT 0x8
-
-static int
-addrtype_parse_v0(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct ipt_addrtype_info *info =
- (struct ipt_addrtype_info *) (*match)->data;
-
- switch (c) {
- case '1':
- if (*flags&IPT_ADDRTYPE_OPT_SRCTYPE)
- xtables_error(PARAMETER_PROBLEM,
- "addrtype: can't specify src-type twice");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_types(optarg, &info->source);
- if (invert)
- info->invert_source = 1;
- *flags |= IPT_ADDRTYPE_OPT_SRCTYPE;
- break;
- case '2':
- if (*flags&IPT_ADDRTYPE_OPT_DSTTYPE)
- xtables_error(PARAMETER_PROBLEM,
- "addrtype: can't specify dst-type twice");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_types(optarg, &info->dest);
- if (invert)
- info->invert_dest = 1;
- *flags |= IPT_ADDRTYPE_OPT_DSTTYPE;
- break;
- default:
- return 0;
- }
-
- return 1;
-}
-
-static int
-addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct ipt_addrtype_info_v1 *info =
- (struct ipt_addrtype_info_v1 *) (*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & IPT_ADDRTYPE_OPT_SRCTYPE)
- xtables_error(PARAMETER_PROBLEM,
- "addrtype: can't specify src-type twice");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_types(optarg, &info->source);
- if (invert)
- info->flags |= IPT_ADDRTYPE_INVERT_SOURCE;
- *flags |= IPT_ADDRTYPE_OPT_SRCTYPE;
- break;
- case '2':
- if (*flags & IPT_ADDRTYPE_OPT_DSTTYPE)
- xtables_error(PARAMETER_PROBLEM,
- "addrtype: can't specify dst-type twice");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_types(optarg, &info->dest);
- if (invert)
- info->flags |= IPT_ADDRTYPE_INVERT_DEST;
- *flags |= IPT_ADDRTYPE_OPT_DSTTYPE;
- break;
- case '3':
- if (*flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN)
- xtables_error(PARAMETER_PROBLEM,
- "addrtype: can't specify limit-iface-in twice");
- info->flags |= IPT_ADDRTYPE_LIMIT_IFACE_IN;
- *flags |= IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN;
- break;
- case '4':
- if (*flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT)
- xtables_error(PARAMETER_PROBLEM,
- "addrtype: can't specify limit-iface-out twice");
- info->flags |= IPT_ADDRTYPE_LIMIT_IFACE_OUT;
- *flags |= IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT;
- break;
- default:
- return 0;
- }
-
- return 1;
-}
-
-static void addrtype_check_v0(unsigned int flags)
-{
- if (!(flags & (IPT_ADDRTYPE_OPT_SRCTYPE|IPT_ADDRTYPE_OPT_DSTTYPE)))
- xtables_error(PARAMETER_PROBLEM,
- "addrtype: you must specify --src-type or --dst-type");
-}
-
-static void addrtype_check_v1(unsigned int flags)
-{
- if (!(flags & (IPT_ADDRTYPE_OPT_SRCTYPE|IPT_ADDRTYPE_OPT_DSTTYPE)))
- xtables_error(PARAMETER_PROBLEM,
- "addrtype: you must specify --src-type or --dst-type");
- if (flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN &&
- flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT)
- xtables_error(PARAMETER_PROBLEM,
- "addrtype: you can't specify both --limit-iface-in "
- "and --limit-iface-out");
-}
-
-static void print_types(u_int16_t mask)
-{
- const char *sep = "";
- int i;
-
- for (i = 0; rtn_names[i]; i++)
- if (mask & (1 << i)) {
- printf("%s%s", sep, rtn_names[i]);
- sep = ",";
- }
-
- printf(" ");
-}
-
-static void addrtype_print_v0(const void *ip, const struct xt_entry_match *match,
- int numeric)
-{
- const struct ipt_addrtype_info *info =
- (struct ipt_addrtype_info *) match->data;
-
- printf("ADDRTYPE match ");
- if (info->source) {
- printf("src-type ");
- if (info->invert_source)
- printf("!");
- print_types(info->source);
- }
- if (info->dest) {
- printf("dst-type ");
- if (info->invert_dest)
- printf("!");
- print_types(info->dest);
- }
-}
-
-static void addrtype_print_v1(const void *ip, const struct xt_entry_match *match,
- int numeric)
-{
- const struct ipt_addrtype_info_v1 *info =
- (struct ipt_addrtype_info_v1 *) match->data;
-
- printf("ADDRTYPE match ");
- if (info->source) {
- printf("src-type ");
- if (info->flags & IPT_ADDRTYPE_INVERT_SOURCE)
- printf("!");
- print_types(info->source);
- }
- if (info->dest) {
- printf("dst-type ");
- if (info->flags & IPT_ADDRTYPE_INVERT_DEST)
- printf("!");
- print_types(info->dest);
- }
- if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
- printf("limit-in ");
- }
- if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
- printf("limit-out ");
- }
-}
-
-static void addrtype_save_v0(const void *ip, const struct xt_entry_match *match)
-{
- const struct ipt_addrtype_info *info =
- (struct ipt_addrtype_info *) match->data;
-
- if (info->source) {
- if (info->invert_source)
- printf("! ");
- printf("--src-type ");
- print_types(info->source);
- }
- if (info->dest) {
- if (info->invert_dest)
- printf("! ");
- printf("--dst-type ");
- print_types(info->dest);
- }
-}
-
-static void addrtype_save_v1(const void *ip, const struct xt_entry_match *match)
-{
- const struct ipt_addrtype_info_v1 *info =
- (struct ipt_addrtype_info_v1 *) match->data;
-
- if (info->source) {
- if (info->flags & IPT_ADDRTYPE_INVERT_SOURCE)
- printf("! ");
- printf("--src-type ");
- print_types(info->source);
- }
- if (info->dest) {
- if (info->flags & IPT_ADDRTYPE_INVERT_DEST)
- printf("! ");
- printf("--dst-type ");
- print_types(info->dest);
- }
- if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
- printf("--limit-iface-in ");
- }
- if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
- printf("--limit-iface-out ");
- }
-}
-
-static const struct option addrtype_opts[] = {
- { "src-type", 1, NULL, '1' },
- { "dst-type", 1, NULL, '2' },
- { .name = NULL }
-};
-
-static const struct option addrtype_opts_v0[] = {
- { "src-type", 1, NULL, '1' },
- { "dst-type", 1, NULL, '2' },
- { .name = NULL }
-};
-
-static const struct option addrtype_opts_v1[] = {
- { "src-type", 1, NULL, '1' },
- { "dst-type", 1, NULL, '2' },
- { "limit-iface-in", 0, NULL, '3' },
- { "limit-iface-out", 0, NULL, '4' },
- { .name = NULL }
-};
-
-static struct xtables_match addrtype_mt_reg[] = {
- {
- .name = "addrtype",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
- .help = addrtype_help_v0,
- .parse = addrtype_parse_v0,
- .final_check = addrtype_check_v0,
- .print = addrtype_print_v0,
- .save = addrtype_save_v0,
- .extra_opts = addrtype_opts_v0,
- },
- {
- .name = "addrtype",
- .revision = 1,
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
- .help = addrtype_help_v1,
- .parse = addrtype_parse_v1,
- .final_check = addrtype_check_v1,
- .print = addrtype_print_v1,
- .save = addrtype_save_v1,
- .extra_opts = addrtype_opts_v1,
- },
-};
-
-
-void _init(void)
-{
- xtables_register_matches(addrtype_mt_reg, ARRAY_SIZE(addrtype_mt_reg));
-}
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index 170cd8b..8cf167c 100644
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -1,13 +1,11 @@
-/* Shared library add-on to iptables to add AH support. */
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <errno.h>
#include <xtables.h>
#include <linux/netfilter_ipv4/ipt_ah.h>
+enum {
+ O_AHSPI = 0,
+};
+
static void ah_help(void)
{
printf(
@@ -16,87 +14,26 @@ static void ah_help(void)
" match spi (range)\n");
}
-static const struct option ah_opts[] = {
- { "ahspi", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry ah_opts[] = {
+ {.name = "ahspi", .id = O_AHSPI, .type = XTTYPE_UINT32RC,
+ .flags = XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(struct ipt_ah, spis)},
+ XTOPT_TABLEEND,
};
-static u_int32_t
-parse_ah_spi(const char *spistr)
-{
- unsigned long int spi;
- char* ep;
-
- spi = strtoul(spistr,&ep,0) ;
-
- if ( spistr == ep ) {
- xtables_error(PARAMETER_PROBLEM,
- "AH no valid digits in spi `%s'", spistr);
- }
- if ( spi == ULONG_MAX && errno == ERANGE ) {
- xtables_error(PARAMETER_PROBLEM,
- "spi `%s' specified too big: would overflow", spistr);
- }
- if ( *spistr != '\0' && *ep != '\0' ) {
- xtables_error(PARAMETER_PROBLEM,
- "AH error parsing spi `%s'", spistr);
- }
- return spi;
-}
-
-static void
-parse_ah_spis(const char *spistring, u_int32_t *spis)
+static void ah_parse(struct xt_option_call *cb)
{
- char *buffer;
- char *cp;
-
- buffer = strdup(spistring);
- if ((cp = strchr(buffer, ':')) == NULL)
- spis[0] = spis[1] = parse_ah_spi(buffer);
- else {
- *cp = '\0';
- cp++;
-
- spis[0] = buffer[0] ? parse_ah_spi(buffer) : 0;
- spis[1] = cp[0] ? parse_ah_spi(cp) : 0xFFFFFFFF;
- }
- free(buffer);
-}
-
-static void ah_init(struct xt_entry_match *m)
-{
- struct ipt_ah *ahinfo = (struct ipt_ah *)m->data;
-
- ahinfo->spis[1] = 0xFFFFFFFF;
-}
-
-#define AH_SPI 0x01
-
-static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct ipt_ah *ahinfo = (struct ipt_ah *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & AH_SPI)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--ahspi' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_ah_spis(optarg, ahinfo->spis);
- if (invert)
- ahinfo->invflags |= IPT_AH_INV_SPI;
- *flags |= AH_SPI;
- break;
- default:
- return 0;
- }
+ struct ipt_ah *ahinfo = cb->data;
- return 1;
+ xtables_option_parse(cb);
+ if (cb->nvals == 1)
+ ahinfo->spis[1] = ahinfo->spis[0];
+ if (cb->invert)
+ ahinfo->invflags |= IPT_AH_INV_SPI;
}
static void
-print_spis(const char *name, u_int32_t min, u_int32_t max,
+print_spis(const char *name, uint32_t min, uint32_t max,
int invert)
{
const char *inv = invert ? "!" : "";
@@ -112,7 +49,6 @@ print_spis(const char *name, u_int32_t min, u_int32_t max,
printf(":");
printf("%u",max);
}
- printf(" ");
}
}
@@ -121,11 +57,11 @@ static void ah_print(const void *ip, const struct xt_entry_match *match,
{
const struct ipt_ah *ah = (struct ipt_ah *)match->data;
- printf("ah ");
+ printf(" ah ");
print_spis("spi", ah->spis[0], ah->spis[1],
ah->invflags & IPT_AH_INV_SPI);
if (ah->invflags & ~IPT_AH_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
ah->invflags & ~IPT_AH_INV_MASK);
}
@@ -135,15 +71,15 @@ static void ah_save(const void *ip, const struct xt_entry_match *match)
if (!(ahinfo->spis[0] == 0
&& ahinfo->spis[1] == 0xFFFFFFFF)) {
- printf("%s--ahspi ",
- (ahinfo->invflags & IPT_AH_INV_SPI) ? "! " : "");
+ printf("%s --ahspi ",
+ (ahinfo->invflags & IPT_AH_INV_SPI) ? " !" : "");
if (ahinfo->spis[0]
!= ahinfo->spis[1])
- printf("%u:%u ",
+ printf("%u:%u",
ahinfo->spis[0],
ahinfo->spis[1]);
else
- printf("%u ",
+ printf("%u",
ahinfo->spis[0]);
}
@@ -156,11 +92,10 @@ static struct xtables_match ah_mt_reg = {
.size = XT_ALIGN(sizeof(struct ipt_ah)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_ah)),
.help = ah_help,
- .init = ah_init,
- .parse = ah_parse,
.print = ah_print,
.save = ah_save,
- .extra_opts = ah_opts,
+ .x6_parse = ah_parse,
+ .x6_options = ah_opts,
};
void
diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c
deleted file mode 100644
index ec3ff2d..0000000
--- a/extensions/libipt_ecn.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/* Shared library add-on to iptables for ECN matching
- *
- * (C) 2002 by Harald Welte <laforge@gnumonks.org>
- *
- * This program is distributed under the terms of GNU GPL v2, 1991
- *
- * libipt_ecn.c borrowed heavily from libipt_dscp.c
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
-#include <xtables.h>
-#include <linux/netfilter_ipv4/ipt_ecn.h>
-
-static void ecn_help(void)
-{
- printf(
-"ECN match options\n"
-"[!] --ecn-tcp-cwr Match CWR bit of TCP header\n"
-"[!] --ecn-tcp-ece Match ECE bit of TCP header\n"
-"[!] --ecn-ip-ect [0..3] Match ECN codepoint in IPv4 header\n");
-}
-
-static const struct option ecn_opts[] = {
- { .name = "ecn-tcp-cwr", .has_arg = 0, .val = 'F' },
- { .name = "ecn-tcp-ece", .has_arg = 0, .val = 'G' },
- { .name = "ecn-ip-ect", .has_arg = 1, .val = 'H' },
- { .name = NULL }
-};
-
-static int ecn_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- unsigned int result;
- struct ipt_ecn_info *einfo
- = (struct ipt_ecn_info *)(*match)->data;
-
- switch (c) {
- case 'F':
- if (*flags & IPT_ECN_OP_MATCH_CWR)
- xtables_error(PARAMETER_PROBLEM,
- "ECN match: can only use parameter ONCE!");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- einfo->operation |= IPT_ECN_OP_MATCH_CWR;
- if (invert)
- einfo->invert |= IPT_ECN_OP_MATCH_CWR;
- *flags |= IPT_ECN_OP_MATCH_CWR;
- break;
-
- case 'G':
- if (*flags & IPT_ECN_OP_MATCH_ECE)
- xtables_error(PARAMETER_PROBLEM,
- "ECN match: can only use parameter ONCE!");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- einfo->operation |= IPT_ECN_OP_MATCH_ECE;
- if (invert)
- einfo->invert |= IPT_ECN_OP_MATCH_ECE;
- *flags |= IPT_ECN_OP_MATCH_ECE;
- break;
-
- case 'H':
- if (*flags & IPT_ECN_OP_MATCH_IP)
- xtables_error(PARAMETER_PROBLEM,
- "ECN match: can only use parameter ONCE!");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- if (invert)
- einfo->invert |= IPT_ECN_OP_MATCH_IP;
- *flags |= IPT_ECN_OP_MATCH_IP;
- einfo->operation |= IPT_ECN_OP_MATCH_IP;
- if (!xtables_strtoui(optarg, NULL, &result, 0, 3))
- xtables_error(PARAMETER_PROBLEM,
- "ECN match: Value out of range");
- einfo->ip_ect = result;
- break;
- default:
- return 0;
- }
-
- return 1;
-}
-
-static void ecn_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM,
- "ECN match: some option required");
-}
-
-static void ecn_print(const void *ip, const struct xt_entry_match *match,
- int numeric)
-{
- const struct ipt_ecn_info *einfo =
- (const struct ipt_ecn_info *)match->data;
-
- printf("ECN match ");
-
- if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
- if (einfo->invert & IPT_ECN_OP_MATCH_ECE)
- fputc('!', stdout);
- printf("ECE ");
- }
-
- if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
- if (einfo->invert & IPT_ECN_OP_MATCH_CWR)
- fputc('!', stdout);
- printf("CWR ");
- }
-
- if (einfo->operation & IPT_ECN_OP_MATCH_IP) {
- if (einfo->invert & IPT_ECN_OP_MATCH_IP)
- fputc('!', stdout);
- printf("ECT=%d ", einfo->ip_ect);
- }
-}
-
-static void ecn_save(const void *ip, const struct xt_entry_match *match)
-{
- const struct ipt_ecn_info *einfo =
- (const struct ipt_ecn_info *)match->data;
-
- if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
- if (einfo->invert & IPT_ECN_OP_MATCH_ECE)
- printf("! ");
- printf("--ecn-tcp-ece ");
- }
-
- if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
- if (einfo->invert & IPT_ECN_OP_MATCH_CWR)
- printf("! ");
- printf("--ecn-tcp-cwr ");
- }
-
- if (einfo->operation & IPT_ECN_OP_MATCH_IP) {
- if (einfo->invert & IPT_ECN_OP_MATCH_IP)
- printf("! ");
- printf("--ecn-ip-ect %d", einfo->ip_ect);
- }
-}
-
-static struct xtables_match ecn_mt_reg = {
- .name = "ecn",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_ecn_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_ecn_info)),
- .help = ecn_help,
- .parse = ecn_parse,
- .final_check = ecn_check,
- .print = ecn_print,
- .save = ecn_save,
- .extra_opts = ecn_opts,
-};
-
-void _init(void)
-{
- xtables_register_match(&ecn_mt_reg);
-}
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index 37b2fdc..666e7da 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -1,11 +1,8 @@
-/* Shared library add-on to iptables to add ICMP support. */
+#include <stdint.h>
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
-#include <limits.h> /* INT_MAX in ip_tables.h */
+#include <limits.h> /* INT_MAX in ip6_tables.h */
#include <linux/netfilter_ipv4/ip_tables.h>
/* special hack for icmp-type 'any':
@@ -16,10 +13,14 @@
* See: https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=37
*/
+enum {
+ O_ICMP_TYPE = 0,
+};
+
struct icmp_names {
const char *name;
- u_int8_t type;
- u_int8_t code_min, code_max;
+ uint8_t type;
+ uint8_t code_min, code_max;
};
static const struct icmp_names icmp_codes[] = {
@@ -107,13 +108,14 @@ static void icmp_help(void)
print_icmptypes();
}
-static const struct option icmp_opts[] = {
- { "icmp-type", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry icmp_opts[] = {
+ {.name = "icmp-type", .id = O_ICMP_TYPE, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
static void
-parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[])
+parse_icmp(const char *icmptype, uint8_t *type, uint8_t code[])
{
static const unsigned int limit = ARRAY_SIZE(icmp_codes);
unsigned int match = limit;
@@ -173,33 +175,18 @@ static void icmp_init(struct xt_entry_match *m)
icmpinfo->code[1] = 0xFF;
}
-static int icmp_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void icmp_parse(struct xt_option_call *cb)
{
- struct ipt_icmp *icmpinfo = (struct ipt_icmp *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags == 1)
- xtables_error(PARAMETER_PROBLEM,
- "icmp match: only use --icmp-type once!");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_icmp(optarg, &icmpinfo->type,
- icmpinfo->code);
- if (invert)
- icmpinfo->invflags |= IPT_ICMP_INV;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
+ struct ipt_icmp *icmpinfo = cb->data;
- return 1;
+ xtables_option_parse(cb);
+ parse_icmp(cb->arg, &icmpinfo->type, icmpinfo->code);
+ if (cb->invert)
+ icmpinfo->invflags |= IPT_ICMP_INV;
}
-static void print_icmptype(u_int8_t type,
- u_int8_t code_min, u_int8_t code_max,
+static void print_icmptype(uint8_t type,
+ uint8_t code_min, uint8_t code_max,
int invert,
int numeric)
{
@@ -213,7 +200,7 @@ static void print_icmptype(u_int8_t type,
break;
if (i != ARRAY_SIZE(icmp_codes)) {
- printf("%s%s ",
+ printf(" %s%s",
invert ? "!" : "",
icmp_codes[i].name);
return;
@@ -221,15 +208,13 @@ static void print_icmptype(u_int8_t type,
}
if (invert)
- printf("!");
+ printf(" !");
printf("type %u", type);
- if (code_min == 0 && code_max == 0xFF)
- printf(" ");
- else if (code_min == code_max)
- printf(" code %u ", code_min);
- else
- printf(" codes %u-%u ", code_min, code_max);
+ if (code_min == code_max)
+ printf(" code %u", code_min);
+ else if (code_min != 0 || code_max != 0xFF)
+ printf(" codes %u-%u", code_min, code_max);
}
static void icmp_print(const void *ip, const struct xt_entry_match *match,
@@ -237,13 +222,13 @@ static void icmp_print(const void *ip, const struct xt_entry_match *match,
{
const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data;
- printf("icmp ");
+ printf(" icmp");
print_icmptype(icmp->type, icmp->code[0], icmp->code[1],
icmp->invflags & IPT_ICMP_INV,
numeric);
if (icmp->invflags & ~IPT_ICMP_INV)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
icmp->invflags & ~IPT_ICMP_INV);
}
@@ -252,16 +237,15 @@ static void icmp_save(const void *ip, const struct xt_entry_match *match)
const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data;
if (icmp->invflags & IPT_ICMP_INV)
- printf("! ");
+ printf(" !");
/* special hack for 'any' case */
if (icmp->type == 0xFF) {
- printf("--icmp-type any ");
+ printf(" --icmp-type any");
} else {
- printf("--icmp-type %u", icmp->type);
+ printf(" --icmp-type %u", icmp->type);
if (icmp->code[0] != 0 || icmp->code[1] != 0xFF)
printf("/%u", icmp->code[0]);
- printf(" ");
}
}
@@ -273,10 +257,10 @@ static struct xtables_match icmp_mt_reg = {
.userspacesize = XT_ALIGN(sizeof(struct ipt_icmp)),
.help = icmp_help,
.init = icmp_init,
- .parse = icmp_parse,
.print = icmp_print,
.save = icmp_save,
- .extra_opts = icmp_opts,
+ .x6_parse = icmp_parse,
+ .x6_options = icmp_opts,
};
void _init(void)
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index cd4b324..a8d9dda 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -1,11 +1,7 @@
-/* Shared library add-on to iptables to add realm matching support. */
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
-#include <ctype.h>
-#include <getopt.h>
#if defined(__GLIBC__) && __GLIBC__ == 2
#include <net/ethernet.h>
#else
@@ -14,6 +10,10 @@
#include <xtables.h>
#include <linux/netfilter_ipv4/ipt_realm.h>
+enum {
+ O_REALM = 0,
+};
+
static void realm_help(void)
{
printf(
@@ -22,168 +22,49 @@ static void realm_help(void)
" Match realm\n");
}
-static const struct option realm_opts[] = {
- { "realm", 1, NULL, '1' },
- { .name = NULL }
-};
-
-struct realmname {
- int id;
- char* name;
- int len;
- struct realmname* next;
+static const struct xt_option_entry realm_opts[] = {
+ {.name = "realm", .id = O_REALM, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
/* array of realms from /etc/iproute2/rt_realms */
-static struct realmname *realms;
-/* 1 if loading failed */
-static int rdberr;
+static struct xtables_lmap *realms;
-static void load_realms(void)
+static void realm_init(struct xt_entry_match *m)
{
- const char* rfnm = "/etc/iproute2/rt_realms";
- char buf[512];
- FILE *fil;
- char *cur, *nxt;
- int id;
- struct realmname *oldnm = NULL, *newnm = NULL;
-
- fil = fopen(rfnm, "r");
- if (!fil) {
- rdberr = 1;
- return;
- }
-
- while (fgets(buf, sizeof(buf), fil)) {
- cur = buf;
- while ((*cur == ' ') || (*cur == '\t'))
- cur++;
- if ((*cur == '#') || (*cur == '\n') || (*cur == 0))
- continue;
-
- /* iproute2 allows hex and dec format */
- errno = 0;
- id = strtoul(cur, &nxt, strncmp(cur, "0x", 2) ? 10 : 16);
- if ((nxt == cur) || errno)
- continue;
-
- /* same boundaries as in iproute2 */
- if (id < 0 || id > 255)
- continue;
- cur = nxt;
-
- if (!isspace(*cur))
- continue;
- while ((*cur == ' ') || (*cur == '\t'))
- cur++;
- if ((*cur == '#') || (*cur == '\n') || (*cur == 0))
- continue;
- nxt = cur;
- while ((*nxt != 0) && !isspace(*nxt))
- nxt++;
- if (nxt == cur)
- continue;
-
- /* found valid data */
- newnm = malloc(sizeof(struct realmname));
- if (newnm == NULL) {
- perror("libipt_realm: malloc failed");
- exit(1);
- }
- newnm->id = id;
- newnm->len = nxt - cur;
- newnm->name = malloc(newnm->len + 1);
- if (newnm->name == NULL) {
- perror("libipt_realm: malloc failed");
- exit(1);
- }
- strncpy(newnm->name, cur, newnm->len);
- newnm->name[newnm->len] = 0;
- newnm->next = NULL;
-
- if (oldnm)
- oldnm->next = newnm;
- else
- realms = newnm;
- oldnm = newnm;
- }
-
- fclose(fil);
+ const char file[] = "/etc/iproute2/rt_realms";
+ realms = xtables_lmap_init(file);
+ if (realms == NULL && errno != ENOENT)
+ fprintf(stderr, "Warning: %s: %s\n", file, strerror(errno));
}
-/* get realm id for name, -1 if error/not found */
-static int realm_name2id(const char* name)
+static void realm_parse(struct xt_option_call *cb)
{
- struct realmname* cur;
-
- if ((realms == NULL) && (rdberr == 0))
- load_realms();
- cur = realms;
- if (cur == NULL)
- return -1;
- while (cur) {
- if (!strncmp(name, cur->name, cur->len + 1))
- return cur->id;
- cur = cur->next;
- }
- return -1;
-}
-
-/* get realm name for id, NULL if error/not found */
-static const char *realm_id2name(int id)
-{
- struct realmname* cur;
-
- if ((realms == NULL) && (rdberr == 0))
- load_realms();
- cur = realms;
- if (cur == NULL)
- return NULL;
- while (cur) {
- if (id == cur->id)
- return cur->name;
- cur = cur->next;
- }
- return NULL;
-}
-
-static int realm_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct ipt_realm_info *realminfo = (struct ipt_realm_info *)(*match)->data;
+ struct xt_realm_info *realminfo = cb->data;
int id;
+ char *end;
- switch (c) {
- char *end;
- case '1':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- end = optarg = optarg;
- realminfo->id = strtoul(optarg, &end, 0);
- if (end != optarg && (*end == '/' || *end == '\0')) {
- if (*end == '/')
- realminfo->mask = strtoul(end+1, &end, 0);
- else
- realminfo->mask = 0xffffffff;
- if (*end != '\0' || end == optarg)
- xtables_error(PARAMETER_PROBLEM,
- "Bad realm value `%s'", optarg);
- } else {
- id = realm_name2id(optarg);
- if (id == -1)
- xtables_error(PARAMETER_PROBLEM,
- "Realm `%s' not found", optarg);
- realminfo->id = id;
+ xtables_option_parse(cb);
+ realminfo->id = strtoul(cb->arg, &end, 0);
+ if (end != cb->arg && (*end == '/' || *end == '\0')) {
+ if (*end == '/')
+ realminfo->mask = strtoul(end+1, &end, 0);
+ else
realminfo->mask = 0xffffffff;
- }
- if (invert)
- realminfo->invert = 1;
- *flags = 1;
- break;
-
- default:
- return 0;
+ if (*end != '\0' || end == cb->arg)
+ xtables_error(PARAMETER_PROBLEM,
+ "Bad realm value \"%s\"", cb->arg);
+ } else {
+ id = xtables_lmap_name2id(realms, cb->arg);
+ if (id == -1)
+ xtables_error(PARAMETER_PROBLEM,
+ "Realm \"%s\" not found", cb->arg);
+ realminfo->id = id;
+ realminfo->mask = 0xffffffff;
}
- return 1;
+ if (cb->invert)
+ realminfo->invert = 1;
}
static void
@@ -192,59 +73,52 @@ print_realm(unsigned long id, unsigned long mask, int numeric)
const char* name = NULL;
if (mask != 0xffffffff)
- printf("0x%lx/0x%lx ", id, mask);
+ printf(" 0x%lx/0x%lx", id, mask);
else {
if (numeric == 0)
- name = realm_id2name(id);
+ name = xtables_lmap_id2name(realms, id);
if (name)
- printf("%s ", name);
+ printf(" %s", name);
else
- printf("0x%lx ", id);
+ printf(" 0x%lx", id);
}
}
static void realm_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
- const struct ipt_realm_info *ri = (const void *)match->data;
+ const struct xt_realm_info *ri = (const void *)match->data;
if (ri->invert)
- printf("! ");
+ printf(" !");
- printf("realm ");
+ printf(" realm");
print_realm(ri->id, ri->mask, numeric);
}
static void realm_save(const void *ip, const struct xt_entry_match *match)
{
- const struct ipt_realm_info *ri = (const void *)match->data;
+ const struct xt_realm_info *ri = (const void *)match->data;
if (ri->invert)
- printf("! ");
+ printf(" !");
- printf("--realm ");
+ printf(" --realm");
print_realm(ri->id, ri->mask, 0);
}
-static void realm_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM,
- "realm match: You must specify `--realm'");
-}
-
static struct xtables_match realm_mt_reg = {
.name = "realm",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_realm_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_realm_info)),
+ .size = XT_ALIGN(sizeof(struct xt_realm_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_realm_info)),
.help = realm_help,
- .parse = realm_parse,
- .final_check = realm_check,
+ .init = realm_init,
.print = realm_print,
.save = realm_save,
- .extra_opts = realm_opts,
+ .x6_parse = realm_parse,
+ .x6_options = realm_opts,
};
void _init(void)
diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c
index e2fbcd5..5fe08cc 100644
--- a/extensions/libipt_ttl.c
+++ b/extensions/libipt_ttl.c
@@ -1,89 +1,51 @@
/* Shared library add-on to iptables to add TTL matching support
* (C) 2000 by Harald Welte <laforge@gnumonks.org>
*
- * $Id$
- *
* This program is released under the terms of GNU GPL */
-
#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <getopt.h>
#include <xtables.h>
-
#include <linux/netfilter_ipv4/ipt_ttl.h>
+enum {
+ O_TTL_EQ = 0,
+ O_TTL_LT,
+ O_TTL_GT,
+ F_TTL_EQ = 1 << O_TTL_EQ,
+ F_TTL_LT = 1 << O_TTL_LT,
+ F_TTL_GT = 1 << O_TTL_GT,
+ F_ANY = F_TTL_EQ | F_TTL_LT | F_TTL_GT,
+};
+
static void ttl_help(void)
{
printf(
"ttl match options:\n"
-" --ttl-eq value Match time to live value\n"
+"[!] --ttl-eq value Match time to live value\n"
" --ttl-lt value Match TTL < value\n"
" --ttl-gt value Match TTL > value\n");
}
-static int ttl_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void ttl_parse(struct xt_option_call *cb)
{
- struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data;
- unsigned int value;
-
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- switch (c) {
- case '2':
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "ttl: Expected value between 0 and 255");
-
- if (invert)
- info->mode = IPT_TTL_NE;
- else
- info->mode = IPT_TTL_EQ;
-
- /* is 0 allowed? */
- info->ttl = value;
- break;
- case '3':
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "ttl: Expected value between 0 and 255");
-
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "ttl: unexpected `!'");
-
- info->mode = IPT_TTL_LT;
- info->ttl = value;
- break;
- case '4':
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "ttl: Expected value between 0 and 255");
-
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "ttl: unexpected `!'");
-
- info->mode = IPT_TTL_GT;
- info->ttl = value;
- break;
- default:
- return 0;
-
+ struct ipt_ttl_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TTL_EQ:
+ info->mode = cb->invert ? IPT_TTL_NE : IPT_TTL_EQ;
+ break;
+ case O_TTL_LT:
+ info->mode = IPT_TTL_LT;
+ break;
+ case O_TTL_GT:
+ info->mode = IPT_TTL_GT;
+ break;
}
-
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify TTL option twice");
- *flags = 1;
-
- return 1;
}
-static void ttl_check(unsigned int flags)
+static void ttl_check(struct xt_fcheck_call *cb)
{
- if (!flags)
+ if (!(cb->xflags & F_ANY))
xtables_error(PARAMETER_PROBLEM,
"TTL match: You must specify one of "
"`--ttl-eq', `--ttl-lt', `--ttl-gt");
@@ -95,22 +57,22 @@ static void ttl_print(const void *ip, const struct xt_entry_match *match,
const struct ipt_ttl_info *info =
(struct ipt_ttl_info *) match->data;
- printf("TTL match ");
+ printf(" TTL match ");
switch (info->mode) {
case IPT_TTL_EQ:
- printf("TTL == ");
+ printf("TTL ==");
break;
case IPT_TTL_NE:
- printf("TTL != ");
+ printf("TTL !=");
break;
case IPT_TTL_LT:
- printf("TTL < ");
+ printf("TTL <");
break;
case IPT_TTL_GT:
- printf("TTL > ");
+ printf("TTL >");
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
static void ttl_save(const void *ip, const struct xt_entry_match *match)
@@ -120,31 +82,37 @@ static void ttl_save(const void *ip, const struct xt_entry_match *match)
switch (info->mode) {
case IPT_TTL_EQ:
- printf("--ttl-eq ");
+ printf(" --ttl-eq");
break;
case IPT_TTL_NE:
- printf("! --ttl-eq ");
+ printf(" ! --ttl-eq");
break;
case IPT_TTL_LT:
- printf("--ttl-lt ");
+ printf(" --ttl-lt");
break;
case IPT_TTL_GT:
- printf("--ttl-gt ");
+ printf(" --ttl-gt");
break;
default:
/* error */
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
-static const struct option ttl_opts[] = {
- { "ttl", 1, NULL, '2' },
- { "ttl-eq", 1, NULL, '2'},
- { "ttl-lt", 1, NULL, '3'},
- { "ttl-gt", 1, NULL, '4'},
- { .name = NULL }
+#define s struct ipt_ttl_info
+static const struct xt_option_entry ttl_opts[] = {
+ {.name = "ttl-lt", .id = O_TTL_LT, .excl = F_ANY, .type = XTTYPE_UINT8,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)},
+ {.name = "ttl-gt", .id = O_TTL_GT, .excl = F_ANY, .type = XTTYPE_UINT8,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)},
+ {.name = "ttl-eq", .id = O_TTL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, ttl)},
+ {.name = "ttl", .id = O_TTL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)},
+ XTOPT_TABLEEND,
};
+#undef s
static struct xtables_match ttl_mt_reg = {
.name = "ttl",
@@ -153,11 +121,11 @@ static struct xtables_match ttl_mt_reg = {
.size = XT_ALIGN(sizeof(struct ipt_ttl_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_ttl_info)),
.help = ttl_help,
- .parse = ttl_parse,
- .final_check = ttl_check,
.print = ttl_print,
.save = ttl_save,
- .extra_opts = ttl_opts,
+ .x6_parse = ttl_parse,
+ .x6_fcheck = ttl_check,
+ .x6_options = ttl_opts,
};
diff --git a/extensions/libipt_ttl.man b/extensions/libipt_ttl.man
index 849f704..1f32277 100644
--- a/extensions/libipt_ttl.man
+++ b/extensions/libipt_ttl.man
@@ -1,6 +1,6 @@
This module matches the time to live field in the IP header.
.TP
-\fB\-\-ttl\-eq\fP \fIttl\fP
+[\fB!\fP] \fB\-\-ttl\-eq\fP \fIttl\fP
Matches the given TTL value.
.TP
\fB\-\-ttl\-gt\fP \fIttl\fP
diff --git a/extensions/libxt_AUDIT.c b/extensions/libxt_AUDIT.c
new file mode 100644
index 0000000..86a61cb
--- /dev/null
+++ b/extensions/libxt_AUDIT.c
@@ -0,0 +1,101 @@
+/* Shared library add-on to xtables for AUDIT
+ *
+ * (C) 2010-2011, Thomas Graf <tgraf@redhat.com>
+ * (C) 2010-2011, Red Hat, Inc.
+ *
+ * This program is distributed under the terms of GNU GPL v2, 1991
+ */
+#include <stdio.h>
+#include <string.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_AUDIT.h>
+
+enum {
+ O_AUDIT_TYPE = 0,
+};
+
+static void audit_help(void)
+{
+ printf(
+"AUDIT target options\n"
+" --type TYPE Action type to be recorded.\n");
+}
+
+static const struct xt_option_entry audit_opts[] = {
+ {.name = "type", .id = O_AUDIT_TYPE, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND},
+ XTOPT_TABLEEND,
+};
+
+static void audit_parse(struct xt_option_call *cb)
+{
+ struct xt_audit_info *einfo = cb->data;
+
+ xtables_option_parse(cb);
+ if (strcasecmp(cb->arg, "accept") == 0)
+ einfo->type = XT_AUDIT_TYPE_ACCEPT;
+ else if (strcasecmp(cb->arg, "drop") == 0)
+ einfo->type = XT_AUDIT_TYPE_DROP;
+ else if (strcasecmp(cb->arg, "reject") == 0)
+ einfo->type = XT_AUDIT_TYPE_REJECT;
+ else
+ xtables_error(PARAMETER_PROBLEM,
+ "Bad action type value \"%s\"", cb->arg);
+}
+
+static void audit_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct xt_audit_info *einfo =
+ (const struct xt_audit_info *)target->data;
+
+ printf(" AUDIT ");
+
+ switch(einfo->type) {
+ case XT_AUDIT_TYPE_ACCEPT:
+ printf("accept");
+ break;
+ case XT_AUDIT_TYPE_DROP:
+ printf("drop");
+ break;
+ case XT_AUDIT_TYPE_REJECT:
+ printf("reject");
+ break;
+ }
+}
+
+static void audit_save(const void *ip, const struct xt_entry_target *target)
+{
+ const struct xt_audit_info *einfo =
+ (const struct xt_audit_info *)target->data;
+
+ switch(einfo->type) {
+ case XT_AUDIT_TYPE_ACCEPT:
+ printf(" --type accept");
+ break;
+ case XT_AUDIT_TYPE_DROP:
+ printf(" --type drop");
+ break;
+ case XT_AUDIT_TYPE_REJECT:
+ printf(" --type reject");
+ break;
+ }
+}
+
+static struct xtables_target audit_tg_reg = {
+ .name = "AUDIT",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_audit_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_audit_info)),
+ .help = audit_help,
+ .print = audit_print,
+ .save = audit_save,
+ .x6_parse = audit_parse,
+ .x6_options = audit_opts,
+};
+
+void _init(void)
+{
+ xtables_register_target(&audit_tg_reg);
+}
diff --git a/extensions/libxt_AUDIT.man b/extensions/libxt_AUDIT.man
new file mode 100644
index 0000000..cd79696
--- /dev/null
+++ b/extensions/libxt_AUDIT.man
@@ -0,0 +1,14 @@
+This target allows to create audit records for packets hitting the target.
+It can be used to record accepted, dropped, and rejected packets. See
+auditd(8) for additional details.
+.TP
+\fB\-\-type\fP {\fBaccept\fP|\fBdrop\fP|\fBreject\fP}
+Set type of audit record.
+.PP
+Example:
+.IP
+iptables \-N AUDIT_DROP
+.IP
+iptables \-A AUDIT_DROP \-j AUDIT \-\-type drop
+.IP
+iptables \-A AUDIT_DROP \-j DROP
diff --git a/extensions/libxt_CHECKSUM.c b/extensions/libxt_CHECKSUM.c
new file mode 100644
index 0000000..df9f9b3
--- /dev/null
+++ b/extensions/libxt_CHECKSUM.c
@@ -0,0 +1,77 @@
+/* Shared library add-on to xtables for CHECKSUM
+ *
+ * (C) 2002 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2010 by Red Hat, Inc
+ * Author: Michael S. Tsirkin <mst@redhat.com>
+ *
+ * This program is distributed under the terms of GNU GPL v2, 1991
+ *
+ * libxt_CHECKSUM.c borrowed some bits from libipt_ECN.c
+ */
+#include <stdio.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_CHECKSUM.h>
+
+enum {
+ O_CHECKSUM_FILL = 0,
+};
+
+static void CHECKSUM_help(void)
+{
+ printf(
+"CHECKSUM target options\n"
+" --checksum-fill Fill in packet checksum.\n");
+}
+
+static const struct xt_option_entry CHECKSUM_opts[] = {
+ {.name = "checksum-fill", .id = O_CHECKSUM_FILL,
+ .flags = XTOPT_MAND, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
+};
+
+static void CHECKSUM_parse(struct xt_option_call *cb)
+{
+ struct xt_CHECKSUM_info *einfo = cb->data;
+
+ xtables_option_parse(cb);
+ einfo->operation = XT_CHECKSUM_OP_FILL;
+}
+
+static void CHECKSUM_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct xt_CHECKSUM_info *einfo =
+ (const struct xt_CHECKSUM_info *)target->data;
+
+ printf(" CHECKSUM");
+
+ if (einfo->operation & XT_CHECKSUM_OP_FILL)
+ printf(" fill");
+}
+
+static void CHECKSUM_save(const void *ip, const struct xt_entry_target *target)
+{
+ const struct xt_CHECKSUM_info *einfo =
+ (const struct xt_CHECKSUM_info *)target->data;
+
+ if (einfo->operation & XT_CHECKSUM_OP_FILL)
+ printf(" --checksum-fill");
+}
+
+static struct xtables_target checksum_tg_reg = {
+ .name = "CHECKSUM",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)),
+ .help = CHECKSUM_help,
+ .print = CHECKSUM_print,
+ .save = CHECKSUM_save,
+ .x6_parse = CHECKSUM_parse,
+ .x6_options = CHECKSUM_opts,
+};
+
+void _init(void)
+{
+ xtables_register_target(&checksum_tg_reg);
+}
diff --git a/extensions/libxt_CHECKSUM.man b/extensions/libxt_CHECKSUM.man
new file mode 100644
index 0000000..92ae700
--- /dev/null
+++ b/extensions/libxt_CHECKSUM.man
@@ -0,0 +1,8 @@
+This target allows to selectively work around broken/old applications.
+It can only be used in the mangle table.
+.TP
+\fB\-\-checksum\-fill\fP
+Compute and fill in the checksum in a packet that lacks a checksum.
+This is particularly useful, if you need to work around old applications
+such as dhcp clients, that do not work well with checksum offloads,
+but don't want to disable checksum offload in your device.
diff --git a/extensions/libxt_CLASSIFY.c b/extensions/libxt_CLASSIFY.c
index 82b8f4e..e04657a 100644
--- a/extensions/libxt_CLASSIFY.c
+++ b/extensions/libxt_CLASSIFY.c
@@ -1,15 +1,16 @@
-/* Shared library add-on to iptables to add CLASSIFY target support. */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
+/*
+ * Copyright (c) 2003-2013 Patrick McHardy <kaber@trash.net>
+ */
+#include <stdio.h>
#include <xtables.h>
-#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_CLASSIFY.h>
-#include <linux/types.h>
#include <linux/pkt_sched.h>
+enum {
+ O_SET_CLASS = 0,
+};
+
static void
CLASSIFY_help(void)
{
@@ -18,9 +19,10 @@ CLASSIFY_help(void)
"--set-class MAJOR:MINOR Set skb->priority value (always hexadecimal!)\n");
}
-static const struct option CLASSIFY_opts[] = {
- { "set-class", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry CLASSIFY_opts[] = {
+ {.name = "set-class", .id = O_SET_CLASS, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND},
+ XTOPT_TABLEEND,
};
static int CLASSIFY_string_to_priority(const char *s, unsigned int *p)
@@ -34,44 +36,20 @@ static int CLASSIFY_string_to_priority(const char *s, unsigned int *p)
return 0;
}
-static int
-CLASSIFY_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- struct xt_entry_target **target)
+static void CLASSIFY_parse(struct xt_option_call *cb)
{
- struct xt_classify_target_info *clinfo
- = (struct xt_classify_target_info *)(*target)->data;
-
- switch (c) {
- case '1':
- if (CLASSIFY_string_to_priority(optarg, &clinfo->priority))
- xtables_error(PARAMETER_PROBLEM,
- "Bad class value `%s'", optarg);
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "CLASSIFY: Can't specify --set-class twice");
- *flags = 1;
- break;
+ struct xt_classify_target_info *clinfo = cb->data;
- default:
- return 0;
- }
-
- return 1;
-}
-
-static void
-CLASSIFY_final_check(unsigned int flags)
-{
- if (!flags)
+ xtables_option_parse(cb);
+ if (CLASSIFY_string_to_priority(cb->arg, &clinfo->priority))
xtables_error(PARAMETER_PROBLEM,
- "CLASSIFY: Parameter --set-class is required");
+ "Bad class value \"%s\"", cb->arg);
}
static void
CLASSIFY_print_class(unsigned int priority, int numeric)
{
- printf("%x:%x ", TC_H_MAJ(priority)>>16, TC_H_MIN(priority));
+ printf(" %x:%x", TC_H_MAJ(priority)>>16, TC_H_MIN(priority));
}
static void
@@ -81,7 +59,7 @@ CLASSIFY_print(const void *ip,
{
const struct xt_classify_target_info *clinfo =
(const struct xt_classify_target_info *)target->data;
- printf("CLASSIFY set ");
+ printf(" CLASSIFY set");
CLASSIFY_print_class(clinfo->priority, numeric);
}
@@ -91,7 +69,7 @@ CLASSIFY_save(const void *ip, const struct xt_entry_target *target)
const struct xt_classify_target_info *clinfo =
(const struct xt_classify_target_info *)target->data;
- printf("--set-class %.4x:%.4x ",
+ printf(" --set-class %.4x:%.4x",
TC_H_MAJ(clinfo->priority)>>16, TC_H_MIN(clinfo->priority));
}
@@ -102,11 +80,10 @@ static struct xtables_target classify_target = {
.size = XT_ALIGN(sizeof(struct xt_classify_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_classify_target_info)),
.help = CLASSIFY_help,
- .parse = CLASSIFY_parse,
- .final_check = CLASSIFY_final_check,
.print = CLASSIFY_print,
.save = CLASSIFY_save,
- .extra_opts = CLASSIFY_opts,
+ .x6_parse = CLASSIFY_parse,
+ .x6_options = CLASSIFY_opts,
};
void _init(void)
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 6aba5f3..5d5351e 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -19,24 +19,41 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+#include <stdbool.h>
+#include <stdint.h>
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
-#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_CONNMARK.h>
struct xt_connmark_target_info {
unsigned long mark;
unsigned long mask;
- u_int8_t mode;
+ uint8_t mode;
};
enum {
- F_MARK = 1 << 0,
- F_SR_MARK = 1 << 1,
+ O_SET_MARK = 0,
+ O_SAVE_MARK,
+ O_RESTORE_MARK,
+ O_AND_MARK,
+ O_OR_MARK,
+ O_XOR_MARK,
+ O_SET_XMARK,
+ O_CTMASK,
+ O_NFMASK,
+ O_MASK,
+ F_SET_MARK = 1 << O_SET_MARK,
+ F_SAVE_MARK = 1 << O_SAVE_MARK,
+ F_RESTORE_MARK = 1 << O_RESTORE_MARK,
+ F_AND_MARK = 1 << O_AND_MARK,
+ F_OR_MARK = 1 << O_OR_MARK,
+ F_XOR_MARK = 1 << O_XOR_MARK,
+ F_SET_XMARK = 1 << O_SET_XMARK,
+ F_CTMASK = 1 << O_CTMASK,
+ F_NFMASK = 1 << O_NFMASK,
+ F_MASK = 1 << O_MASK,
+ F_OP_ANY = F_SET_MARK | F_SAVE_MARK | F_RESTORE_MARK |
+ F_AND_MARK | F_OR_MARK | F_XOR_MARK | F_SET_XMARK,
};
static void CONNMARK_help(void)
@@ -48,27 +65,44 @@ static void CONNMARK_help(void)
" --restore-mark [--mask mask] Restore saved nfmark value\n");
}
-static const struct option CONNMARK_opts[] = {
- { "set-mark", 1, NULL, '1' },
- { "save-mark", 0, NULL, '2' },
- { "restore-mark", 0, NULL, '3' },
- { "mask", 1, NULL, '4' },
- { .name = NULL }
+#define s struct xt_connmark_target_info
+static const struct xt_option_entry CONNMARK_opts[] = {
+ {.name = "set-mark", .id = O_SET_MARK, .type = XTTYPE_MARKMASK32,
+ .excl = F_OP_ANY},
+ {.name = "save-mark", .id = O_SAVE_MARK, .type = XTTYPE_NONE,
+ .excl = F_OP_ANY},
+ {.name = "restore-mark", .id = O_RESTORE_MARK, .type = XTTYPE_NONE,
+ .excl = F_OP_ANY},
+ {.name = "mask", .id = O_MASK, .type = XTTYPE_UINT32},
+ XTOPT_TABLEEND,
};
-
-static const struct option connmark_tg_opts[] = {
- {.name = "set-xmark", .has_arg = true, .val = '='},
- {.name = "set-mark", .has_arg = true, .val = '-'},
- {.name = "and-mark", .has_arg = true, .val = '&'},
- {.name = "or-mark", .has_arg = true, .val = '|'},
- {.name = "xor-mark", .has_arg = true, .val = '^'},
- {.name = "save-mark", .has_arg = false, .val = 'S'},
- {.name = "restore-mark", .has_arg = false, .val = 'R'},
- {.name = "ctmask", .has_arg = true, .val = 'c'},
- {.name = "nfmask", .has_arg = true, .val = 'n'},
- {.name = "mask", .has_arg = true, .val = 'm'},
- {.name = NULL},
+#undef s
+
+#define s struct xt_connmark_tginfo1
+static const struct xt_option_entry connmark_tg_opts[] = {
+ {.name = "set-xmark", .id = O_SET_XMARK, .type = XTTYPE_MARKMASK32,
+ .excl = F_OP_ANY},
+ {.name = "set-mark", .id = O_SET_MARK, .type = XTTYPE_MARKMASK32,
+ .excl = F_OP_ANY},
+ {.name = "and-mark", .id = O_AND_MARK, .type = XTTYPE_UINT32,
+ .excl = F_OP_ANY},
+ {.name = "or-mark", .id = O_OR_MARK, .type = XTTYPE_UINT32,
+ .excl = F_OP_ANY},
+ {.name = "xor-mark", .id = O_XOR_MARK, .type = XTTYPE_UINT32,
+ .excl = F_OP_ANY},
+ {.name = "save-mark", .id = O_SAVE_MARK, .type = XTTYPE_NONE,
+ .excl = F_OP_ANY},
+ {.name = "restore-mark", .id = O_RESTORE_MARK, .type = XTTYPE_NONE,
+ .excl = F_OP_ANY},
+ {.name = "ctmask", .id = O_CTMASK, .type = XTTYPE_UINT32,
+ .excl = F_MASK, .flags = XTOPT_PUT, XTOPT_POINTER(s, ctmask)},
+ {.name = "nfmask", .id = O_NFMASK, .type = XTTYPE_UINT32,
+ .excl = F_MASK, .flags = XTOPT_PUT, XTOPT_POINTER(s, nfmask)},
+ {.name = "mask", .id = O_MASK, .type = XTTYPE_UINT32,
+ .excl = F_CTMASK | F_NFMASK},
+ XTOPT_TABLEEND,
};
+#undef s
static void connmark_tg_help(void)
{
@@ -100,165 +134,75 @@ static void connmark_tg_init(struct xt_entry_target *target)
info->nfmask = UINT32_MAX;
}
-static int
-CONNMARK_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void CONNMARK_parse(struct xt_option_call *cb)
{
- struct xt_connmark_target_info *markinfo
- = (struct xt_connmark_target_info *)(*target)->data;
+ struct xt_connmark_target_info *markinfo = cb->data;
- switch (c) {
- char *end;
- case '1':
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SET_MARK:
markinfo->mode = XT_CONNMARK_SET;
-
- markinfo->mark = strtoul(optarg, &end, 0);
- if (*end == '/' && end[1] != '\0')
- markinfo->mask = strtoul(end+1, &end, 0);
-
- if (*end != '\0' || end == optarg)
- xtables_error(PARAMETER_PROBLEM, "Bad MARK value \"%s\"", optarg);
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "CONNMARK target: Can't specify --set-mark twice");
- *flags = 1;
+ markinfo->mark = cb->val.mark;
+ markinfo->mask = cb->val.mask;
break;
- case '2':
+ case O_SAVE_MARK:
markinfo->mode = XT_CONNMARK_SAVE;
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "CONNMARK target: Can't specify --save-mark twice");
- *flags = 1;
break;
- case '3':
+ case O_RESTORE_MARK:
markinfo->mode = XT_CONNMARK_RESTORE;
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "CONNMARK target: Can't specify --restore-mark twice");
- *flags = 1;
break;
- case '4':
- if (!*flags)
- xtables_error(PARAMETER_PROBLEM,
- "CONNMARK target: Can't specify --mask without a operation");
- markinfo->mask = strtoul(optarg, &end, 0);
-
- if (*end != '\0' || end == optarg)
- xtables_error(PARAMETER_PROBLEM, "Bad MASK value \"%s\"", optarg);
+ case O_MASK:
+ markinfo->mask = cb->val.u32;
break;
- default:
- return 0;
}
-
- return 1;
}
-static int connmark_tg_parse(int c, char **argv, int invert,
- unsigned int *flags, const void *entry,
- struct xt_entry_target **target)
+static void connmark_tg_parse(struct xt_option_call *cb)
{
- struct xt_connmark_tginfo1 *info = (void *)(*target)->data;
- unsigned int value, mask = UINT32_MAX;
- char *end;
+ struct xt_connmark_tginfo1 *info = cb->data;
- switch (c) {
- case '=': /* --set-xmark */
- case '-': /* --set-mark */
- xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
- if (!xtables_strtoui(optarg, &end, &value, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg);
- if (*end == '/')
- if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg);
- if (*end != '\0')
- xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--set-xmark/--set-mark", optarg);
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SET_XMARK:
info->mode = XT_CONNMARK_SET;
- info->ctmark = value;
- info->ctmask = mask;
- if (c == '-')
- info->ctmask |= value;
- *flags |= F_MARK;
- return true;
-
- case '&': /* --and-mark */
- xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
- if (!xtables_strtoui(optarg, NULL, &mask, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--and-mark", optarg);
+ info->ctmark = cb->val.mark;
+ info->ctmask = cb->val.mask;
+ break;
+ case O_SET_MARK:
+ info->mode = XT_CONNMARK_SET;
+ info->ctmark = cb->val.mark;
+ info->ctmask = cb->val.mark | cb->val.mask;
+ break;
+ case O_AND_MARK:
info->mode = XT_CONNMARK_SET;
info->ctmark = 0;
- info->ctmask = ~mask;
- *flags |= F_MARK;
- return true;
-
- case '|': /* --or-mark */
- xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--or-mark", optarg);
+ info->ctmask = ~cb->val.u32;
+ break;
+ case O_OR_MARK:
info->mode = XT_CONNMARK_SET;
- info->ctmark = value;
- info->ctmask = value;
- *flags |= F_MARK;
- return true;
-
- case '^': /* --xor-mark */
- xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--xor-mark", optarg);
+ info->ctmark = cb->val.u32;
+ info->ctmask = cb->val.u32;
+ break;
+ case O_XOR_MARK:
info->mode = XT_CONNMARK_SET;
- info->ctmark = value;
+ info->ctmark = cb->val.u32;
info->ctmask = 0;
- *flags |= F_MARK;
- return true;
-
- case 'S': /* --save-mark */
- xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
+ break;
+ case O_SAVE_MARK:
info->mode = XT_CONNMARK_SAVE;
- *flags |= F_MARK | F_SR_MARK;
- return true;
-
- case 'R': /* --restore-mark */
- xtables_param_act(XTF_ONE_ACTION, "CONNMARK", *flags & F_MARK);
+ break;
+ case O_RESTORE_MARK:
info->mode = XT_CONNMARK_RESTORE;
- *flags |= F_MARK | F_SR_MARK;
- return true;
-
- case 'n': /* --nfmask */
- if (!(*flags & F_SR_MARK))
- xtables_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
- "or --restore-mark is required for "
- "--nfmask");
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--nfmask", optarg);
- info->nfmask = value;
- return true;
-
- case 'c': /* --ctmask */
- if (!(*flags & F_SR_MARK))
- xtables_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
- "or --restore-mark is required for "
- "--ctmask");
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--ctmask", optarg);
- info->ctmask = value;
- return true;
-
- case 'm': /* --mask */
- if (!(*flags & F_SR_MARK))
- xtables_error(PARAMETER_PROBLEM, "CONNMARK: --save-mark "
- "or --restore-mark is required for "
- "--mask");
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "CONNMARK", "--mask", optarg);
- info->nfmask = info->ctmask = value;
- return true;
+ break;
+ case O_MASK:
+ info->nfmask = info->ctmask = cb->val.u32;
+ break;
}
-
- return false;
}
-static void connmark_tg_check(unsigned int flags)
+static void connmark_tg_check(struct xt_fcheck_call *cb)
{
- if (!flags)
+ if (!(cb->xflags & F_OP_ANY))
xtables_error(PARAMETER_PROBLEM,
"CONNMARK target: No operation specified");
}
@@ -283,22 +227,20 @@ static void CONNMARK_print(const void *ip,
(const struct xt_connmark_target_info *)target->data;
switch (markinfo->mode) {
case XT_CONNMARK_SET:
- printf("CONNMARK set ");
+ printf(" CONNMARK set ");
print_mark(markinfo->mark);
print_mask("/", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_SAVE:
- printf("CONNMARK save ");
+ printf(" CONNMARK save ");
print_mask("mask ", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_RESTORE:
- printf("CONNMARK restore ");
+ printf(" CONNMARK restore ");
print_mask("mask ", markinfo->mask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE ");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
@@ -312,39 +254,39 @@ connmark_tg_print(const void *ip, const struct xt_entry_target *target,
switch (info->mode) {
case XT_CONNMARK_SET:
if (info->ctmark == 0)
- printf("CONNMARK and 0x%x ",
- (unsigned int)(u_int32_t)~info->ctmask);
+ printf(" CONNMARK and 0x%x",
+ (unsigned int)(uint32_t)~info->ctmask);
else if (info->ctmark == info->ctmask)
- printf("CONNMARK or 0x%x ", info->ctmark);
+ printf(" CONNMARK or 0x%x", info->ctmark);
else if (info->ctmask == 0)
- printf("CONNMARK xor 0x%x ", info->ctmark);
+ printf(" CONNMARK xor 0x%x", info->ctmark);
else if (info->ctmask == 0xFFFFFFFFU)
- printf("CONNMARK set 0x%x ", info->ctmark);
+ printf(" CONNMARK set 0x%x", info->ctmark);
else
- printf("CONNMARK xset 0x%x/0x%x ",
+ printf(" CONNMARK xset 0x%x/0x%x",
info->ctmark, info->ctmask);
break;
case XT_CONNMARK_SAVE:
if (info->nfmask == UINT32_MAX && info->ctmask == UINT32_MAX)
- printf("CONNMARK save ");
+ printf(" CONNMARK save");
else if (info->nfmask == info->ctmask)
- printf("CONNMARK save mask 0x%x ", info->nfmask);
+ printf(" CONNMARK save mask 0x%x", info->nfmask);
else
- printf("CONNMARK save nfmask 0x%x ctmask ~0x%x ",
+ printf(" CONNMARK save nfmask 0x%x ctmask ~0x%x",
info->nfmask, info->ctmask);
break;
case XT_CONNMARK_RESTORE:
if (info->ctmask == UINT32_MAX && info->nfmask == UINT32_MAX)
- printf("CONNMARK restore ");
+ printf(" CONNMARK restore");
else if (info->ctmask == info->nfmask)
- printf("CONNMARK restore mask 0x%x ", info->ctmask);
+ printf(" CONNMARK restore mask 0x%x", info->ctmask);
else
- printf("CONNMARK restore ctmask 0x%x nfmask ~0x%x ",
+ printf(" CONNMARK restore ctmask 0x%x nfmask ~0x%x",
info->ctmask, info->nfmask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
@@ -356,21 +298,20 @@ static void CONNMARK_save(const void *ip, const struct xt_entry_target *target)
switch (markinfo->mode) {
case XT_CONNMARK_SET:
- printf("--set-mark ");
+ printf(" --set-mark ");
print_mark(markinfo->mark);
print_mask("/", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_SAVE:
- printf("--save-mark ");
+ printf(" --save-mark ");
print_mask("--mask ", markinfo->mask);
break;
case XT_CONNMARK_RESTORE:
- printf("--restore-mark ");
+ printf(" --restore-mark ");
print_mask("--mask ", markinfo->mask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE ");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
@@ -390,18 +331,18 @@ connmark_tg_save(const void *ip, const struct xt_entry_target *target)
switch (info->mode) {
case XT_CONNMARK_SET:
- printf("--set-xmark 0x%x/0x%x ", info->ctmark, info->ctmask);
+ printf(" --set-xmark 0x%x/0x%x", info->ctmark, info->ctmask);
break;
case XT_CONNMARK_SAVE:
- printf("--save-mark --nfmask 0x%x --ctmask 0x%x ",
+ printf(" --save-mark --nfmask 0x%x --ctmask 0x%x",
info->nfmask, info->ctmask);
break;
case XT_CONNMARK_RESTORE:
- printf("--restore-mark --nfmask 0x%x --ctmask 0x%x ",
+ printf(" --restore-mark --nfmask 0x%x --ctmask 0x%x",
info->nfmask, info->ctmask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
@@ -416,11 +357,11 @@ static struct xtables_target connmark_tg_reg[] = {
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
.help = CONNMARK_help,
.init = CONNMARK_init,
- .parse = CONNMARK_parse,
- .final_check = connmark_tg_check,
.print = CONNMARK_print,
.save = CONNMARK_save,
- .extra_opts = CONNMARK_opts,
+ .x6_parse = CONNMARK_parse,
+ .x6_fcheck = connmark_tg_check,
+ .x6_options = CONNMARK_opts,
},
{
.version = XTABLES_VERSION,
@@ -431,11 +372,11 @@ static struct xtables_target connmark_tg_reg[] = {
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
.help = connmark_tg_help,
.init = connmark_tg_init,
- .parse = connmark_tg_parse,
- .final_check = connmark_tg_check,
.print = connmark_tg_print,
.save = connmark_tg_save,
- .extra_opts = connmark_tg_opts,
+ .x6_parse = connmark_tg_parse,
+ .x6_fcheck = connmark_tg_check,
+ .x6_options = connmark_tg_opts,
},
};
diff --git a/extensions/libxt_CONNMARK.man b/extensions/libxt_CONNMARK.man
index 13c6b4b..9317923 100644
--- a/extensions/libxt_CONNMARK.man
+++ b/extensions/libxt_CONNMARK.man
@@ -2,7 +2,7 @@ This module sets the netfilter mark value associated with a connection. The
mark is 32 bits wide.
.TP
\fB\-\-set\-xmark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
-Zero out the bits given by \fImask\fR and XOR \fIvalue\fR into the ctmark.
+Zero out the bits given by \fImask\fP and XOR \fIvalue\fP into the ctmark.
.TP
\fB\-\-save\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
Copy the packet mark (nfmark) to the connection mark (ctmark) using the given
@@ -10,18 +10,18 @@ masks. The new nfmark value is determined as follows:
.IP
ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)
.IP
-i.e. \fIctmask\fR defines what bits to clear and \fInfmask\fR what bits of the
-nfmark to XOR into the ctmark. \fIctmask\fR and \fInfmask\fR default to
+i.e. \fIctmask\fP defines what bits to clear and \fInfmask\fP what bits of the
+nfmark to XOR into the ctmark. \fIctmask\fP and \fInfmask\fP default to
0xFFFFFFFF.
.TP
\fB\-\-restore\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
Copy the connection mark (ctmark) to the packet mark (nfmark) using the given
masks. The new ctmark value is determined as follows:
.IP
-nfmark = (nfmark & ~\fInfmask\fR) ^ (ctmark & \fIctmask\fR);
+nfmark = (nfmark & ~\fInfmask\fP) ^ (ctmark & \fIctmask\fP);
.IP
-i.e. \fInfmask\fR defines what bits to clear and \fIctmask\fR what bits of the
-ctmark to XOR into the nfmark. \fIctmask\fR and \fInfmask\fR default to
+i.e. \fInfmask\fP defines what bits to clear and \fIctmask\fP what bits of the
+ctmark to XOR into the nfmark. \fIctmask\fP and \fInfmask\fP default to
0xFFFFFFFF.
.IP
\fB\-\-restore\-mark\fP is only valid in the \fBmangle\fP table.
@@ -29,16 +29,16 @@ ctmark to XOR into the nfmark. \fIctmask\fR and \fInfmask\fR default to
The following mnemonics are available for \fB\-\-set\-xmark\fP:
.TP
\fB\-\-and\-mark\fP \fIbits\fP
-Binary AND the ctmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark
-0/\fR\fIinvbits\fR, where \fIinvbits\fR is the binary negation of \fIbits\fR.)
+Binary AND the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark
+0/\fP\fIinvbits\fP, where \fIinvbits\fP is the binary negation of \fIbits\fP.)
.TP
\fB\-\-or\-mark\fP \fIbits\fP
-Binary OR the ctmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark\fP
-\fIbits\fR\fB/\fR\fIbits\fR.)
+Binary OR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
+\fIbits\fP\fB/\fP\fIbits\fP.)
.TP
\fB\-\-xor\-mark\fP \fIbits\fP
-Binary XOR the ctmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark\fP
-\fIbits\fR\fB/0\fR.)
+Binary XOR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
+\fIbits\fP\fB/0\fP.)
.TP
\fB\-\-set\-mark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
Set the connection mark. If a mask is specified then only those bits set in the
@@ -50,4 +50,4 @@ copied.
.TP
\fB\-\-restore\-mark\fP [\fB\-\-mask\fP \fImask\fP]
Copy the ctmark to the nfmark. If a mask is specified, only those bits are
-copied. This is only valid in the \fBmangle\fR table.
+copied. This is only valid in the \fBmangle\fP table.
diff --git a/extensions/libxt_CONNSECMARK.c b/extensions/libxt_CONNSECMARK.c
index d95339f..0b3cd79 100644
--- a/extensions/libxt_CONNSECMARK.c
+++ b/extensions/libxt_CONNSECMARK.c
@@ -6,14 +6,18 @@
* Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
*/
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter/xt_CONNSECMARK.h>
#define PFX "CONNSECMARK target: "
+enum {
+ O_SAVE = 0,
+ O_RESTORE,
+ F_SAVE = 1 << O_SAVE,
+ F_RESTORE = 1 << O_RESTORE,
+};
+
static void CONNSECMARK_help(void)
{
printf(
@@ -22,62 +26,43 @@ static void CONNSECMARK_help(void)
" --restore Copy security mark from connection to packet\n");
}
-static const struct option CONNSECMARK_opts[] = {
- { "save", 0, NULL, '1' },
- { "restore", 0, NULL, '2' },
- { .name = NULL }
+static const struct xt_option_entry CONNSECMARK_opts[] = {
+ {.name = "save", .id = O_SAVE, .excl = F_RESTORE, .type = XTTYPE_NONE},
+ {.name = "restore", .id = O_RESTORE, .excl = F_SAVE,
+ .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
-static int
-CONNSECMARK_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void CONNSECMARK_parse(struct xt_option_call *cb)
{
- struct xt_connsecmark_target_info *info =
- (struct xt_connsecmark_target_info*)(*target)->data;
+ struct xt_connsecmark_target_info *info = cb->data;
- switch (c) {
- case '1':
- if (*flags & CONNSECMARK_SAVE)
- xtables_error(PARAMETER_PROBLEM, PFX
- "Can't specify --save twice");
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SAVE:
info->mode = CONNSECMARK_SAVE;
- *flags |= CONNSECMARK_SAVE;
break;
-
- case '2':
- if (*flags & CONNSECMARK_RESTORE)
- xtables_error(PARAMETER_PROBLEM, PFX
- "Can't specify --restore twice");
+ case O_RESTORE:
info->mode = CONNSECMARK_RESTORE;
- *flags |= CONNSECMARK_RESTORE;
break;
-
- default:
- return 0;
}
-
- return 1;
}
-static void CONNSECMARK_check(unsigned int flags)
+static void CONNSECMARK_check(struct xt_fcheck_call *cb)
{
- if (!flags)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM, PFX "parameter required");
-
- if (flags == (CONNSECMARK_SAVE|CONNSECMARK_RESTORE))
- xtables_error(PARAMETER_PROBLEM, PFX "only one flag of --save "
- "or --restore is allowed");
}
static void print_connsecmark(const struct xt_connsecmark_target_info *info)
{
switch (info->mode) {
case CONNSECMARK_SAVE:
- printf("save ");
+ printf("save");
break;
case CONNSECMARK_RESTORE:
- printf("restore ");
+ printf("restore");
break;
default:
@@ -92,7 +77,7 @@ CONNSECMARK_print(const void *ip, const struct xt_entry_target *target,
const struct xt_connsecmark_target_info *info =
(struct xt_connsecmark_target_info*)(target)->data;
- printf("CONNSECMARK ");
+ printf(" CONNSECMARK ");
print_connsecmark(info);
}
@@ -102,7 +87,7 @@ CONNSECMARK_save(const void *ip, const struct xt_entry_target *target)
const struct xt_connsecmark_target_info *info =
(struct xt_connsecmark_target_info*)target->data;
- printf("--");
+ printf(" --");
print_connsecmark(info);
}
@@ -113,12 +98,12 @@ static struct xtables_target connsecmark_target = {
.revision = 0,
.size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
- .parse = CONNSECMARK_parse,
.help = CONNSECMARK_help,
- .final_check = CONNSECMARK_check,
.print = CONNSECMARK_print,
.save = CONNSECMARK_save,
- .extra_opts = CONNSECMARK_opts,
+ .x6_parse = CONNSECMARK_parse,
+ .x6_fcheck = CONNSECMARK_check,
+ .x6_options = CONNSECMARK_opts,
};
void _init(void)
diff --git a/extensions/libxt_CONNSECMARK.man b/extensions/libxt_CONNSECMARK.man
index a72e710..2616ab9 100644
--- a/extensions/libxt_CONNSECMARK.man
+++ b/extensions/libxt_CONNSECMARK.man
@@ -1,9 +1,12 @@
This module copies security markings from packets to connections
(if unlabeled), and from connections back to packets (also only
if unlabeled). Typically used in conjunction with SECMARK, it is
-only valid in the
+valid in the
+.B security
+table (for backwards compatibility with older kernels, it is also
+valid in the
.B mangle
-table.
+table).
.TP
\fB\-\-save\fP
If the packet has a security marking, copy it to the connection
diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c
index 6be6ea0..6b28fe1 100644
--- a/extensions/libxt_CT.c
+++ b/extensions/libxt_CT.c
@@ -1,8 +1,9 @@
+/*
+ * Copyright (c) 2010-2013 Patrick McHardy <kaber@trash.net>
+ */
+
#include <stdio.h>
#include <string.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter/nf_conntrack_common.h>
#include <linux/netfilter/xt_CT.h>
@@ -19,22 +20,55 @@ static void ct_help(void)
);
}
-enum ct_options {
- CT_OPT_NOTRACK = 0x1,
- CT_OPT_HELPER = 0x2,
- CT_OPT_CTEVENTS = 0x4,
- CT_OPT_EXPEVENTS = 0x8,
- CT_OPT_ZONE = 0x10,
+static void ct_help_v1(void)
+{
+ printf(
+"CT target options:\n"
+" --notrack Don't track connection\n"
+" --helper name Use conntrack helper 'name' for connection\n"
+" --timeout name Use timeout policy 'name' for connection\n"
+" --ctevents event[,event...] Generate specified conntrack events for connection\n"
+" --expevents event[,event...] Generate specified expectation events for connection\n"
+" --zone ID Assign/Lookup connection in zone ID\n"
+ );
+}
+
+enum {
+ O_NOTRACK = 0,
+ O_HELPER,
+ O_TIMEOUT,
+ O_CTEVENTS,
+ O_EXPEVENTS,
+ O_ZONE,
+};
+
+#define s struct xt_ct_target_info
+static const struct xt_option_entry ct_opts[] = {
+ {.name = "notrack", .id = O_NOTRACK, .type = XTTYPE_NONE},
+ {.name = "helper", .id = O_HELPER, .type = XTTYPE_STRING,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, helper)},
+ {.name = "ctevents", .id = O_CTEVENTS, .type = XTTYPE_STRING},
+ {.name = "expevents", .id = O_EXPEVENTS, .type = XTTYPE_STRING},
+ {.name = "zone", .id = O_ZONE, .type = XTTYPE_UINT16,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, zone)},
+ XTOPT_TABLEEND,
};
+#undef s
-static const struct option ct_opts[] = {
- { "notrack", 0, NULL, CT_OPT_NOTRACK },
- { "helper", 1, NULL, CT_OPT_HELPER },
- { "ctevents", 1, NULL, CT_OPT_CTEVENTS },
- { "expevents", 1, NULL, CT_OPT_EXPEVENTS },
- { "zone", 1, NULL, CT_OPT_ZONE },
- { .name = NULL },
+#define s struct xt_ct_target_info_v1
+static const struct xt_option_entry ct_opts_v1[] = {
+ {.name = "notrack", .id = O_NOTRACK, .type = XTTYPE_NONE},
+ {.name = "helper", .id = O_HELPER, .type = XTTYPE_STRING,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, helper)},
+ {.name = "timeout", .id = O_TIMEOUT, .type = XTTYPE_STRING,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, timeout)},
+ {.name = "ctevents", .id = O_CTEVENTS, .type = XTTYPE_STRING},
+ {.name = "expevents", .id = O_EXPEVENTS, .type = XTTYPE_STRING},
+ {.name = "zone", .id = O_ZONE, .type = XTTYPE_UINT16,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, zone)},
+ XTOPT_TABLEEND,
};
+#undef s
struct event_tbl {
const char *name;
@@ -86,52 +120,53 @@ static void ct_print_events(const char *pfx, const struct event_tbl *tbl,
const char *sep = "";
unsigned int i;
- printf("%s ", pfx);
+ printf(" %s ", pfx);
for (i = 0; i < size; i++) {
if (mask & (1 << tbl[i].event)) {
printf("%s%s", sep, tbl[i].name);
sep = ",";
}
}
- printf(" ");
}
-static int ct_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void ct_parse(struct xt_option_call *cb)
{
- struct xt_ct_target_info *info = (struct xt_ct_target_info *)(*target)->data;
- unsigned int zone;
+ struct xt_ct_target_info *info = cb->data;
- switch (c) {
- case CT_OPT_NOTRACK:
- xtables_param_act(XTF_ONLY_ONCE, "CT", "--notrack", *flags & CT_OPT_NOTRACK);
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_NOTRACK:
info->flags |= XT_CT_NOTRACK;
break;
- case CT_OPT_HELPER:
- xtables_param_act(XTF_ONLY_ONCE, "CT", "--helper", *flags & CT_OPT_HELPER);
- strncpy(info->helper, optarg, sizeof(info->helper));
- info->helper[sizeof(info->helper) - 1] = '\0';
+ case O_CTEVENTS:
+ info->ct_events = ct_parse_events(ct_event_tbl, ARRAY_SIZE(ct_event_tbl), cb->arg);
break;
- case CT_OPT_CTEVENTS:
- xtables_param_act(XTF_ONLY_ONCE, "CT", "--ctevents", *flags & CT_OPT_CTEVENTS);
- info->ct_events = ct_parse_events(ct_event_tbl, ARRAY_SIZE(ct_event_tbl), optarg);
+ case O_EXPEVENTS:
+ info->exp_events = ct_parse_events(exp_event_tbl, ARRAY_SIZE(exp_event_tbl), cb->arg);
break;
- case CT_OPT_EXPEVENTS:
- xtables_param_act(XTF_ONLY_ONCE, "CT", "--expevents", *flags & CT_OPT_EXPEVENTS);
- info->exp_events = ct_parse_events(exp_event_tbl, ARRAY_SIZE(exp_event_tbl), optarg);
+ }
+}
+
+static void ct_parse_v1(struct xt_option_call *cb)
+{
+ struct xt_ct_target_info_v1 *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_NOTRACK:
+ info->flags |= XT_CT_NOTRACK;
+ break;
+ case O_CTEVENTS:
+ info->ct_events = ct_parse_events(ct_event_tbl,
+ ARRAY_SIZE(ct_event_tbl),
+ cb->arg);
break;
- case CT_OPT_ZONE:
- xtables_param_act(XTF_ONLY_ONCE, "CT", "--zone", *flags & CT_OPT_ZONE);
- if (!xtables_strtoui(optarg, NULL, &zone, 0, UINT16_MAX))
- xtables_error(PARAMETER_PROBLEM, "Bad zone value \"%s\"", optarg);
- info->zone = zone;
+ case O_EXPEVENTS:
+ info->exp_events = ct_parse_events(exp_event_tbl,
+ ARRAY_SIZE(exp_event_tbl),
+ cb->arg);
break;
- default:
- return 0;
}
-
- *flags |= c;
- return 1;
}
static void ct_print(const void *ip, const struct xt_entry_target *target, int numeric)
@@ -139,11 +174,38 @@ static void ct_print(const void *ip, const struct xt_entry_target *target, int n
const struct xt_ct_target_info *info =
(const struct xt_ct_target_info *)target->data;
- printf("CT ");
+ printf(" CT");
+ if (info->flags & XT_CT_NOTRACK)
+ printf(" notrack");
+ if (info->helper[0])
+ printf(" helper %s", info->helper);
+ if (info->ct_events)
+ ct_print_events("ctevents", ct_event_tbl,
+ ARRAY_SIZE(ct_event_tbl), info->ct_events);
+ if (info->exp_events)
+ ct_print_events("expevents", exp_event_tbl,
+ ARRAY_SIZE(exp_event_tbl), info->exp_events);
+ if (info->zone)
+ printf("zone %u ", info->zone);
+}
+
+static void
+ct_print_v1(const void *ip, const struct xt_entry_target *target, int numeric)
+{
+ const struct xt_ct_target_info_v1 *info =
+ (const struct xt_ct_target_info_v1 *)target->data;
+
+ if (info->flags & XT_CT_NOTRACK_ALIAS) {
+ printf (" NOTRACK");
+ return;
+ }
+ printf(" CT");
if (info->flags & XT_CT_NOTRACK)
- printf("notrack ");
+ printf(" notrack");
if (info->helper[0])
- printf("helper %s ", info->helper);
+ printf(" helper %s", info->helper);
+ if (info->timeout[0])
+ printf(" timeout %s", info->timeout);
if (info->ct_events)
ct_print_events("ctevents", ct_event_tbl,
ARRAY_SIZE(ct_event_tbl), info->ct_events);
@@ -159,10 +221,35 @@ static void ct_save(const void *ip, const struct xt_entry_target *target)
const struct xt_ct_target_info *info =
(const struct xt_ct_target_info *)target->data;
+ if (info->flags & XT_CT_NOTRACK_ALIAS)
+ return;
+ if (info->flags & XT_CT_NOTRACK)
+ printf(" --notrack");
+ if (info->helper[0])
+ printf(" --helper %s", info->helper);
+ if (info->ct_events)
+ ct_print_events("--ctevents", ct_event_tbl,
+ ARRAY_SIZE(ct_event_tbl), info->ct_events);
+ if (info->exp_events)
+ ct_print_events("--expevents", exp_event_tbl,
+ ARRAY_SIZE(exp_event_tbl), info->exp_events);
+ if (info->zone)
+ printf(" --zone %u", info->zone);
+}
+
+static void ct_save_v1(const void *ip, const struct xt_entry_target *target)
+{
+ const struct xt_ct_target_info_v1 *info =
+ (const struct xt_ct_target_info_v1 *)target->data;
+
+ if (info->flags & XT_CT_NOTRACK_ALIAS)
+ return;
if (info->flags & XT_CT_NOTRACK)
- printf("--notrack ");
+ printf(" --notrack");
if (info->helper[0])
- printf("--helper %s ", info->helper);
+ printf(" --helper %s", info->helper);
+ if (info->timeout[0])
+ printf(" --timeout %s", info->timeout);
if (info->ct_events)
ct_print_events("--ctevents", ct_event_tbl,
ARRAY_SIZE(ct_event_tbl), info->ct_events);
@@ -170,23 +257,118 @@ static void ct_save(const void *ip, const struct xt_entry_target *target)
ct_print_events("--expevents", exp_event_tbl,
ARRAY_SIZE(exp_event_tbl), info->exp_events);
if (info->zone)
- printf("--zone %u ", info->zone);
+ printf(" --zone %u", info->zone);
+}
+
+static const char *
+ct_print_name_alias(const struct xt_entry_target *target)
+{
+ struct xt_ct_target_info *info = (void *)target->data;
+
+ return info->flags & XT_CT_NOTRACK_ALIAS ? "NOTRACK" : "CT";
+}
+
+static void notrack_ct0_tg_init(struct xt_entry_target *target)
+{
+ struct xt_ct_target_info *info = (void *)target->data;
+
+ info->flags = XT_CT_NOTRACK;
+}
+
+static void notrack_ct1_tg_init(struct xt_entry_target *target)
+{
+ struct xt_ct_target_info_v1 *info = (void *)target->data;
+
+ info->flags = XT_CT_NOTRACK;
+}
+
+static void notrack_ct2_tg_init(struct xt_entry_target *target)
+{
+ struct xt_ct_target_info_v1 *info = (void *)target->data;
+
+ info->flags = XT_CT_NOTRACK | XT_CT_NOTRACK_ALIAS;
}
-static struct xtables_target ct_target = {
- .family = NFPROTO_UNSPEC,
- .name = "CT",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_ct_target_info)),
- .userspacesize = offsetof(struct xt_ct_target_info, ct),
- .help = ct_help,
- .parse = ct_parse,
- .print = ct_print,
- .save = ct_save,
- .extra_opts = ct_opts,
+static struct xtables_target ct_target_reg[] = {
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "CT",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_ct_target_info)),
+ .userspacesize = offsetof(struct xt_ct_target_info, ct),
+ .help = ct_help,
+ .print = ct_print,
+ .save = ct_save,
+ .x6_parse = ct_parse,
+ .x6_options = ct_opts,
+ },
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "CT",
+ .revision = 1,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)),
+ .userspacesize = offsetof(struct xt_ct_target_info_v1, ct),
+ .help = ct_help_v1,
+ .print = ct_print_v1,
+ .save = ct_save_v1,
+ .x6_parse = ct_parse_v1,
+ .x6_options = ct_opts_v1,
+ },
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "CT",
+ .revision = 2,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)),
+ .userspacesize = offsetof(struct xt_ct_target_info_v1, ct),
+ .help = ct_help_v1,
+ .print = ct_print_v1,
+ .save = ct_save_v1,
+ .alias = ct_print_name_alias,
+ .x6_parse = ct_parse_v1,
+ .x6_options = ct_opts_v1,
+ },
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "NOTRACK",
+ .real_name = "CT",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_ct_target_info)),
+ .userspacesize = offsetof(struct xt_ct_target_info, ct),
+ .init = notrack_ct0_tg_init,
+ },
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "NOTRACK",
+ .real_name = "CT",
+ .revision = 1,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)),
+ .userspacesize = offsetof(struct xt_ct_target_info_v1, ct),
+ .init = notrack_ct1_tg_init,
+ },
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "NOTRACK",
+ .real_name = "CT",
+ .revision = 2,
+ .ext_flags = XTABLES_EXT_ALIAS,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)),
+ .userspacesize = offsetof(struct xt_ct_target_info_v1, ct),
+ .init = notrack_ct2_tg_init,
+ },
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "NOTRACK",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ },
};
void _init(void)
{
- xtables_register_target(&ct_target);
+ xtables_register_targets(ct_target_reg, ARRAY_SIZE(ct_target_reg));
}
diff --git a/extensions/libxt_CT.man b/extensions/libxt_CT.man
index ff258b7..a93eb14 100644
--- a/extensions/libxt_CT.man
+++ b/extensions/libxt_CT.man
@@ -23,3 +23,8 @@ Possible event types are: \fBnew\fP.
\fB\-\-zone\fP \fIid\fP
Assign this packet to zone \fIid\fP and only have lookups done in that zone.
By default, packets have zone 0.
+.TP
+\fB\-\-timeout\fP \fIname\fP
+Use the timeout policy identified by \fIname\fP for the connection. This is
+provides more flexible timeout policy definition than global timeout values
+available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*.
diff --git a/extensions/libipt_DNAT.man b/extensions/libxt_DNAT.man
index d1e0a3a..225274f 100644
--- a/extensions/libipt_DNAT.man
+++ b/extensions/libxt_DNAT.man
@@ -7,20 +7,17 @@ and
chains, and user-defined chains which are only called from those
chains. It specifies that the destination address of the packet
should be modified (and all future packets in this connection will
-also be mangled), and rules should cease being examined. It takes one
-type of option:
+also be mangled), and rules should cease being examined. It takes the
+following options:
.TP
-\fB\-\-to\-destination\fP [\fIipaddr\fP][\fB\-\fP\fIipaddr\fP][\fB:\fP\fIport\fP[\fB\-\fP\fIport\fP]]
+\fB\-\-to\-destination\fP [\fIipaddr\fP[\fB\-\fP\fIipaddr\fP]][\fB:\fP\fIport\fP[\fB\-\fP\fIport\fP]]
which can specify a single new destination IP address, an inclusive
-range of IP addresses, and optionally, a port range (which is only
-valid if the rule also specifies
-\fB\-p tcp\fP
-or
-\fB\-p udp\fP).
+range of IP addresses. Optionally a port range,
+if the rule also specifies one of the following protocols:
+\fBtcp\fP, \fBudp\fP, \fBdccp\fP or \fBsctp\fP.
If no port range is specified, then the destination port will never be
modified. If no IP address is specified then only the destination port
will be modified.
-
In Kernels up to 2.6.10 you can add several \-\-to\-destination options. For
those kernels, if you specify more than one destination address, either via an
address range or multiple \-\-to\-destination options, a simple round-robin (one
@@ -37,3 +34,5 @@ is used then port mapping will be randomized (kernel >= 2.6.22).
Gives a client the same source-/destination-address for each connection.
This supersedes the SAME target. Support for persistent mappings is available
from 2.6.29-rc2.
+.TP
+IPv6 support available since Linux kernels >= 3.7.
diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c
index 82ac10c..e16e93c 100644
--- a/extensions/libxt_DSCP.c
+++ b/extensions/libxt_DSCP.c
@@ -11,16 +11,19 @@
*/
#include <stdio.h>
#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
-#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_DSCP.h>
/* This is evil, but it's my code - HW*/
#include "dscp_helper.c"
+enum {
+ O_SET_DSCP = 0,
+ O_SET_DSCP_CLASS,
+ F_SET_DSCP = 1 << O_SET_DSCP,
+ F_SET_DSCP_CLASS = 1 << O_SET_DSCP_CLASS,
+};
+
static void DSCP_help(void)
{
printf(
@@ -37,79 +40,39 @@ static void DSCP_help(void)
);
}
-static const struct option DSCP_opts[] = {
- { "set-dscp", 1, NULL, 'F' },
- { "set-dscp-class", 1, NULL, 'G' },
- { .name = NULL }
+static const struct xt_option_entry DSCP_opts[] = {
+ {.name = "set-dscp", .id = O_SET_DSCP, .excl = F_SET_DSCP_CLASS,
+ .type = XTTYPE_UINT8, .min = 0, .max = XT_DSCP_MAX,
+ .flags = XTOPT_PUT,
+ XTOPT_POINTER(struct xt_DSCP_info, dscp)},
+ {.name = "set-dscp-class", .id = O_SET_DSCP_CLASS, .excl = F_SET_DSCP,
+ .type = XTTYPE_STRING},
+ XTOPT_TABLEEND,
};
-static void
-parse_dscp(const char *s, struct xt_DSCP_info *dinfo)
+static void DSCP_parse(struct xt_option_call *cb)
{
- unsigned int dscp;
-
- if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "Invalid dscp `%s'\n", s);
+ struct xt_DSCP_info *dinfo = cb->data;
- if (dscp > XT_DSCP_MAX)
- xtables_error(PARAMETER_PROBLEM,
- "DSCP `%d` out of range\n", dscp);
-
- dinfo->dscp = dscp;
-}
-
-
-static void
-parse_class(const char *s, struct xt_DSCP_info *dinfo)
-{
- unsigned int dscp = class_to_dscp(s);
-
- /* Assign the value */
- dinfo->dscp = dscp;
-}
-
-
-static int DSCP_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- struct xt_DSCP_info *dinfo
- = (struct xt_DSCP_info *)(*target)->data;
-
- switch (c) {
- case 'F':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "DSCP target: Only use --set-dscp ONCE!");
- parse_dscp(optarg, dinfo);
- *flags = 1;
- break;
- case 'G':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "DSCP target: Only use --set-dscp-class ONCE!");
- parse_class(optarg, dinfo);
- *flags = 1;
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SET_DSCP_CLASS:
+ dinfo->dscp = class_to_dscp(cb->arg);
break;
-
- default:
- return 0;
}
-
- return 1;
}
-static void DSCP_check(unsigned int flags)
+static void DSCP_check(struct xt_fcheck_call *cb)
{
- if (!flags)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM,
"DSCP target: Parameter --set-dscp is required");
}
static void
-print_dscp(u_int8_t dscp, int numeric)
+print_dscp(uint8_t dscp, int numeric)
{
- printf("0x%02x ", dscp);
+ printf(" 0x%02x", dscp);
}
static void DSCP_print(const void *ip, const struct xt_entry_target *target,
@@ -117,7 +80,7 @@ static void DSCP_print(const void *ip, const struct xt_entry_target *target,
{
const struct xt_DSCP_info *dinfo =
(const struct xt_DSCP_info *)target->data;
- printf("DSCP set ");
+ printf(" DSCP set");
print_dscp(dinfo->dscp, numeric);
}
@@ -126,7 +89,7 @@ static void DSCP_save(const void *ip, const struct xt_entry_target *target)
const struct xt_DSCP_info *dinfo =
(const struct xt_DSCP_info *)target->data;
- printf("--set-dscp 0x%02x ", dinfo->dscp);
+ printf(" --set-dscp 0x%02x", dinfo->dscp);
}
static struct xtables_target dscp_target = {
@@ -136,11 +99,11 @@ static struct xtables_target dscp_target = {
.size = XT_ALIGN(sizeof(struct xt_DSCP_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_DSCP_info)),
.help = DSCP_help,
- .parse = DSCP_parse,
- .final_check = DSCP_check,
.print = DSCP_print,
.save = DSCP_save,
- .extra_opts = DSCP_opts,
+ .x6_parse = DSCP_parse,
+ .x6_fcheck = DSCP_check,
+ .x6_options = DSCP_opts,
};
void _init(void)
diff --git a/extensions/libxt_HMARK.c b/extensions/libxt_HMARK.c
new file mode 100644
index 0000000..94aebe9
--- /dev/null
+++ b/extensions/libxt_HMARK.c
@@ -0,0 +1,450 @@
+/*
+ * (C) 2012 by Hans Schillstrom <hans.schillstrom@ericsson.com>
+ * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Description: shared library add-on to iptables to add HMARK target support
+ *
+ * Initial development by Hans Schillstrom. Pablo's improvements to this piece
+ * of software has been sponsored by Sophos Astaro <http://www.sophos.com>.
+ */
+
+#include <stdbool.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "xtables.h"
+#include <linux/netfilter/xt_HMARK.h>
+
+static void HMARK_help(void)
+{
+ printf(
+"HMARK target options, i.e. modify hash calculation by:\n"
+" --hmark-tuple [src|dst|sport|dport|spi|proto|ct][,...]\n"
+" --hmark-mod value nfmark modulus value\n"
+" --hmark-offset value Last action add value to nfmark\n\n"
+" --hmark-rnd Random see for hashing\n"
+" Alternatively, fine tuning of what will be included in hash calculation\n"
+" --hmark-src-prefix length Source address mask CIDR prefix\n"
+" --hmark-dst-prefix length Dest address mask CIDR prefix\n"
+" --hmark-sport-mask value Mask src port with value\n"
+" --hmark-dport-mask value Mask dst port with value\n"
+" --hmark-spi-mask value For esp and ah AND spi with value\n"
+" --hmark-sport value OR src port with value\n"
+" --hmark-dport value OR dst port with value\n"
+" --hmark-spi value For esp and ah OR spi with value\n"
+" --hmark-proto-mask value Mask Protocol with value\n");
+}
+
+#define hi struct xt_hmark_info
+
+enum {
+ O_HMARK_SADDR_MASK,
+ O_HMARK_DADDR_MASK,
+ O_HMARK_SPI,
+ O_HMARK_SPI_MASK,
+ O_HMARK_SPORT,
+ O_HMARK_DPORT,
+ O_HMARK_SPORT_MASK,
+ O_HMARK_DPORT_MASK,
+ O_HMARK_PROTO_MASK,
+ O_HMARK_RND,
+ O_HMARK_MODULUS,
+ O_HMARK_OFFSET,
+ O_HMARK_CT,
+ O_HMARK_TYPE,
+};
+
+#define HMARK_OPT_PKT_MASK \
+ ((1 << O_HMARK_SADDR_MASK) | \
+ (1 << O_HMARK_DADDR_MASK) | \
+ (1 << O_HMARK_SPI_MASK) | \
+ (1 << O_HMARK_SPORT_MASK) | \
+ (1 << O_HMARK_DPORT_MASK) | \
+ (1 << O_HMARK_PROTO_MASK) | \
+ (1 << O_HMARK_SPI_MASK) | \
+ (1 << O_HMARK_SPORT) | \
+ (1 << O_HMARK_DPORT) | \
+ (1 << O_HMARK_SPI))
+
+static const struct xt_option_entry HMARK_opts[] = {
+ { .name = "hmark-tuple",
+ .type = XTTYPE_STRING,
+ .id = O_HMARK_TYPE,
+ },
+ { .name = "hmark-src-prefix",
+ .type = XTTYPE_PLENMASK,
+ .id = O_HMARK_SADDR_MASK,
+ .flags = XTOPT_PUT, XTOPT_POINTER(hi, src_mask)
+ },
+ { .name = "hmark-dst-prefix",
+ .type = XTTYPE_PLENMASK,
+ .id = O_HMARK_DADDR_MASK,
+ .flags = XTOPT_PUT, XTOPT_POINTER(hi, dst_mask)
+ },
+ { .name = "hmark-sport-mask",
+ .type = XTTYPE_UINT16,
+ .id = O_HMARK_SPORT_MASK,
+ .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_mask.p16.src)
+ },
+ { .name = "hmark-dport-mask",
+ .type = XTTYPE_UINT16,
+ .id = O_HMARK_DPORT_MASK,
+ .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_mask.p16.dst)
+ },
+ { .name = "hmark-spi-mask",
+ .type = XTTYPE_UINT32,
+ .id = O_HMARK_SPI_MASK,
+ .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_mask.v32)
+ },
+ { .name = "hmark-sport",
+ .type = XTTYPE_UINT16,
+ .id = O_HMARK_SPORT,
+ .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_set.p16.src)
+ },
+ { .name = "hmark-dport",
+ .type = XTTYPE_UINT16,
+ .id = O_HMARK_DPORT,
+ .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_set.p16.dst)
+ },
+ { .name = "hmark-spi",
+ .type = XTTYPE_UINT32,
+ .id = O_HMARK_SPI,
+ .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_set.v32)
+ },
+ { .name = "hmark-proto-mask",
+ .type = XTTYPE_UINT16,
+ .id = O_HMARK_PROTO_MASK,
+ .flags = XTOPT_PUT, XTOPT_POINTER(hi, proto_mask)
+ },
+ { .name = "hmark-rnd",
+ .type = XTTYPE_UINT32,
+ .id = O_HMARK_RND,
+ .flags = XTOPT_PUT, XTOPT_POINTER(hi, hashrnd)
+ },
+ { .name = "hmark-mod",
+ .type = XTTYPE_UINT32,
+ .id = O_HMARK_MODULUS,
+ .min = 1,
+ .flags = XTOPT_PUT | XTOPT_MAND, XTOPT_POINTER(hi, hmodulus)
+ },
+ { .name = "hmark-offset",
+ .type = XTTYPE_UINT32,
+ .id = O_HMARK_OFFSET,
+ .flags = XTOPT_PUT, XTOPT_POINTER(hi, hoffset)
+ },
+ XTOPT_TABLEEND,
+};
+
+static int
+hmark_parse(const char *type, size_t len, struct xt_hmark_info *info,
+ unsigned int *xflags)
+{
+ if (strncasecmp(type, "ct", len) == 0) {
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_CT);
+ *xflags |= (1 << O_HMARK_CT);
+ } else if (strncasecmp(type, "src", len) == 0) {
+ memset(&info->src_mask, 0xff, sizeof(info->src_mask));
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_SADDR_MASK);
+ *xflags |= (1 << O_HMARK_SADDR_MASK);
+ } else if (strncasecmp(type, "dst", len) == 0) {
+ memset(&info->dst_mask, 0xff, sizeof(info->dst_mask));
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_DADDR_MASK);
+ *xflags |= (1 << O_HMARK_DADDR_MASK);
+ } else if (strncasecmp(type, "sport", len) == 0) {
+ memset(&info->port_mask.p16.src, 0xff,
+ sizeof(info->port_mask.p16.src));
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_SPORT_MASK);
+ *xflags |= (1 << O_HMARK_SPORT_MASK);
+ } else if (strncasecmp(type, "dport", len) == 0) {
+ memset(&info->port_mask.p16.dst, 0xff,
+ sizeof(info->port_mask.p16.dst));
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_DPORT_MASK);
+ *xflags |= (1 << O_HMARK_DPORT_MASK);
+ } else if (strncasecmp(type, "proto", len) == 0) {
+ memset(&info->proto_mask, 0xff, sizeof(info->proto_mask));
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_PROTO_MASK);
+ *xflags |= (1 << O_HMARK_PROTO_MASK);
+ } else if (strncasecmp(type, "spi", len) == 0) {
+ memset(&info->port_mask.v32, 0xff, sizeof(info->port_mask.v32));
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_SPI_MASK);
+ *xflags |= (1 << O_HMARK_SPI_MASK);
+ } else
+ return 0;
+
+ return 1;
+}
+
+static void
+hmark_parse_type(struct xt_option_call *cb)
+{
+ const char *arg = cb->arg;
+ struct xt_hmark_info *info = cb->data;
+ const char *comma;
+
+ while ((comma = strchr(arg, ',')) != NULL) {
+ if (comma == arg ||
+ !hmark_parse(arg, comma-arg, info, &cb->xflags))
+ xtables_error(PARAMETER_PROBLEM, "Bad type \"%s\"", arg);
+ arg = comma+1;
+ }
+ if (!*arg)
+ xtables_error(PARAMETER_PROBLEM, "\"--hmark-tuple\" requires "
+ "a list of types with no "
+ "spaces, e.g. "
+ "src,dst,sport,dport,proto");
+ if (strlen(arg) == 0 ||
+ !hmark_parse(arg, strlen(arg), info, &cb->xflags))
+ xtables_error(PARAMETER_PROBLEM, "Bad type \"%s\"", arg);
+}
+
+static void HMARK_parse(struct xt_option_call *cb, int plen)
+{
+ struct xt_hmark_info *info = cb->data;
+
+ xtables_option_parse(cb);
+
+ switch (cb->entry->id) {
+ case O_HMARK_TYPE:
+ hmark_parse_type(cb);
+ break;
+ case O_HMARK_SADDR_MASK:
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_SADDR_MASK);
+ break;
+ case O_HMARK_DADDR_MASK:
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_DADDR_MASK);
+ break;
+ case O_HMARK_SPI:
+ info->port_set.v32 = htonl(cb->val.u32);
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_SPI);
+ break;
+ case O_HMARK_SPORT:
+ info->port_set.p16.src = htons(cb->val.u16);
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_SPORT);
+ break;
+ case O_HMARK_DPORT:
+ info->port_set.p16.dst = htons(cb->val.u16);
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_DPORT);
+ break;
+ case O_HMARK_SPORT_MASK:
+ info->port_mask.p16.src = htons(cb->val.u16);
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_SPORT_MASK);
+ break;
+ case O_HMARK_DPORT_MASK:
+ info->port_mask.p16.dst = htons(cb->val.u16);
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_DPORT_MASK);
+ break;
+ case O_HMARK_SPI_MASK:
+ info->port_mask.v32 = htonl(cb->val.u32);
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_SPI_MASK);
+ break;
+ case O_HMARK_PROTO_MASK:
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_PROTO_MASK);
+ break;
+ case O_HMARK_RND:
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_RND);
+ break;
+ case O_HMARK_MODULUS:
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_MODULUS);
+ break;
+ case O_HMARK_OFFSET:
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_OFFSET);
+ break;
+ case O_HMARK_CT:
+ info->flags |= XT_HMARK_FLAG(XT_HMARK_CT);
+ break;
+ }
+ cb->xflags |= (1 << cb->entry->id);
+}
+
+static void HMARK_ip4_parse(struct xt_option_call *cb)
+{
+ HMARK_parse(cb, 32);
+}
+static void HMARK_ip6_parse(struct xt_option_call *cb)
+{
+ HMARK_parse(cb, 128);
+}
+
+static void HMARK_check(struct xt_fcheck_call *cb)
+{
+ if (!(cb->xflags & (1 << O_HMARK_MODULUS)))
+ xtables_error(PARAMETER_PROBLEM, "--hmark-mod is mandatory");
+ if (!(cb->xflags & (1 << O_HMARK_RND)))
+ xtables_error(PARAMETER_PROBLEM, "--hmark-rnd is mandatory");
+ if (cb->xflags & (1 << O_HMARK_SPI_MASK) &&
+ (cb->xflags & ((1 << O_HMARK_SPORT_MASK) |
+ (1 << O_HMARK_DPORT_MASK))))
+ xtables_error(PARAMETER_PROBLEM, "you cannot use "
+ "--hmark-spi-mask and --hmark-?port-mask,"
+ "at the same time");
+ if (!((cb->xflags & HMARK_OPT_PKT_MASK) ||
+ cb->xflags & (1 << O_HMARK_CT)))
+ xtables_error(PARAMETER_PROBLEM, "you have to specify "
+ "--hmark-tuple at least");
+}
+
+static void HMARK_print(const struct xt_hmark_info *info)
+{
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT_MASK))
+ printf("sport-mask 0x%x ", htons(info->port_mask.p16.src));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT_MASK))
+ printf("dport-mask 0x%x ", htons(info->port_mask.p16.dst));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI_MASK))
+ printf("spi-mask 0x%x ", htonl(info->port_mask.v32));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT))
+ printf("sport 0x%x ", htons(info->port_set.p16.src));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT))
+ printf("dport 0x%x ", htons(info->port_set.p16.dst));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI))
+ printf("spi 0x%x ", htonl(info->port_set.v32));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_PROTO_MASK))
+ printf("proto-mask 0x%x ", info->proto_mask);
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_RND))
+ printf("rnd 0x%x ", info->hashrnd);
+}
+
+static void HMARK_ip6_print(const void *ip,
+ const struct xt_entry_target *target, int numeric)
+{
+ const struct xt_hmark_info *info =
+ (const struct xt_hmark_info *)target->data;
+
+ printf(" HMARK ");
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_MODULUS))
+ printf("mod %u ", info->hmodulus);
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_OFFSET))
+ printf("+ 0x%x ", info->hoffset);
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_CT))
+ printf("ct, ");
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK))
+ printf("src-prefix %s ",
+ xtables_ip6mask_to_numeric(&info->src_mask.in6) + 1);
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK))
+ printf("dst-prefix %s ",
+ xtables_ip6mask_to_numeric(&info->dst_mask.in6) + 1);
+ HMARK_print(info);
+}
+static void HMARK_ip4_print(const void *ip,
+ const struct xt_entry_target *target, int numeric)
+{
+ const struct xt_hmark_info *info =
+ (const struct xt_hmark_info *)target->data;
+
+ printf(" HMARK ");
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_MODULUS))
+ printf("mod %u ", info->hmodulus);
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_OFFSET))
+ printf("+ 0x%x ", info->hoffset);
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_CT))
+ printf("ct, ");
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK))
+ printf("src-prefix %u ",
+ xtables_ipmask_to_cidr(&info->src_mask.in));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK))
+ printf("dst-prefix %u ",
+ xtables_ipmask_to_cidr(&info->dst_mask.in));
+ HMARK_print(info);
+}
+
+static void HMARK_save(const struct xt_hmark_info *info)
+{
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT_MASK))
+ printf(" --hmark-sport-mask 0x%04x",
+ htons(info->port_mask.p16.src));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT_MASK))
+ printf(" --hmark-dport-mask 0x%04x",
+ htons(info->port_mask.p16.dst));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI_MASK))
+ printf(" --hmark-spi-mask 0x%08x",
+ htonl(info->port_mask.v32));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT))
+ printf(" --hmark-sport 0x%04x",
+ htons(info->port_set.p16.src));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT))
+ printf(" --hmark-dport 0x%04x",
+ htons(info->port_set.p16.dst));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI))
+ printf(" --hmark-spi 0x%08x", htonl(info->port_set.v32));
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_PROTO_MASK))
+ printf(" --hmark-proto-mask 0x%02x", info->proto_mask);
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_RND))
+ printf(" --hmark-rnd 0x%08x", info->hashrnd);
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_MODULUS))
+ printf(" --hmark-mod %u", info->hmodulus);
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_OFFSET))
+ printf(" --hmark-offset %u", info->hoffset);
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_CT))
+ printf(" --hmark-tuple ct");
+}
+
+static void HMARK_ip6_save(const void *ip, const struct xt_entry_target *target)
+{
+ const struct xt_hmark_info *info =
+ (const struct xt_hmark_info *)target->data;
+ int ret;
+
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK)) {
+ ret = xtables_ip6mask_to_cidr(&info->src_mask.in6);
+ printf(" --hmark-src-prefix %d", ret);
+ }
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK)) {
+ ret = xtables_ip6mask_to_cidr(&info->dst_mask.in6);
+ printf(" --hmark-dst-prefix %d", ret);
+ }
+ HMARK_save(info);
+}
+
+static void HMARK_ip4_save(const void *ip, const struct xt_entry_target *target)
+{
+ const struct xt_hmark_info *info =
+ (const struct xt_hmark_info *)target->data;
+ int ret;
+
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK)) {
+ ret = xtables_ipmask_to_cidr(&info->src_mask.in);
+ printf(" --hmark-src-prefix %d", ret);
+ }
+ if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK)) {
+ ret = xtables_ipmask_to_cidr(&info->dst_mask.in);
+ printf(" --hmark-dst-prefix %d", ret);
+ }
+ HMARK_save(info);
+}
+
+static struct xtables_target mark_tg_reg[] = {
+ {
+ .family = NFPROTO_IPV4,
+ .name = "HMARK",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_hmark_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_hmark_info)),
+ .help = HMARK_help,
+ .print = HMARK_ip4_print,
+ .save = HMARK_ip4_save,
+ .x6_parse = HMARK_ip4_parse,
+ .x6_fcheck = HMARK_check,
+ .x6_options = HMARK_opts,
+ },
+ {
+ .family = NFPROTO_IPV6,
+ .name = "HMARK",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_hmark_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_hmark_info)),
+ .help = HMARK_help,
+ .print = HMARK_ip6_print,
+ .save = HMARK_ip6_save,
+ .x6_parse = HMARK_ip6_parse,
+ .x6_fcheck = HMARK_check,
+ .x6_options = HMARK_opts,
+ },
+};
+
+void _init(void)
+{
+ xtables_register_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
+}
diff --git a/extensions/libxt_HMARK.man b/extensions/libxt_HMARK.man
new file mode 100644
index 0000000..e7b5426
--- /dev/null
+++ b/extensions/libxt_HMARK.man
@@ -0,0 +1,60 @@
+Like MARK, i.e. set the fwmark, but the mark is calculated from hashing
+packet selector at choice. You have also to specify the mark range and,
+optionally, the offset to start from. ICMP error messages are inspected
+and used to calculate the hashing.
+.PP
+Existing options are:
+.TP
+\fB\-\-hmark\-tuple\fP tuple\fI\fP
+Possible tuple members are:
+.B src
+meaning source address (IPv4, IPv6 address),
+.B dst
+meaning destination address (IPv4, IPv6 address),
+.B sport
+meaning source port (TCP, UDP, UDPlite, SCTP, DCCP),
+.B dport
+meaning destination port (TCP, UDP, UDPlite, SCTP, DCCP),
+.B spi
+meaning Security Parameter Index (AH, ESP), and
+.B ct
+meaning the usage of the conntrack tuple instead of the packet selectors.
+.TP
+\fB\-\-hmark\-mod\fP \fIvalue (must be > 0)\fP
+Modulus for hash calculation (to limit the range of possible marks)
+.TP
+\fB\-\-hmark\-offset\fP \fIvalue\fP
+Offset to start marks from.
+.TP
+For advanced usage, instead of using \-\-hmark\-tuple, you can specify custom
+prefixes and masks:
+.TP
+\fB\-\-hmark\-src\-prefix\fP \fIcidr\fP
+The source address mask in CIDR notation.
+.TP
+\fB\-\-hmark\-dst\-prefix\fP \fIcidr\fP
+The destination address mask in CIDR notation.
+.TP
+\fB\-\-hmark\-sport\-mask\fP \fIvalue\fP
+A 16 bit source port mask in hexadecimal.
+.TP
+\fB\-\-hmark\-dport\-mask\fP \fIvalue\fP
+A 16 bit destination port mask in hexadecimal.
+.TP
+\fB\-\-hmark\-spi\-mask\fP \fIvalue\fP
+A 32 bit field with spi mask.
+.TP
+\fB\-\-hmark\-proto\-mask\fP \fIvalue\fP
+An 8 bit field with layer 4 protocol number.
+.TP
+\fB\-\-hmark\-rnd\fP \fIvalue\fP
+A 32 bit random custom value to feed hash calculation.
+.PP
+\fIExamples:\fP
+.PP
+iptables \-t mangle \-A PREROUTING \-m conntrack \-\-ctstate NEW
+ \-j HMARK \-\-hmark-tuple ct,src,dst,proto \-\-hmark-offset 10000
+\-\-hmark\-mod 10 \-\-hmark\-rnd 0xfeedcafe
+.PP
+iptables \-t mangle \-A PREROUTING -j HMARK \-\-hmark\-offset 10000
+\-\-hmark-tuple src,dst,proto \-\-hmark-mod 10 \-\-hmark\-rnd 0xdeafbeef
diff --git a/extensions/libxt_IDLETIMER.c b/extensions/libxt_IDLETIMER.c
new file mode 100644
index 0000000..21004a4
--- /dev/null
+++ b/extensions/libxt_IDLETIMER.c
@@ -0,0 +1,89 @@
+/*
+ * Shared library add-on for iptables to add IDLETIMER support.
+ *
+ * Copyright (C) 2010 Nokia Corporation. All rights reserved.
+ *
+ * Contact: Luciano Coelho <luciano.coelho@nokia.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * version 2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ *
+ */
+#include <stdio.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_IDLETIMER.h>
+
+enum {
+ O_TIMEOUT = 0,
+ O_LABEL,
+};
+
+#define s struct idletimer_tg_info
+static const struct xt_option_entry idletimer_tg_opts[] = {
+ {.name = "timeout", .id = O_TIMEOUT, .type = XTTYPE_UINT32,
+ .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, timeout)},
+ {.name = "label", .id = O_LABEL, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, label)},
+ XTOPT_TABLEEND,
+};
+#undef s
+
+static void idletimer_tg_help(void)
+{
+ printf(
+"IDLETIMER target options:\n"
+" --timeout time Timeout until the notification is sent (in seconds)\n"
+" --label string Unique rule identifier\n"
+"\n");
+}
+
+static void idletimer_tg_print(const void *ip,
+ const struct xt_entry_target *target,
+ int numeric)
+{
+ struct idletimer_tg_info *info =
+ (struct idletimer_tg_info *) target->data;
+
+ printf(" timeout:%u", info->timeout);
+ printf(" label:%s", info->label);
+}
+
+static void idletimer_tg_save(const void *ip,
+ const struct xt_entry_target *target)
+{
+ struct idletimer_tg_info *info =
+ (struct idletimer_tg_info *) target->data;
+
+ printf(" --timeout %u", info->timeout);
+ printf(" --label %s", info->label);
+}
+
+static struct xtables_target idletimer_tg_reg = {
+ .family = NFPROTO_UNSPEC,
+ .name = "IDLETIMER",
+ .version = XTABLES_VERSION,
+ .revision = 0,
+ .size = XT_ALIGN(sizeof(struct idletimer_tg_info)),
+ .userspacesize = offsetof(struct idletimer_tg_info, timer),
+ .help = idletimer_tg_help,
+ .x6_parse = xtables_option_parse,
+ .print = idletimer_tg_print,
+ .save = idletimer_tg_save,
+ .x6_options = idletimer_tg_opts,
+};
+
+void _init(void)
+{
+ xtables_register_target(&idletimer_tg_reg);
+}
diff --git a/extensions/libxt_IDLETIMER.man b/extensions/libxt_IDLETIMER.man
new file mode 100644
index 0000000..e3c91ce
--- /dev/null
+++ b/extensions/libxt_IDLETIMER.man
@@ -0,0 +1,20 @@
+This target can be used to identify when interfaces have been idle for a
+certain period of time. Timers are identified by labels and are created when
+a rule is set with a new label. The rules also take a timeout value (in
+seconds) as an option. If more than one rule uses the same timer label, the
+timer will be restarted whenever any of the rules get a hit. One entry for
+each timer is created in sysfs. This attribute contains the timer remaining
+for the timer to expire. The attributes are located under the xt_idletimer
+class:
+.PP
+/sys/class/xt_idletimer/timers/<label>
+.PP
+When the timer expires, the target module sends a sysfs notification to the
+userspace, which can then decide what to do (eg. disconnect to save power).
+.TP
+\fB\-\-timeout\fP \fIamount\fP
+This is the time in seconds that will trigger the notification.
+.TP
+\fB\-\-label\fP \fIstring\fP
+This is a unique identifier for the timer. The maximum length for the
+label string is 27 characters.
diff --git a/extensions/libxt_LED.c b/extensions/libxt_LED.c
index af0e091..8622c37 100644
--- a/extensions/libxt_LED.c
+++ b/extensions/libxt_LED.c
@@ -9,23 +9,30 @@
* published by the Free Software Foundation.
*
*/
-
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
-#include <stddef.h>
-
#include <xtables.h>
-
#include <linux/netfilter/xt_LED.h>
-static const struct option LED_opts[] = {
- {.name = "led-trigger-id", .has_arg = true, .val = 'i'},
- {.name = "led-delay", .has_arg = true, .val = 'd'},
- {.name = "led-always-blink", .has_arg = false, .val = 'a'},
- {.name = NULL},
+enum {
+ O_LED_TRIGGER_ID = 0,
+ O_LED_DELAY,
+ O_LED_ALWAYS_BLINK,
+};
+
+#define s struct xt_led_info
+static const struct xt_option_entry LED_opts[] = {
+ {.name = "led-trigger-id", .id = O_LED_TRIGGER_ID,
+ .flags = XTOPT_MAND, .type = XTTYPE_STRING, .min = 0,
+ .max = sizeof(((struct xt_led_info *)NULL)->id) -
+ sizeof("netfilter-")},
+ {.name = "led-delay", .id = O_LED_DELAY, .type = XTTYPE_STRING},
+ {.name = "led-always-blink", .id = O_LED_ALWAYS_BLINK,
+ .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
+#undef s
static void LED_help(void)
{
@@ -39,50 +46,28 @@ static void LED_help(void)
);
}
-static int LED_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void LED_parse(struct xt_option_call *cb)
{
- struct xt_led_info *led = (void *)(*target)->data;
-
- switch (c) {
- case 'i':
- xtables_param_act(XTF_NO_INVERT, "LED",
- "--led-trigger-id", invert);
- if (strlen("netfilter-") + strlen(optarg) > sizeof(led->id))
- xtables_error(PARAMETER_PROBLEM,
- "--led-trigger-id must be 16 chars or less");
- if (optarg[0] == '\0')
- xtables_error(PARAMETER_PROBLEM,
- "--led-trigger-id cannot be blank");
+ struct xt_led_info *led = cb->data;
- /* "netfilter-" + 16 char id == 26 == sizeof(led->id) */
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_LED_TRIGGER_ID:
strcpy(led->id, "netfilter-");
- strcat(led->id, optarg);
- *flags = 1;
- return true;
-
- case 'd':
- xtables_param_act(XTF_NO_INVERT, "LED", "--led-delay", invert);
- if (strncasecmp(optarg, "inf", 3) == 0)
+ strcat(led->id, cb->arg);
+ break;
+ case O_LED_DELAY:
+ if (strncasecmp(cb->arg, "inf", 3) == 0)
led->delay = -1;
- else
- led->delay = strtoul(optarg, NULL, 0);
-
- return true;
-
- case 'a':
- if (!invert)
- led->always_blink = 1;
- return true;
+ else if (!xtables_strtoui(cb->arg, NULL, &led->delay, 0, UINT32_MAX))
+ xtables_error(PARAMETER_PROBLEM,
+ "Delay value must be within range 0..%u",
+ UINT32_MAX);
+ break;
+ case O_LED_ALWAYS_BLINK:
+ led->always_blink = 1;
+ break;
}
- return false;
-}
-
-static void LED_final_check(unsigned int flags)
-{
- if (flags == 0)
- xtables_error(PARAMETER_PROBLEM,
- "--led-trigger-id must be specified");
}
static void LED_print(const void *ip, const struct xt_entry_target *target,
@@ -91,22 +76,22 @@ static void LED_print(const void *ip, const struct xt_entry_target *target,
const struct xt_led_info *led = (void *)target->data;
const char *id = led->id + strlen("netfilter-"); /* trim off prefix */
- printf("led-trigger-id:\"");
+ printf(" led-trigger-id:\"");
/* Escape double quotes and backslashes in the ID */
while (*id != '\0') {
if (*id == '"' || *id == '\\')
printf("\\");
printf("%c", *id++);
}
- printf("\" ");
+ printf("\"");
if (led->delay == -1)
- printf("led-delay:inf ");
+ printf(" led-delay:inf");
else
- printf("led-delay:%dms ", led->delay);
+ printf(" led-delay:%dms", led->delay);
if (led->always_blink)
- printf("led-always-blink ");
+ printf(" led-always-blink");
}
static void LED_save(const void *ip, const struct xt_entry_target *target)
@@ -114,24 +99,24 @@ static void LED_save(const void *ip, const struct xt_entry_target *target)
const struct xt_led_info *led = (void *)target->data;
const char *id = led->id + strlen("netfilter-"); /* trim off prefix */
- printf("--led-trigger-id \"");
+ printf(" --led-trigger-id \"");
/* Escape double quotes and backslashes in the ID */
while (*id != '\0') {
if (*id == '"' || *id == '\\')
printf("\\");
printf("%c", *id++);
}
- printf("\" ");
+ printf("\"");
/* Only print the delay if it's not zero (the default) */
if (led->delay > 0)
- printf("--led-delay %d ", led->delay);
+ printf(" --led-delay %d", led->delay);
else if (led->delay == -1)
- printf("--led-delay inf ");
+ printf(" --led-delay inf");
/* Only print always_blink if it's not set to the default */
if (led->always_blink)
- printf("--led-always-blink ");
+ printf(" --led-always-blink");
}
static struct xtables_target led_tg_reg = {
@@ -142,11 +127,10 @@ static struct xtables_target led_tg_reg = {
.size = XT_ALIGN(sizeof(struct xt_led_info)),
.userspacesize = offsetof(struct xt_led_info, internal_data),
.help = LED_help,
- .parse = LED_parse,
- .final_check = LED_final_check,
- .extra_opts = LED_opts,
.print = LED_print,
.save = LED_save,
+ .x6_parse = LED_parse,
+ .x6_options = LED_opts,
};
void _init(void)
diff --git a/extensions/libip6t_LOG.man b/extensions/libxt_LOG.man
index b7803fe..354edf4 100644
--- a/extensions/libip6t_LOG.man
+++ b/extensions/libxt_LOG.man
@@ -1,17 +1,18 @@
Turn on kernel logging of matching packets. When this option is set
for a rule, the Linux kernel will print some information on all
-matching packets (like most IPv6 IPv6-header fields) via the kernel log
-(where it can be read with
-.I dmesg
-or
-.IR syslogd (8)).
+matching packets (like most IP/IPv6 header fields) via the kernel log
+(where it can be read with \fIdmesg(1)\fP or read in the syslog).
+.PP
This is a "non-terminating target", i.e. rule traversal continues at
the next rule. So if you want to LOG the packets you refuse, use two
separate rules with the same matching criteria, first using target LOG
then DROP (or REJECT).
.TP
\fB\-\-log\-level\fP \fIlevel\fP
-Level of logging (numeric or see \fIsyslog.conf\fP(5)).
+Level of logging, which can be (system-specific) numeric or a mnemonic.
+Possible values are (in decreasing order of priority): \fBemerg\fP,
+\fBalert\fP, \fBcrit\fP, \fBerror\fP, \fBwarning\fP, \fBnotice\fP, \fBinfo\fP
+or \fBdebug\fP.
.TP
\fB\-\-log\-prefix\fP \fIprefix\fP
Prefix log messages with the specified prefix; up to 29 letters long,
@@ -25,7 +26,7 @@ readable by users.
Log options from the TCP packet header.
.TP
\fB\-\-log\-ip\-options\fP
-Log options from the IPv6 packet header.
+Log options from the IP/IPv6 packet header.
.TP
\fB\-\-log\-uid\fP
Log the userid of the process which generated the packet.
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index dbfc7c0..556dbde 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -1,12 +1,6 @@
-/* Shared library add-on to iptables to add MARK target support. */
#include <stdbool.h>
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
-#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_MARK.h>
/* Version 0 */
@@ -23,11 +17,22 @@ enum {
struct xt_mark_target_info_v1 {
unsigned long mark;
- u_int8_t mode;
+ uint8_t mode;
};
enum {
- F_MARK = 1 << 0,
+ O_SET_MARK = 0,
+ O_AND_MARK,
+ O_OR_MARK,
+ O_XOR_MARK,
+ O_SET_XMARK,
+ F_SET_MARK = 1 << O_SET_MARK,
+ F_AND_MARK = 1 << O_AND_MARK,
+ F_OR_MARK = 1 << O_OR_MARK,
+ F_XOR_MARK = 1 << O_XOR_MARK,
+ F_SET_XMARK = 1 << O_SET_XMARK,
+ F_ANY = F_SET_MARK | F_AND_MARK | F_OR_MARK |
+ F_XOR_MARK | F_SET_XMARK,
};
static void MARK_help(void)
@@ -39,20 +44,28 @@ static void MARK_help(void)
" --or-mark value Binary OR the nfmark with value\n");
}
-static const struct option MARK_opts[] = {
- { "set-mark", 1, NULL, '1' },
- { "and-mark", 1, NULL, '2' },
- { "or-mark", 1, NULL, '3' },
- { .name = NULL }
+static const struct xt_option_entry MARK_opts[] = {
+ {.name = "set-mark", .id = O_SET_MARK, .type = XTTYPE_UINT32,
+ .excl = F_ANY},
+ {.name = "and-mark", .id = O_AND_MARK, .type = XTTYPE_UINT32,
+ .excl = F_ANY},
+ {.name = "or-mark", .id = O_OR_MARK, .type = XTTYPE_UINT32,
+ .excl = F_ANY},
+ XTOPT_TABLEEND,
};
-static const struct option mark_tg_opts[] = {
- {.name = "set-xmark", .has_arg = true, .val = 'X'},
- {.name = "set-mark", .has_arg = true, .val = '='},
- {.name = "and-mark", .has_arg = true, .val = '&'},
- {.name = "or-mark", .has_arg = true, .val = '|'},
- {.name = "xor-mark", .has_arg = true, .val = '^'},
- { .name = NULL }
+static const struct xt_option_entry mark_tg_opts[] = {
+ {.name = "set-xmark", .id = O_SET_XMARK, .type = XTTYPE_MARKMASK32,
+ .excl = F_ANY},
+ {.name = "set-mark", .id = O_SET_MARK, .type = XTTYPE_MARKMASK32,
+ .excl = F_ANY},
+ {.name = "and-mark", .id = O_AND_MARK, .type = XTTYPE_UINT32,
+ .excl = F_ANY},
+ {.name = "or-mark", .id = O_OR_MARK, .type = XTTYPE_UINT32,
+ .excl = F_ANY},
+ {.name = "xor-mark", .id = O_XOR_MARK, .type = XTTYPE_UINT32,
+ .excl = F_ANY},
+ XTOPT_TABLEEND,
};
static void mark_tg_help(void)
@@ -67,144 +80,80 @@ static void mark_tg_help(void)
"\n");
}
-/* Function which parses command options; returns true if it
- ate an option */
-static int
-MARK_parse_v0(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void MARK_parse_v0(struct xt_option_call *cb)
{
- struct xt_mark_target_info *markinfo
- = (struct xt_mark_target_info *)(*target)->data;
- unsigned int mark = 0;
+ struct xt_mark_target_info *markinfo = cb->data;
- switch (c) {
- case '1':
- if (!xtables_strtoui(optarg, NULL, &mark, 0, UINT32_MAX))
- xtables_error(PARAMETER_PROBLEM, "Bad MARK value \"%s\"", optarg);
- markinfo->mark = mark;
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "MARK target: Can't specify --set-mark twice");
- *flags = 1;
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SET_MARK:
+ markinfo->mark = cb->val.mark;
break;
- case '2':
- xtables_error(PARAMETER_PROBLEM,
- "MARK target: kernel too old for --and-mark");
- case '3':
- xtables_error(PARAMETER_PROBLEM,
- "MARK target: kernel too old for --or-mark");
default:
- return 0;
+ xtables_error(PARAMETER_PROBLEM,
+ "MARK target: kernel too old for --%s",
+ cb->entry->name);
}
-
- return 1;
}
-static void MARK_check(unsigned int flags)
+static void MARK_check(struct xt_fcheck_call *cb)
{
- if (!flags)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM,
"MARK target: Parameter --set/and/or-mark"
" is required");
}
-static int
-MARK_parse_v1(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void MARK_parse_v1(struct xt_option_call *cb)
{
- struct xt_mark_target_info_v1 *markinfo
- = (struct xt_mark_target_info_v1 *)(*target)->data;
- unsigned int mark = 0;
+ struct xt_mark_target_info_v1 *markinfo = cb->data;
- switch (c) {
- case '1':
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SET_MARK:
markinfo->mode = XT_MARK_SET;
break;
- case '2':
+ case O_AND_MARK:
markinfo->mode = XT_MARK_AND;
break;
- case '3':
+ case O_OR_MARK:
markinfo->mode = XT_MARK_OR;
break;
- default:
- return 0;
}
-
- if (!xtables_strtoui(optarg, NULL, &mark, 0, UINT32_MAX))
- xtables_error(PARAMETER_PROBLEM, "Bad MARK value \"%s\"", optarg);
- markinfo->mark = mark;
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "MARK target: Can't specify --set-mark twice");
-
- *flags = 1;
- return 1;
+ markinfo->mark = cb->val.u32;
}
-static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void mark_tg_parse(struct xt_option_call *cb)
{
- struct xt_mark_tginfo2 *info = (void *)(*target)->data;
- unsigned int value, mask = UINT32_MAX;
- char *end;
+ struct xt_mark_tginfo2 *info = cb->data;
- switch (c) {
- case 'X': /* --set-xmark */
- case '=': /* --set-mark */
- xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK);
- xtables_param_act(XTF_NO_INVERT, "MARK", "--set-xmark/--set-mark", invert);
- if (!xtables_strtoui(optarg, &end, &value, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg);
- if (*end == '/')
- if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg);
- if (*end != '\0')
- xtables_param_act(XTF_BAD_VALUE, "MARK", "--set-xmark/--set-mark", optarg);
- info->mark = value;
- info->mask = mask;
-
- if (c == '=')
- info->mask = value | mask;
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SET_XMARK:
+ info->mark = cb->val.mark;
+ info->mask = cb->val.mask;
break;
-
- case '&': /* --and-mark */
- xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK);
- xtables_param_act(XTF_NO_INVERT, "MARK", "--and-mark", invert);
- if (!xtables_strtoui(optarg, NULL, &mask, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "MARK", "--and-mark", optarg);
+ case O_SET_MARK:
+ info->mark = cb->val.mark;
+ info->mask = cb->val.mark | cb->val.mask;
+ break;
+ case O_AND_MARK:
info->mark = 0;
- info->mask = ~mask;
+ info->mask = ~cb->val.u32;
break;
-
- case '|': /* --or-mark */
- xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK);
- xtables_param_act(XTF_NO_INVERT, "MARK", "--or-mark", invert);
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "MARK", "--or-mark", optarg);
- info->mark = value;
- info->mask = value;
+ case O_OR_MARK:
+ info->mark = info->mask = cb->val.u32;
break;
-
- case '^': /* --xor-mark */
- xtables_param_act(XTF_ONE_ACTION, "MARK", *flags & F_MARK);
- xtables_param_act(XTF_NO_INVERT, "MARK", "--xor-mark", invert);
- if (!xtables_strtoui(optarg, NULL, &value, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "MARK", "--xor-mark", optarg);
- info->mark = value;
+ case O_XOR_MARK:
+ info->mark = cb->val.u32;
info->mask = 0;
break;
-
- default:
- return false;
}
-
- *flags |= F_MARK;
- return true;
}
-static void mark_tg_check(unsigned int flags)
+static void mark_tg_check(struct xt_fcheck_call *cb)
{
- if (flags == 0)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM, "MARK: One of the --set-xmark, "
"--{and,or,xor,set}-mark options is required");
}
@@ -212,7 +161,7 @@ static void mark_tg_check(unsigned int flags)
static void
print_mark(unsigned long mark)
{
- printf("0x%lx ", mark);
+ printf(" 0x%lx", mark);
}
static void MARK_print_v0(const void *ip,
@@ -220,7 +169,7 @@ static void MARK_print_v0(const void *ip,
{
const struct xt_mark_target_info *markinfo =
(const struct xt_mark_target_info *)target->data;
- printf("MARK set ");
+ printf(" MARK set");
print_mark(markinfo->mark);
}
@@ -229,7 +178,7 @@ static void MARK_save_v0(const void *ip, const struct xt_entry_target *target)
const struct xt_mark_target_info *markinfo =
(const struct xt_mark_target_info *)target->data;
- printf("--set-mark ");
+ printf(" --set-mark");
print_mark(markinfo->mark);
}
@@ -241,13 +190,13 @@ static void MARK_print_v1(const void *ip, const struct xt_entry_target *target,
switch (markinfo->mode) {
case XT_MARK_SET:
- printf("MARK set ");
+ printf(" MARK set");
break;
case XT_MARK_AND:
- printf("MARK and ");
+ printf(" MARK and");
break;
case XT_MARK_OR:
- printf("MARK or ");
+ printf(" MARK or");
break;
}
print_mark(markinfo->mark);
@@ -259,15 +208,15 @@ static void mark_tg_print(const void *ip, const struct xt_entry_target *target,
const struct xt_mark_tginfo2 *info = (const void *)target->data;
if (info->mark == 0)
- printf("MARK and 0x%x ", (unsigned int)(u_int32_t)~info->mask);
+ printf(" MARK and 0x%x", (unsigned int)(uint32_t)~info->mask);
else if (info->mark == info->mask)
- printf("MARK or 0x%x ", info->mark);
+ printf(" MARK or 0x%x", info->mark);
else if (info->mask == 0)
- printf("MARK xor 0x%x ", info->mark);
+ printf(" MARK xor 0x%x", info->mark);
else if (info->mask == 0xffffffffU)
- printf("MARK set 0x%x ", info->mark);
+ printf(" MARK set 0x%x", info->mark);
else
- printf("MARK xset 0x%x/0x%x ", info->mark, info->mask);
+ printf(" MARK xset 0x%x/0x%x", info->mark, info->mask);
}
static void MARK_save_v1(const void *ip, const struct xt_entry_target *target)
@@ -277,13 +226,13 @@ static void MARK_save_v1(const void *ip, const struct xt_entry_target *target)
switch (markinfo->mode) {
case XT_MARK_SET:
- printf("--set-mark ");
+ printf(" --set-mark");
break;
case XT_MARK_AND:
- printf("--and-mark ");
+ printf(" --and-mark");
break;
case XT_MARK_OR:
- printf("--or-mark ");
+ printf(" --or-mark");
break;
}
print_mark(markinfo->mark);
@@ -293,7 +242,7 @@ static void mark_tg_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_mark_tginfo2 *info = (const void *)target->data;
- printf("--set-xmark 0x%x/0x%x ", info->mark, info->mask);
+ printf(" --set-xmark 0x%x/0x%x", info->mark, info->mask);
}
static struct xtables_target mark_tg_reg[] = {
@@ -305,11 +254,11 @@ static struct xtables_target mark_tg_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_mark_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
.help = MARK_help,
- .parse = MARK_parse_v0,
- .final_check = MARK_check,
.print = MARK_print_v0,
.save = MARK_save_v0,
- .extra_opts = MARK_opts,
+ .x6_parse = MARK_parse_v0,
+ .x6_fcheck = MARK_check,
+ .x6_options = MARK_opts,
},
{
.family = NFPROTO_IPV4,
@@ -319,11 +268,11 @@ static struct xtables_target mark_tg_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
.help = MARK_help,
- .parse = MARK_parse_v1,
- .final_check = MARK_check,
.print = MARK_print_v1,
.save = MARK_save_v1,
- .extra_opts = MARK_opts,
+ .x6_parse = MARK_parse_v1,
+ .x6_fcheck = MARK_check,
+ .x6_options = MARK_opts,
},
{
.version = XTABLES_VERSION,
@@ -333,11 +282,11 @@ static struct xtables_target mark_tg_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
.help = mark_tg_help,
- .parse = mark_tg_parse,
- .final_check = mark_tg_check,
.print = mark_tg_print,
.save = mark_tg_save,
- .extra_opts = mark_tg_opts,
+ .x6_parse = mark_tg_parse,
+ .x6_fcheck = mark_tg_check,
+ .x6_options = mark_tg_opts,
},
};
diff --git a/extensions/libxt_MARK.man b/extensions/libxt_MARK.man
index aaeceb4..712fb76 100644
--- a/extensions/libxt_MARK.man
+++ b/extensions/libxt_MARK.man
@@ -5,23 +5,23 @@ PREROUTING chain of the mangle table to affect routing.
The mark field is 32 bits wide.
.TP
\fB\-\-set\-xmark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
-Zeroes out the bits given by \fImask\fR and XORs \fIvalue\fR into the packet
-mark ("nfmark"). If \fImask\fR is omitted, 0xFFFFFFFF is assumed.
+Zeroes out the bits given by \fImask\fP and XORs \fIvalue\fP into the packet
+mark ("nfmark"). If \fImask\fP is omitted, 0xFFFFFFFF is assumed.
.TP
\fB\-\-set\-mark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
-Zeroes out the bits given by \fImask\fR and ORs \fIvalue\fR into the packet
-mark. If \fImask\fR is omitted, 0xFFFFFFFF is assumed.
+Zeroes out the bits given by \fImask\fP and ORs \fIvalue\fP into the packet
+mark. If \fImask\fP is omitted, 0xFFFFFFFF is assumed.
.PP
The following mnemonics are available:
.TP
\fB\-\-and\-mark\fP \fIbits\fP
-Binary AND the nfmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark
-0/\fR\fIinvbits\fR, where \fIinvbits\fR is the binary negation of \fIbits\fR.)
+Binary AND the nfmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark
+0/\fP\fIinvbits\fP, where \fIinvbits\fP is the binary negation of \fIbits\fP.)
.TP
\fB\-\-or\-mark\fP \fIbits\fP
-Binary OR the nfmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark\fP
-\fIbits\fR\fB/\fR\fIbits\fR.)
+Binary OR the nfmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
+\fIbits\fP\fB/\fP\fIbits\fP.)
.TP
\fB\-\-xor\-mark\fP \fIbits\fP
-Binary XOR the nfmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark\fP
-\fIbits\fR\fB/0\fR.)
+Binary XOR the nfmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
+\fIbits\fP\fB/0\fP.)
diff --git a/extensions/libipt_MASQUERADE.man b/extensions/libxt_MASQUERADE.man
index 8f42993..c9e3950 100644
--- a/extensions/libipt_MASQUERADE.man
+++ b/extensions/libxt_MASQUERADE.man
@@ -10,21 +10,19 @@ effect that connections are
.I forgotten
when the interface goes down. This is the correct behavior when the
next dialup is unlikely to have the same interface address (and hence
-any established connections are lost anyway). It takes one option:
+any established connections are lost anyway).
.TP
\fB\-\-to\-ports\fP \fIport\fP[\fB\-\fP\fIport\fP]
This specifies a range of source ports to use, overriding the default
.B SNAT
source port-selection heuristics (see above). This is only valid
-if the rule also specifies
-\fB\-p tcp\fP
-or
-\fB\-p udp\fP.
+if the rule also specifies one of the following protocols:
+\fBtcp\fP, \fBudp\fP, \fBdccp\fP or \fBsctp\fP.
.TP
\fB\-\-random\fP
Randomize source port mapping
If option
\fB\-\-random\fP
is used then port mapping will be randomized (kernel >= 2.6.21).
-.RS
-.PP
+.TP
+IPv6 support available since Linux kernels >= 3.7.
diff --git a/extensions/libipt_NETMAP.man b/extensions/libxt_NETMAP.man
index a7e90b8..06507db 100644
--- a/extensions/libipt_NETMAP.man
+++ b/extensions/libxt_NETMAP.man
@@ -7,3 +7,5 @@ table.
Network address to map to. The resulting address will be constructed in the
following way: All 'one' bits in the mask are filled in from the new `address'.
All bits that are zero in the mask are filled in from the original address.
+.TP
+IPv6 support available since Linux kernels >= 3.7.
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index e2185d5..448576a 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -1,3 +1,4 @@
+#include <stdbool.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
@@ -8,19 +9,25 @@
#include <linux/netfilter/xt_NFLOG.h>
enum {
- NFLOG_GROUP = 0x1,
- NFLOG_PREFIX = 0x2,
- NFLOG_RANGE = 0x4,
- NFLOG_THRESHOLD = 0x8,
+ O_GROUP = 0,
+ O_PREFIX,
+ O_RANGE,
+ O_THRESHOLD,
};
-static const struct option NFLOG_opts[] = {
- { "nflog-group", 1, NULL, NFLOG_GROUP },
- { "nflog-prefix", 1, NULL, NFLOG_PREFIX },
- { "nflog-range", 1, NULL, NFLOG_RANGE },
- { "nflog-threshold", 1, NULL, NFLOG_THRESHOLD },
- { .name = NULL }
+#define s struct xt_nflog_info
+static const struct xt_option_entry NFLOG_opts[] = {
+ {.name = "nflog-group", .id = O_GROUP, .type = XTTYPE_UINT16,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, group)},
+ {.name = "nflog-prefix", .id = O_PREFIX, .type = XTTYPE_STRING,
+ .min = 1, .flags = XTOPT_PUT, XTOPT_POINTER(s, prefix)},
+ {.name = "nflog-range", .id = O_RANGE, .type = XTTYPE_UINT32,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, len)},
+ {.name = "nflog-threshold", .id = O_THRESHOLD, .type = XTTYPE_UINT16,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, threshold)},
+ XTOPT_TABLEEND,
};
+#undef s
static void NFLOG_help(void)
{
@@ -35,92 +42,33 @@ static void NFLOG_init(struct xt_entry_target *t)
{
struct xt_nflog_info *info = (struct xt_nflog_info *)t->data;
- info->group = 0;
info->threshold = XT_NFLOG_DEFAULT_THRESHOLD;
}
-static int NFLOG_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void NFLOG_parse(struct xt_option_call *cb)
{
- struct xt_nflog_info *info = (struct xt_nflog_info *)(*target)->data;
- int n;
- size_t length;
-
- switch (c) {
- case NFLOG_GROUP:
- if (*flags & NFLOG_GROUP)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --nflog-group twice");
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --nflog-group");
-
- n = atoi(optarg);
- if (n < 0)
- xtables_error(PARAMETER_PROBLEM,
- "--nflog-group can not be negative");
- info->group = n;
- break;
- case NFLOG_PREFIX:
- if (*flags & NFLOG_PREFIX)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --nflog-prefix twice");
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --nflog-prefix");
-
- length = strlen(optarg);
- if (length == 0)
- xtables_error(PARAMETER_PROBLEM,
- "No prefix specified for --nflog-prefix");
- if (length >= sizeof(info->prefix))
- xtables_error(PARAMETER_PROBLEM,
- "--nflog-prefix too long, max %Zu characters",
- sizeof(info->prefix) - 1);
- if (length != strlen(strtok(optarg, "\n")))
- xtables_error(PARAMETER_PROBLEM,
- "Newlines are not allowed in --nflog-prefix");
- strcpy(info->prefix, optarg);
- break;
- case NFLOG_RANGE:
- if (*flags & NFLOG_RANGE)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --nflog-range twice");
- n = atoi(optarg);
- if (n < 0)
- xtables_error(PARAMETER_PROBLEM,
- "Invalid --nflog-range, must be >= 0");
- info->len = n;
- break;
- case NFLOG_THRESHOLD:
- if (*flags & NFLOG_THRESHOLD)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify --nflog-threshold twice");
- n = atoi(optarg);
- if (n < 1)
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_PREFIX:
+ if (strchr(cb->arg, '\n') != NULL)
xtables_error(PARAMETER_PROBLEM,
- "Invalid --nflog-threshold, must be >= 1");
- info->threshold = n;
+ "Newlines not allowed in --log-prefix");
break;
- default:
- return 0;
}
- *flags |= c;
- return 1;
}
static void nflog_print(const struct xt_nflog_info *info, char *prefix)
{
if (info->prefix[0] != '\0') {
- printf("%snflog-prefix ", prefix);
+ printf(" %snflog-prefix ", prefix);
xtables_save_string(info->prefix);
}
if (info->group)
- printf("%snflog-group %u ", prefix, info->group);
+ printf(" %snflog-group %u", prefix, info->group);
if (info->len)
- printf("%snflog-range %u ", prefix, info->len);
+ printf(" %snflog-range %u", prefix, info->len);
if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
- printf("%snflog-threshold %u ", prefix, info->threshold);
+ printf(" %snflog-threshold %u", prefix, info->threshold);
}
static void NFLOG_print(const void *ip, const struct xt_entry_target *target,
@@ -146,10 +94,10 @@ static struct xtables_target nflog_target = {
.userspacesize = XT_ALIGN(sizeof(struct xt_nflog_info)),
.help = NFLOG_help,
.init = NFLOG_init,
- .parse = NFLOG_parse,
+ .x6_parse = NFLOG_parse,
.print = NFLOG_print,
.save = NFLOG_save,
- .extra_opts = NFLOG_opts,
+ .x6_options = NFLOG_opts,
};
void _init(void)
diff --git a/extensions/libxt_NFLOG.man b/extensions/libxt_NFLOG.man
index 66f0b97..1b6dbf1 100644
--- a/extensions/libxt_NFLOG.man
+++ b/extensions/libxt_NFLOG.man
@@ -9,7 +9,7 @@ may subscribe to the group to receive the packets. Like LOG, this is a
non-terminating target, i.e. rule traversal continues at the next rule.
.TP
\fB\-\-nflog\-group\fP \fInlgroup\fP
-The netlink group (1 \- 2^32\-1) to which packets are (only applicable for
+The netlink group (0 - 2^16\-1) to which packets are (only applicable for
nfnetlink_log). The default value is 0.
.TP
\fB\-\-nflog\-prefix\fP \fIprefix\fP
diff --git a/extensions/libxt_NFQUEUE.c b/extensions/libxt_NFQUEUE.c
index 2d9d98a..0c86918 100644
--- a/extensions/libxt_NFQUEUE.c
+++ b/extensions/libxt_NFQUEUE.c
@@ -6,14 +6,19 @@
*
*/
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
-#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_NFQUEUE.h>
+enum {
+ O_QUEUE_NUM = 0,
+ O_QUEUE_BALANCE,
+ O_QUEUE_BYPASS,
+ O_QUEUE_CPU_FANOUT,
+ F_QUEUE_NUM = 1 << O_QUEUE_NUM,
+ F_QUEUE_BALANCE = 1 << O_QUEUE_BALANCE,
+ F_QUEUE_CPU_FANOUT = 1 << O_QUEUE_CPU_FANOUT,
+};
+
static void NFQUEUE_help(void)
{
printf(
@@ -30,94 +35,85 @@ static void NFQUEUE_help_v1(void)
" --queue-balance first:last Balance flows between queues <value> to <value>.\n");
}
-static const struct option NFQUEUE_opts[] = {
- { "queue-num", 1, NULL, 'F' },
- { "queue-balance", 1, NULL, 'B' },
- { .name = NULL }
-};
-
-static void exit_badqueue(const char *s)
+static void NFQUEUE_help_v2(void)
{
- xtables_error(PARAMETER_PROBLEM, "Invalid queue number `%s'\n", s);
+ NFQUEUE_help_v1();
+ printf(
+" --queue-bypass Bypass Queueing if no queue instance exists.\n"
+" --queue-cpu-fanout Use current CPU (no hashing)\n");
}
-static void
-parse_num(const char *s, struct xt_NFQ_info *tinfo)
+static void NFQUEUE_help_v3(void)
{
- unsigned int num;
+ NFQUEUE_help_v2();
+ printf(
+" --queue-cpu-fanout Use current CPU (no hashing)\n");
+}
- if (!xtables_strtoui(s, NULL, &num, 0, UINT16_MAX))
- exit_badqueue(s);
+#define s struct xt_NFQ_info
+static const struct xt_option_entry NFQUEUE_opts[] = {
+ {.name = "queue-num", .id = O_QUEUE_NUM, .type = XTTYPE_UINT16,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, queuenum),
+ .excl = F_QUEUE_BALANCE},
+ {.name = "queue-balance", .id = O_QUEUE_BALANCE,
+ .type = XTTYPE_UINT16RC, .excl = F_QUEUE_NUM},
+ {.name = "queue-bypass", .id = O_QUEUE_BYPASS, .type = XTTYPE_NONE},
+ {.name = "queue-cpu-fanout", .id = O_QUEUE_CPU_FANOUT,
+ .type = XTTYPE_NONE, .also = F_QUEUE_BALANCE},
+ XTOPT_TABLEEND,
+};
+#undef s
- tinfo->queuenum = num;
+static void NFQUEUE_parse(struct xt_option_call *cb)
+{
+ xtables_option_parse(cb);
+ if (cb->entry->id == O_QUEUE_BALANCE)
+ xtables_error(PARAMETER_PROBLEM, "NFQUEUE target: "
+ "--queue-balance not supported (kernel too old?)");
}
-static int
-NFQUEUE_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void NFQUEUE_parse_v1(struct xt_option_call *cb)
{
- struct xt_NFQ_info *tinfo
- = (struct xt_NFQ_info *)(*target)->data;
+ struct xt_NFQ_info_v1 *info = cb->data;
+ const uint16_t *r = cb->val.u16_range;
- switch (c) {
- case 'F':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM, "NFQUEUE target: "
- "Only use --queue-num ONCE!");
- parse_num(optarg, tinfo);
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_QUEUE_BALANCE:
+ if (cb->nvals != 2)
+ xtables_error(PARAMETER_PROBLEM,
+ "Bad range \"%s\"", cb->arg);
+ if (r[0] >= r[1])
+ xtables_error(PARAMETER_PROBLEM, "%u should be less than %u",
+ r[0], r[1]);
+ info->queuenum = r[0];
+ info->queues_total = r[1] - r[0] + 1;
break;
- case 'B':
- xtables_error(PARAMETER_PROBLEM, "NFQUEUE target: "
- "--queue-balance not supported (kernel too old?)");
- default:
- return 0;
}
-
- return 1;
}
-static int
-NFQUEUE_parse_v1(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void NFQUEUE_parse_v2(struct xt_option_call *cb)
{
- struct xt_NFQ_info_v1 *info = (void *)(*target)->data;
- char *colon;
- unsigned int firstqueue, lastqueue;
-
- switch (c) {
- case 'F': /* fallthrough */
- case 'B':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM, "NFQUEUE target: "
- "Only use --queue-num ONCE!");
-
- if (!xtables_strtoui(optarg, &colon, &firstqueue, 0, UINT16_MAX))
- exit_badqueue(optarg);
-
- info->queuenum = firstqueue;
+ struct xt_NFQ_info_v2 *info = cb->data;
- if (c == 'F') {
- if (*colon)
- exit_badqueue(optarg);
- break;
- }
-
- if (*colon != ':')
- xtables_error(PARAMETER_PROBLEM, "Bad range \"%s\"", optarg);
+ NFQUEUE_parse_v1(cb);
+ switch (cb->entry->id) {
+ case O_QUEUE_BYPASS:
+ info->bypass = 1;
+ break;
+ }
+}
- if (!xtables_strtoui(colon + 1, NULL, &lastqueue, 1, UINT16_MAX))
- exit_badqueue(optarg);
+static void NFQUEUE_parse_v3(struct xt_option_call *cb)
+{
+ struct xt_NFQ_info_v3 *info = cb->data;
- if (firstqueue >= lastqueue)
- xtables_error(PARAMETER_PROBLEM, "%u should be less than %u",
- firstqueue, lastqueue);
- info->queues_total = lastqueue - firstqueue + 1;
+ NFQUEUE_parse_v2(cb);
+ switch (cb->entry->id) {
+ case O_QUEUE_CPU_FANOUT:
+ info->flags |= NFQ_FLAG_CPU_FANOUT;
break;
- default:
- return 0;
}
-
- return 1;
}
static void NFQUEUE_print(const void *ip,
@@ -125,7 +121,7 @@ static void NFQUEUE_print(const void *ip,
{
const struct xt_NFQ_info *tinfo =
(const struct xt_NFQ_info *)target->data;
- printf("NFQUEUE num %u", tinfo->queuenum);
+ printf(" NFQUEUE num %u", tinfo->queuenum);
}
static void NFQUEUE_print_v1(const void *ip,
@@ -136,18 +132,38 @@ static void NFQUEUE_print_v1(const void *ip,
if (last > 1) {
last += tinfo->queuenum - 1;
- printf("NFQUEUE balance %u:%u", tinfo->queuenum, last);
+ printf(" NFQUEUE balance %u:%u", tinfo->queuenum, last);
} else {
- printf("NFQUEUE num %u", tinfo->queuenum);
+ printf(" NFQUEUE num %u", tinfo->queuenum);
}
}
+static void NFQUEUE_print_v2(const void *ip,
+ const struct xt_entry_target *target, int numeric)
+{
+ const struct xt_NFQ_info_v2 *info = (void *) target->data;
+
+ NFQUEUE_print_v1(ip, target, numeric);
+ if (info->bypass & NFQ_FLAG_BYPASS)
+ printf(" bypass");
+}
+
+static void NFQUEUE_print_v3(const void *ip,
+ const struct xt_entry_target *target, int numeric)
+{
+ const struct xt_NFQ_info_v3 *info = (void *)target->data;
+
+ NFQUEUE_print_v2(ip, target, numeric);
+ if (info->flags & NFQ_FLAG_CPU_FANOUT)
+ printf(" cpu-fanout");
+}
+
static void NFQUEUE_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_NFQ_info *tinfo =
(const struct xt_NFQ_info *)target->data;
- printf("--queue-num %u ", tinfo->queuenum);
+ printf(" --queue-num %u", tinfo->queuenum);
}
static void NFQUEUE_save_v1(const void *ip, const struct xt_entry_target *target)
@@ -157,32 +173,51 @@ static void NFQUEUE_save_v1(const void *ip, const struct xt_entry_target *target
if (last > 1) {
last += tinfo->queuenum - 1;
- printf("--queue-balance %u:%u ", tinfo->queuenum, last);
+ printf(" --queue-balance %u:%u", tinfo->queuenum, last);
} else {
- printf("--queue-num %u ", tinfo->queuenum);
+ printf(" --queue-num %u", tinfo->queuenum);
}
}
+static void NFQUEUE_save_v2(const void *ip, const struct xt_entry_target *target)
+{
+ const struct xt_NFQ_info_v2 *info = (void *) target->data;
+
+ NFQUEUE_save_v1(ip, target);
+
+ if (info->bypass & NFQ_FLAG_BYPASS)
+ printf(" --queue-bypass");
+}
+
+static void NFQUEUE_save_v3(const void *ip,
+ const struct xt_entry_target *target)
+{
+ const struct xt_NFQ_info_v3 *info = (void *)target->data;
+
+ NFQUEUE_save_v2(ip, target);
+ if (info->flags & NFQ_FLAG_CPU_FANOUT)
+ printf(" --queue-cpu-fanout");
+}
+
static void NFQUEUE_init_v1(struct xt_entry_target *t)
{
struct xt_NFQ_info_v1 *tinfo = (void *)t->data;
tinfo->queues_total = 1;
}
-static struct xtables_target nfqueue_target = {
+static struct xtables_target nfqueue_targets[] = {
+{
.family = NFPROTO_UNSPEC,
.name = "NFQUEUE",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_NFQ_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info)),
.help = NFQUEUE_help,
- .parse = NFQUEUE_parse,
.print = NFQUEUE_print,
.save = NFQUEUE_save,
- .extra_opts = NFQUEUE_opts
-};
-
-static struct xtables_target nfqueue_target_v1 = {
+ .x6_parse = NFQUEUE_parse,
+ .x6_options = NFQUEUE_opts
+},{
.family = NFPROTO_UNSPEC,
.revision = 1,
.name = "NFQUEUE",
@@ -191,14 +226,40 @@ static struct xtables_target nfqueue_target_v1 = {
.userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info_v1)),
.help = NFQUEUE_help_v1,
.init = NFQUEUE_init_v1,
- .parse = NFQUEUE_parse_v1,
.print = NFQUEUE_print_v1,
.save = NFQUEUE_save_v1,
- .extra_opts = NFQUEUE_opts,
+ .x6_parse = NFQUEUE_parse_v1,
+ .x6_options = NFQUEUE_opts,
+},{
+ .family = NFPROTO_UNSPEC,
+ .revision = 2,
+ .name = "NFQUEUE",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_NFQ_info_v2)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info_v2)),
+ .help = NFQUEUE_help_v2,
+ .init = NFQUEUE_init_v1,
+ .print = NFQUEUE_print_v2,
+ .save = NFQUEUE_save_v2,
+ .x6_parse = NFQUEUE_parse_v2,
+ .x6_options = NFQUEUE_opts,
+},{
+ .family = NFPROTO_UNSPEC,
+ .revision = 3,
+ .name = "NFQUEUE",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_NFQ_info_v3)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info_v3)),
+ .help = NFQUEUE_help_v3,
+ .init = NFQUEUE_init_v1,
+ .print = NFQUEUE_print_v3,
+ .save = NFQUEUE_save_v3,
+ .x6_parse = NFQUEUE_parse_v3,
+ .x6_options = NFQUEUE_opts,
+}
};
void _init(void)
{
- xtables_register_target(&nfqueue_target);
- xtables_register_target(&nfqueue_target_v1);
+ xtables_register_targets(nfqueue_targets, ARRAY_SIZE(nfqueue_targets));
}
diff --git a/extensions/libxt_NFQUEUE.man b/extensions/libxt_NFQUEUE.man
index 59eddfc..1bfb7b8 100644
--- a/extensions/libxt_NFQUEUE.man
+++ b/extensions/libxt_NFQUEUE.man
@@ -1,11 +1,13 @@
-This target is an extension of the QUEUE target. As opposed to QUEUE, it allows
-you to put a packet into any specific queue, identified by its 16-bit queue
-number.
-It can only be used with Kernel versions 2.6.14 or later, since it requires
-the
+This target passes the packet to userspace using the
+\fBnfnetlink_queue\fP handler. The packet is put into the queue
+identified by its 16-bit queue number. Userspace can inspect
+and modify the packet if desired. Userspace must then drop or
+reinject the packet into the kernel. Please see libnetfilter_queue
+for details.
.B
nfnetlink_queue
-kernel support. The \fBqueue-balance\fP option was added in Linux 2.6.31.
+was added in Linux 2.6.14. The \fBqueue-balance\fP option was added in Linux 2.6.31,
+\fBqueue-bypass\fP in 2.6.39.
.TP
\fB\-\-queue\-num\fP \fIvalue\fP
This specifies the QUEUE number to use. Valid queue numbers are 0 to 65535. The default value is 0.
@@ -16,3 +18,16 @@ This specifies a range of queues to use. Packets are then balanced across the gi
This is useful for multicore systems: start multiple instances of the userspace program on
queues x, x+1, .. x+n and use "\-\-queue\-balance \fIx\fP\fB:\fP\fIx+n\fP".
Packets belonging to the same connection are put into the same nfqueue.
+.PP
+.TP
+\fB\-\-queue\-bypass\fP
+By default, if no userspace program is listening on an NFQUEUE, then all packets that are to be queued
+are dropped. When this option is used, the NFQUEUE rule behaves like ACCEPT instead, and the packet
+will move on to the next table.
+.PP
+.TP
+\fB\-\-queue\-cpu-fanout\fP
+Available starting Linux kernel 3.10. When used together with
+\fB--queue-balance\fP this will use the CPU ID as an index to map packets to
+the queues. The idea is that you can improve performance if there's a queue
+per CPU. This requires \fB--queue-balance\fP to be specified.
diff --git a/extensions/libxt_NOTRACK.c b/extensions/libxt_NOTRACK.c
deleted file mode 100644
index ca58700..0000000
--- a/extensions/libxt_NOTRACK.c
+++ /dev/null
@@ -1,15 +0,0 @@
-/* Shared library add-on to iptables to add NOTRACK target support. */
-#include <xtables.h>
-
-static struct xtables_target notrack_target = {
- .family = NFPROTO_UNSPEC,
- .name = "NOTRACK",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(0),
- .userspacesize = XT_ALIGN(0),
-};
-
-void _init(void)
-{
- xtables_register_target(&notrack_target);
-}
diff --git a/extensions/libxt_NOTRACK.man b/extensions/libxt_NOTRACK.man
index c2cdf5a..4302b93 100644
--- a/extensions/libxt_NOTRACK.man
+++ b/extensions/libxt_NOTRACK.man
@@ -1,5 +1,3 @@
-This target disables connection tracking for all packets matching that rule.
-.PP
-It can only be used in the
-.B raw
-table.
+This extension disables connection tracking for all packets matching that rule.
+It is equivalent with \-j CT \-\-notrack. Like CT, NOTRACK can only be used in
+the \fBraw\fP table.
diff --git a/extensions/libxt_RATEEST.c b/extensions/libxt_RATEEST.c
index 4b7831f..449ceab 100644
--- a/extensions/libxt_RATEEST.c
+++ b/extensions/libxt_RATEEST.c
@@ -1,18 +1,20 @@
+/*
+ * Copyright (c) 2008-2013 Patrick McHardy <kaber@trash.net>
+ */
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#include <stddef.h>
-#include <getopt.h>
#include <math.h>
#include <xtables.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_RATEEST.h>
-/* hack to pass raw values to final_check */
-static struct xt_rateest_target_info *RATEEST_info;
-static unsigned int interval;
-static unsigned int ewma_log;
+struct rateest_tg_udata {
+ unsigned int interval;
+ unsigned int ewma_log;
+};
static void
RATEEST_help(void)
@@ -24,18 +26,23 @@ RATEEST_help(void)
" --rateest-ewmalog value Rate measurement averaging time constant\n");
}
-enum RATEEST_options {
- RATEEST_OPT_NAME,
- RATEEST_OPT_INTERVAL,
- RATEEST_OPT_EWMALOG,
+enum {
+ O_NAME = 0,
+ O_INTERVAL,
+ O_EWMALOG,
};
-static const struct option RATEEST_opts[] = {
- { "rateest-name", 1, NULL, RATEEST_OPT_NAME },
- { "rateest-interval", 1, NULL, RATEEST_OPT_INTERVAL },
- { "rateest-ewmalog", 1, NULL, RATEEST_OPT_EWMALOG },
- { .name = NULL },
+#define s struct xt_rateest_target_info
+static const struct xt_option_entry RATEEST_opts[] = {
+ {.name = "rateest-name", .id = O_NAME, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, name)},
+ {.name = "rateest-interval", .id = O_INTERVAL, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND},
+ {.name = "rateest-ewmalog", .id = O_EWMALOG, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND},
+ XTOPT_TABLEEND,
};
+#undef s
/* Copied from iproute */
#define TIME_UNITS_PER_SEC 1000000
@@ -74,83 +81,41 @@ RATEEST_print_time(unsigned int time)
double tmp = time;
if (tmp >= TIME_UNITS_PER_SEC)
- printf("%.1fs ", tmp/TIME_UNITS_PER_SEC);
+ printf(" %.1fs", tmp / TIME_UNITS_PER_SEC);
else if (tmp >= TIME_UNITS_PER_SEC/1000)
- printf("%.1fms ", tmp/(TIME_UNITS_PER_SEC/1000));
+ printf(" %.1fms", tmp / (TIME_UNITS_PER_SEC / 1000));
else
- printf("%uus ", time);
-}
-
-static void
-RATEEST_init(struct xt_entry_target *target)
-{
- interval = 0;
- ewma_log = 0;
+ printf(" %uus", time);
}
-static int
-RATEEST_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void RATEEST_parse(struct xt_option_call *cb)
{
- struct xt_rateest_target_info *info = (void *)(*target)->data;
-
- RATEEST_info = info;
+ struct rateest_tg_udata *udata = cb->udata;
- switch (c) {
- case RATEEST_OPT_NAME:
- if (*flags & (1 << c))
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_INTERVAL:
+ if (RATEEST_get_time(&udata->interval, cb->arg) < 0)
xtables_error(PARAMETER_PROBLEM,
- "RATEEST: can't specify --rateest-name twice");
- *flags |= 1 << c;
-
- strncpy(info->name, optarg, sizeof(info->name) - 1);
+ "RATEEST: bad interval value \"%s\"",
+ cb->arg);
break;
-
- case RATEEST_OPT_INTERVAL:
- if (*flags & (1 << c))
- xtables_error(PARAMETER_PROBLEM,
- "RATEEST: can't specify --rateest-interval twice");
- *flags |= 1 << c;
-
- if (RATEEST_get_time(&interval, optarg) < 0)
+ case O_EWMALOG:
+ if (RATEEST_get_time(&udata->ewma_log, cb->arg) < 0)
xtables_error(PARAMETER_PROBLEM,
- "RATEEST: bad interval value `%s'", optarg);
-
+ "RATEEST: bad ewmalog value \"%s\"",
+ cb->arg);
break;
-
- case RATEEST_OPT_EWMALOG:
- if (*flags & (1 << c))
- xtables_error(PARAMETER_PROBLEM,
- "RATEEST: can't specify --rateest-ewmalog twice");
- *flags |= 1 << c;
-
- if (RATEEST_get_time(&ewma_log, optarg) < 0)
- xtables_error(PARAMETER_PROBLEM,
- "RATEEST: bad ewmalog value `%s'", optarg);
-
- break;
-
- default:
- return 0;
}
-
- return 1;
}
-static void
-RATEEST_final_check(unsigned int flags)
+static void RATEEST_final_check(struct xt_fcheck_call *cb)
{
- struct xt_rateest_target_info *info = RATEEST_info;
-
- if (!(flags & (1 << RATEEST_OPT_NAME)))
- xtables_error(PARAMETER_PROBLEM, "RATEEST: no name specified");
- if (!(flags & (1 << RATEEST_OPT_INTERVAL)))
- xtables_error(PARAMETER_PROBLEM, "RATEEST: no interval specified");
- if (!(flags & (1 << RATEEST_OPT_EWMALOG)))
- xtables_error(PARAMETER_PROBLEM, "RATEEST: no ewmalog specified");
+ struct xt_rateest_target_info *info = cb->data;
+ struct rateest_tg_udata *udata = cb->udata;
for (info->interval = 0; info->interval <= 5; info->interval++) {
- if (interval <= (1 << info->interval) * (TIME_UNITS_PER_SEC / 4))
+ if (udata->interval <= (1 << info->interval) * (TIME_UNITS_PER_SEC / 4))
break;
}
@@ -161,7 +126,7 @@ RATEEST_final_check(unsigned int flags)
for (info->ewma_log = 1; info->ewma_log < 32; info->ewma_log++) {
double w = 1.0 - 1.0 / (1 << info->ewma_log);
- if (interval / (-log(w)) > ewma_log)
+ if (udata->interval / (-log(w)) > udata->ewma_log)
break;
}
info->ewma_log--;
@@ -181,10 +146,10 @@ __RATEEST_print(const struct xt_entry_target *target, const char *prefix)
local_interval = (TIME_UNITS_PER_SEC << (info->interval + 2)) / 4;
local_ewma_log = local_interval * (1 << (info->ewma_log));
- printf("%sname %s ", prefix, info->name);
- printf("%sinterval ", prefix);
+ printf(" %sname %s", prefix, info->name);
+ printf(" %sinterval", prefix);
RATEEST_print_time(local_interval);
- printf("%sewmalog ", prefix);
+ printf(" %sewmalog", prefix);
RATEEST_print_time(local_ewma_log);
}
@@ -206,14 +171,14 @@ static struct xtables_target rateest_tg_reg = {
.name = "RATEEST",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_rateest_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_rateest_target_info)),
+ .userspacesize = offsetof(struct xt_rateest_target_info, est),
.help = RATEEST_help,
- .init = RATEEST_init,
- .parse = RATEEST_parse,
- .final_check = RATEEST_final_check,
+ .x6_parse = RATEEST_parse,
+ .x6_fcheck = RATEEST_final_check,
.print = RATEEST_print,
.save = RATEEST_save,
- .extra_opts = RATEEST_opts,
+ .x6_options = RATEEST_opts,
+ .udata_size = sizeof(struct rateest_tg_udata),
};
void _init(void)
diff --git a/extensions/libipt_REDIRECT.man b/extensions/libxt_REDIRECT.man
index 90ab19d..3400a6d 100644
--- a/extensions/libipt_REDIRECT.man
+++ b/extensions/libxt_REDIRECT.man
@@ -7,19 +7,18 @@ and
chains, and user-defined chains which are only called from those
chains. It redirects the packet to the machine itself by changing the
destination IP to the primary address of the incoming interface
-(locally-generated packets are mapped to the 127.0.0.1 address).
+(locally-generated packets are mapped to the localhost address,
+127.0.0.1 for IPv4 and ::1 for IPv6).
.TP
\fB\-\-to\-ports\fP \fIport\fP[\fB\-\fP\fIport\fP]
This specifies a destination port or range of ports to use: without
this, the destination port is never altered. This is only valid
-if the rule also specifies
-\fB\-p tcp\fP
-or
-\fB\-p udp\fP.
+if the rule also specifies one of the following protocols:
+\fBtcp\fP, \fBudp\fP, \fBdccp\fP or \fBsctp\fP.
.TP
\fB\-\-random\fP
If option
\fB\-\-random\fP
is used then port mapping will be randomized (kernel >= 2.6.22).
-.RS
-.PP
+.TP
+IPv6 support available starting Linux kernels >= 3.7.
diff --git a/extensions/libxt_SECMARK.c b/extensions/libxt_SECMARK.c
index 2152b6f..6ba8606 100644
--- a/extensions/libxt_SECMARK.c
+++ b/extensions/libxt_SECMARK.c
@@ -6,14 +6,15 @@
* Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
*/
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter/xt_SECMARK.h>
#define PFX "SECMARK target: "
+enum {
+ O_SELCTX = 0,
+};
+
static void SECMARK_help(void)
{
printf(
@@ -21,51 +22,26 @@ static void SECMARK_help(void)
" --selctx value Set the SELinux security context\n");
}
-static const struct option SECMARK_opts[] = {
- { "selctx", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry SECMARK_opts[] = {
+ {.name = "selctx", .id = O_SELCTX, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_PUT,
+ XTOPT_POINTER(struct xt_secmark_target_info, secctx)},
+ XTOPT_TABLEEND,
};
-static int SECMARK_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void SECMARK_parse(struct xt_option_call *cb)
{
- struct xt_secmark_target_info *info =
- (struct xt_secmark_target_info*)(*target)->data;
-
- switch (c) {
- case '1':
- if (*flags & SECMARK_MODE_SEL)
- xtables_error(PARAMETER_PROBLEM, PFX
- "Can't specify --selctx twice");
- info->mode = SECMARK_MODE_SEL;
+ struct xt_secmark_target_info *info = cb->data;
- if (strlen(optarg) > SECMARK_SELCTX_MAX-1)
- xtables_error(PARAMETER_PROBLEM, PFX
- "Maximum length %u exceeded by --selctx"
- " parameter (%zu)",
- SECMARK_SELCTX_MAX-1, strlen(optarg));
-
- strcpy(info->u.sel.selctx, optarg);
- *flags |= SECMARK_MODE_SEL;
- break;
- default:
- return 0;
- }
-
- return 1;
-}
-
-static void SECMARK_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM, PFX "parameter required");
+ xtables_option_parse(cb);
+ info->mode = SECMARK_MODE_SEL;
}
static void print_secmark(const struct xt_secmark_target_info *info)
{
switch (info->mode) {
case SECMARK_MODE_SEL:
- printf("selctx %s ", info->u.sel.selctx);\
+ printf("selctx %s", info->secctx);
break;
default:
@@ -79,7 +55,7 @@ static void SECMARK_print(const void *ip, const struct xt_entry_target *target,
const struct xt_secmark_target_info *info =
(struct xt_secmark_target_info*)(target)->data;
- printf("SECMARK ");
+ printf(" SECMARK ");
print_secmark(info);
}
@@ -88,7 +64,7 @@ static void SECMARK_save(const void *ip, const struct xt_entry_target *target)
const struct xt_secmark_target_info *info =
(struct xt_secmark_target_info*)target->data;
- printf("--");
+ printf(" --");
print_secmark(info);
}
@@ -100,11 +76,10 @@ static struct xtables_target secmark_target = {
.size = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
.help = SECMARK_help,
- .parse = SECMARK_parse,
- .final_check = SECMARK_check,
.print = SECMARK_print,
.save = SECMARK_save,
- .extra_opts = SECMARK_opts,
+ .x6_parse = SECMARK_parse,
+ .x6_options = SECMARK_opts,
};
void _init(void)
diff --git a/extensions/libxt_SECMARK.man b/extensions/libxt_SECMARK.man
index e44efce..d0e6fd6 100644
--- a/extensions/libxt_SECMARK.man
+++ b/extensions/libxt_SECMARK.man
@@ -1,7 +1,10 @@
This is used to set the security mark value associated with the
-packet for use by security subsystems such as SELinux. It is only
+packet for use by security subsystems such as SELinux. It is
+valid in the
+.B security
+table (for backwards compatibility with older kernels, it is also
valid in the
.B mangle
-table. The mark is 32 bits wide.
+table). The mark is 32 bits wide.
.TP
\fB\-\-selctx\fP \fIsecurity_context\fP
diff --git a/extensions/libxt_SET.c b/extensions/libxt_SET.c
index f6386a9..a11db39 100644
--- a/extensions/libxt_SET.c
+++ b/extensions/libxt_SET.c
@@ -9,6 +9,7 @@
*/
/* Shared library add-on to iptables to add IP set mangling target. */
+#include <stdbool.h>
#include <stdio.h>
#include <netdb.h>
#include <string.h>
@@ -20,8 +21,10 @@
#include <linux/netfilter/xt_set.h>
#include "libxt_set.h"
+/* Revision 0 */
+
static void
-set_target_help(void)
+set_target_help_v0(void)
{
printf("SET target options:\n"
" --add-set name flags\n"
@@ -31,14 +34,14 @@ set_target_help(void)
" 'src' and 'dst' specifications.\n");
}
-static const struct option set_target_opts[] = {
- { .name = "add-set", .has_arg = true, .val = '1'},
- { .name = "del-set", .has_arg = true, .val = '2'},
- { .name = NULL }
+static const struct option set_target_opts_v0[] = {
+ {.name = "add-set", .has_arg = true, .val = '1'},
+ {.name = "del-set", .has_arg = true, .val = '2'},
+ XT_GETOPT_TABLEEND,
};
static void
-set_target_check(unsigned int flags)
+set_target_check_v0(unsigned int flags)
{
if (!flags)
xtables_error(PARAMETER_PROBLEM,
@@ -64,10 +67,6 @@ parse_target_v0(char **argv, int invert, unsigned int *flags,
xtables_error(PARAMETER_PROBLEM,
"--%s can be specified only once", what);
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --%s", what);
-
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
xtables_error(PARAMETER_PROBLEM,
@@ -101,9 +100,6 @@ set_target_parse_v0(int c, char **argv, int invert, unsigned int *flags,
parse_target_v0(argv, invert, flags,
&myinfo->del_set, "del-set");
break;
-
- default:
- return 0;
}
return 1;
}
@@ -117,7 +113,7 @@ print_target_v0(const char *prefix, const struct xt_set_info_v0 *info)
if (info->index == IPSET_INVALID_ID)
return;
get_set_byid(setname, info->index);
- printf("%s %s", prefix, setname);
+ printf(" %s %s", prefix, setname);
for (i = 0; i < IPSET_DIM_MAX; i++) {
if (!info->u.flags[i])
break;
@@ -125,7 +121,6 @@ print_target_v0(const char *prefix, const struct xt_set_info_v0 *info)
i == 0 ? " " : ",",
info->u.flags[i] & IPSET_SRC ? "src" : "dst");
}
- printf(" ");
}
static void
@@ -147,29 +142,30 @@ set_target_save_v0(const void *ip, const struct xt_entry_target *target)
print_target_v0("--del-set", &info->del_set);
}
+/* Revision 1 */
static void
-set_target_init(struct xt_entry_target *target)
+set_target_init_v1(struct xt_entry_target *target)
{
- struct xt_set_info_target *info =
- (struct xt_set_info_target *) target->data;
+ struct xt_set_info_target_v1 *info =
+ (struct xt_set_info_target_v1 *) target->data;
info->add_set.index =
info->del_set.index = IPSET_INVALID_ID;
}
+#define SET_TARGET_ADD 0x1
+#define SET_TARGET_DEL 0x2
+#define SET_TARGET_EXIST 0x4
+#define SET_TARGET_TIMEOUT 0x8
+
static void
-parse_target(char **argv, int invert, unsigned int *flags,
- struct xt_set_info *info, const char *what)
+parse_target(char **argv, int invert, struct xt_set_info *info,
+ const char *what)
{
if (info->dim)
xtables_error(PARAMETER_PROBLEM,
"--%s can be specified only once", what);
-
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --%s", what);
-
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
xtables_error(PARAMETER_PROBLEM,
@@ -183,29 +179,24 @@ parse_target(char **argv, int invert, unsigned int *flags,
get_set_byname(optarg, info);
parse_dirs(argv[optind], info);
optind++;
-
- *flags = 1;
}
static int
-set_target_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+set_target_parse_v1(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_target **target)
{
- struct xt_set_info_target *myinfo =
- (struct xt_set_info_target *) (*target)->data;
+ struct xt_set_info_target_v1 *myinfo =
+ (struct xt_set_info_target_v1 *) (*target)->data;
switch (c) {
case '1': /* --add-set <set> <flags> */
- parse_target(argv, invert, flags,
- &myinfo->add_set, "add-set");
+ parse_target(argv, invert, &myinfo->add_set, "add-set");
+ *flags |= SET_TARGET_ADD;
break;
case '2': /* --del-set <set>[:<flags>] <flags> */
- parse_target(argv, invert, flags,
- &myinfo->del_set, "del-set");
+ parse_target(argv, invert, &myinfo->del_set, "del-set");
+ *flags |= SET_TARGET_DEL;
break;
-
- default:
- return 0;
}
return 1;
}
@@ -219,31 +210,139 @@ print_target(const char *prefix, const struct xt_set_info *info)
if (info->index == IPSET_INVALID_ID)
return;
get_set_byid(setname, info->index);
- printf("%s %s", prefix, setname);
- for (i = 1; i <= IPSET_DIM_MAX; i++) {
+ printf(" %s %s", prefix, setname);
+ for (i = 1; i <= info->dim; i++) {
printf("%s%s",
i == 1 ? " " : ",",
info->flags & (1 << i) ? "src" : "dst");
}
- printf(" ");
}
static void
-set_target_print(const void *ip, const struct xt_entry_target *target,
- int numeric)
+set_target_print_v1(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct xt_set_info_target_v1 *info = (const void *)target->data;
+
+ print_target("add-set", &info->add_set);
+ print_target("del-set", &info->del_set);
+}
+
+static void
+set_target_save_v1(const void *ip, const struct xt_entry_target *target)
+{
+ const struct xt_set_info_target_v1 *info = (const void *)target->data;
+
+ print_target("--add-set", &info->add_set);
+ print_target("--del-set", &info->del_set);
+}
+
+/* Revision 2 */
+
+static void
+set_target_help_v2(void)
+{
+ printf("SET target options:\n"
+ " --add-set name flags [--exist] [--timeout n]\n"
+ " --del-set name flags\n"
+ " add/del src/dst IP/port from/to named sets,\n"
+ " where flags are the comma separated list of\n"
+ " 'src' and 'dst' specifications.\n");
+}
+
+static const struct option set_target_opts_v2[] = {
+ {.name = "add-set", .has_arg = true, .val = '1'},
+ {.name = "del-set", .has_arg = true, .val = '2'},
+ {.name = "exist", .has_arg = false, .val = '3'},
+ {.name = "timeout", .has_arg = true, .val = '4'},
+ XT_GETOPT_TABLEEND,
+};
+
+static void
+set_target_check_v2(unsigned int flags)
+{
+ if (!(flags & (SET_TARGET_ADD|SET_TARGET_DEL)))
+ xtables_error(PARAMETER_PROBLEM,
+ "You must specify either `--add-set' or `--del-set'");
+ if (!(flags & SET_TARGET_ADD)) {
+ if (flags & SET_TARGET_EXIST)
+ xtables_error(PARAMETER_PROBLEM,
+ "Flag `--exist' can be used with `--add-set' only");
+ if (flags & SET_TARGET_TIMEOUT)
+ xtables_error(PARAMETER_PROBLEM,
+ "Option `--timeout' can be used with `--add-set' only");
+ }
+}
+
+
+static void
+set_target_init_v2(struct xt_entry_target *target)
+{
+ struct xt_set_info_target_v2 *info =
+ (struct xt_set_info_target_v2 *) target->data;
+
+ info->add_set.index =
+ info->del_set.index = IPSET_INVALID_ID;
+ info->timeout = UINT32_MAX;
+}
+
+static int
+set_target_parse_v2(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_target **target)
+{
+ struct xt_set_info_target_v2 *myinfo =
+ (struct xt_set_info_target_v2 *) (*target)->data;
+ unsigned int timeout;
+
+ switch (c) {
+ case '1': /* --add-set <set> <flags> */
+ parse_target(argv, invert, &myinfo->add_set, "add-set");
+ *flags |= SET_TARGET_ADD;
+ break;
+ case '2': /* --del-set <set>[:<flags>] <flags> */
+ parse_target(argv, invert, &myinfo->del_set, "del-set");
+ *flags |= SET_TARGET_DEL;
+ break;
+ case '3':
+ myinfo->flags |= IPSET_FLAG_EXIST;
+ *flags |= SET_TARGET_EXIST;
+ break;
+ case '4':
+ if (!xtables_strtoui(optarg, NULL, &timeout, 0, UINT32_MAX - 1))
+ xtables_error(PARAMETER_PROBLEM,
+ "Invalid value for option --timeout "
+ "or out of range 0-%u", UINT32_MAX - 1);
+ myinfo->timeout = timeout;
+ *flags |= SET_TARGET_TIMEOUT;
+ break;
+ }
+ return 1;
+}
+
+static void
+set_target_print_v2(const void *ip, const struct xt_entry_target *target,
+ int numeric)
{
- const struct xt_set_info_target *info = (const void *)target->data;
+ const struct xt_set_info_target_v2 *info = (const void *)target->data;
print_target("add-set", &info->add_set);
+ if (info->flags & IPSET_FLAG_EXIST)
+ printf(" exist");
+ if (info->timeout != UINT32_MAX)
+ printf(" timeout %u", info->timeout);
print_target("del-set", &info->del_set);
}
static void
-set_target_save(const void *ip, const struct xt_entry_target *target)
+set_target_save_v2(const void *ip, const struct xt_entry_target *target)
{
- const struct xt_set_info_target *info = (const void *)target->data;
+ const struct xt_set_info_target_v2 *info = (const void *)target->data;
print_target("--add-set", &info->add_set);
+ if (info->flags & IPSET_FLAG_EXIST)
+ printf(" --exist");
+ if (info->timeout != UINT32_MAX)
+ printf(" --timeout %u", info->timeout);
print_target("--del-set", &info->del_set);
}
@@ -255,28 +354,43 @@ static struct xtables_target set_tg_reg[] = {
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct xt_set_info_target_v0)),
.userspacesize = XT_ALIGN(sizeof(struct xt_set_info_target_v0)),
- .help = set_target_help,
+ .help = set_target_help_v0,
.init = set_target_init_v0,
.parse = set_target_parse_v0,
- .final_check = set_target_check,
+ .final_check = set_target_check_v0,
.print = set_target_print_v0,
.save = set_target_save_v0,
- .extra_opts = set_target_opts,
+ .extra_opts = set_target_opts_v0,
},
{
.name = "SET",
.revision = 1,
.version = XTABLES_VERSION,
.family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_set_info_target)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_set_info_target)),
- .help = set_target_help,
- .init = set_target_init,
- .parse = set_target_parse,
- .final_check = set_target_check,
- .print = set_target_print,
- .save = set_target_save,
- .extra_opts = set_target_opts,
+ .size = XT_ALIGN(sizeof(struct xt_set_info_target_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_set_info_target_v1)),
+ .help = set_target_help_v0,
+ .init = set_target_init_v1,
+ .parse = set_target_parse_v1,
+ .final_check = set_target_check_v0,
+ .print = set_target_print_v1,
+ .save = set_target_save_v1,
+ .extra_opts = set_target_opts_v0,
+ },
+ {
+ .name = "SET",
+ .revision = 2,
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_set_info_target_v2)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_set_info_target_v2)),
+ .help = set_target_help_v2,
+ .init = set_target_init_v2,
+ .parse = set_target_parse_v2,
+ .final_check = set_target_check_v2,
+ .print = set_target_print_v2,
+ .save = set_target_save_v2,
+ .extra_opts = set_target_opts_v2,
},
};
diff --git a/extensions/libxt_SET.man b/extensions/libxt_SET.man
index ea80c2a..c35ba93 100644
--- a/extensions/libxt_SET.man
+++ b/extensions/libxt_SET.man
@@ -1,18 +1,25 @@
-This modules adds and/or deletes entries from IP sets which can be defined
+This module adds and/or deletes entries from IP sets which can be defined
by ipset(8).
.TP
\fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
-add the address(es)/port(s) of the packet to the sets
+add the address(es)/port(s) of the packet to the set
.TP
\fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
-delete the address(es)/port(s) of the packet from the sets
+delete the address(es)/port(s) of the packet from the set
.IP
-where flags are
+where \fIflag\fP(s) are
.BR "src"
and/or
.BR "dst"
specifications and there can be no more than six of them.
+.TP
+\fB\-\-timeout\fP \fIvalue\fP
+when adding an entry, the timeout value to use instead of the default
+one from the set definition
+.TP
+\fB\-\-exist\fP
+when adding an entry if it already exists, reset the timeout value
+to the specified one or to the default from the set definition
.PP
-Use of -j SET requires that ipset kernel support is provided. As standard
-kernels do not ship this currently, the ipset or Xtables-addons package needs
-to be installed.
+Use of -j SET requires that ipset kernel support is provided, which, for
+standard kernels, is the case since Linux 2.6.39.
diff --git a/extensions/libipt_SNAT.man b/extensions/libxt_SNAT.man
index 6b828fd..f0620a2 100644
--- a/extensions/libipt_SNAT.man
+++ b/extensions/libxt_SNAT.man
@@ -2,23 +2,23 @@ This target is only valid in the
.B nat
table, in the
.B POSTROUTING
-chain. It specifies that the source address of the packet should be
+and
+.B INPUT
+chains, and user-defined chains which are only called from those
+chains. It specifies that the source address of the packet should be
modified (and all future packets in this connection will also be
-mangled), and rules should cease being examined. It takes one type
-of option:
+mangled), and rules should cease being examined. It takes the
+following options:
.TP
-\fB\-\-to\-source\fP \fIipaddr\fP[\fB\-\fP\fIipaddr\fP][\fB:\fP\fIport\fP[\fB\-\fP\fIport\fP]]
+\fB\-\-to\-source\fP [\fIipaddr\fP[\fB\-\fP\fIipaddr\fP]][\fB:\fP\fIport\fP[\fB\-\fP\fIport\fP]]
which can specify a single new source IP address, an inclusive range
-of IP addresses, and optionally, a port range (which is only valid if
-the rule also specifies
-\fB\-p tcp\fP
-or
-\fB\-p udp\fP).
+of IP addresses. Optionally a port range,
+if the rule also specifies one of the following protocols:
+\fBtcp\fP, \fBudp\fP, \fBdccp\fP or \fBsctp\fP.
If no port range is specified, then source ports below 512 will be
mapped to other ports below 512: those between 512 and 1023 inclusive
will be mapped to ports below 1024, and other ports will be mapped to
-1024 or above. Where possible, no port alteration will
-
+1024 or above. Where possible, no port alteration will occur.
In Kernels up to 2.6.10, you can add several \-\-to\-source options. For those
kernels, if you specify more than one source address, either via an address
range or multiple \-\-to\-source options, a simple round-robin (one after another
@@ -35,3 +35,11 @@ is used then port mapping will be randomized (kernel >= 2.6.21).
Gives a client the same source-/destination-address for each connection.
This supersedes the SAME target. Support for persistent mappings is available
from 2.6.29-rc2.
+.PP
+Kernels prior to 2.6.36-rc1 don't have the ability to
+.B SNAT
+in the
+.B INPUT
+chain.
+.TP
+IPv6 support available since Linux kernels >= 3.7.
diff --git a/extensions/libxt_SYNPROXY.c b/extensions/libxt_SYNPROXY.c
new file mode 100644
index 0000000..475590e
--- /dev/null
+++ b/extensions/libxt_SYNPROXY.c
@@ -0,0 +1,127 @@
+
+/*
+ * Copyright (c) 2013 Patrick McHardy <kaber@trash.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <stdbool.h>
+#include <stdio.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_SYNPROXY.h>
+
+enum {
+ O_SACK_PERM = 0,
+ O_TIMESTAMP,
+ O_WSCALE,
+ O_MSS,
+ O_ECN,
+};
+
+static void SYNPROXY_help(void)
+{
+ printf(
+"SYNPROXY target options:\n"
+" --sack-perm Set SACK_PERM\n"
+" --timestamp Set TIMESTAMP\n"
+" --wscale value Set window scaling factor\n"
+" --mss value Set MSS value\n"
+" --ecn Set ECN\n");
+}
+
+static const struct xt_option_entry SYNPROXY_opts[] = {
+ {.name = "sack-perm", .id = O_SACK_PERM, .type = XTTYPE_NONE, },
+ {.name = "timestamp", .id = O_TIMESTAMP, .type = XTTYPE_NONE, },
+ {.name = "wscale", .id = O_WSCALE, .type = XTTYPE_UINT32, },
+ {.name = "mss", .id = O_MSS, .type = XTTYPE_UINT32, },
+ {.name = "ecn", .id = O_ECN, .type = XTTYPE_NONE, },
+ XTOPT_TABLEEND,
+};
+
+static void SYNPROXY_parse(struct xt_option_call *cb)
+{
+ struct xt_synproxy_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SACK_PERM:
+ info->options |= XT_SYNPROXY_OPT_SACK_PERM;
+ break;
+ case O_TIMESTAMP:
+ info->options |= XT_SYNPROXY_OPT_TIMESTAMP;
+ break;
+ case O_WSCALE:
+ info->options |= XT_SYNPROXY_OPT_WSCALE;
+ info->wscale = cb->val.u32;
+ break;
+ case O_MSS:
+ info->options |= XT_SYNPROXY_OPT_MSS;
+ info->mss = cb->val.u32;
+ break;
+ case O_ECN:
+ info->options |= XT_SYNPROXY_OPT_ECN;
+ break;
+ }
+}
+
+static void SYNPROXY_check(struct xt_fcheck_call *cb)
+{
+}
+
+static void SYNPROXY_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct xt_synproxy_info *info =
+ (const struct xt_synproxy_info *)target->data;
+
+ printf(" SYNPROXY ");
+ if (info->options & XT_SYNPROXY_OPT_SACK_PERM)
+ printf("sack-perm ");
+ if (info->options & XT_SYNPROXY_OPT_TIMESTAMP)
+ printf("timestamp ");
+ if (info->options & XT_SYNPROXY_OPT_WSCALE)
+ printf("wscale %u ", info->wscale);
+ if (info->options & XT_SYNPROXY_OPT_MSS)
+ printf("mss %u ", info->mss);
+ if (info->options & XT_SYNPROXY_OPT_ECN)
+ printf("ecn ");
+}
+
+static void SYNPROXY_save(const void *ip, const struct xt_entry_target *target)
+{
+ const struct xt_synproxy_info *info =
+ (const struct xt_synproxy_info *)target->data;
+
+ if (info->options & XT_SYNPROXY_OPT_SACK_PERM)
+ printf(" --sack-perm");
+ if (info->options & XT_SYNPROXY_OPT_TIMESTAMP)
+ printf(" --timestamp");
+ if (info->options & XT_SYNPROXY_OPT_WSCALE)
+ printf(" --wscale %u", info->wscale);
+ if (info->options & XT_SYNPROXY_OPT_MSS)
+ printf(" --mss %u", info->mss);
+ if (info->options & XT_SYNPROXY_OPT_ECN)
+ printf(" --ecn");
+}
+
+static struct xtables_target synproxy_tg_reg = {
+ .family = NFPROTO_UNSPEC,
+ .name = "SYNPROXY",
+ .version = XTABLES_VERSION,
+ .revision = 0,
+ .size = XT_ALIGN(sizeof(struct xt_synproxy_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_synproxy_info)),
+ .help = SYNPROXY_help,
+ .print = SYNPROXY_print,
+ .save = SYNPROXY_save,
+ .x6_parse = SYNPROXY_parse,
+ .x6_fcheck = SYNPROXY_check,
+ .x6_options = SYNPROXY_opts,
+};
+
+void _init(void)
+{
+ xtables_register_target(&synproxy_tg_reg);
+}
diff --git a/extensions/libxt_TCPMSS.c b/extensions/libxt_TCPMSS.c
index ac9e2d0..4b71e44 100644
--- a/extensions/libxt_TCPMSS.c
+++ b/extensions/libxt_TCPMSS.c
@@ -2,15 +2,17 @@
*
* Copyright (c) 2000 Marc Boucher
*/
+#include "config.h"
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
-#include <linux/netfilter/x_tables.h>
+#include <netinet/ip.h>
#include <linux/netfilter/xt_TCPMSS.h>
+enum {
+ O_SET_MSS = 0,
+ O_CLAMP_MSS,
+};
+
struct mssinfo {
struct xt_entry_target t;
struct xt_tcpmss_info mss;
@@ -27,72 +29,42 @@ hdrsize);
static void TCPMSS_help(void)
{
- __TCPMSS_help(40);
+ __TCPMSS_help(sizeof(struct iphdr));
}
static void TCPMSS_help6(void)
{
- __TCPMSS_help(60);
+ __TCPMSS_help(SIZEOF_STRUCT_IP6_HDR);
}
-static const struct option TCPMSS_opts[] = {
- { "set-mss", 1, NULL, '1' },
- { "clamp-mss-to-pmtu", 0, NULL, '2' },
- { .name = NULL }
+static const struct xt_option_entry TCPMSS4_opts[] = {
+ {.name = "set-mss", .id = O_SET_MSS, .type = XTTYPE_UINT16,
+ .min = 0, .max = UINT16_MAX - sizeof(struct iphdr),
+ .flags = XTOPT_PUT, XTOPT_POINTER(struct xt_tcpmss_info, mss)},
+ {.name = "clamp-mss-to-pmtu", .id = O_CLAMP_MSS, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
-static int __TCPMSS_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target,
- int hdrsize)
-{
- struct xt_tcpmss_info *mssinfo
- = (struct xt_tcpmss_info *)(*target)->data;
-
- switch (c) {
- unsigned int mssval;
-
- case '1':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "TCPMSS target: Only one option may be specified");
- if (!xtables_strtoui(optarg, NULL, &mssval,
- 0, UINT16_MAX - hdrsize))
- xtables_error(PARAMETER_PROBLEM, "Bad TCPMSS value \"%s\"", optarg);
-
- mssinfo->mss = mssval;
- *flags = 1;
- break;
-
- case '2':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "TCPMSS target: Only one option may be specified");
- mssinfo->mss = XT_TCPMSS_CLAMP_PMTU;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
+static const struct xt_option_entry TCPMSS6_opts[] = {
+ {.name = "set-mss", .id = O_SET_MSS, .type = XTTYPE_UINT16,
+ .min = 0, .max = UINT16_MAX - SIZEOF_STRUCT_IP6_HDR,
+ .flags = XTOPT_PUT, XTOPT_POINTER(struct xt_tcpmss_info, mss)},
+ {.name = "clamp-mss-to-pmtu", .id = O_CLAMP_MSS, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
+};
-static int TCPMSS_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void TCPMSS_parse(struct xt_option_call *cb)
{
- return __TCPMSS_parse(c, argv, invert, flags, entry, target, 40);
-}
+ struct xt_tcpmss_info *mssinfo = cb->data;
-static int TCPMSS_parse6(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- return __TCPMSS_parse(c, argv, invert, flags, entry, target, 60);
+ xtables_option_parse(cb);
+ if (cb->entry->id == O_CLAMP_MSS)
+ mssinfo->mss = XT_TCPMSS_CLAMP_PMTU;
}
-static void TCPMSS_check(unsigned int flags)
+static void TCPMSS_check(struct xt_fcheck_call *cb)
{
- if (!flags)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM,
"TCPMSS target: At least one parameter is required");
}
@@ -103,9 +75,9 @@ static void TCPMSS_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tcpmss_info *mssinfo =
(const struct xt_tcpmss_info *)target->data;
if(mssinfo->mss == XT_TCPMSS_CLAMP_PMTU)
- printf("TCPMSS clamp to PMTU ");
+ printf(" TCPMSS clamp to PMTU");
else
- printf("TCPMSS set %u ", mssinfo->mss);
+ printf(" TCPMSS set %u", mssinfo->mss);
}
static void TCPMSS_save(const void *ip, const struct xt_entry_target *target)
@@ -114,41 +86,41 @@ static void TCPMSS_save(const void *ip, const struct xt_entry_target *target)
(const struct xt_tcpmss_info *)target->data;
if(mssinfo->mss == XT_TCPMSS_CLAMP_PMTU)
- printf("--clamp-mss-to-pmtu ");
+ printf(" --clamp-mss-to-pmtu");
else
- printf("--set-mss %u ", mssinfo->mss);
+ printf(" --set-mss %u", mssinfo->mss);
}
-static struct xtables_target tcpmss_target = {
- .family = NFPROTO_IPV4,
- .name = "TCPMSS",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
- .help = TCPMSS_help,
- .parse = TCPMSS_parse,
- .final_check = TCPMSS_check,
- .print = TCPMSS_print,
- .save = TCPMSS_save,
- .extra_opts = TCPMSS_opts,
-};
-
-static struct xtables_target tcpmss_target6 = {
- .family = NFPROTO_IPV6,
- .name = "TCPMSS",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
- .help = TCPMSS_help6,
- .parse = TCPMSS_parse6,
- .final_check = TCPMSS_check,
- .print = TCPMSS_print,
- .save = TCPMSS_save,
- .extra_opts = TCPMSS_opts,
+static struct xtables_target tcpmss_tg_reg[] = {
+ {
+ .family = NFPROTO_IPV4,
+ .name = "TCPMSS",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
+ .help = TCPMSS_help,
+ .print = TCPMSS_print,
+ .save = TCPMSS_save,
+ .x6_parse = TCPMSS_parse,
+ .x6_fcheck = TCPMSS_check,
+ .x6_options = TCPMSS4_opts,
+ },
+ {
+ .family = NFPROTO_IPV6,
+ .name = "TCPMSS",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
+ .help = TCPMSS_help6,
+ .print = TCPMSS_print,
+ .save = TCPMSS_save,
+ .x6_parse = TCPMSS_parse,
+ .x6_fcheck = TCPMSS_check,
+ .x6_options = TCPMSS6_opts,
+ },
};
void _init(void)
{
- xtables_register_target(&tcpmss_target);
- xtables_register_target(&tcpmss_target6);
+ xtables_register_targets(tcpmss_tg_reg, ARRAY_SIZE(tcpmss_tg_reg));
}
diff --git a/extensions/libxt_TCPMSS.man b/extensions/libxt_TCPMSS.man
index ac8fb4e..8da8e76 100644
--- a/extensions/libxt_TCPMSS.man
+++ b/extensions/libxt_TCPMSS.man
@@ -11,19 +11,13 @@ packets. The symptoms of this
problem are that everything works fine from your Linux
firewall/router, but machines behind it can never exchange large
packets:
-.PD 0
-.RS 0.1i
-.TP 0.3i
-1)
+.IP 1. 4
Web browsers connect, then hang with no data received.
-.TP
-2)
+.IP 2. 4
Small mail works fine, but large emails hang.
-.TP
-3)
+.IP 3. 4
ssh works fine, but scp hangs after initial handshaking.
-.RE
-.PD
+.PP
Workaround: activate this option and add a rule to your firewall
configuration like:
.IP
diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c
index a063d0d..6897857 100644
--- a/extensions/libxt_TCPOPTSTRIP.c
+++ b/extensions/libxt_TCPOPTSTRIP.c
@@ -4,21 +4,17 @@
* Copyright © CC Computer Consultants GmbH, 2007
* Jan Engelhardt <jengelh@computergmbh.de>
*/
-#include <getopt.h>
-#include <stdbool.h>
#include <stdio.h>
#include <string.h>
-#include <stdlib.h>
#include <xtables.h>
#include <netinet/tcp.h>
-#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_TCPOPTSTRIP.h>
#ifndef TCPOPT_MD5SIG
# define TCPOPT_MD5SIG 19
#endif
enum {
- FLAG_STRIP = 1 << 0,
+ O_STRIP_OPTION = 0,
};
struct tcp_optionmap {
@@ -26,9 +22,9 @@ struct tcp_optionmap {
const unsigned int option;
};
-static const struct option tcpoptstrip_tg_opts[] = {
- {.name = "strip-options", .has_arg = true, .val = 's'},
- { .name = NULL }
+static const struct xt_option_entry tcpoptstrip_tg_opts[] = {
+ {.name = "strip-options", .id = O_STRIP_OPTION, .type = XTTYPE_STRING},
+ XTOPT_TABLEEND,
};
static const struct tcp_optionmap tcp_optionmap[] = {
@@ -38,7 +34,7 @@ static const struct tcp_optionmap tcp_optionmap[] = {
{"sack", "Selective ACK", TCPOPT_SACK},
{"timestamp", "Timestamp", TCPOPT_TIMESTAMP},
{"md5", "MD5 signature", TCPOPT_MD5SIG},
- { .name = NULL }
+ {NULL},
};
static void tcpoptstrip_tg_help(void)
@@ -56,15 +52,8 @@ static void tcpoptstrip_tg_help(void)
printf(" %-14s strip \"%s\" option\n", w->name, w->desc);
}
-static void tcpoptstrip_tg_init(struct xt_entry_target *t)
-{
- struct xt_tcpoptstrip_target_info *info = (void *)t->data;
-
- /* strictly necessary? play safe for now. */
- memset(info->strip_bmap, 0, sizeof(info->strip_bmap));
-}
-
-static void parse_list(struct xt_tcpoptstrip_target_info *info, char *arg)
+static void
+parse_list(struct xt_tcpoptstrip_target_info *info, const char *arg)
{
unsigned int option;
char *p;
@@ -102,30 +91,12 @@ static void parse_list(struct xt_tcpoptstrip_target_info *info, char *arg)
}
}
-static int tcpoptstrip_tg_parse(int c, char **argv, int invert,
- unsigned int *flags, const void *entry,
- struct xt_entry_target **target)
+static void tcpoptstrip_tg_parse(struct xt_option_call *cb)
{
- struct xt_tcpoptstrip_target_info *info = (void *)(*target)->data;
+ struct xt_tcpoptstrip_target_info *info = cb->data;
- switch (c) {
- case 's':
- if (*flags & FLAG_STRIP)
- xtables_error(PARAMETER_PROBLEM,
- "You can specify --strip-options only once");
- parse_list(info, optarg);
- *flags |= FLAG_STRIP;
- return true;
- }
-
- return false;
-}
-
-static void tcpoptstrip_tg_check(unsigned int flags)
-{
- if (flags == 0)
- xtables_error(PARAMETER_PROBLEM,
- "TCPOPTSTRIP: --strip-options parameter required");
+ xtables_option_parse(cb);
+ parse_list(info, cb->arg);
}
static void
@@ -163,7 +134,7 @@ tcpoptstrip_tg_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tcpoptstrip_target_info *info =
(const void *)target->data;
- printf("TCPOPTSTRIP options ");
+ printf(" TCPOPTSTRIP options ");
tcpoptstrip_print_list(info, numeric);
}
@@ -173,7 +144,7 @@ tcpoptstrip_tg_save(const void *ip, const struct xt_entry_target *target)
const struct xt_tcpoptstrip_target_info *info =
(const void *)target->data;
- printf("--strip-options ");
+ printf(" --strip-options ");
tcpoptstrip_print_list(info, true);
}
@@ -184,12 +155,10 @@ static struct xtables_target tcpoptstrip_tg_reg = {
.size = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
.help = tcpoptstrip_tg_help,
- .init = tcpoptstrip_tg_init,
- .parse = tcpoptstrip_tg_parse,
- .final_check = tcpoptstrip_tg_check,
.print = tcpoptstrip_tg_print,
.save = tcpoptstrip_tg_save,
- .extra_opts = tcpoptstrip_tg_opts,
+ .x6_parse = tcpoptstrip_tg_parse,
+ .x6_options = tcpoptstrip_tg_opts,
};
void _init(void)
diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c
index e4c0607..92c7601 100644
--- a/extensions/libxt_TEE.c
+++ b/extensions/libxt_TEE.c
@@ -25,15 +25,19 @@
#include <linux/netfilter/xt_TEE.h>
enum {
- FLAG_GATEWAY = 1 << 0,
- FLAG_OIF = 1 << 1,
+ O_GATEWAY = 0,
+ O_OIF,
};
-static const struct option tee_tg_opts[] = {
- {.name = "gateway", .has_arg = true, .val = 'g'},
- {.name = "oif", .has_arg = true, .val = 'o'},
- {NULL},
+#define s struct xt_tee_tginfo
+static const struct xt_option_entry tee_tg_opts[] = {
+ {.name = "gateway", .id = O_GATEWAY, .type = XTTYPE_HOST,
+ .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, gw)},
+ {.name = "oif", .id = O_OIF, .type = XTTYPE_STRING,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, oif)},
+ XTOPT_TABLEEND,
};
+#undef s
static void tee_tg_help(void)
{
@@ -44,94 +48,17 @@ static void tee_tg_help(void)
"\n");
}
-static int tee_tg_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- struct xt_tee_tginfo *info = (void *)(*target)->data;
- const struct in_addr *ia;
-
- switch (c) {
- case 'g':
- if (*flags & FLAG_GATEWAY)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --gateway more than once");
-
- ia = xtables_numeric_to_ipaddr(optarg);
- if (ia == NULL)
- xtables_error(PARAMETER_PROBLEM,
- "Invalid IP address %s", optarg);
-
- memcpy(&info->gw, ia, sizeof(*ia));
- *flags |= FLAG_GATEWAY;
- return true;
- case 'o':
- if (*flags & FLAG_OIF)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --oif more than once");
- if (strlen(optarg) >= sizeof(info->oif))
- xtables_error(PARAMETER_PROBLEM,
- "oif name too long");
- strcpy(info->oif, optarg);
- *flags |= FLAG_OIF;
- return true;
- }
-
- return false;
-}
-
-static int tee_tg6_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- struct xt_tee_tginfo *info = (void *)(*target)->data;
- const struct in6_addr *ia;
-
- switch (c) {
- case 'g':
- if (*flags & FLAG_GATEWAY)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --gateway more than once");
-
- ia = xtables_numeric_to_ip6addr(optarg);
- if (ia == NULL)
- xtables_error(PARAMETER_PROBLEM,
- "Invalid IP address %s", optarg);
-
- memcpy(&info->gw, ia, sizeof(*ia));
- *flags |= FLAG_GATEWAY;
- return true;
- case 'o':
- if (*flags & FLAG_OIF)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --oif more than once");
- if (strlen(optarg) >= sizeof(info->oif))
- xtables_error(PARAMETER_PROBLEM,
- "oif name too long");
- strcpy(info->oif, optarg);
- *flags |= FLAG_OIF;
- return true;
- }
-
- return false;
-}
-
-static void tee_tg_check(unsigned int flags)
-{
- if (flags == 0)
- xtables_error(PARAMETER_PROBLEM, "TEE target: "
- "--gateway parameter required");
-}
-
static void tee_tg_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
if (numeric)
- printf("TEE gw:%s ", xtables_ipaddr_to_numeric(&info->gw.in));
+ printf(" TEE gw:%s", xtables_ipaddr_to_numeric(&info->gw.in));
else
- printf("TEE gw:%s ", xtables_ipaddr_to_anyname(&info->gw.in));
+ printf(" TEE gw:%s", xtables_ipaddr_to_anyname(&info->gw.in));
if (*info->oif != '\0')
- printf("oif=%s ", info->oif);
+ printf(" oif=%s", info->oif);
}
static void tee_tg6_print(const void *ip, const struct xt_entry_target *target,
@@ -140,63 +67,61 @@ static void tee_tg6_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tee_tginfo *info = (const void *)target->data;
if (numeric)
- printf("TEE gw:%s ", xtables_ip6addr_to_numeric(&info->gw.in6));
+ printf(" TEE gw:%s", xtables_ip6addr_to_numeric(&info->gw.in6));
else
- printf("TEE gw:%s ", xtables_ip6addr_to_anyname(&info->gw.in6));
+ printf(" TEE gw:%s", xtables_ip6addr_to_anyname(&info->gw.in6));
if (*info->oif != '\0')
- printf("oif=%s ", info->oif);
+ printf(" oif=%s", info->oif);
}
static void tee_tg_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
- printf("--gateway %s ", xtables_ipaddr_to_numeric(&info->gw.in));
+ printf(" --gateway %s", xtables_ipaddr_to_numeric(&info->gw.in));
if (*info->oif != '\0')
- printf("--oif %s ", info->oif);
+ printf(" --oif %s", info->oif);
}
static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
- printf("--gateway %s ", xtables_ip6addr_to_numeric(&info->gw.in6));
+ printf(" --gateway %s", xtables_ip6addr_to_numeric(&info->gw.in6));
if (*info->oif != '\0')
- printf("--oif %s ", info->oif);
+ printf(" --oif %s", info->oif);
}
-static struct xtables_target tee_tg_reg = {
- .name = "TEE",
- .version = XTABLES_VERSION,
- .revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
- .help = tee_tg_help,
- .parse = tee_tg_parse,
- .final_check = tee_tg_check,
- .print = tee_tg_print,
- .save = tee_tg_save,
- .extra_opts = tee_tg_opts,
-};
-
-static struct xtables_target tee_tg6_reg = {
- .name = "TEE",
- .version = XTABLES_VERSION,
- .revision = 1,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
- .help = tee_tg_help,
- .parse = tee_tg6_parse,
- .final_check = tee_tg_check,
- .print = tee_tg6_print,
- .save = tee_tg6_save,
- .extra_opts = tee_tg_opts,
+static struct xtables_target tee_tg_reg[] = {
+ {
+ .name = "TEE",
+ .version = XTABLES_VERSION,
+ .revision = 1,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
+ .help = tee_tg_help,
+ .print = tee_tg_print,
+ .save = tee_tg_save,
+ .x6_parse = xtables_option_parse,
+ .x6_options = tee_tg_opts,
+ },
+ {
+ .name = "TEE",
+ .version = XTABLES_VERSION,
+ .revision = 1,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
+ .help = tee_tg_help,
+ .print = tee_tg6_print,
+ .save = tee_tg6_save,
+ .x6_parse = xtables_option_parse,
+ .x6_options = tee_tg_opts,
+ },
};
void _init(void)
{
- xtables_register_target(&tee_tg_reg);
- xtables_register_target(&tee_tg6_reg);
+ xtables_register_targets(tee_tg_reg, ARRAY_SIZE(tee_tg_reg));
}
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index dc60cc0..cef5876 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -2,9 +2,10 @@
* Shared library add-on to iptables to add TOS target support
*
* Copyright © CC Computer Consultants GmbH, 2007
- * Contact: Jan Engelhardt <jengelh@computergmbh.de>
+ * Contact: Jan Engelhardt <jengelh@medozas.de>
*/
#include <getopt.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -15,24 +16,37 @@
#include "tos_values.c"
struct ipt_tos_target_info {
- u_int8_t tos;
+ uint8_t tos;
};
enum {
- FLAG_TOS = 1 << 0,
+ O_SET_TOS = 0,
+ O_AND_TOS,
+ O_OR_TOS,
+ O_XOR_TOS,
+ F_SET_TOS = 1 << O_SET_TOS,
+ F_AND_TOS = 1 << O_AND_TOS,
+ F_OR_TOS = 1 << O_OR_TOS,
+ F_XOR_TOS = 1 << O_XOR_TOS,
+ F_ANY = F_SET_TOS | F_AND_TOS | F_OR_TOS | F_XOR_TOS,
};
-static const struct option tos_tg_opts_v0[] = {
- {.name = "set-tos", .has_arg = true, .val = '='},
- { .name = NULL }
+static const struct xt_option_entry tos_tg_opts_v0[] = {
+ {.name = "set-tos", .id = O_SET_TOS, .type = XTTYPE_TOSMASK,
+ .excl = F_ANY, .max = 0xFF},
+ XTOPT_TABLEEND,
};
-static const struct option tos_tg_opts[] = {
- {.name = "set-tos", .has_arg = true, .val = '='},
- {.name = "and-tos", .has_arg = true, .val = '&'},
- {.name = "or-tos", .has_arg = true, .val = '|'},
- {.name = "xor-tos", .has_arg = true, .val = '^'},
- { .name = NULL }
+static const struct xt_option_entry tos_tg_opts[] = {
+ {.name = "set-tos", .id = O_SET_TOS, .type = XTTYPE_TOSMASK,
+ .excl = F_ANY, .max = 0x3F},
+ {.name = "and-tos", .id = O_AND_TOS, .type = XTTYPE_UINT8,
+ .excl = F_ANY},
+ {.name = "or-tos", .id = O_OR_TOS, .type = XTTYPE_UINT8,
+ .excl = F_ANY},
+ {.name = "xor-tos", .id = O_XOR_TOS, .type = XTTYPE_UINT8,
+ .excl = F_ANY},
+ XTOPT_TABLEEND,
};
static void tos_tg_help_v0(void)
@@ -77,87 +91,48 @@ XTABLES_VERSION);
);
}
-static int tos_tg_parse_v0(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void tos_tg_parse_v0(struct xt_option_call *cb)
{
- struct ipt_tos_target_info *info = (void *)(*target)->data;
- struct tos_value_mask tvm;
-
- switch (c) {
- case '=':
- xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS);
- xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert);
- if (!tos_parse_symbolic(optarg, &tvm, 0xFF))
- xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg);
- if (tvm.mask != 0xFF)
- xtables_error(PARAMETER_PROBLEM, "tos match: Your kernel "
- "is too old to support anything besides "
- "/0xFF as a mask.");
- info->tos = tvm.value;
- *flags |= FLAG_TOS;
- return true;
- }
-
- return false;
+ struct ipt_tos_target_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ if (cb->val.tos_mask != 0xFF)
+ xtables_error(PARAMETER_PROBLEM, "tos match: Your kernel "
+ "is too old to support anything besides "
+ "/0xFF as a mask.");
+ info->tos = cb->val.tos_value;
}
-static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void tos_tg_parse(struct xt_option_call *cb)
{
- struct xt_tos_target_info *info = (void *)(*target)->data;
- struct tos_value_mask tvm;
- unsigned int bits;
-
- switch (c) {
- case '=': /* --set-tos */
- xtables_param_act(XTF_ONLY_ONCE, "TOS", "--set-tos", *flags & FLAG_TOS);
- xtables_param_act(XTF_NO_INVERT, "TOS", "--set-tos", invert);
- if (!tos_parse_symbolic(optarg, &tvm, 0x3F))
- xtables_param_act(XTF_BAD_VALUE, "TOS", "--set-tos", optarg);
- info->tos_value = tvm.value;
- info->tos_mask = tvm.mask;
- break;
+ struct xt_tos_target_info *info = cb->data;
- case '&': /* --and-tos */
- xtables_param_act(XTF_ONLY_ONCE, "TOS", "--and-tos", *flags & FLAG_TOS);
- xtables_param_act(XTF_NO_INVERT, "TOS", "--and-tos", invert);
- if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX))
- xtables_param_act(XTF_BAD_VALUE, "TOS", "--and-tos", optarg);
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SET_TOS:
+ info->tos_value = cb->val.tos_value;
+ info->tos_mask = cb->val.tos_mask;
+ break;
+ case O_AND_TOS:
info->tos_value = 0;
- info->tos_mask = ~bits;
+ info->tos_mask = ~cb->val.u8;
break;
-
- case '|': /* --or-tos */
- xtables_param_act(XTF_ONLY_ONCE, "TOS", "--or-tos", *flags & FLAG_TOS);
- xtables_param_act(XTF_NO_INVERT, "TOS", "--or-tos", invert);
- if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX))
- xtables_param_act(XTF_BAD_VALUE, "TOS", "--or-tos", optarg);
- info->tos_value = bits;
- info->tos_mask = bits;
+ case O_OR_TOS:
+ info->tos_value = cb->val.u8;
+ info->tos_mask = cb->val.u8;
break;
-
- case '^': /* --xor-tos */
- xtables_param_act(XTF_ONLY_ONCE, "TOS", "--xor-tos", *flags & FLAG_TOS);
- xtables_param_act(XTF_NO_INVERT, "TOS", "--xor-tos", invert);
- if (!xtables_strtoui(optarg, NULL, &bits, 0, UINT8_MAX))
- xtables_param_act(XTF_BAD_VALUE, "TOS", "--xor-tos", optarg);
- info->tos_value = bits;
+ case O_XOR_TOS:
+ info->tos_value = cb->val.u8;
info->tos_mask = 0;
break;
-
- default:
- return false;
}
-
- *flags |= FLAG_TOS;
- return true;
}
-static void tos_tg_check(unsigned int flags)
+static void tos_tg_check(struct xt_fcheck_call *cb)
{
- if (flags == 0)
+ if (!(cb->xflags & F_ANY))
xtables_error(PARAMETER_PROBLEM,
- "TOS: The --set-tos parameter is required");
+ "TOS: An action is required");
}
static void tos_tg_print_v0(const void *ip,
@@ -165,9 +140,9 @@ static void tos_tg_print_v0(const void *ip,
{
const struct ipt_tos_target_info *info = (const void *)target->data;
- printf("TOS set ");
+ printf(" TOS set ");
if (numeric || !tos_try_print_symbolic("", info->tos, 0xFF))
- printf("0x%02x ", info->tos);
+ printf("0x%02x", info->tos);
}
static void tos_tg_print(const void *ip, const struct xt_entry_target *target,
@@ -176,21 +151,21 @@ static void tos_tg_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tos_target_info *info = (const void *)target->data;
if (numeric)
- printf("TOS set 0x%02x/0x%02x ",
+ printf(" TOS set 0x%02x/0x%02x",
info->tos_value, info->tos_mask);
- else if (tos_try_print_symbolic("TOS set ",
+ else if (tos_try_print_symbolic(" TOS set",
info->tos_value, info->tos_mask))
/* already printed by call */
return;
else if (info->tos_value == 0)
- printf("TOS and 0x%02x ",
- (unsigned int)(u_int8_t)~info->tos_mask);
+ printf(" TOS and 0x%02x",
+ (unsigned int)(uint8_t)~info->tos_mask);
else if (info->tos_value == info->tos_mask)
- printf("TOS or 0x%02x ", info->tos_value);
+ printf(" TOS or 0x%02x", info->tos_value);
else if (info->tos_mask == 0)
- printf("TOS xor 0x%02x ", info->tos_value);
+ printf(" TOS xor 0x%02x", info->tos_value);
else
- printf("TOS set 0x%02x/0x%02x ",
+ printf(" TOS set 0x%02x/0x%02x",
info->tos_value, info->tos_mask);
}
@@ -198,14 +173,14 @@ static void tos_tg_save_v0(const void *ip, const struct xt_entry_target *target)
{
const struct ipt_tos_target_info *info = (const void *)target->data;
- printf("--set-tos 0x%02x ", info->tos);
+ printf(" --set-tos 0x%02x", info->tos);
}
static void tos_tg_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tos_target_info *info = (const void *)target->data;
- printf("--set-tos 0x%02x/0x%02x ", info->tos_value, info->tos_mask);
+ printf(" --set-tos 0x%02x/0x%02x", info->tos_value, info->tos_mask);
}
static struct xtables_target tos_tg_reg[] = {
@@ -217,11 +192,11 @@ static struct xtables_target tos_tg_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.help = tos_tg_help_v0,
- .parse = tos_tg_parse_v0,
- .final_check = tos_tg_check,
.print = tos_tg_print_v0,
.save = tos_tg_save_v0,
- .extra_opts = tos_tg_opts_v0,
+ .x6_parse = tos_tg_parse_v0,
+ .x6_fcheck = tos_tg_check,
+ .x6_options = tos_tg_opts_v0,
},
{
.version = XTABLES_VERSION,
@@ -231,11 +206,11 @@ static struct xtables_target tos_tg_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.help = tos_tg_help,
- .parse = tos_tg_parse,
- .final_check = tos_tg_check,
.print = tos_tg_print,
.save = tos_tg_save,
- .extra_opts = tos_tg_opts,
+ .x6_parse = tos_tg_parse,
+ .x6_fcheck = tos_tg_check,
+ .x6_options = tos_tg_opts,
},
};
diff --git a/extensions/libxt_TOS.man b/extensions/libxt_TOS.man
index d5cbfcb..58118ec 100644
--- a/extensions/libxt_TOS.man
+++ b/extensions/libxt_TOS.man
@@ -1,27 +1,36 @@
This module sets the Type of Service field in the IPv4 header (including the
"precedence" bits) or the Priority field in the IPv6 header. Note that TOS
shares the same bits as DSCP and ECN. The TOS target is only valid in the
-\fBmangle\fR table.
+\fBmangle\fP table.
.TP
\fB\-\-set\-tos\fP \fIvalue\fP[\fB/\fP\fImask\fP]
-Zeroes out the bits given by \fImask\fR and XORs \fIvalue\fR into the
-TOS/Priority field. If \fImask\fR is omitted, 0xFF is assumed.
+Zeroes out the bits given by \fImask\fP (see NOTE below) and XORs \fIvalue\fP
+into the TOS/Priority field. If \fImask\fP is omitted, 0xFF is assumed.
.TP
\fB\-\-set\-tos\fP \fIsymbol\fP
You can specify a symbolic name when using the TOS target for IPv4. It implies
-a mask of 0xFF. The list of recognized TOS names can be obtained by calling
-iptables with \fB\-j TOS \-h\fP.
+a mask of 0xFF (see NOTE below). The list of recognized TOS names can be
+obtained by calling iptables with \fB\-j TOS \-h\fP.
.PP
The following mnemonics are available:
.TP
\fB\-\-and\-tos\fP \fIbits\fP
-Binary AND the TOS value with \fIbits\fR. (Mnemonic for \fB\-\-set\-tos
-0/\fR\fIinvbits\fR, where \fIinvbits\fR is the binary negation of \fIbits\fR.)
+Binary AND the TOS value with \fIbits\fP. (Mnemonic for \fB\-\-set\-tos
+0/\fP\fIinvbits\fP, where \fIinvbits\fP is the binary negation of \fIbits\fP.
+See NOTE below.)
.TP
\fB\-\-or\-tos\fP \fIbits\fP
-Binary OR the TOS value with \fIbits\fR. (Mnemonic for \fB\-\-set\-tos\fP
-\fIbits\fR\fB/\fR\fIbits\fR.)
+Binary OR the TOS value with \fIbits\fP. (Mnemonic for \fB\-\-set\-tos\fP
+\fIbits\fP\fB/\fP\fIbits\fP. See NOTE below.)
.TP
\fB\-\-xor\-tos\fP \fIbits\fP
-Binary XOR the TOS value with \fIbits\fR. (Mnemonic for \fB\-\-set\-tos\fP
-\fIbits\fR\fB/0\fR.)
+Binary XOR the TOS value with \fIbits\fP. (Mnemonic for \fB\-\-set\-tos\fP
+\fIbits\fP\fB/0\fP. See NOTE below.)
+.PP
+NOTE: In Linux kernels up to and including 2.6.38, with the exception of
+longterm releases 2.6.32 (>=.42), 2.6.33 (>=.15), and 2.6.35 (>=.14), there is
+a bug whereby IPv6 TOS mangling does not behave as documented and differs from
+the IPv4 version. The TOS mask indicates the bits one wants to zero out, so it
+needs to be inverted before applying it to the original TOS field. However, the
+aformentioned kernels forgo the inversion which breaks --set-tos and its
+mnemonics.
diff --git a/extensions/libxt_TPROXY.c b/extensions/libxt_TPROXY.c
index d410c52..d13ec85 100644
--- a/extensions/libxt_TPROXY.c
+++ b/extensions/libxt_TPROXY.c
@@ -1,31 +1,42 @@
/*
- * Shared library add-on to iptables to add TPROXY target support.
+ * shared library add-on to iptables to add TPROXY target support.
*
* Copyright (C) 2002-2008 BalaBit IT Ltd.
*/
-#include <getopt.h>
-#include <stdbool.h>
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
#include <limits.h>
-
#include <xtables.h>
-#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_TPROXY.h>
+#include <arpa/inet.h>
-static const struct option tproxy_tg_opts[] = {
- { .name = "on-port", .has_arg = 1, .val = '1'},
- { .name = "on-ip", .has_arg = 1, .val = '2'},
- { .name = "tproxy-mark", .has_arg = 1, .val = '3'},
- {NULL},
+enum {
+ P_PORT = 0,
+ P_ADDR,
+ P_MARK,
+ F_PORT = 1 << P_PORT,
+ F_ADDR = 1 << P_ADDR,
+ F_MARK = 1 << P_MARK,
};
-enum {
- PARAM_ONPORT = 1 << 0,
- PARAM_ONIP = 1 << 1,
- PARAM_MARK = 1 << 2,
+#define s struct xt_tproxy_target_info
+static const struct xt_option_entry tproxy_tg0_opts[] = {
+ {.name = "on-port", .id = P_PORT, .type = XTTYPE_PORT,
+ .flags = XTOPT_MAND | XTOPT_NBO | XTOPT_PUT, XTOPT_POINTER(s, lport)},
+ {.name = "on-ip", .id = P_ADDR, .type = XTTYPE_HOST},
+ {.name = "tproxy-mark", .id = P_MARK, .type = XTTYPE_MARKMASK32},
+ XTOPT_TABLEEND,
};
+#undef s
+#define s struct xt_tproxy_target_info_v1
+static const struct xt_option_entry tproxy_tg1_opts[] = {
+ {.name = "on-port", .id = P_PORT, .type = XTTYPE_PORT,
+ .flags = XTOPT_MAND | XTOPT_NBO | XTOPT_PUT, XTOPT_POINTER(s, lport)},
+ {.name = "on-ip", .id = P_ADDR, .type = XTTYPE_HOST,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, laddr)},
+ {.name = "tproxy-mark", .id = P_MARK, .type = XTTYPE_MARKMASK32},
+ XTOPT_TABLEEND,
+};
+#undef s
static void tproxy_tg_help(void)
{
@@ -36,115 +47,149 @@ static void tproxy_tg_help(void)
" --tproxy-mark value[/mask] Mark packets with the given value/mask\n\n");
}
-static void parse_tproxy_lport(const char *s, struct xt_tproxy_target_info *info)
+static void tproxy_tg_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
{
- unsigned int lport;
-
- if (xtables_strtoui(s, NULL, &lport, 0, UINT16_MAX))
- info->lport = htons(lport);
- else
- xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-port", s);
+ const struct xt_tproxy_target_info *info = (const void *)target->data;
+ printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
+ xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr),
+ ntohs(info->lport), (unsigned int)info->mark_value,
+ (unsigned int)info->mark_mask);
}
-static void parse_tproxy_laddr(const char *s, struct xt_tproxy_target_info *info)
+static void
+tproxy_tg_print4(const void *ip, const struct xt_entry_target *target,
+ int numeric)
{
- struct in_addr *laddr;
-
- if ((laddr = xtables_numeric_to_ipaddr(s)) == NULL)
- xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--on-ip", s);
+ const struct xt_tproxy_target_info_v1 *info =
+ (const void *)target->data;
- info->laddr = laddr->s_addr;
+ printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
+ xtables_ipaddr_to_numeric(&info->laddr.in),
+ ntohs(info->lport), (unsigned int)info->mark_value,
+ (unsigned int)info->mark_mask);
}
-static void parse_tproxy_mark(char *s, struct xt_tproxy_target_info *info)
+static void
+tproxy_tg_print6(const void *ip, const struct xt_entry_target *target,
+ int numeric)
{
- unsigned int value, mask = UINT32_MAX;
- char *end;
-
- if (!xtables_strtoui(s, &end, &value, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s);
- if (*end == '/')
- if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s);
- if (*end != '\0')
- xtables_param_act(XTF_BAD_VALUE, "TPROXY", "--tproxy-mark", s);
-
- info->mark_mask = mask;
- info->mark_value = value;
+ const struct xt_tproxy_target_info_v1 *info =
+ (const void *)target->data;
+
+ printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
+ xtables_ip6addr_to_numeric(&info->laddr.in6),
+ ntohs(info->lport), (unsigned int)info->mark_value,
+ (unsigned int)info->mark_mask);
}
-static int tproxy_tg_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
+static void tproxy_tg_save(const void *ip, const struct xt_entry_target *target)
{
- struct xt_tproxy_target_info *tproxyinfo = (void *)(*target)->data;
-
- switch (c) {
- case '1':
- xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--on-port", *flags & PARAM_ONPORT);
- xtables_param_act(XTF_NO_INVERT, "TPROXY", "--on-port", invert);
- parse_tproxy_lport(optarg, tproxyinfo);
- *flags |= PARAM_ONPORT;
- return 1;
- case '2':
- xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--on-ip", *flags & PARAM_ONIP);
- xtables_param_act(XTF_NO_INVERT, "TPROXY", "--on-ip", invert);
- parse_tproxy_laddr(optarg, tproxyinfo);
- *flags |= PARAM_ONIP;
- return 1;
- case '3':
- xtables_param_act(XTF_ONLY_ONCE, "TPROXY", "--tproxy-mark", *flags & PARAM_MARK);
- xtables_param_act(XTF_NO_INVERT, "TPROXY", "--tproxy-mark", invert);
- parse_tproxy_mark(optarg, tproxyinfo);
- *flags |= PARAM_MARK;
- return 1;
- }
+ const struct xt_tproxy_target_info *info = (const void *)target->data;
- return 0;
+ printf(" --on-port %u", ntohs(info->lport));
+ printf(" --on-ip %s",
+ xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr));
+ printf(" --tproxy-mark 0x%x/0x%x",
+ (unsigned int)info->mark_value, (unsigned int)info->mark_mask);
}
-static void tproxy_tg_check(unsigned int flags)
+static void
+tproxy_tg_save4(const void *ip, const struct xt_entry_target *target)
{
- if (!(flags & PARAM_ONPORT))
- xtables_error(PARAMETER_PROBLEM,
- "TPROXY target: Parameter --on-port is required");
+ const struct xt_tproxy_target_info_v1 *info;
+
+ info = (const void *)target->data;
+ printf(" --on-port %u", ntohs(info->lport));
+ printf(" --on-ip %s", xtables_ipaddr_to_numeric(&info->laddr.in));
+ printf(" --tproxy-mark 0x%x/0x%x",
+ (unsigned int)info->mark_value, (unsigned int)info->mark_mask);
}
-static void tproxy_tg_print(const void *ip, const struct xt_entry_target *target,
- int numeric)
+static void
+tproxy_tg_save6(const void *ip, const struct xt_entry_target *target)
{
- const struct xt_tproxy_target_info *info = (const void *)target->data;
- printf("TPROXY redirect %s:%u mark 0x%x/0x%x",
- xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr),
- ntohs(info->lport), (unsigned int)info->mark_value,
- (unsigned int)info->mark_mask);
+ const struct xt_tproxy_target_info_v1 *info;
+
+ info = (const void *)target->data;
+ printf(" --on-port %u", ntohs(info->lport));
+ printf(" --on-ip %s", xtables_ip6addr_to_numeric(&info->laddr.in6));
+ printf(" --tproxy-mark 0x%x/0x%x",
+ (unsigned int)info->mark_value, (unsigned int)info->mark_mask);
}
-static void tproxy_tg_save(const void *ip, const struct xt_entry_target *target)
+static void tproxy_tg0_parse(struct xt_option_call *cb)
{
- const struct xt_tproxy_target_info *info = (const void *)target->data;
+ struct xt_tproxy_target_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case P_MARK:
+ info->mark_value = cb->val.mark;
+ info->mark_mask = cb->val.mask;
+ break;
+ case P_ADDR:
+ info->laddr = cb->val.haddr.ip;
+ break;
+ }
+}
- printf("--on-port %u ", ntohs(info->lport));
- printf("--on-ip %s ",
- xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr));
- printf("--tproxy-mark 0x%x/0x%x ",
- (unsigned int)info->mark_value, (unsigned int)info->mark_mask);
+static void tproxy_tg1_parse(struct xt_option_call *cb)
+{
+ struct xt_tproxy_target_info_v1 *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case P_MARK:
+ info->mark_value = cb->val.mark;
+ info->mark_mask = cb->val.mask;
+ break;
+ }
}
-static struct xtables_target tproxy_tg_reg = {
- .name = "TPROXY",
- .family = NFPROTO_IPV4,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_tproxy_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tproxy_target_info)),
- .help = tproxy_tg_help,
- .parse = tproxy_tg_parse,
- .final_check = tproxy_tg_check,
- .print = tproxy_tg_print,
- .save = tproxy_tg_save,
- .extra_opts = tproxy_tg_opts,
+static struct xtables_target tproxy_tg_reg[] = {
+ {
+ .name = "TPROXY",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_tproxy_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tproxy_target_info)),
+ .help = tproxy_tg_help,
+ .print = tproxy_tg_print,
+ .save = tproxy_tg_save,
+ .x6_options = tproxy_tg0_opts,
+ .x6_parse = tproxy_tg0_parse,
+ },
+ {
+ .name = "TPROXY",
+ .revision = 1,
+ .family = NFPROTO_IPV4,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_tproxy_target_info_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tproxy_target_info_v1)),
+ .help = tproxy_tg_help,
+ .print = tproxy_tg_print4,
+ .save = tproxy_tg_save4,
+ .x6_options = tproxy_tg1_opts,
+ .x6_parse = tproxy_tg1_parse,
+ },
+ {
+ .name = "TPROXY",
+ .revision = 1,
+ .family = NFPROTO_IPV6,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_tproxy_target_info_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tproxy_target_info_v1)),
+ .help = tproxy_tg_help,
+ .print = tproxy_tg_print6,
+ .save = tproxy_tg_save6,
+ .x6_options = tproxy_tg1_opts,
+ .x6_parse = tproxy_tg1_parse,
+ },
};
void _init(void)
{
- xtables_register_target(&tproxy_tg_reg);
+ xtables_register_targets(tproxy_tg_reg, ARRAY_SIZE(tproxy_tg_reg));
}
diff --git a/extensions/libxt_TPROXY.man b/extensions/libxt_TPROXY.man
index 0129f84..2f7d82d 100644
--- a/extensions/libxt_TPROXY.man
+++ b/extensions/libxt_TPROXY.man
@@ -1,4 +1,4 @@
-This target is only valid in the \fBmangle\fR table, in the \fBPREROUTING\fR
+This target is only valid in the \fBmangle\fP table, in the \fBPREROUTING\fP
chain and user-defined chains which are only called from this chain. It
redirects the packet to a local socket without changing the packet header in
any way. It can also change the mark value which can then be used in advanced
diff --git a/extensions/libxt_TRACE.man b/extensions/libxt_TRACE.man
index d28c3a0..8d590a5 100644
--- a/extensions/libxt_TRACE.man
+++ b/extensions/libxt_TRACE.man
@@ -1,7 +1,9 @@
-This target marks packes so that the kernel will log every rule which match
-the packets as those traverse the tables, chains, rules. (The ipt_LOG or
-ip6t_LOG module
-is required for the logging.) The packets are logged with the string prefix:
+This target marks packets so that the kernel will log every rule which match
+the packets as those traverse the tables, chains, rules.
+.PP
+A logging backend, such as ip(6)t_LOG or nfnetlink_log, must be loaded for this
+to be visible.
+The packets are logged with the string prefix:
"TRACE: tablename:chainname:type:rulenum " where type can be "rule" for
plain rule, "return" for implicit rule at the end of a user defined chain
and "policy" for the policy of the built in chains.
diff --git a/extensions/libxt_addrtype.c b/extensions/libxt_addrtype.c
new file mode 100644
index 0000000..e5d3033
--- /dev/null
+++ b/extensions/libxt_addrtype.c
@@ -0,0 +1,302 @@
+/* Shared library add-on to iptables to add addrtype matching support
+ *
+ * Copyright (c) 2003-2013 Patrick McHardy <kaber@trash.net>
+ *
+ * This program is released under the terms of GNU GPL */
+#include <stdio.h>
+#include <string.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_addrtype.h>
+
+enum {
+ O_SRC_TYPE = 0,
+ O_DST_TYPE,
+ O_LIMIT_IFACE_IN,
+ O_LIMIT_IFACE_OUT,
+ F_SRC_TYPE = 1 << O_SRC_TYPE,
+ F_DST_TYPE = 1 << O_DST_TYPE,
+ F_LIMIT_IFACE_IN = 1 << O_LIMIT_IFACE_IN,
+ F_LIMIT_IFACE_OUT = 1 << O_LIMIT_IFACE_OUT,
+};
+
+/* from linux/rtnetlink.h, must match order of enumeration */
+static const char *const rtn_names[] = {
+ "UNSPEC",
+ "UNICAST",
+ "LOCAL",
+ "BROADCAST",
+ "ANYCAST",
+ "MULTICAST",
+ "BLACKHOLE",
+ "UNREACHABLE",
+ "PROHIBIT",
+ "THROW",
+ "NAT",
+ "XRESOLVE",
+ NULL
+};
+
+static void addrtype_help_types(void)
+{
+ int i;
+
+ for (i = 0; rtn_names[i]; i++)
+ printf(" %s\n", rtn_names[i]);
+}
+
+static void addrtype_help_v0(void)
+{
+ printf(
+"Address type match options:\n"
+" [!] --src-type type[,...] Match source address type\n"
+" [!] --dst-type type[,...] Match destination address type\n"
+"\n"
+"Valid types: \n");
+ addrtype_help_types();
+}
+
+static void addrtype_help_v1(void)
+{
+ printf(
+"Address type match options:\n"
+" [!] --src-type type[,...] Match source address type\n"
+" [!] --dst-type type[,...] Match destination address type\n"
+" --limit-iface-in Match only on the packet's incoming device\n"
+" --limit-iface-out Match only on the packet's outgoing device\n"
+"\n"
+"Valid types: \n");
+ addrtype_help_types();
+}
+
+static int
+parse_type(const char *name, size_t len, uint16_t *mask)
+{
+ int i;
+
+ for (i = 0; rtn_names[i]; i++)
+ if (strncasecmp(name, rtn_names[i], len) == 0) {
+ /* build up bitmask for kernel module */
+ *mask |= (1 << i);
+ return 1;
+ }
+
+ return 0;
+}
+
+static void parse_types(const char *arg, uint16_t *mask)
+{
+ const char *comma;
+
+ while ((comma = strchr(arg, ',')) != NULL) {
+ if (comma == arg || !parse_type(arg, comma-arg, mask))
+ xtables_error(PARAMETER_PROBLEM,
+ "addrtype: bad type `%s'", arg);
+ arg = comma + 1;
+ }
+
+ if (strlen(arg) == 0 || !parse_type(arg, strlen(arg), mask))
+ xtables_error(PARAMETER_PROBLEM, "addrtype: bad type \"%s\"", arg);
+}
+
+static void addrtype_parse_v0(struct xt_option_call *cb)
+{
+ struct xt_addrtype_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SRC_TYPE:
+ parse_types(cb->arg, &info->source);
+ if (cb->invert)
+ info->invert_source = 1;
+ break;
+ case O_DST_TYPE:
+ parse_types(cb->arg, &info->dest);
+ if (cb->invert)
+ info->invert_dest = 1;
+ break;
+ }
+}
+
+static void addrtype_parse_v1(struct xt_option_call *cb)
+{
+ struct xt_addrtype_info_v1 *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SRC_TYPE:
+ parse_types(cb->arg, &info->source);
+ if (cb->invert)
+ info->flags |= XT_ADDRTYPE_INVERT_SOURCE;
+ break;
+ case O_DST_TYPE:
+ parse_types(cb->arg, &info->dest);
+ if (cb->invert)
+ info->flags |= XT_ADDRTYPE_INVERT_DEST;
+ break;
+ case O_LIMIT_IFACE_IN:
+ info->flags |= XT_ADDRTYPE_LIMIT_IFACE_IN;
+ break;
+ case O_LIMIT_IFACE_OUT:
+ info->flags |= XT_ADDRTYPE_LIMIT_IFACE_OUT;
+ break;
+ }
+}
+
+static void addrtype_check(struct xt_fcheck_call *cb)
+{
+ if (!(cb->xflags & (F_SRC_TYPE | F_DST_TYPE)))
+ xtables_error(PARAMETER_PROBLEM,
+ "addrtype: you must specify --src-type or --dst-type");
+}
+
+static void print_types(uint16_t mask)
+{
+ const char *sep = "";
+ int i;
+
+ for (i = 0; rtn_names[i]; i++)
+ if (mask & (1 << i)) {
+ printf("%s%s", sep, rtn_names[i]);
+ sep = ",";
+ }
+}
+
+static void addrtype_print_v0(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ const struct xt_addrtype_info *info = (const void *)match->data;
+
+ printf(" ADDRTYPE match");
+ if (info->source) {
+ printf(" src-type ");
+ if (info->invert_source)
+ printf("!");
+ print_types(info->source);
+ }
+ if (info->dest) {
+ printf(" dst-type");
+ if (info->invert_dest)
+ printf("!");
+ print_types(info->dest);
+ }
+}
+
+static void addrtype_print_v1(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ const struct xt_addrtype_info_v1 *info = (const void *)match->data;
+
+ printf(" ADDRTYPE match");
+ if (info->source) {
+ printf(" src-type ");
+ if (info->flags & XT_ADDRTYPE_INVERT_SOURCE)
+ printf("!");
+ print_types(info->source);
+ }
+ if (info->dest) {
+ printf(" dst-type ");
+ if (info->flags & XT_ADDRTYPE_INVERT_DEST)
+ printf("!");
+ print_types(info->dest);
+ }
+ if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_IN)
+ printf(" limit-in");
+ if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_OUT)
+ printf(" limit-out");
+}
+
+static void addrtype_save_v0(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_addrtype_info *info = (const void *)match->data;
+
+ if (info->source) {
+ if (info->invert_source)
+ printf(" !");
+ printf(" --src-type ");
+ print_types(info->source);
+ }
+ if (info->dest) {
+ if (info->invert_dest)
+ printf(" !");
+ printf(" --dst-type ");
+ print_types(info->dest);
+ }
+}
+
+static void addrtype_save_v1(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_addrtype_info_v1 *info = (const void *)match->data;
+
+ if (info->source) {
+ if (info->flags & XT_ADDRTYPE_INVERT_SOURCE)
+ printf(" !");
+ printf(" --src-type ");
+ print_types(info->source);
+ }
+ if (info->dest) {
+ if (info->flags & XT_ADDRTYPE_INVERT_DEST)
+ printf(" !");
+ printf(" --dst-type ");
+ print_types(info->dest);
+ }
+ if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_IN)
+ printf(" --limit-iface-in");
+ if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_OUT)
+ printf(" --limit-iface-out");
+}
+
+static const struct xt_option_entry addrtype_opts_v0[] = {
+ {.name = "src-type", .id = O_SRC_TYPE, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "dst-type", .id = O_DST_TYPE, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ XTOPT_TABLEEND,
+};
+
+static const struct xt_option_entry addrtype_opts_v1[] = {
+ {.name = "src-type", .id = O_SRC_TYPE, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "dst-type", .id = O_DST_TYPE, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "limit-iface-in", .id = O_LIMIT_IFACE_IN,
+ .type = XTTYPE_NONE, .excl = F_LIMIT_IFACE_OUT},
+ {.name = "limit-iface-out", .id = O_LIMIT_IFACE_OUT,
+ .type = XTTYPE_NONE, .excl = F_LIMIT_IFACE_IN},
+ XTOPT_TABLEEND,
+};
+
+static struct xtables_match addrtype_mt_reg[] = {
+ {
+ .name = "addrtype",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_addrtype_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_addrtype_info)),
+ .help = addrtype_help_v0,
+ .print = addrtype_print_v0,
+ .save = addrtype_save_v0,
+ .x6_parse = addrtype_parse_v0,
+ .x6_fcheck = addrtype_check,
+ .x6_options = addrtype_opts_v0,
+ },
+ {
+ .name = "addrtype",
+ .revision = 1,
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_addrtype_info_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_addrtype_info_v1)),
+ .help = addrtype_help_v1,
+ .print = addrtype_print_v1,
+ .save = addrtype_save_v1,
+ .x6_parse = addrtype_parse_v1,
+ .x6_fcheck = addrtype_check,
+ .x6_options = addrtype_opts_v1,
+ },
+};
+
+
+void _init(void)
+{
+ xtables_register_matches(addrtype_mt_reg, ARRAY_SIZE(addrtype_mt_reg));
+}
diff --git a/extensions/libipt_addrtype.man b/extensions/libxt_addrtype.man
index 16fd9df..16fd9df 100644
--- a/extensions/libipt_addrtype.man
+++ b/extensions/libxt_addrtype.man
diff --git a/extensions/libxt_bpf.c b/extensions/libxt_bpf.c
new file mode 100644
index 0000000..dca97d7
--- /dev/null
+++ b/extensions/libxt_bpf.c
@@ -0,0 +1,152 @@
+/*
+ * Xtables BPF extension
+ *
+ * Written by Willem de Bruijn (willemb@google.com)
+ * Copyright Google, Inc. 2013
+ * Licensed under the GNU General Public License version 2 (GPLv2)
+*/
+
+#include <linux/netfilter/xt_bpf.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <xtables.h>
+
+#define BCODE_FILE_MAX_LEN_B 1024
+
+enum {
+ O_BCODE_STDIN = 0,
+};
+
+static void bpf_help(void)
+{
+ printf(
+"bpf match options:\n"
+"--bytecode <program> : a bpf program as generated by\n"
+" `nfbpf_compiler RAW <filter>`\n");
+}
+
+static const struct xt_option_entry bpf_opts[] = {
+ {.name = "bytecode", .id = O_BCODE_STDIN, .type = XTTYPE_STRING},
+ XTOPT_TABLEEND,
+};
+
+static void bpf_parse_string(struct xt_option_call *cb, const char *bpf_program,
+ const char separator)
+{
+ struct xt_bpf_info *bi = (void *) cb->data;
+ const char *token;
+ char sp;
+ int i;
+
+ /* parse head: length. */
+ if (sscanf(bpf_program, "%hu%c", &bi->bpf_program_num_elem, &sp) != 2 ||
+ sp != separator)
+ xtables_error(PARAMETER_PROBLEM,
+ "bpf: error parsing program length");
+ if (!bi->bpf_program_num_elem)
+ xtables_error(PARAMETER_PROBLEM,
+ "bpf: illegal zero length program");
+ if (bi->bpf_program_num_elem > XT_BPF_MAX_NUM_INSTR)
+ xtables_error(PARAMETER_PROBLEM,
+ "bpf: number of instructions exceeds maximum");
+
+ /* parse instructions. */
+ i = 0;
+ token = bpf_program;
+ while ((token = strchr(token, separator)) && (++token)[0]) {
+ if (i >= bi->bpf_program_num_elem)
+ xtables_error(PARAMETER_PROBLEM,
+ "bpf: real program length exceeds"
+ " the encoded length parameter");
+ if (sscanf(token, "%hu %hhu %hhu %u,",
+ &bi->bpf_program[i].code,
+ &bi->bpf_program[i].jt,
+ &bi->bpf_program[i].jf,
+ &bi->bpf_program[i].k) != 4)
+ xtables_error(PARAMETER_PROBLEM,
+ "bpf: error at instr %d", i);
+ i++;
+ }
+
+ if (i != bi->bpf_program_num_elem)
+ xtables_error(PARAMETER_PROBLEM,
+ "bpf: parsed program length is less than the"
+ " encoded length parameter");
+}
+
+static void bpf_parse(struct xt_option_call *cb)
+{
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_BCODE_STDIN:
+ bpf_parse_string(cb, cb->arg, ',');
+ break;
+ default:
+ xtables_error(PARAMETER_PROBLEM, "bpf: unknown option");
+ }
+}
+
+static void bpf_print_code(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_bpf_info *info = (void *) match->data;
+ int i;
+
+ for (i = 0; i < info->bpf_program_num_elem-1; i++)
+ printf("%hu %hhu %hhu %u,", info->bpf_program[i].code,
+ info->bpf_program[i].jt,
+ info->bpf_program[i].jf,
+ info->bpf_program[i].k);
+
+ printf("%hu %hhu %hhu %u", info->bpf_program[i].code,
+ info->bpf_program[i].jt,
+ info->bpf_program[i].jf,
+ info->bpf_program[i].k);
+}
+
+static void bpf_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_bpf_info *info = (void *) match->data;
+
+ printf(" --bytecode \"%hu,", info->bpf_program_num_elem);
+ bpf_print_code(ip, match);
+ printf("\"");
+}
+
+static void bpf_fcheck(struct xt_fcheck_call *cb)
+{
+ if (!(cb->xflags & (1 << O_BCODE_STDIN)))
+ xtables_error(PARAMETER_PROBLEM,
+ "bpf: missing --bytecode parameter");
+}
+
+static void bpf_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ printf("match bpf ");
+ return bpf_print_code(ip, match);
+}
+
+static struct xtables_match bpf_match = {
+ .family = NFPROTO_UNSPEC,
+ .name = "bpf",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_bpf_info)),
+ .userspacesize = XT_ALIGN(offsetof(struct xt_bpf_info, filter)),
+ .help = bpf_help,
+ .print = bpf_print,
+ .save = bpf_save,
+ .x6_parse = bpf_parse,
+ .x6_fcheck = bpf_fcheck,
+ .x6_options = bpf_opts,
+};
+
+void _init(void)
+{
+ xtables_register_match(&bpf_match);
+}
diff --git a/extensions/libxt_bpf.man b/extensions/libxt_bpf.man
new file mode 100644
index 0000000..5b1d042
--- /dev/null
+++ b/extensions/libxt_bpf.man
@@ -0,0 +1,34 @@
+Match using Linux Socket Filter. Expects a BPF program in decimal format. This
+is the format generated by the \fBnfbpf_compile\fP utility.
+.TP
+\fB\-\-bytecode\fP \fIcode\fP
+Pass the BPF byte code format (described in the example below).
+.PP
+The code format is similar to the output of the tcpdump -ddd command: one line
+that stores the number of instructions, followed by one line for each
+instruction. Instruction lines follow the pattern 'u16 u8 u8 u32' in decimal
+notation. Fields encode the operation, jump offset if true, jump offset if
+false and generic multiuse field 'K'. Comments are not supported.
+.PP
+For example, to read only packets matching 'ip proto 6', insert the following,
+without the comments or trailing whitespace:
+.IP
+4 # number of instructions
+.br
+48 0 0 9 # load byte ip->proto
+.br
+21 0 1 6 # jump equal IPPROTO_TCP
+.br
+6 0 0 1 # return pass (non-zero)
+.br
+6 0 0 0 # return fail (zero)
+.PP
+You can pass this filter to the bpf match with the following command:
+.IP
+iptables \-A OUTPUT \-m bpf \-\-bytecode '4,48 0 0 9,21 0 1 6,6 0 0 1,6 0 0 0' \-j ACCEPT
+.PP
+Or instead, you can invoke the nfbpf_compile utility.
+.IP
+iptables \-A OUTPUT \-m bpf \-\-bytecode "`nfbpf_compile RAW 'ip proto 6'`" \-j ACCEPT
+.PP
+You may want to learn more about BPF from FreeBSD's bpf(4) manpage.
diff --git a/extensions/libxt_cgroup.c b/extensions/libxt_cgroup.c
new file mode 100644
index 0000000..cdc4ec9
--- /dev/null
+++ b/extensions/libxt_cgroup.c
@@ -0,0 +1,74 @@
+#include <getopt.h>
+#include <stdio.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_cgroup.h>
+
+static void cgroup_help(void)
+{
+ printf(
+"cgroup match options:\n"
+"[!] --cgroup fwid Match cgroup fwid\n");
+}
+
+static const struct option cgroup_opts[] = {
+ { "cgroup", 1, NULL, 'c' },
+ { .name = NULL }
+};
+
+static int
+cgroup_parse(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry,
+ struct xt_entry_match **target)
+{
+ struct xt_cgroup_info *cgroupinfo
+ = (struct xt_cgroup_info *)(*target)->data;
+
+ switch (c) {
+ case 'c': /* TODO 1 or 0 */
+ /* use optarg, due libopt is used */
+ if (sscanf(optarg, "%u", &cgroupinfo->id) != 1)
+ return 1;
+
+ cgroupinfo->invert = invert;
+ *flags = 1;
+ break;
+
+ default:
+ return 0;
+ }
+
+ return 1;
+}
+
+static void
+cgroup_print(const void *ip, const struct xt_entry_match *match, int numeric)
+{
+ const struct xt_cgroup_info *info = (void *) match->data;
+
+ printf(" cgroup %s%u", info->invert ? "! ":"", info->id);
+}
+
+static void cgroup_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_cgroup_info *info = (void *) match->data;
+
+ printf("%s --cgroup %u", info->invert ? " !" : "", info->id);
+}
+
+static struct xtables_match cgroup_match = {
+ .family = NFPROTO_UNSPEC,
+ .name = "cgroup",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_cgroup_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_cgroup_info)),
+ .help = cgroup_help,
+ .print = cgroup_print,
+ .save = cgroup_save,
+ .parse = cgroup_parse,
+ .extra_opts = cgroup_opts,
+};
+
+void _init(void)
+{
+ xtables_register_match(&cgroup_match);
+}
diff --git a/extensions/libxt_cgroup.man b/extensions/libxt_cgroup.man
new file mode 100644
index 0000000..456a031
--- /dev/null
+++ b/extensions/libxt_cgroup.man
@@ -0,0 +1,15 @@
+.TP
+[\fB!\fP] \fB\-\-cgroup\fP \fIfwid\fP
+Match corresponding cgroup for this packet.
+
+Can be used to assign particular firewall policies for aggregated
+task/jobs on the system. This allows for more fine-grained firewall
+policies that only match for a subset of the system's processes.
+fwid is the maker set through the net_cls cgroup's id.
+.PP
+Example:
+.PP
+iptables \-A OUTPUT \-p tcp \-\-sport 80 \-m cgroup ! \-\-cgroup 1
+\-j DROP
+.PP
+Available since Linux 3.14.
diff --git a/extensions/libxt_cluster.c b/extensions/libxt_cluster.c
index ea5d9fb..3adff12 100644
--- a/extensions/libxt_cluster.c
+++ b/extensions/libxt_cluster.c
@@ -6,19 +6,9 @@
* published by the Free Software Foundation.
*/
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <stddef.h>
-
#include <xtables.h>
-#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_cluster.h>
-/* hack to keep for check */
-static unsigned int total_nodes;
-static unsigned int node_mask;
-
static void
cluster_help(void)
{
@@ -31,162 +21,80 @@ cluster_help(void)
}
enum {
- CLUSTER_OPT_TOTAL_NODES,
- CLUSTER_OPT_LOCAL_NODE,
- CLUSTER_OPT_NODE_MASK,
- CLUSTER_OPT_HASH_SEED,
+ O_CL_TOTAL_NODES = 0,
+ O_CL_LOCAL_NODE,
+ O_CL_LOCAL_NODEMASK,
+ O_CL_HASH_SEED,
+ F_CL_TOTAL_NODES = 1 << O_CL_TOTAL_NODES,
+ F_CL_LOCAL_NODE = 1 << O_CL_LOCAL_NODE,
+ F_CL_LOCAL_NODEMASK = 1 << O_CL_LOCAL_NODEMASK,
+ F_CL_HASH_SEED = 1 << O_CL_HASH_SEED,
};
-static const struct option cluster_opts[] = {
- { "cluster-total-nodes", 1, NULL, CLUSTER_OPT_TOTAL_NODES },
- { "cluster-local-node", 1, NULL, CLUSTER_OPT_LOCAL_NODE },
- { "cluster-local-nodemask", 1, NULL, CLUSTER_OPT_NODE_MASK },
- { "cluster-hash-seed", 1, NULL, CLUSTER_OPT_HASH_SEED },
- { .name = NULL }
+#define s struct xt_cluster_match_info
+static const struct xt_option_entry cluster_opts[] = {
+ {.name = "cluster-total-nodes", .id = O_CL_TOTAL_NODES,
+ .type = XTTYPE_UINT32, .min = 1, .max = XT_CLUSTER_NODES_MAX,
+ .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, total_nodes)},
+ {.name = "cluster-local-node", .id = O_CL_LOCAL_NODE,
+ .excl = F_CL_LOCAL_NODEMASK, .flags = XTOPT_INVERT,
+ .type = XTTYPE_UINT32, .min = 1, .max = XT_CLUSTER_NODES_MAX},
+ {.name = "cluster-local-nodemask", .id = O_CL_LOCAL_NODEMASK,
+ .excl = F_CL_LOCAL_NODE, .type = XTTYPE_UINT32,
+ .min = 1, .max = XT_CLUSTER_NODES_MAX,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, node_mask)},
+ {.name = "cluster-hash-seed", .id = O_CL_HASH_SEED,
+ .type = XTTYPE_UINT32, .flags = XTOPT_MAND | XTOPT_PUT,
+ XTOPT_POINTER(s, hash_seed)},
+ XTOPT_TABLEEND,
};
-static int
-cluster_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void cluster_parse(struct xt_option_call *cb)
{
- struct xt_cluster_match_info *info = (void *)(*match)->data;
- unsigned int num;
-
- switch (c) {
- case CLUSTER_OPT_TOTAL_NODES:
- if (*flags & (1 << c)) {
- xtables_error(PARAMETER_PROBLEM,
- "Can only specify "
- "`--cluster-total-nodes' once");
- }
- if (!xtables_strtoui(optarg, NULL, &num, 1,
- XT_CLUSTER_NODES_MAX)) {
- xtables_error(PARAMETER_PROBLEM,
- "Unable to parse `%s' in "
- "`--cluster-total-nodes'", optarg);
- }
- total_nodes = num;
- info->total_nodes = total_nodes = num;
- *flags |= 1 << c;
- break;
- case CLUSTER_OPT_LOCAL_NODE:
- if (*flags & (1 << c)) {
- xtables_error(PARAMETER_PROBLEM,
- "Can only specify "
- "`--cluster-local-node' once");
- }
- if (*flags & (1 << CLUSTER_OPT_NODE_MASK)) {
- xtables_error(PARAMETER_PROBLEM, "You cannot use "
- "`--cluster-local-nodemask' and "
- "`--cluster-local-node'");
- }
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- if (!xtables_strtoui(optarg, NULL, &num, 1,
- XT_CLUSTER_NODES_MAX)) {
- xtables_error(PARAMETER_PROBLEM,
- "Unable to parse `%s' in "
- "`--cluster-local-node'", optarg);
- }
- if (invert)
- info->flags |= (1 << XT_CLUSTER_F_INV);
-
- info->node_mask = node_mask = (1 << (num - 1));
- *flags |= 1 << c;
+ struct xt_cluster_match_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_CL_LOCAL_NODE:
+ if (cb->invert)
+ info->flags |= XT_CLUSTER_F_INV;
+ info->node_mask = 1 << (cb->val.u32 - 1);
break;
- case CLUSTER_OPT_NODE_MASK:
- if (*flags & (1 << c)) {
- xtables_error(PARAMETER_PROBLEM,
- "Can only specify "
- "`--cluster-local-node' once");
- }
- if (*flags & (1 << CLUSTER_OPT_LOCAL_NODE)) {
- xtables_error(PARAMETER_PROBLEM, "You cannot use "
- "`--cluster-local-nodemask' and "
- "`--cluster-local-node'");
- }
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- if (!xtables_strtoui(optarg, NULL, &num, 1,
- XT_CLUSTER_NODES_MAX)) {
- xtables_error(PARAMETER_PROBLEM,
- "Unable to parse `%s' in "
- "`--cluster-local-node'", optarg);
- }
- if (invert)
- info->flags |= (1 << XT_CLUSTER_F_INV);
-
- info->node_mask = node_mask = num;
- *flags |= 1 << c;
+ case O_CL_LOCAL_NODEMASK:
+ if (cb->invert)
+ info->flags |= XT_CLUSTER_F_INV;
break;
-
- case CLUSTER_OPT_HASH_SEED:
- if (*flags & (1 << c)) {
- xtables_error(PARAMETER_PROBLEM,
- "Can only specify "
- "`--cluster-hash-seed' once");
- }
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) {
- xtables_error(PARAMETER_PROBLEM,
- "Unable to parse `%s'", optarg);
- }
- info->hash_seed = num;
- *flags |= 1 << c;
- break;
- default:
- return 0;
}
-
- return 1;
}
-static void
-cluster_check(unsigned int flags)
+static void cluster_check(struct xt_fcheck_call *cb)
{
- if ((flags & ((1 << CLUSTER_OPT_TOTAL_NODES) |
- (1 << CLUSTER_OPT_LOCAL_NODE) |
- (1 << CLUSTER_OPT_HASH_SEED)))
- == ((1 << CLUSTER_OPT_TOTAL_NODES) |
- (1 << CLUSTER_OPT_LOCAL_NODE) |
- (1 << CLUSTER_OPT_HASH_SEED))) {
- if (node_mask >= (1ULL << total_nodes)) {
+ const struct xt_cluster_match_info *info = cb->data;
+ unsigned int test;
+
+ test = F_CL_TOTAL_NODES | F_CL_LOCAL_NODE | F_CL_HASH_SEED;
+ if ((cb->xflags & test) == test) {
+ if (info->node_mask >= (1ULL << info->total_nodes))
xtables_error(PARAMETER_PROBLEM,
"cluster match: "
"`--cluster-local-node' "
"must be <= `--cluster-total-nodes'");
- }
return;
}
- if ((flags & ((1 << CLUSTER_OPT_TOTAL_NODES) |
- (1 << CLUSTER_OPT_NODE_MASK) |
- (1 << CLUSTER_OPT_HASH_SEED)))
- == ((1 << CLUSTER_OPT_TOTAL_NODES) |
- (1 << CLUSTER_OPT_NODE_MASK) |
- (1 << CLUSTER_OPT_HASH_SEED))) {
- if (node_mask >= (1ULL << total_nodes)) {
+
+ test = F_CL_TOTAL_NODES | F_CL_LOCAL_NODEMASK | F_CL_HASH_SEED;
+ if ((cb->xflags & test) == test) {
+ if (info->node_mask >= (1ULL << info->total_nodes))
xtables_error(PARAMETER_PROBLEM,
"cluster match: "
"`--cluster-local-nodemask' too big "
"for `--cluster-total-nodes'");
- }
return;
}
- if (!(flags & (1 << CLUSTER_OPT_TOTAL_NODES))) {
- xtables_error(PARAMETER_PROBLEM,
- "cluster match: `--cluster-total-nodes' "
- "is missing");
- }
- if (!(flags & (1 << CLUSTER_OPT_HASH_SEED))) {
- xtables_error(PARAMETER_PROBLEM,
- "cluster match: `--cluster-hash-seed' "
- "is missing");
- }
- if (!(flags & ((1 << (CLUSTER_OPT_LOCAL_NODE) |
- (1 << (CLUSTER_OPT_NODE_MASK)))))) {
+ if (!(cb->xflags & (F_CL_LOCAL_NODE | F_CL_LOCAL_NODEMASK)))
xtables_error(PARAMETER_PROBLEM,
"cluster match: `--cluster-local-node' or"
"`--cluster-local-nodemask' is missing");
- }
}
static void
@@ -194,13 +102,13 @@ cluster_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_cluster_match_info *info = (void *)match->data;
- printf("cluster ");
+ printf(" cluster ");
if (info->flags & XT_CLUSTER_F_INV)
- printf("!node_mask=0x%08x ", info->node_mask);
+ printf("!node_mask=0x%08x", info->node_mask);
else
- printf("node_mask=0x%08x ", info->node_mask);
+ printf("node_mask=0x%08x", info->node_mask);
- printf("total_nodes=%u hash_seed=0x%08x ",
+ printf(" total_nodes=%u hash_seed=0x%08x",
info->total_nodes, info->hash_seed);
}
@@ -210,11 +118,11 @@ cluster_save(const void *ip, const struct xt_entry_match *match)
const struct xt_cluster_match_info *info = (void *)match->data;
if (info->flags & XT_CLUSTER_F_INV)
- printf("! --cluster-local-nodemask 0x%08x ", info->node_mask);
+ printf(" ! --cluster-local-nodemask 0x%08x", info->node_mask);
else
- printf("--cluster-local-nodemask 0x%08x ", info->node_mask);
+ printf(" --cluster-local-nodemask 0x%08x", info->node_mask);
- printf("--cluster-total-nodes %u --cluster-hash-seed 0x%08x ",
+ printf(" --cluster-total-nodes %u --cluster-hash-seed 0x%08x",
info->total_nodes, info->hash_seed);
}
@@ -225,11 +133,11 @@ static struct xtables_match cluster_mt_reg = {
.size = XT_ALIGN(sizeof(struct xt_cluster_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_cluster_match_info)),
.help = cluster_help,
- .parse = cluster_parse,
- .final_check = cluster_check,
.print = cluster_print,
.save = cluster_save,
- .extra_opts = cluster_opts,
+ .x6_parse = cluster_parse,
+ .x6_fcheck = cluster_check,
+ .x6_options = cluster_opts,
};
void _init(void)
diff --git a/extensions/libxt_cluster.man b/extensions/libxt_cluster.man
index 62ad71c..94b4b20 100644
--- a/extensions/libxt_cluster.man
+++ b/extensions/libxt_cluster.man
@@ -55,6 +55,11 @@ arptables \-A INPUT \-i eth2 \-\-h\-length 6
\-\-destination\-mac 01:00:5e:00:01:02
\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27
.PP
+\fBNOTE\fP: the arptables commands above use mainstream syntax. If you
+are using arptables-jf included in some RedHat, CentOS and Fedora
+versions, you will hit syntax errors. Therefore, you'll have to adapt
+these to the arptables-jf syntax to get them working.
+.PP
In the case of TCP connections, pickup facility has to be disabled
to avoid marking TCP ACK packets coming in the reply direction as
valid.
diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
index 0068a6e..6ed2ff9 100644
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -7,13 +7,13 @@
* Port to patch-o-matic-ng
*/
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
#include <linux/netfilter/xt_comment.h>
+enum {
+ O_COMMENT = 0,
+};
+
static void comment_help(void)
{
printf(
@@ -21,60 +21,20 @@ static void comment_help(void)
"--comment COMMENT Attach a comment to a rule\n");
}
-static const struct option comment_opts[] = {
- { "comment", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry comment_opts[] = {
+ {.name = "comment", .id = O_COMMENT, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_PUT,
+ XTOPT_POINTER(struct xt_comment_info, comment)},
+ XTOPT_TABLEEND,
};
static void
-parse_comment(const char *s, struct xt_comment_info *info)
-{
- int slen = strlen(s);
-
- if (slen >= XT_MAX_COMMENT_LEN) {
- xtables_error(PARAMETER_PROBLEM,
- "COMMENT must be shorter than %i characters", XT_MAX_COMMENT_LEN);
- }
- strcpy((char *)info->comment, s);
-}
-
-static int
-comment_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct xt_comment_info *commentinfo = (struct xt_comment_info *)(*match)->data;
-
- switch (c) {
- case '1':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- if (invert) {
- xtables_error(PARAMETER_PROBLEM,
- "Sorry, you can't have an inverted comment");
- }
- parse_comment(optarg, commentinfo);
- *flags = 1;
- break;
-
- default:
- return 0;
- }
- return 1;
-}
-
-static void comment_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM,
- "COMMENT match: You must specify `--comment'");
-}
-
-static void
comment_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
struct xt_comment_info *commentinfo = (void *)match->data;
commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0';
- printf("/* %s */ ", commentinfo->comment);
+ printf(" /* %s */", commentinfo->comment);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
@@ -84,8 +44,8 @@ comment_save(const void *ip, const struct xt_entry_match *match)
struct xt_comment_info *commentinfo = (void *)match->data;
commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0';
- printf("--comment ");
- xtables_save_string((const char *)commentinfo->comment);
+ printf(" --comment");
+ xtables_save_string(commentinfo->comment);
}
static struct xtables_match comment_match = {
@@ -95,11 +55,10 @@ static struct xtables_match comment_match = {
.size = XT_ALIGN(sizeof(struct xt_comment_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_comment_info)),
.help = comment_help,
- .parse = comment_parse,
- .final_check = comment_check,
.print = comment_print,
.save = comment_save,
- .extra_opts = comment_opts,
+ .x6_parse = xtables_option_parse,
+ .x6_options = comment_opts,
};
void _init(void)
diff --git a/extensions/libxt_connbytes.c b/extensions/libxt_connbytes.c
index 5ebdd34..ed2ad25 100644
--- a/extensions/libxt_connbytes.c
+++ b/extensions/libxt_connbytes.c
@@ -1,13 +1,14 @@
-/* Shared library add-on to iptables to add byte tracking support. */
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
-#include <linux/netfilter/nf_conntrack_common.h>
#include <linux/netfilter/xt_connbytes.h>
+enum {
+ O_CONNBYTES = 0,
+ O_CONNBYTES_DIR,
+ O_CONNBYTES_MODE,
+};
+
static void connbytes_help(void)
{
printf(
@@ -17,105 +18,78 @@ static void connbytes_help(void)
" --connbytes-mode [packets, bytes, avgpkt]\n");
}
-static const struct option connbytes_opts[] = {
- { "connbytes", 1, NULL, '1' },
- { "connbytes-dir", 1, NULL, '2' },
- { "connbytes-mode", 1, NULL, '3' },
- { .name = NULL }
+static const struct xt_option_entry connbytes_opts[] = {
+ {.name = "connbytes", .id = O_CONNBYTES, .type = XTTYPE_UINT64RC,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ {.name = "connbytes-dir", .id = O_CONNBYTES_DIR, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND},
+ {.name = "connbytes-mode", .id = O_CONNBYTES_MODE,
+ .type = XTTYPE_STRING, .flags = XTOPT_MAND},
+ XTOPT_TABLEEND,
};
-static void
-parse_range(const char *arg, struct xt_connbytes_info *si)
+static void connbytes_parse(struct xt_option_call *cb)
{
- char *colon,*p;
-
- si->count.from = strtoul(arg,&colon,10);
- if (*colon != ':')
- xtables_error(PARAMETER_PROBLEM, "Bad range \"%s\"", arg);
- si->count.to = strtoul(colon+1,&p,10);
- if (p == colon+1) {
- /* second number omited */
- si->count.to = 0xffffffff;
- }
- if (si->count.from > si->count.to)
- xtables_error(PARAMETER_PROBLEM, "%llu should be less than %llu",
- (unsigned long long)si->count.from,
- (unsigned long long)si->count.to);
-}
-
-static int
-connbytes_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct xt_connbytes_info *sinfo = (struct xt_connbytes_info *)(*match)->data;
- unsigned long i;
-
- switch (c) {
- case '1':
- if (xtables_check_inverse(optarg, &invert, &optind, 0, argv))
- optind++;
-
- parse_range(optarg, sinfo);
- if (invert) {
+ struct xt_connbytes_info *sinfo = cb->data;
+ unsigned long long i;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_CONNBYTES:
+ sinfo->count.from = cb->val.u64_range[0];
+ sinfo->count.to = UINT64_MAX;
+ if (cb->nvals == 2)
+ sinfo->count.to = cb->val.u64_range[1];
+
+ if (sinfo->count.to < sinfo->count.from)
+ xtables_error(PARAMETER_PROBLEM, "%llu should be less than %llu",
+ (unsigned long long)sinfo->count.from,
+ (unsigned long long)sinfo->count.to);
+ if (cb->invert) {
i = sinfo->count.from;
sinfo->count.from = sinfo->count.to;
sinfo->count.to = i;
}
- *flags |= 1;
break;
- case '2':
- if (!strcmp(optarg, "original"))
+ case O_CONNBYTES_DIR:
+ if (strcmp(cb->arg, "original") == 0)
sinfo->direction = XT_CONNBYTES_DIR_ORIGINAL;
- else if (!strcmp(optarg, "reply"))
+ else if (strcmp(cb->arg, "reply") == 0)
sinfo->direction = XT_CONNBYTES_DIR_REPLY;
- else if (!strcmp(optarg, "both"))
+ else if (strcmp(cb->arg, "both") == 0)
sinfo->direction = XT_CONNBYTES_DIR_BOTH;
else
xtables_error(PARAMETER_PROBLEM,
- "Unknown --connbytes-dir `%s'", optarg);
-
- *flags |= 2;
+ "Unknown --connbytes-dir `%s'", cb->arg);
break;
- case '3':
- if (!strcmp(optarg, "packets"))
+ case O_CONNBYTES_MODE:
+ if (strcmp(cb->arg, "packets") == 0)
sinfo->what = XT_CONNBYTES_PKTS;
- else if (!strcmp(optarg, "bytes"))
+ else if (strcmp(cb->arg, "bytes") == 0)
sinfo->what = XT_CONNBYTES_BYTES;
- else if (!strcmp(optarg, "avgpkt"))
+ else if (strcmp(cb->arg, "avgpkt") == 0)
sinfo->what = XT_CONNBYTES_AVGPKT;
else
xtables_error(PARAMETER_PROBLEM,
- "Unknown --connbytes-mode `%s'", optarg);
- *flags |= 4;
+ "Unknown --connbytes-mode `%s'", cb->arg);
break;
- default:
- return 0;
}
-
- return 1;
-}
-
-static void connbytes_check(unsigned int flags)
-{
- if (flags != 7)
- xtables_error(PARAMETER_PROBLEM, "You must specify `--connbytes'"
- "`--connbytes-dir' and `--connbytes-mode'");
}
static void print_mode(const struct xt_connbytes_info *sinfo)
{
switch (sinfo->what) {
case XT_CONNBYTES_PKTS:
- fputs("packets ", stdout);
+ fputs(" packets", stdout);
break;
case XT_CONNBYTES_BYTES:
- fputs("bytes ", stdout);
+ fputs(" bytes", stdout);
break;
case XT_CONNBYTES_AVGPKT:
- fputs("avgpkt ", stdout);
+ fputs(" avgpkt", stdout);
break;
default:
- fputs("unknown ", stdout);
+ fputs(" unknown", stdout);
break;
}
}
@@ -124,38 +98,48 @@ static void print_direction(const struct xt_connbytes_info *sinfo)
{
switch (sinfo->direction) {
case XT_CONNBYTES_DIR_ORIGINAL:
- fputs("original ", stdout);
+ fputs(" original", stdout);
break;
case XT_CONNBYTES_DIR_REPLY:
- fputs("reply ", stdout);
+ fputs(" reply", stdout);
break;
case XT_CONNBYTES_DIR_BOTH:
- fputs("both ", stdout);
+ fputs(" both", stdout);
break;
default:
- fputs("unknown ", stdout);
+ fputs(" unknown", stdout);
break;
}
}
+static void print_from_to(const struct xt_connbytes_info *sinfo, const char *prefix)
+{
+ unsigned long long from, to;
+
+ if (sinfo->count.from > sinfo->count.to) {
+ fputs(" !", stdout);
+ from = sinfo->count.to;
+ to = sinfo->count.from;
+ } else {
+ to = sinfo->count.to;
+ from = sinfo->count.from;
+ }
+ printf(" %sconnbytes %llu", prefix, from);
+ if (to && to < UINT64_MAX)
+ printf(":%llu", to);
+}
+
static void
connbytes_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_connbytes_info *sinfo = (const void *)match->data;
- if (sinfo->count.from > sinfo->count.to)
- printf("connbytes ! %llu:%llu ",
- (unsigned long long)sinfo->count.to,
- (unsigned long long)sinfo->count.from);
- else
- printf("connbytes %llu:%llu ",
- (unsigned long long)sinfo->count.from,
- (unsigned long long)sinfo->count.to);
+ print_from_to(sinfo, "");
- fputs("connbytes mode ", stdout);
+ fputs(" connbytes mode", stdout);
print_mode(sinfo);
- fputs("connbytes direction ", stdout);
+ fputs(" connbytes direction", stdout);
print_direction(sinfo);
}
@@ -163,19 +147,12 @@ static void connbytes_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_connbytes_info *sinfo = (const void *)match->data;
- if (sinfo->count.from > sinfo->count.to)
- printf("! --connbytes %llu:%llu ",
- (unsigned long long)sinfo->count.to,
- (unsigned long long)sinfo->count.from);
- else
- printf("--connbytes %llu:%llu ",
- (unsigned long long)sinfo->count.from,
- (unsigned long long)sinfo->count.to);
+ print_from_to(sinfo, "--");
- fputs("--connbytes-mode ", stdout);
+ fputs(" --connbytes-mode", stdout);
print_mode(sinfo);
- fputs("--connbytes-dir ", stdout);
+ fputs(" --connbytes-dir", stdout);
print_direction(sinfo);
}
@@ -186,11 +163,10 @@ static struct xtables_match connbytes_match = {
.size = XT_ALIGN(sizeof(struct xt_connbytes_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connbytes_info)),
.help = connbytes_help,
- .parse = connbytes_parse,
- .final_check = connbytes_check,
.print = connbytes_print,
.save = connbytes_save,
- .extra_opts = connbytes_opts,
+ .x6_parse = connbytes_parse,
+ .x6_options = connbytes_opts,
};
void _init(void)
diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
new file mode 100644
index 0000000..c84a167
--- /dev/null
+++ b/extensions/libxt_connlabel.c
@@ -0,0 +1,124 @@
+#include <errno.h>
+#include <stdbool.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_connlabel.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+enum {
+ O_LABEL = 0,
+ O_SET = 1,
+};
+
+static struct nfct_labelmap *map;
+
+static void connlabel_mt_help(void)
+{
+ puts(
+"connlabel match options:\n"
+"[!] --label name Match if label has been set on connection\n"
+" --set Set label on connection");
+}
+
+static const struct xt_option_entry connlabel_mt_opts[] = {
+ {.name = "label", .id = O_LABEL, .type = XTTYPE_STRING,
+ .min = 1, .flags = XTOPT_MAND|XTOPT_INVERT},
+ {.name = "set", .id = O_SET, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
+};
+
+static void connlabel_mt_parse(struct xt_option_call *cb)
+{
+ struct xt_connlabel_mtinfo *info = cb->data;
+ int tmp;
+
+ xtables_option_parse(cb);
+
+ switch (cb->entry->id) {
+ case O_LABEL:
+ tmp = nfct_labelmap_get_bit(map, cb->arg);
+ if (tmp < 0)
+ xtables_error(PARAMETER_PROBLEM, "label '%s' not found", cb->arg);
+ info->bit = tmp;
+ if (cb->invert)
+ info->options |= XT_CONNLABEL_OP_INVERT;
+ break;
+ case O_SET:
+ info->options |= XT_CONNLABEL_OP_SET;
+ break;
+ }
+
+}
+
+static const char *connlabel_get_name(int b)
+{
+ const char *name = nfct_labelmap_get_name(map, b);
+ if (name && strcmp(name, ""))
+ return name;
+ return NULL;
+}
+
+static void
+connlabel_mt_print_op(const struct xt_connlabel_mtinfo *info, const char *prefix)
+{
+ if (info->options & XT_CONNLABEL_OP_SET)
+ printf(" %sset", prefix);
+}
+
+static void
+connlabel_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
+{
+ const struct xt_connlabel_mtinfo *info = (const void *)match->data;
+ const char *name = connlabel_get_name(info->bit);
+
+ printf(" connlabel");
+ if (info->options & XT_CONNLABEL_OP_INVERT)
+ printf(" !");
+ if (numeric || name == NULL) {
+ printf(" %u", info->bit);
+ } else {
+ printf(" '%s'", name);
+ }
+ connlabel_mt_print_op(info, "");
+}
+
+static void
+connlabel_mt_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_connlabel_mtinfo *info = (const void *)match->data;
+ const char *name = connlabel_get_name(info->bit);
+
+ if (info->options & XT_CONNLABEL_OP_INVERT)
+ printf(" !");
+ if (name)
+ printf(" --label \"%s\"", name);
+ else
+ printf(" --label \"%u\"", info->bit);
+ connlabel_mt_print_op(info, "--");
+}
+
+static struct xtables_match connlabel_mt_reg = {
+ .family = NFPROTO_UNSPEC,
+ .name = "connlabel",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connlabel_mtinfo)),
+ .userspacesize = offsetof(struct xt_connlabel_mtinfo, bit),
+ .help = connlabel_mt_help,
+ .print = connlabel_mt_print,
+ .save = connlabel_mt_save,
+ .x6_parse = connlabel_mt_parse,
+ .x6_options = connlabel_mt_opts,
+};
+
+void _init(void)
+{
+ map = nfct_labelmap_new(NULL);
+ if (!map) {
+ fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n",
+ connlabel_mt_reg.name, strerror(errno));
+ return;
+ }
+ xtables_register_match(&connlabel_mt_reg);
+}
diff --git a/extensions/libxt_connlabel.man b/extensions/libxt_connlabel.man
new file mode 100644
index 0000000..bdaa51e
--- /dev/null
+++ b/extensions/libxt_connlabel.man
@@ -0,0 +1,33 @@
+Module matches or adds connlabels to a connection.
+connlabels are similar to connmarks, except labels are bit-based; i.e.
+all labels may be attached to a flow at the same time.
+Up to 128 unique labels are currently supported.
+.TP
+[\fB!\fP] \fB\-\-label\fP \fBname\fP
+matches if label \fBname\fP has been set on a connection.
+Instead of a name (which will be translated to a number, see EXAMPLE below),
+a number may be used instead. Using a number always overrides connlabel.conf.
+.TP
+\fB\-\-set\fP
+if the label has not been set on the connection, set it.
+Note that setting a label can fail. This is because the kernel allocates the
+conntrack label storage area when the connection is created, and it only
+reserves the amount of memory required by the ruleset that exists at
+the time the connection is created.
+In this case, the match will fail (or succeed, in case \fB\-\-label\fP
+option was negated).
+.PP
+This match depends on libnetfilter_conntrack 1.0.4 or later.
+Label translation is done via the \fB/etc/xtables/connlabel.conf\fP configuration file.
+.PP
+Example:
+.IP
+.nf
+0 eth0-in
+1 eth0-out
+2 ppp-in
+3 ppp-out
+4 bulk-traffic
+5 interactive
+.fi
+.PP
diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c
index a215915..a569f86 100644
--- a/extensions/libxt_connlimit.c
+++ b/extensions/libxt_connlimit.c
@@ -1,27 +1,50 @@
-/* Shared library add-on to iptables to add connection limit support. */
#include <stdio.h>
#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter/xt_connlimit.h>
+enum {
+ O_UPTO = 0,
+ O_ABOVE,
+ O_MASK,
+ O_SADDR,
+ O_DADDR,
+ F_UPTO = 1 << O_UPTO,
+ F_ABOVE = 1 << O_ABOVE,
+ F_MASK = 1 << O_MASK,
+ F_SADDR = 1 << O_SADDR,
+ F_DADDR = 1 << O_DADDR,
+};
+
static void connlimit_help(void)
{
printf(
"connlimit match options:\n"
-"[!] --connlimit-above n match if the number of existing "
-" connections is (not) above n\n"
-" --connlimit-mask n group hosts using mask\n");
+" --connlimit-upto n match if the number of existing connections is 0..n\n"
+" --connlimit-above n match if the number of existing connections is >n\n"
+" --connlimit-mask n group hosts using prefix length (default: max len)\n"
+" --connlimit-saddr select source address for grouping\n"
+" --connlimit-daddr select destination addresses for grouping\n");
}
-static const struct option connlimit_opts[] = {
- {"connlimit-above", 1, NULL, 'A'},
- {"connlimit-mask", 1, NULL, 'M'},
- { .name = NULL }
+#define s struct xt_connlimit_info
+static const struct xt_option_entry connlimit_opts[] = {
+ {.name = "connlimit-upto", .id = O_UPTO, .excl = F_ABOVE,
+ .type = XTTYPE_UINT32, .flags = XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(s, limit)},
+ {.name = "connlimit-above", .id = O_ABOVE, .excl = F_UPTO,
+ .type = XTTYPE_UINT32, .flags = XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(s, limit)},
+ {.name = "connlimit-mask", .id = O_MASK, .type = XTTYPE_PLENMASK,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, mask)},
+ {.name = "connlimit-saddr", .id = O_SADDR, .excl = F_DADDR,
+ .type = XTTYPE_NONE},
+ {.name = "connlimit-daddr", .id = O_DADDR, .excl = F_SADDR,
+ .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
+#undef s
static void connlimit_init(struct xt_entry_match *match)
{
@@ -31,99 +54,57 @@ static void connlimit_init(struct xt_entry_match *match)
memset(info->v6_mask, 0xFF, sizeof(info->v6_mask));
}
-static void prefix_to_netmask(u_int32_t *mask, unsigned int prefix_len)
-{
- if (prefix_len == 0) {
- mask[0] = mask[1] = mask[2] = mask[3] = 0;
- } else if (prefix_len <= 32) {
- mask[0] <<= 32 - prefix_len;
- mask[1] = mask[2] = mask[3] = 0;
- } else if (prefix_len <= 64) {
- mask[1] <<= 32 - (prefix_len - 32);
- mask[2] = mask[3] = 0;
- } else if (prefix_len <= 96) {
- mask[2] <<= 32 - (prefix_len - 64);
- mask[3] = 0;
- } else if (prefix_len <= 128) {
- mask[3] <<= 32 - (prefix_len - 96);
- }
- mask[0] = htonl(mask[0]);
- mask[1] = htonl(mask[1]);
- mask[2] = htonl(mask[2]);
- mask[3] = htonl(mask[3]);
-}
-
-static int connlimit_parse(int c, char **argv, int invert, unsigned int *flags,
- struct xt_connlimit_info *info, unsigned int family)
+static void connlimit_parse(struct xt_option_call *cb, uint8_t family)
{
- char *err;
- int i;
-
- switch (c) {
- case 'A':
- if (*flags & 0x1)
+ struct xt_connlimit_info *info = cb->data;
+ const unsigned int revision = (*cb->match)->u.user.revision;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_ABOVE:
+ if (cb->invert)
+ info->flags |= XT_CONNLIMIT_INVERT;
+ break;
+ case O_UPTO:
+ if (!cb->invert)
+ info->flags |= XT_CONNLIMIT_INVERT;
+ break;
+ case O_SADDR:
+ if (revision < 1)
xtables_error(PARAMETER_PROBLEM,
- "--connlimit-above may be given only once");
- *flags |= 0x1;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- info->limit = strtoul(optarg, NULL, 0);
- info->inverse = invert;
+ "xt_connlimit.0 does not support "
+ "--connlimit-daddr");
+ info->flags &= ~XT_CONNLIMIT_DADDR;
break;
- case 'M':
- if (*flags & 0x2)
+ case O_DADDR:
+ if (revision < 1)
xtables_error(PARAMETER_PROBLEM,
- "--connlimit-mask may be given only once");
-
- *flags |= 0x2;
- i = strtoul(optarg, &err, 0);
- if (family == NFPROTO_IPV6) {
- if (i > 128 || *err != '\0')
- xtables_error(PARAMETER_PROBLEM,
- "--connlimit-mask must be between "
- "0 and 128");
- prefix_to_netmask(info->v6_mask, i);
- } else {
- if (i > 32 || *err != '\0')
- xtables_error(PARAMETER_PROBLEM,
- "--connlimit-mask must be between "
- "0 and 32");
- if (i == 0)
- info->v4_mask = 0;
- else
- info->v4_mask = htonl(0xFFFFFFFF << (32 - i));
- }
+ "xt_connlimit.0 does not support "
+ "--connlimit-daddr");
+ info->flags |= XT_CONNLIMIT_DADDR;
break;
- default:
- return 0;
}
-
- return 1;
}
-static int connlimit_parse4(int c, char **argv, int invert,
- unsigned int *flags, const void *entry,
- struct xt_entry_match **match)
+static void connlimit_parse4(struct xt_option_call *cb)
{
- return connlimit_parse(c, argv, invert, flags,
- (void *)(*match)->data, NFPROTO_IPV4);
+ return connlimit_parse(cb, NFPROTO_IPV4);
}
-static int connlimit_parse6(int c, char **argv, int invert,
- unsigned int *flags, const void *entry,
- struct xt_entry_match **match)
+static void connlimit_parse6(struct xt_option_call *cb)
{
- return connlimit_parse(c, argv, invert, flags,
- (void *)(*match)->data, NFPROTO_IPV6);
+ return connlimit_parse(cb, NFPROTO_IPV6);
}
-static void connlimit_check(unsigned int flags)
+static void connlimit_check(struct xt_fcheck_call *cb)
{
- if (!(flags & 0x1))
+ if ((cb->xflags & (F_UPTO | F_ABOVE)) == 0)
xtables_error(PARAMETER_PROBLEM,
- "You must specify \"--connlimit-above\"");
+ "You must specify \"--connlimit-above\" or "
+ "\"--connlimit-upto\".");
}
-static unsigned int count_bits4(u_int32_t mask)
+static unsigned int count_bits4(uint32_t mask)
{
unsigned int bits = 0;
@@ -133,10 +114,10 @@ static unsigned int count_bits4(u_int32_t mask)
return 32 - bits;
}
-static unsigned int count_bits6(const u_int32_t *mask)
+static unsigned int count_bits6(const uint32_t *mask)
{
unsigned int bits = 0, i;
- u_int32_t tmp[4];
+ uint32_t tmp[4];
for (i = 0; i < 4; ++i)
for (tmp[i] = ~ntohl(mask[i]); tmp[i] != 0; tmp[i] >>= 1)
@@ -149,64 +130,119 @@ static void connlimit_print4(const void *ip,
{
const struct xt_connlimit_info *info = (const void *)match->data;
- printf("#conn/%u %s %u ", count_bits4(info->v4_mask),
- info->inverse ? "<=" : ">", info->limit);
+ printf(" #conn %s/%u %s %u",
+ (info->flags & XT_CONNLIMIT_DADDR) ? "dst" : "src",
+ count_bits4(info->v4_mask),
+ (info->flags & XT_CONNLIMIT_INVERT) ? "<=" : ">", info->limit);
}
static void connlimit_print6(const void *ip,
const struct xt_entry_match *match, int numeric)
{
const struct xt_connlimit_info *info = (const void *)match->data;
- printf("#conn/%u %s %u ", count_bits6(info->v6_mask),
- info->inverse ? "<=" : ">", info->limit);
+
+ printf(" #conn %s/%u %s %u",
+ (info->flags & XT_CONNLIMIT_DADDR) ? "dst" : "src",
+ count_bits6(info->v6_mask),
+ (info->flags & XT_CONNLIMIT_INVERT) ? "<=" : ">", info->limit);
}
static void connlimit_save4(const void *ip, const struct xt_entry_match *match)
{
const struct xt_connlimit_info *info = (const void *)match->data;
-
- printf("%s--connlimit-above %u --connlimit-mask %u ",
- info->inverse ? "! " : "", info->limit,
- count_bits4(info->v4_mask));
+ const int revision = match->u.user.revision;
+
+ if (info->flags & XT_CONNLIMIT_INVERT)
+ printf(" --connlimit-upto %u", info->limit);
+ else
+ printf(" --connlimit-above %u", info->limit);
+ printf(" --connlimit-mask %u", count_bits4(info->v4_mask));
+ if (revision >= 1) {
+ if (info->flags & XT_CONNLIMIT_DADDR)
+ printf(" --connlimit-daddr");
+ else
+ printf(" --connlimit-saddr");
+ }
}
static void connlimit_save6(const void *ip, const struct xt_entry_match *match)
{
const struct xt_connlimit_info *info = (const void *)match->data;
-
- printf("%s--connlimit-above %u --connlimit-mask %u ",
- info->inverse ? "! " : "", info->limit,
- count_bits6(info->v6_mask));
+ const int revision = match->u.user.revision;
+
+ if (info->flags & XT_CONNLIMIT_INVERT)
+ printf(" --connlimit-upto %u", info->limit);
+ else
+ printf(" --connlimit-above %u", info->limit);
+ printf(" --connlimit-mask %u", count_bits6(info->v6_mask));
+ if (revision >= 1) {
+ if (info->flags & XT_CONNLIMIT_DADDR)
+ printf(" --connlimit-daddr");
+ else
+ printf(" --connlimit-saddr");
+ }
}
static struct xtables_match connlimit_mt_reg[] = {
{
.name = "connlimit",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
+ .userspacesize = offsetof(struct xt_connlimit_info, data),
+ .help = connlimit_help,
+ .init = connlimit_init,
+ .x6_parse = connlimit_parse4,
+ .x6_fcheck = connlimit_check,
+ .print = connlimit_print4,
+ .save = connlimit_save4,
+ .x6_options = connlimit_opts,
+ },
+ {
+ .name = "connlimit",
+ .revision = 0,
+ .family = NFPROTO_IPV6,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
+ .userspacesize = offsetof(struct xt_connlimit_info, data),
+ .help = connlimit_help,
+ .init = connlimit_init,
+ .x6_parse = connlimit_parse6,
+ .x6_fcheck = connlimit_check,
+ .print = connlimit_print6,
+ .save = connlimit_save6,
+ .x6_options = connlimit_opts,
+ },
+ {
+ .name = "connlimit",
+ .revision = 1,
.family = NFPROTO_IPV4,
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
.userspacesize = offsetof(struct xt_connlimit_info, data),
.help = connlimit_help,
.init = connlimit_init,
- .parse = connlimit_parse4,
- .final_check = connlimit_check,
+ .x6_parse = connlimit_parse4,
+ .x6_fcheck = connlimit_check,
.print = connlimit_print4,
.save = connlimit_save4,
- .extra_opts = connlimit_opts,
+ .x6_options = connlimit_opts,
},
{
.name = "connlimit",
+ .revision = 1,
.family = NFPROTO_IPV6,
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
.userspacesize = offsetof(struct xt_connlimit_info, data),
.help = connlimit_help,
.init = connlimit_init,
- .parse = connlimit_parse6,
- .final_check = connlimit_check,
+ .x6_parse = connlimit_parse6,
+ .x6_fcheck = connlimit_check,
.print = connlimit_print6,
.save = connlimit_save6,
- .extra_opts = connlimit_opts,
+ .x6_options = connlimit_opts,
},
};
diff --git a/extensions/libxt_connlimit.man b/extensions/libxt_connlimit.man
index c85d768..ad9f40f 100644
--- a/extensions/libxt_connlimit.man
+++ b/extensions/libxt_connlimit.man
@@ -1,23 +1,34 @@
Allows you to restrict the number of parallel connections to a server per
client IP address (or client address block).
.TP
-[\fB!\fP] \fB\-\-connlimit\-above\fP \fIn\fP
-Match if the number of existing connections is (not) above \fIn\fR.
+\fB\-\-connlimit\-upto\fP \fIn\fP
+Match if the number of existing connections is below or equal \fIn\fP.
+.TP
+\fB\-\-connlimit\-above\fP \fIn\fP
+Match if the number of existing connections is above \fIn\fP.
.TP
\fB\-\-connlimit\-mask\fP \fIprefix_length\fP
Group hosts using the prefix length. For IPv4, this must be a number between
-(including) 0 and 32. For IPv6, between 0 and 128.
-.P
+(including) 0 and 32. For IPv6, between 0 and 128. If not specified, the
+maximum prefix length for the applicable protocol is used.
+.TP
+\fB\-\-connlimit\-saddr\fP
+Apply the limit onto the source group. This is the default if
+\-\-connlimit\-daddr is not specified.
+.TP
+\fB\-\-connlimit\-daddr\fP
+Apply the limit onto the destination group.
+.PP
Examples:
.TP
# allow 2 telnet connections per client host
iptables \-A INPUT \-p tcp \-\-syn \-\-dport 23 \-m connlimit \-\-connlimit\-above 2 \-j REJECT
.TP
# you can also match the other way around:
-iptables \-A INPUT \-p tcp \-\-syn \-\-dport 23 \-m connlimit ! \-\-connlimit\-above 2 \-j ACCEPT
+iptables \-A INPUT \-p tcp \-\-syn \-\-dport 23 \-m connlimit \-\-connlimit\-upto 2 \-j ACCEPT
.TP
# limit the number of parallel HTTP requests to 16 per class C sized \
-network (24 bit netmask)
+source network (24 bit netmask)
iptables \-p tcp \-\-syn \-\-dport 80 \-m connlimit \-\-connlimit\-above 16
\-\-connlimit\-mask 24 \-j REJECT
.TP
@@ -25,3 +36,7 @@ iptables \-p tcp \-\-syn \-\-dport 80 \-m connlimit \-\-connlimit\-above 16
(ipv6)
ip6tables \-p tcp \-\-syn \-\-dport 80 \-s fe80::/64 \-m connlimit \-\-connlimit\-above
16 \-\-connlimit\-mask 64 \-j REJECT
+.TP
+# Limit the number of connections to a particular host:
+ip6tables \-p tcp \-\-syn \-\-dport 49152:65535 \-d 2001:db8::1 \-m connlimit
+\-\-connlimit-above 100 \-j REJECT
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c
index 38aa563..6f1d532 100644
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -19,22 +19,19 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+#include <stdbool.h>
+#include <stdint.h>
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
#include <linux/netfilter/xt_connmark.h>
struct xt_connmark_info {
unsigned long mark, mask;
- u_int8_t invert;
+ uint8_t invert;
};
enum {
- F_MARK = 1 << 0,
+ O_MARK = 0,
};
static void connmark_mt_help(void)
@@ -44,83 +41,40 @@ static void connmark_mt_help(void)
"[!] --mark value[/mask] Match ctmark value with optional mask\n");
}
-static const struct option connmark_mt_opts[] = {
- {.name = "mark", .has_arg = true, .val = '1'},
- { .name = NULL }
+static const struct xt_option_entry connmark_mt_opts[] = {
+ {.name = "mark", .id = O_MARK, .type = XTTYPE_MARKMASK32,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
-static int
-connmark_mt_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void connmark_mt_parse(struct xt_option_call *cb)
{
- struct xt_connmark_mtinfo1 *info = (void *)(*match)->data;
- unsigned int mark, mask = UINT32_MAX;
- char *end;
-
- switch (c) {
- case '1': /* --mark */
- xtables_param_act(XTF_ONLY_ONCE, "connmark", "--mark", *flags & F_MARK);
- if (!xtables_strtoui(optarg, &end, &mark, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg);
- if (*end == '/')
- if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg);
- if (*end != '\0')
- xtables_param_act(XTF_BAD_VALUE, "connmark", "--mark", optarg);
-
- if (invert)
- info->invert = true;
- info->mark = mark;
- info->mask = mask;
- *flags |= F_MARK;
- return true;
- }
- return false;
+ struct xt_connmark_mtinfo1 *info = cb->data;
+
+ xtables_option_parse(cb);
+ if (cb->invert)
+ info->invert = true;
+ info->mark = cb->val.mark;
+ info->mask = cb->val.mask;
}
-static int
-connmark_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void connmark_parse(struct xt_option_call *cb)
{
- struct xt_connmark_info *markinfo = (struct xt_connmark_info *)(*match)->data;
-
- switch (c) {
- char *end;
- case '1':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- markinfo->mark = strtoul(optarg, &end, 0);
- markinfo->mask = 0xffffffffUL;
-
- if (*end == '/')
- markinfo->mask = strtoul(end+1, &end, 0);
-
- if (*end != '\0' || end == optarg)
- xtables_error(PARAMETER_PROBLEM, "Bad MARK value \"%s\"", optarg);
- if (invert)
- markinfo->invert = 1;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
- return 1;
+ struct xt_connmark_info *markinfo = cb->data;
+
+ xtables_option_parse(cb);
+ markinfo->mark = cb->val.mark;
+ markinfo->mask = cb->val.mask;
+ if (cb->invert)
+ markinfo->invert = 1;
}
static void print_mark(unsigned int mark, unsigned int mask)
{
if (mask != 0xffffffffU)
- printf("0x%x/0x%x ", mark, mask);
+ printf(" 0x%x/0x%x", mark, mask);
else
- printf("0x%x ", mark);
-}
-
-static void connmark_mt_check(unsigned int flags)
-{
- if (flags == 0)
- xtables_error(PARAMETER_PROBLEM,
- "connmark: The --mark option is required");
+ printf(" 0x%x", mark);
}
static void
@@ -128,7 +82,7 @@ connmark_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_connmark_info *info = (const void *)match->data;
- printf("CONNMARK match ");
+ printf(" CONNMARK match ");
if (info->invert)
printf("!");
print_mark(info->mark, info->mask);
@@ -139,7 +93,7 @@ connmark_mt_print(const void *ip, const struct xt_entry_match *match, int numeri
{
const struct xt_connmark_mtinfo1 *info = (const void *)match->data;
- printf("connmark match ");
+ printf(" connmark match ");
if (info->invert)
printf("!");
print_mark(info->mark, info->mask);
@@ -150,9 +104,9 @@ static void connmark_save(const void *ip, const struct xt_entry_match *match)
const struct xt_connmark_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
@@ -162,9 +116,9 @@ connmark_mt_save(const void *ip, const struct xt_entry_match *match)
const struct xt_connmark_mtinfo1 *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
@@ -177,11 +131,10 @@ static struct xtables_match connmark_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_connmark_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
.help = connmark_mt_help,
- .parse = connmark_parse,
- .final_check = connmark_mt_check,
.print = connmark_print,
.save = connmark_save,
- .extra_opts = connmark_mt_opts,
+ .x6_parse = connmark_parse,
+ .x6_options = connmark_mt_opts,
},
{
.version = XTABLES_VERSION,
@@ -191,11 +144,10 @@ static struct xtables_match connmark_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
.help = connmark_mt_help,
- .parse = connmark_mt_parse,
- .final_check = connmark_mt_check,
.print = connmark_mt_print,
.save = connmark_mt_save,
- .extra_opts = connmark_mt_opts,
+ .x6_parse = connmark_mt_parse,
+ .x6_options = connmark_mt_opts,
},
};
diff --git a/extensions/libxt_connmark.man b/extensions/libxt_connmark.man
index ee87d9e..4e83801 100644
--- a/extensions/libxt_connmark.man
+++ b/extensions/libxt_connmark.man
@@ -1,5 +1,5 @@
This module matches the netfilter mark field associated with a connection
-(which can be set using the \fBCONNMARK\fR target below).
+(which can be set using the \fBCONNMARK\fP target below).
.TP
[\fB!\fP] \fB\-\-mark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
Matches packets in connections with the given mark value (if a mask is
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 5557d3e..128bbd2 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -6,21 +6,18 @@
* Copyright © CC Computer Consultants GmbH, 2007 - 2008
* Jan Engelhardt <jengelh@computergmbh.de>
*/
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <ctype.h>
-#include <getopt.h>
-#include <netdb.h>
#include <stdbool.h>
-#include <stddef.h>
+#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <xtables.h>
-#include <linux/netfilter.h>
#include <linux/netfilter/xt_conntrack.h>
+#include <linux/netfilter/xt_state.h>
#include <linux/netfilter/nf_conntrack_common.h>
-#include <arpa/inet.h>
+#ifndef XT_STATE_UNTRACKED
+#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
+#endif
struct ip_conntrack_old_tuple {
struct {
@@ -50,9 +47,25 @@ struct xt_conntrack_info {
unsigned long expires_min, expires_max;
/* Flags word */
- u_int8_t flags;
+ uint8_t flags;
/* Inverse flags */
- u_int8_t invflags;
+ uint8_t invflags;
+};
+
+enum {
+ O_CTSTATE = 0,
+ O_CTPROTO,
+ O_CTORIGSRC,
+ O_CTORIGDST,
+ O_CTREPLSRC,
+ O_CTREPLDST,
+ O_CTORIGSRCPORT,
+ O_CTORIGDSTPORT,
+ O_CTREPLSRCPORT,
+ O_CTREPLDSTPORT,
+ O_CTSTATUS,
+ O_CTEXPIRE,
+ O_CTDIR,
};
static void conntrack_mt_help(void)
@@ -79,34 +92,98 @@ static void conntrack_mt_help(void)
" --ctdir {ORIGINAL|REPLY} Flow direction of packet\n");
}
-static const struct option conntrack_mt_opts_v0[] = {
- {.name = "ctstate", .has_arg = true, .val = '1'},
- {.name = "ctproto", .has_arg = true, .val = '2'},
- {.name = "ctorigsrc", .has_arg = true, .val = '3'},
- {.name = "ctorigdst", .has_arg = true, .val = '4'},
- {.name = "ctreplsrc", .has_arg = true, .val = '5'},
- {.name = "ctrepldst", .has_arg = true, .val = '6'},
- {.name = "ctstatus", .has_arg = true, .val = '7'},
- {.name = "ctexpire", .has_arg = true, .val = '8'},
- { .name = NULL }
+#define s struct xt_conntrack_info /* for v0 */
+static const struct xt_option_entry conntrack_mt_opts_v0[] = {
+ {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL,
+ .flags = XTOPT_INVERT},
+ {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOST,
+ .flags = XTOPT_INVERT},
+ {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOST,
+ .flags = XTOPT_INVERT},
+ {.name = "ctreplsrc", .id = O_CTREPLSRC, .type = XTTYPE_HOST,
+ .flags = XTOPT_INVERT},
+ {.name = "ctrepldst", .id = O_CTREPLDST, .type = XTTYPE_HOST,
+ .flags = XTOPT_INVERT},
+ {.name = "ctstatus", .id = O_CTSTATUS, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "ctexpire", .id = O_CTEXPIRE, .type = XTTYPE_UINT32RC,
+ .flags = XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
-
-static const struct option conntrack_mt_opts[] = {
- {.name = "ctstate", .has_arg = true, .val = '1'},
- {.name = "ctproto", .has_arg = true, .val = '2'},
- {.name = "ctorigsrc", .has_arg = true, .val = '3'},
- {.name = "ctorigdst", .has_arg = true, .val = '4'},
- {.name = "ctreplsrc", .has_arg = true, .val = '5'},
- {.name = "ctrepldst", .has_arg = true, .val = '6'},
- {.name = "ctstatus", .has_arg = true, .val = '7'},
- {.name = "ctexpire", .has_arg = true, .val = '8'},
- {.name = "ctorigsrcport", .has_arg = true, .val = 'a'},
- {.name = "ctorigdstport", .has_arg = true, .val = 'b'},
- {.name = "ctreplsrcport", .has_arg = true, .val = 'c'},
- {.name = "ctrepldstport", .has_arg = true, .val = 'd'},
- {.name = "ctdir", .has_arg = true, .val = 'e'},
- {.name = NULL},
+#undef s
+
+#define s struct xt_conntrack_mtinfo2
+/* We exploit the fact that v1-v2 share the same xt_o_e layout */
+static const struct xt_option_entry conntrack2_mt_opts[] = {
+ {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL,
+ .flags = XTOPT_INVERT},
+ {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_INVERT},
+ {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_INVERT},
+ {.name = "ctreplsrc", .id = O_CTREPLSRC, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_INVERT},
+ {.name = "ctrepldst", .id = O_CTREPLDST, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_INVERT},
+ {.name = "ctstatus", .id = O_CTSTATUS, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "ctexpire", .id = O_CTEXPIRE, .type = XTTYPE_UINT32RC,
+ .flags = XTOPT_INVERT},
+ /*
+ * Rev 1 and 2 only store one port, and we would normally use
+ * %XTTYPE_PORT (rather than %XTTYPE_PORTRC) for that. The resulting
+ * error message - in case a user passed a range nevertheless -
+ * "port 22:23 resolved to nothing" is not quite as useful as using
+ * %XTTYPE_PORTC and libxt_conntrack's own range test.
+ */
+ {.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_NBO},
+ {.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_NBO},
+ {.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_NBO},
+ {.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_NBO},
+ {.name = "ctdir", .id = O_CTDIR, .type = XTTYPE_STRING},
+ XTOPT_TABLEEND,
+};
+#undef s
+
+#define s struct xt_conntrack_mtinfo3
+/* Difference from v2 is the non-NBO form. */
+static const struct xt_option_entry conntrack3_mt_opts[] = {
+ {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL,
+ .flags = XTOPT_INVERT},
+ {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_INVERT},
+ {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_INVERT},
+ {.name = "ctreplsrc", .id = O_CTREPLSRC, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_INVERT},
+ {.name = "ctrepldst", .id = O_CTREPLDST, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_INVERT},
+ {.name = "ctstatus", .id = O_CTSTATUS, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "ctexpire", .id = O_CTEXPIRE, .type = XTTYPE_UINT32RC,
+ .flags = XTOPT_INVERT},
+ {.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT},
+ {.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT},
+ {.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT},
+ {.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT},
+ {.name = "ctdir", .id = O_CTDIR, .type = XTTYPE_STRING},
+ XTOPT_TABLEEND,
};
+#undef s
static int
parse_state(const char *state, size_t len, struct xt_conntrack_info *sinfo)
@@ -149,7 +226,7 @@ parse_states(const char *arg, struct xt_conntrack_info *sinfo)
}
static bool
-conntrack_ps_state(struct xt_conntrack_mtinfo2 *info, const char *state,
+conntrack_ps_state(struct xt_conntrack_mtinfo3 *info, const char *state,
size_t z)
{
if (strncasecmp(state, "INVALID", z) == 0)
@@ -172,7 +249,7 @@ conntrack_ps_state(struct xt_conntrack_mtinfo2 *info, const char *state,
}
static void
-conntrack_ps_states(struct xt_conntrack_mtinfo2 *info, const char *arg)
+conntrack_ps_states(struct xt_conntrack_mtinfo3 *info, const char *arg)
{
const char *comma;
@@ -223,7 +300,7 @@ parse_statuses(const char *arg, struct xt_conntrack_info *sinfo)
}
static bool
-conntrack_ps_status(struct xt_conntrack_mtinfo2 *info, const char *status,
+conntrack_ps_status(struct xt_conntrack_mtinfo3 *info, const char *status,
size_t z)
{
if (strncasecmp(status, "NONE", z) == 0)
@@ -242,7 +319,7 @@ conntrack_ps_status(struct xt_conntrack_mtinfo2 *info, const char *status,
}
static void
-conntrack_ps_statuses(struct xt_conntrack_mtinfo2 *info, const char *arg)
+conntrack_ps_statuses(struct xt_conntrack_mtinfo3 *info, const char *arg)
{
const char *comma;
@@ -257,103 +334,21 @@ conntrack_ps_statuses(struct xt_conntrack_mtinfo2 *info, const char *arg)
xtables_error(PARAMETER_PROBLEM, "Bad ctstatus \"%s\"", arg);
}
-static unsigned long
-parse_expire(const char *s)
-{
- unsigned int len;
-
- if (!xtables_strtoui(s, NULL, &len, 0, UINT32_MAX))
- xtables_error(PARAMETER_PROBLEM, "expire value invalid: \"%s\"\n", s);
- else
- return len;
-}
-
-/* If a single value is provided, min and max are both set to the value */
-static void
-parse_expires(const char *s, struct xt_conntrack_info *sinfo)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(s);
- if ((cp = strchr(buffer, ':')) == NULL)
- sinfo->expires_min = sinfo->expires_max =
- parse_expire(buffer);
- else {
- *cp = '\0';
- cp++;
-
- sinfo->expires_min = buffer[0] ? parse_expire(buffer) : 0;
- sinfo->expires_max = cp[0]
- ? parse_expire(cp)
- : (unsigned long)-1;
- }
- free(buffer);
-
- if (sinfo->expires_min > sinfo->expires_max)
- xtables_error(PARAMETER_PROBLEM,
- "expire min. range value `%lu' greater than max. "
- "range value `%lu'", sinfo->expires_min, sinfo->expires_max);
-}
-
-static void
-conntrack_ps_expires(struct xt_conntrack_mtinfo2 *info, const char *s)
-{
- unsigned int min, max;
- char *end;
-
- if (!xtables_strtoui(s, &end, &min, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s);
- max = min;
- if (*end == ':')
- if (!xtables_strtoui(end + 1, &end, &max, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s);
- if (*end != '\0')
- xtables_param_act(XTF_BAD_VALUE, "conntrack", "--expires", s);
-
- if (min > max)
- xtables_error(PARAMETER_PROBLEM,
- "expire min. range value \"%u\" greater than max. "
- "range value \"%u\"", min, max);
-
- info->expires_min = min;
- info->expires_max = max;
-}
-
-static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void conntrack_parse(struct xt_option_call *cb)
{
- struct xt_conntrack_info *sinfo = (void *)(*match)->data;
- char *protocol = NULL;
- unsigned int naddrs = 0;
- struct in_addr *addrs = NULL;
-
+ struct xt_conntrack_info *sinfo = cb->data;
- switch (c) {
- case '1':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- parse_states(optarg, sinfo);
- if (invert) {
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_CTSTATE:
+ parse_states(cb->arg, sinfo);
+ if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_STATE;
- }
- sinfo->flags |= XT_CONNTRACK_STATE;
break;
-
- case '2':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- if(invert)
+ case O_CTPROTO:
+ sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = cb->val.protocol;
+ if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_PROTO;
-
- /* Canonicalize into lower case */
- for (protocol = optarg; *protocol; protocol++)
- *protocol = tolower(*protocol);
-
- protocol = optarg;
- sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum =
- xtables_parse_protocol(protocol);
-
if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0
&& (sinfo->invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
@@ -361,356 +356,153 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
sinfo->flags |= XT_CONNTRACK_PROTO;
break;
-
- case '3':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- if (invert)
+ case O_CTORIGSRC:
+ if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_ORIGSRC;
-
- xtables_ipparse_any(optarg, &addrs,
- &sinfo->sipmsk[IP_CT_DIR_ORIGINAL],
- &naddrs);
- if(naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
-
- if(naddrs == 1) {
- sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip = addrs[0].s_addr;
- }
-
+ sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip = cb->val.haddr.ip;
sinfo->flags |= XT_CONNTRACK_ORIGSRC;
break;
-
- case '4':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- if (invert)
+ case O_CTORIGDST:
+ if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_ORIGDST;
-
- xtables_ipparse_any(optarg, &addrs,
- &sinfo->dipmsk[IP_CT_DIR_ORIGINAL],
- &naddrs);
- if(naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
-
- if(naddrs == 1) {
- sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip = addrs[0].s_addr;
- }
-
+ sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip = cb->val.haddr.ip;
sinfo->flags |= XT_CONNTRACK_ORIGDST;
break;
-
- case '5':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- if (invert)
+ case O_CTREPLSRC:
+ if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_REPLSRC;
-
- xtables_ipparse_any(optarg, &addrs,
- &sinfo->sipmsk[IP_CT_DIR_REPLY],
- &naddrs);
- if(naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
-
- if(naddrs == 1) {
- sinfo->tuple[IP_CT_DIR_REPLY].src.ip = addrs[0].s_addr;
- }
-
+ sinfo->tuple[IP_CT_DIR_REPLY].src.ip = cb->val.haddr.ip;
sinfo->flags |= XT_CONNTRACK_REPLSRC;
break;
-
- case '6':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- if (invert)
+ case O_CTREPLDST:
+ if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_REPLDST;
-
- xtables_ipparse_any(optarg, &addrs,
- &sinfo->dipmsk[IP_CT_DIR_REPLY],
- &naddrs);
- if(naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
-
- if(naddrs == 1) {
- sinfo->tuple[IP_CT_DIR_REPLY].dst.ip = addrs[0].s_addr;
- }
-
+ sinfo->tuple[IP_CT_DIR_REPLY].dst.ip = cb->val.haddr.ip;
sinfo->flags |= XT_CONNTRACK_REPLDST;
break;
-
- case '7':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- parse_statuses(optarg, sinfo);
- if (invert) {
+ case O_CTSTATUS:
+ parse_statuses(cb->arg, sinfo);
+ if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_STATUS;
- }
sinfo->flags |= XT_CONNTRACK_STATUS;
break;
-
- case '8':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- parse_expires(optarg, sinfo);
- if (invert) {
+ case O_CTEXPIRE:
+ sinfo->expires_min = cb->val.u32_range[0];
+ sinfo->expires_max = cb->val.u32_range[0];
+ if (cb->nvals >= 2)
+ sinfo->expires_max = cb->val.u32_range[1];
+ if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_EXPIRES;
- }
sinfo->flags |= XT_CONNTRACK_EXPIRES;
break;
-
- default:
- return 0;
}
-
- *flags = sinfo->flags;
- return 1;
}
-static int
-conntrack_mt_parse(int c, bool invert, unsigned int *flags,
- struct xt_conntrack_mtinfo2 *info)
+static void conntrack_mt_parse(struct xt_option_call *cb, uint8_t rev)
{
- unsigned int port;
- char *p;
+ struct xt_conntrack_mtinfo3 *info = cb->data;
- switch (c) {
- case '1': /* --ctstate */
- conntrack_ps_states(info, optarg);
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_CTSTATE:
+ conntrack_ps_states(info, cb->arg);
info->match_flags |= XT_CONNTRACK_STATE;
- if (invert)
+ if (cb->invert)
info->invert_flags |= XT_CONNTRACK_STATE;
break;
-
- case '2': /* --ctproto */
- /* Canonicalize into lower case */
- for (p = optarg; *p != '\0'; ++p)
- *p = tolower(*p);
- info->l4proto = xtables_parse_protocol(optarg);
-
+ case O_CTPROTO:
+ info->l4proto = cb->val.protocol;
if (info->l4proto == 0 && (info->invert_flags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM, "conntrack: rule would "
"never match protocol");
info->match_flags |= XT_CONNTRACK_PROTO;
- if (invert)
+ if (cb->invert)
info->invert_flags |= XT_CONNTRACK_PROTO;
break;
-
- case '7': /* --ctstatus */
- conntrack_ps_statuses(info, optarg);
+ case O_CTORIGSRC:
+ info->origsrc_addr = cb->val.haddr;
+ info->origsrc_mask = cb->val.hmask;
+ info->match_flags |= XT_CONNTRACK_ORIGSRC;
+ if (cb->invert)
+ info->invert_flags |= XT_CONNTRACK_ORIGSRC;
+ break;
+ case O_CTORIGDST:
+ info->origdst_addr = cb->val.haddr;
+ info->origdst_mask = cb->val.hmask;
+ info->match_flags |= XT_CONNTRACK_ORIGDST;
+ if (cb->invert)
+ info->invert_flags |= XT_CONNTRACK_ORIGDST;
+ break;
+ case O_CTREPLSRC:
+ info->replsrc_addr = cb->val.haddr;
+ info->replsrc_mask = cb->val.hmask;
+ info->match_flags |= XT_CONNTRACK_REPLSRC;
+ if (cb->invert)
+ info->invert_flags |= XT_CONNTRACK_REPLSRC;
+ break;
+ case O_CTREPLDST:
+ info->repldst_addr = cb->val.haddr;
+ info->repldst_mask = cb->val.hmask;
+ info->match_flags |= XT_CONNTRACK_REPLDST;
+ if (cb->invert)
+ info->invert_flags |= XT_CONNTRACK_REPLDST;
+ break;
+ case O_CTSTATUS:
+ conntrack_ps_statuses(info, cb->arg);
info->match_flags |= XT_CONNTRACK_STATUS;
- if (invert)
+ if (cb->invert)
info->invert_flags |= XT_CONNTRACK_STATUS;
break;
-
- case '8': /* --ctexpire */
- conntrack_ps_expires(info, optarg);
+ case O_CTEXPIRE:
+ info->expires_min = cb->val.u32_range[0];
+ info->expires_max = cb->val.u32_range[0];
+ if (cb->nvals >= 2)
+ info->expires_max = cb->val.u32_range[1];
info->match_flags |= XT_CONNTRACK_EXPIRES;
- if (invert)
+ if (cb->invert)
info->invert_flags |= XT_CONNTRACK_EXPIRES;
break;
-
- case 'a': /* --ctorigsrcport */
- if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX))
- xtables_param_act(XTF_BAD_VALUE, "conntrack",
- "--ctorigsrcport", optarg);
+ case O_CTORIGSRCPORT:
+ info->origsrc_port = cb->val.port_range[0];
+ info->origsrc_port_high = cb->val.port_range[cb->nvals >= 2];
info->match_flags |= XT_CONNTRACK_ORIGSRC_PORT;
- info->origsrc_port = htons(port);
- if (invert)
+ if (cb->invert)
info->invert_flags |= XT_CONNTRACK_ORIGSRC_PORT;
break;
-
- case 'b': /* --ctorigdstport */
- if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX))
- xtables_param_act(XTF_BAD_VALUE, "conntrack",
- "--ctorigdstport", optarg);
+ case O_CTORIGDSTPORT:
+ info->origdst_port = cb->val.port_range[0];
+ info->origdst_port_high = cb->val.port_range[cb->nvals >= 2];
info->match_flags |= XT_CONNTRACK_ORIGDST_PORT;
- info->origdst_port = htons(port);
- if (invert)
+ if (cb->invert)
info->invert_flags |= XT_CONNTRACK_ORIGDST_PORT;
break;
-
- case 'c': /* --ctreplsrcport */
- if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX))
- xtables_param_act(XTF_BAD_VALUE, "conntrack",
- "--ctreplsrcport", optarg);
+ case O_CTREPLSRCPORT:
+ info->replsrc_port = cb->val.port_range[0];
+ info->replsrc_port_high = cb->val.port_range[cb->nvals >= 2];
info->match_flags |= XT_CONNTRACK_REPLSRC_PORT;
- info->replsrc_port = htons(port);
- if (invert)
+ if (cb->invert)
info->invert_flags |= XT_CONNTRACK_REPLSRC_PORT;
break;
-
- case 'd': /* --ctrepldstport */
- if (!xtables_strtoui(optarg, NULL, &port, 0, UINT16_MAX))
- xtables_param_act(XTF_BAD_VALUE, "conntrack",
- "--ctrepldstport", optarg);
+ case O_CTREPLDSTPORT:
+ info->repldst_port = cb->val.port_range[0];
+ info->repldst_port_high = cb->val.port_range[cb->nvals >= 2];
info->match_flags |= XT_CONNTRACK_REPLDST_PORT;
- info->repldst_port = htons(port);
- if (invert)
+ if (cb->invert)
info->invert_flags |= XT_CONNTRACK_REPLDST_PORT;
break;
-
- case 'e': /* --ctdir */
- xtables_param_act(XTF_NO_INVERT, "conntrack", "--ctdir", invert);
- if (strcasecmp(optarg, "ORIGINAL") == 0) {
+ case O_CTDIR:
+ if (strcasecmp(cb->arg, "ORIGINAL") == 0) {
info->match_flags |= XT_CONNTRACK_DIRECTION;
info->invert_flags &= ~XT_CONNTRACK_DIRECTION;
- } else if (strcasecmp(optarg, "REPLY") == 0) {
+ } else if (strcasecmp(cb->arg, "REPLY") == 0) {
info->match_flags |= XT_CONNTRACK_DIRECTION;
info->invert_flags |= XT_CONNTRACK_DIRECTION;
} else {
- xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctdir", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctdir", cb->arg);
}
break;
-
- default:
- return false;
- }
-
- *flags = info->match_flags;
- return true;
-}
-
-static int
-conntrack_mt4_parse(int c, bool invert, unsigned int *flags,
- struct xt_conntrack_mtinfo2 *info)
-{
- struct in_addr *addr = NULL;
- unsigned int naddrs = 0;
-
- switch (c) {
- case '3': /* --ctorigsrc */
- xtables_ipparse_any(optarg, &addr, &info->origsrc_mask.in,
- &naddrs);
- if (naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
- if (naddrs == 1)
- memcpy(&info->origsrc_addr.in, addr, sizeof(*addr));
- info->match_flags |= XT_CONNTRACK_ORIGSRC;
- if (invert)
- info->invert_flags |= XT_CONNTRACK_ORIGSRC;
- break;
-
- case '4': /* --ctorigdst */
- xtables_ipparse_any(optarg, &addr, &info->origdst_mask.in,
- &naddrs);
- if (naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
- if (naddrs == 1)
- memcpy(&info->origdst_addr.in, addr, sizeof(*addr));
- info->match_flags |= XT_CONNTRACK_ORIGDST;
- if (invert)
- info->invert_flags |= XT_CONNTRACK_ORIGDST;
- break;
-
- case '5': /* --ctreplsrc */
- xtables_ipparse_any(optarg, &addr, &info->replsrc_mask.in,
- &naddrs);
- if (naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
- if (naddrs == 1)
- memcpy(&info->replsrc_addr.in, addr, sizeof(*addr));
- info->match_flags |= XT_CONNTRACK_REPLSRC;
- if (invert)
- info->invert_flags |= XT_CONNTRACK_REPLSRC;
- break;
-
- case '6': /* --ctrepldst */
- xtables_ipparse_any(optarg, &addr, &info->repldst_mask.in,
- &naddrs);
- if (naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
- if (naddrs == 1)
- memcpy(&info->repldst_addr.in, addr, sizeof(*addr));
- info->match_flags |= XT_CONNTRACK_REPLDST;
- if (invert)
- info->invert_flags |= XT_CONNTRACK_REPLDST;
- break;
-
-
- default:
- return conntrack_mt_parse(c, invert, flags, info);
- }
-
- *flags = info->match_flags;
- return true;
-}
-
-static int
-conntrack_mt6_parse(int c, bool invert, unsigned int *flags,
- struct xt_conntrack_mtinfo2 *info)
-{
- struct in6_addr *addr = NULL;
- unsigned int naddrs = 0;
-
- switch (c) {
- case '3': /* --ctorigsrc */
- xtables_ip6parse_any(optarg, &addr,
- &info->origsrc_mask.in6, &naddrs);
- if (naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
- if (naddrs == 1)
- memcpy(&info->origsrc_addr.in6, addr, sizeof(*addr));
- info->match_flags |= XT_CONNTRACK_ORIGSRC;
- if (invert)
- info->invert_flags |= XT_CONNTRACK_ORIGSRC;
- break;
-
- case '4': /* --ctorigdst */
- xtables_ip6parse_any(optarg, &addr,
- &info->origdst_mask.in6, &naddrs);
- if (naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
- if (naddrs == 1)
- memcpy(&info->origdst_addr.in, addr, sizeof(*addr));
- info->match_flags |= XT_CONNTRACK_ORIGDST;
- if (invert)
- info->invert_flags |= XT_CONNTRACK_ORIGDST;
- break;
-
- case '5': /* --ctreplsrc */
- xtables_ip6parse_any(optarg, &addr,
- &info->replsrc_mask.in6, &naddrs);
- if (naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
- if (naddrs == 1)
- memcpy(&info->replsrc_addr.in, addr, sizeof(*addr));
- info->match_flags |= XT_CONNTRACK_REPLSRC;
- if (invert)
- info->invert_flags |= XT_CONNTRACK_REPLSRC;
- break;
-
- case '6': /* --ctrepldst */
- xtables_ip6parse_any(optarg, &addr,
- &info->repldst_mask.in6, &naddrs);
- if (naddrs > 1)
- xtables_error(PARAMETER_PROBLEM,
- "multiple IP addresses not allowed");
- if (naddrs == 1)
- memcpy(&info->repldst_addr.in, addr, sizeof(*addr));
- info->match_flags |= XT_CONNTRACK_REPLDST;
- if (invert)
- info->invert_flags |= XT_CONNTRACK_REPLDST;
- break;
-
-
- default:
- return conntrack_mt_parse(c, invert, flags, info);
}
-
- *flags = info->match_flags;
- return true;
}
#define cinfo_transform(r, l) \
@@ -720,51 +512,64 @@ conntrack_mt6_parse(int c, bool invert, unsigned int *flags,
(r)->status_mask = (l)->status_mask; \
} while (false);
-static int
-conntrack1_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void conntrack1_mt_parse(struct xt_option_call *cb)
{
- struct xt_conntrack_mtinfo1 *info = (void *)(*match)->data;
- struct xt_conntrack_mtinfo2 up;
+ struct xt_conntrack_mtinfo1 *info = cb->data;
+ struct xt_conntrack_mtinfo3 up;
+ memset(&up, 0, sizeof(up));
cinfo_transform(&up, info);
- if (!conntrack_mt4_parse(c, invert, flags, &up))
- return false;
- cinfo_transform(info, &up);
- return true;
-}
-
-static int
-conntrack1_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct xt_conntrack_mtinfo1 *info = (void *)(*match)->data;
- struct xt_conntrack_mtinfo2 up;
-
- cinfo_transform(&up, info);
- if (!conntrack_mt6_parse(c, invert, flags, &up))
- return false;
+ up.origsrc_port_high = up.origsrc_port;
+ up.origdst_port_high = up.origdst_port;
+ up.replsrc_port_high = up.replsrc_port;
+ up.repldst_port_high = up.repldst_port;
+ cb->data = &up;
+ conntrack_mt_parse(cb, 3);
+ if (up.origsrc_port != up.origsrc_port_high ||
+ up.origdst_port != up.origdst_port_high ||
+ up.replsrc_port != up.replsrc_port_high ||
+ up.repldst_port != up.repldst_port_high)
+ xtables_error(PARAMETER_PROBLEM,
+ "conntrack rev 1 does not support port ranges");
cinfo_transform(info, &up);
- return true;
+ cb->data = info;
}
-static int
-conntrack2_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void conntrack2_mt_parse(struct xt_option_call *cb)
{
- return conntrack_mt4_parse(c, invert, flags, (void *)(*match)->data);
+#define cinfo2_transform(r, l) \
+ memcpy((r), (l), offsetof(typeof(*(l)), sizeof(*info));
+
+ struct xt_conntrack_mtinfo2 *info = cb->data;
+ struct xt_conntrack_mtinfo3 up;
+
+ memset(&up, 0, sizeof(up));
+ memcpy(&up, info, sizeof(*info));
+ up.origsrc_port_high = up.origsrc_port;
+ up.origdst_port_high = up.origdst_port;
+ up.replsrc_port_high = up.replsrc_port;
+ up.repldst_port_high = up.repldst_port;
+ cb->data = &up;
+ conntrack_mt_parse(cb, 3);
+ if (up.origsrc_port != up.origsrc_port_high ||
+ up.origdst_port != up.origdst_port_high ||
+ up.replsrc_port != up.replsrc_port_high ||
+ up.repldst_port != up.repldst_port_high)
+ xtables_error(PARAMETER_PROBLEM,
+ "conntrack rev 2 does not support port ranges");
+ memcpy(info, &up, sizeof(*info));
+ cb->data = info;
+#undef cinfo2_transform
}
-static int
-conntrack2_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void conntrack3_mt_parse(struct xt_option_call *cb)
{
- return conntrack_mt6_parse(c, invert, flags, (void *)(*match)->data);
+ conntrack_mt_parse(cb, 3);
}
-static void conntrack_mt_check(unsigned int flags)
+static void conntrack_mt_check(struct xt_fcheck_call *cb)
{
- if (flags == 0)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM, "conntrack: At least one option "
"is required");
}
@@ -772,7 +577,7 @@ static void conntrack_mt_check(unsigned int flags)
static void
print_state(unsigned int statemask)
{
- const char *sep = "";
+ const char *sep = " ";
if (statemask & XT_CONNTRACK_STATE_INVALID) {
printf("%sINVALID", sep);
@@ -802,13 +607,12 @@ print_state(unsigned int statemask)
printf("%sDNAT", sep);
sep = ",";
}
- printf(" ");
}
static void
print_status(unsigned int statusmask)
{
- const char *sep = "";
+ const char *sep = " ";
if (statusmask & IPS_EXPECTED) {
printf("%sEXPECTED", sep);
@@ -828,7 +632,6 @@ print_status(unsigned int statusmask)
}
if (statusmask == 0)
printf("%sNONE", sep);
- printf(" ");
}
static void
@@ -838,29 +641,29 @@ conntrack_dump_addr(const union nf_inet_addr *addr,
{
if (family == NFPROTO_IPV4) {
if (!numeric && addr->ip == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
- printf("%s%s ",
+ printf(" %s%s",
xtables_ipaddr_to_numeric(&addr->in),
xtables_ipmask_to_numeric(&mask->in));
else
- printf("%s%s ",
+ printf(" %s%s",
xtables_ipaddr_to_anyname(&addr->in),
xtables_ipmask_to_numeric(&mask->in));
} else if (family == NFPROTO_IPV6) {
if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
addr->ip6[2] == 0 && addr->ip6[3] == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
- printf("%s%s ",
+ printf(" %s%s",
xtables_ip6addr_to_numeric(&addr->in6),
xtables_ip6mask_to_numeric(&mask->in6));
else
- printf("%s%s ",
+ printf(" %s%s",
xtables_ip6addr_to_anyname(&addr->in6),
xtables_ip6mask_to_numeric(&mask->in6));
}
@@ -873,17 +676,17 @@ print_addr(const struct in_addr *addr, const struct in_addr *mask,
char buf[BUFSIZ];
if (inv)
- printf("! ");
+ printf(" !");
if (mask->s_addr == 0L && !numeric)
- printf("%s ", "anywhere");
+ printf(" %s", "anywhere");
else {
if (numeric)
strcpy(buf, xtables_ipaddr_to_numeric(addr));
else
strcpy(buf, xtables_ipaddr_to_anyname(addr));
strcat(buf, xtables_ipmask_to_numeric(mask));
- printf("%s ", buf);
+ printf(" %s", buf);
}
}
@@ -894,22 +697,22 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_STATE) {
if (sinfo->invflags & XT_CONNTRACK_STATE)
- printf("! ");
- printf("%sctstate ", optpfx);
+ printf(" !");
+ printf(" %sctstate", optpfx);
print_state(sinfo->statemask);
}
if(sinfo->flags & XT_CONNTRACK_PROTO) {
if (sinfo->invflags & XT_CONNTRACK_PROTO)
- printf("! ");
- printf("%sctproto ", optpfx);
- printf("%u ", sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum);
+ printf(" !");
+ printf(" %sctproto", optpfx);
+ printf(" %u", sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum);
}
if(sinfo->flags & XT_CONNTRACK_ORIGSRC) {
if (sinfo->invflags & XT_CONNTRACK_ORIGSRC)
- printf("! ");
- printf("%sctorigsrc ", optpfx);
+ printf(" !");
+ printf(" %sctorigsrc", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip,
@@ -920,8 +723,8 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_ORIGDST) {
if (sinfo->invflags & XT_CONNTRACK_ORIGDST)
- printf("! ");
- printf("%sctorigdst ", optpfx);
+ printf(" !");
+ printf(" %sctorigdst", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip,
@@ -932,8 +735,8 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_REPLSRC) {
if (sinfo->invflags & XT_CONNTRACK_REPLSRC)
- printf("! ");
- printf("%sctreplsrc ", optpfx);
+ printf(" !");
+ printf(" %sctreplsrc", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_REPLY].src.ip,
@@ -944,8 +747,8 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_REPLDST) {
if (sinfo->invflags & XT_CONNTRACK_REPLDST)
- printf("! ");
- printf("%sctrepldst ", optpfx);
+ printf(" !");
+ printf(" %sctrepldst", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_REPLY].dst.ip,
@@ -956,135 +759,160 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_STATUS) {
if (sinfo->invflags & XT_CONNTRACK_STATUS)
- printf("! ");
- printf("%sctstatus ", optpfx);
+ printf(" !");
+ printf(" %sctstatus", optpfx);
print_status(sinfo->statusmask);
}
if(sinfo->flags & XT_CONNTRACK_EXPIRES) {
if (sinfo->invflags & XT_CONNTRACK_EXPIRES)
- printf("! ");
- printf("%sctexpire ", optpfx);
+ printf(" !");
+ printf(" %sctexpire ", optpfx);
if (sinfo->expires_max == sinfo->expires_min)
- printf("%lu ", sinfo->expires_min);
+ printf("%lu", sinfo->expires_min);
else
- printf("%lu:%lu ", sinfo->expires_min, sinfo->expires_max);
+ printf("%lu:%lu", sinfo->expires_min, sinfo->expires_max);
}
if (sinfo->flags & XT_CONNTRACK_DIRECTION) {
if (sinfo->invflags & XT_CONNTRACK_DIRECTION)
- printf("%sctdir REPLY", optpfx);
+ printf(" %sctdir REPLY", optpfx);
else
- printf("%sctdir ORIGINAL", optpfx);
+ printf(" %sctdir ORIGINAL", optpfx);
}
}
static void
-conntrack_dump(const struct xt_conntrack_mtinfo2 *info, const char *prefix,
- unsigned int family, bool numeric)
+conntrack_dump_ports(const char *prefix, const char *opt,
+ u_int16_t port_low, u_int16_t port_high)
+{
+ if (port_high == 0 || port_low == port_high)
+ printf(" %s%s %u", prefix, opt, port_low);
+ else
+ printf(" %s%s %u:%u", prefix, opt, port_low, port_high);
+}
+
+static void
+conntrack_dump(const struct xt_conntrack_mtinfo3 *info, const char *prefix,
+ unsigned int family, bool numeric, bool v3)
{
if (info->match_flags & XT_CONNTRACK_STATE) {
if (info->invert_flags & XT_CONNTRACK_STATE)
- printf("! ");
- printf("%sctstate ", prefix);
+ printf(" !");
+ printf(" %s%s", prefix,
+ info->match_flags & XT_CONNTRACK_STATE_ALIAS
+ ? "state" : "ctstate");
print_state(info->state_mask);
}
if (info->match_flags & XT_CONNTRACK_PROTO) {
if (info->invert_flags & XT_CONNTRACK_PROTO)
- printf("! ");
- printf("%sctproto %u ", prefix, info->l4proto);
+ printf(" !");
+ printf(" %sctproto %u", prefix, info->l4proto);
}
if (info->match_flags & XT_CONNTRACK_ORIGSRC) {
if (info->invert_flags & XT_CONNTRACK_ORIGSRC)
- printf("! ");
- printf("%sctorigsrc ", prefix);
+ printf(" !");
+ printf(" %sctorigsrc", prefix);
conntrack_dump_addr(&info->origsrc_addr, &info->origsrc_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_ORIGDST) {
if (info->invert_flags & XT_CONNTRACK_ORIGDST)
- printf("! ");
- printf("%sctorigdst ", prefix);
+ printf(" !");
+ printf(" %sctorigdst", prefix);
conntrack_dump_addr(&info->origdst_addr, &info->origdst_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_REPLSRC) {
if (info->invert_flags & XT_CONNTRACK_REPLSRC)
- printf("! ");
- printf("%sctreplsrc ", prefix);
+ printf(" !");
+ printf(" %sctreplsrc", prefix);
conntrack_dump_addr(&info->replsrc_addr, &info->replsrc_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_REPLDST) {
if (info->invert_flags & XT_CONNTRACK_REPLDST)
- printf("! ");
- printf("%sctrepldst ", prefix);
+ printf(" !");
+ printf(" %sctrepldst", prefix);
conntrack_dump_addr(&info->repldst_addr, &info->repldst_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_ORIGSRC_PORT) {
if (info->invert_flags & XT_CONNTRACK_ORIGSRC_PORT)
- printf("! ");
- printf("%sctorigsrcport %u ", prefix,
- ntohs(info->origsrc_port));
+ printf(" !");
+ conntrack_dump_ports(prefix, "ctorigsrcport",
+ v3 ? info->origsrc_port : ntohs(info->origsrc_port),
+ v3 ? info->origsrc_port_high : 0);
}
if (info->match_flags & XT_CONNTRACK_ORIGDST_PORT) {
if (info->invert_flags & XT_CONNTRACK_ORIGDST_PORT)
- printf("! ");
- printf("%sctorigdstport %u ", prefix,
- ntohs(info->origdst_port));
+ printf(" !");
+ conntrack_dump_ports(prefix, "ctorigdstport",
+ v3 ? info->origdst_port : ntohs(info->origdst_port),
+ v3 ? info->origdst_port_high : 0);
}
if (info->match_flags & XT_CONNTRACK_REPLSRC_PORT) {
if (info->invert_flags & XT_CONNTRACK_REPLSRC_PORT)
- printf("! ");
- printf("%sctreplsrcport %u ", prefix,
- ntohs(info->replsrc_port));
+ printf(" !");
+ conntrack_dump_ports(prefix, "ctreplsrcport",
+ v3 ? info->replsrc_port : ntohs(info->replsrc_port),
+ v3 ? info->replsrc_port_high : 0);
}
if (info->match_flags & XT_CONNTRACK_REPLDST_PORT) {
if (info->invert_flags & XT_CONNTRACK_REPLDST_PORT)
- printf("! ");
- printf("%sctrepldstport %u ", prefix,
- ntohs(info->repldst_port));
+ printf(" !");
+ conntrack_dump_ports(prefix, "ctrepldstport",
+ v3 ? info->repldst_port : ntohs(info->repldst_port),
+ v3 ? info->repldst_port_high : 0);
}
if (info->match_flags & XT_CONNTRACK_STATUS) {
if (info->invert_flags & XT_CONNTRACK_STATUS)
- printf("! ");
- printf("%sctstatus ", prefix);
+ printf(" !");
+ printf(" %sctstatus", prefix);
print_status(info->status_mask);
}
if (info->match_flags & XT_CONNTRACK_EXPIRES) {
if (info->invert_flags & XT_CONNTRACK_EXPIRES)
- printf("! ");
- printf("%sctexpire ", prefix);
+ printf(" !");
+ printf(" %sctexpire ", prefix);
if (info->expires_max == info->expires_min)
- printf("%u ", (unsigned int)info->expires_min);
+ printf("%u", (unsigned int)info->expires_min);
else
- printf("%u:%u ", (unsigned int)info->expires_min,
+ printf("%u:%u", (unsigned int)info->expires_min,
(unsigned int)info->expires_max);
}
if (info->match_flags & XT_CONNTRACK_DIRECTION) {
if (info->invert_flags & XT_CONNTRACK_DIRECTION)
- printf("%sctdir REPLY", prefix);
+ printf(" %sctdir REPLY", prefix);
else
- printf("%sctdir ORIGINAL", prefix);
+ printf(" %sctdir ORIGINAL", prefix);
}
}
+static const char *
+conntrack_print_name_alias(const struct xt_entry_match *match)
+{
+ struct xt_conntrack_mtinfo1 *info = (void *)match->data;
+
+ return info->match_flags & XT_CONNTRACK_STATE_ALIAS
+ ? "state" : "conntrack";
+}
+
static void conntrack_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
@@ -1096,10 +924,10 @@ conntrack1_mt4_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
const struct xt_conntrack_mtinfo1 *info = (void *)match->data;
- struct xt_conntrack_mtinfo2 up;
+ struct xt_conntrack_mtinfo3 up;
cinfo_transform(&up, info);
- conntrack_dump(&up, "", NFPROTO_IPV4, numeric);
+ conntrack_dump(&up, "", NFPROTO_IPV4, numeric, false);
}
static void
@@ -1107,24 +935,38 @@ conntrack1_mt6_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
const struct xt_conntrack_mtinfo1 *info = (void *)match->data;
- struct xt_conntrack_mtinfo2 up;
+ struct xt_conntrack_mtinfo3 up;
cinfo_transform(&up, info);
- conntrack_dump(&up, "", NFPROTO_IPV6, numeric);
+ conntrack_dump(&up, "", NFPROTO_IPV6, numeric, false);
}
static void
-conntrack_mt_print(const void *ip, const struct xt_entry_match *match,
- int numeric)
+conntrack2_mt_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
{
- conntrack_dump((const void *)match->data, "", NFPROTO_IPV4, numeric);
+ conntrack_dump((const void *)match->data, "", NFPROTO_IPV4, numeric, false);
}
static void
-conntrack_mt6_print(const void *ip, const struct xt_entry_match *match,
+conntrack2_mt6_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ conntrack_dump((const void *)match->data, "", NFPROTO_IPV6, numeric, false);
+}
+
+static void
+conntrack3_mt_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
- conntrack_dump((const void *)match->data, "", NFPROTO_IPV6, numeric);
+ conntrack_dump((const void *)match->data, "", NFPROTO_IPV4, numeric, true);
+}
+
+static void
+conntrack3_mt6_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ conntrack_dump((const void *)match->data, "", NFPROTO_IPV6, numeric, true);
}
static void conntrack_save(const void *ip, const struct xt_entry_match *match)
@@ -1132,36 +974,186 @@ static void conntrack_save(const void *ip, const struct xt_entry_match *match)
matchinfo_print(ip, match, 1, "--");
}
-static void conntrack_mt_save(const void *ip,
- const struct xt_entry_match *match)
+static void conntrack3_mt_save(const void *ip,
+ const struct xt_entry_match *match)
+{
+ conntrack_dump((const void *)match->data, "--", NFPROTO_IPV4, true, true);
+}
+
+static void conntrack3_mt6_save(const void *ip,
+ const struct xt_entry_match *match)
{
- conntrack_dump((const void *)match->data, "--", NFPROTO_IPV4, true);
+ conntrack_dump((const void *)match->data, "--", NFPROTO_IPV6, true, true);
}
-static void conntrack_mt6_save(const void *ip,
+static void conntrack2_mt_save(const void *ip,
const struct xt_entry_match *match)
{
- conntrack_dump((const void *)match->data, "--", NFPROTO_IPV6, true);
+ conntrack_dump((const void *)match->data, "--", NFPROTO_IPV4, true, false);
+}
+
+static void conntrack2_mt6_save(const void *ip,
+ const struct xt_entry_match *match)
+{
+ conntrack_dump((const void *)match->data, "--", NFPROTO_IPV6, true, false);
}
static void
conntrack1_mt4_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_conntrack_mtinfo1 *info = (void *)match->data;
- struct xt_conntrack_mtinfo2 up;
+ struct xt_conntrack_mtinfo3 up;
cinfo_transform(&up, info);
- conntrack_dump(&up, "--", NFPROTO_IPV4, true);
+ conntrack_dump(&up, "--", NFPROTO_IPV4, true, false);
}
static void
conntrack1_mt6_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_conntrack_mtinfo1 *info = (void *)match->data;
- struct xt_conntrack_mtinfo2 up;
+ struct xt_conntrack_mtinfo3 up;
cinfo_transform(&up, info);
- conntrack_dump(&up, "--", NFPROTO_IPV6, true);
+ conntrack_dump(&up, "--", NFPROTO_IPV6, true, false);
+}
+
+static void
+state_help(void)
+{
+ printf(
+"state match options:\n"
+" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n"
+" State(s) to match\n");
+}
+
+static const struct xt_option_entry state_opts[] = {
+ {.name = "state", .id = O_CTSTATE, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ XTOPT_TABLEEND,
+};
+
+static unsigned int
+state_parse_state(const char *state, size_t len)
+{
+ if (strncasecmp(state, "INVALID", len) == 0)
+ return XT_CONNTRACK_STATE_INVALID;
+ else if (strncasecmp(state, "NEW", len) == 0)
+ return XT_CONNTRACK_STATE_BIT(IP_CT_NEW);
+ else if (strncasecmp(state, "ESTABLISHED", len) == 0)
+ return XT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED);
+ else if (strncasecmp(state, "RELATED", len) == 0)
+ return XT_CONNTRACK_STATE_BIT(IP_CT_RELATED);
+ else if (strncasecmp(state, "UNTRACKED", len) == 0)
+ return XT_CONNTRACK_STATE_UNTRACKED;
+ return 0;
+}
+
+static unsigned int
+state_parse_states(const char *arg)
+{
+ const char *comma;
+ unsigned int mask = 0, flag;
+
+ while ((comma = strchr(arg, ',')) != NULL) {
+ if (comma == arg)
+ goto badstate;
+ flag = state_parse_state(arg, comma-arg);
+ if (flag == 0)
+ goto badstate;
+ mask |= flag;
+ arg = comma+1;
+ }
+ if (!*arg)
+ xtables_error(PARAMETER_PROBLEM, "\"--state\" requires a list of "
+ "states with no spaces, e.g. "
+ "ESTABLISHED,RELATED");
+ if (strlen(arg) == 0)
+ goto badstate;
+ flag = state_parse_state(arg, strlen(arg));
+ if (flag == 0)
+ goto badstate;
+ mask |= flag;
+ return mask;
+ badstate:
+ xtables_error(PARAMETER_PROBLEM, "Bad state \"%s\"", arg);
+}
+
+static void state_parse(struct xt_option_call *cb)
+{
+ struct xt_state_info *sinfo = cb->data;
+
+ xtables_option_parse(cb);
+ sinfo->statemask = state_parse_states(cb->arg);
+ if (cb->invert)
+ sinfo->statemask = ~sinfo->statemask;
+}
+
+static void state_ct1_parse(struct xt_option_call *cb)
+{
+ struct xt_conntrack_mtinfo1 *sinfo = cb->data;
+
+ xtables_option_parse(cb);
+ sinfo->match_flags = XT_CONNTRACK_STATE | XT_CONNTRACK_STATE_ALIAS;
+ sinfo->state_mask = state_parse_states(cb->arg);
+ if (cb->invert)
+ sinfo->invert_flags |= XT_CONNTRACK_STATE;
+}
+
+static void state_ct23_parse(struct xt_option_call *cb)
+{
+ struct xt_conntrack_mtinfo3 *sinfo = cb->data;
+
+ xtables_option_parse(cb);
+ sinfo->match_flags = XT_CONNTRACK_STATE | XT_CONNTRACK_STATE_ALIAS;
+ sinfo->state_mask = state_parse_states(cb->arg);
+ if (cb->invert)
+ sinfo->invert_flags |= XT_CONNTRACK_STATE;
+}
+
+static void state_print_state(unsigned int statemask)
+{
+ const char *sep = "";
+
+ if (statemask & XT_CONNTRACK_STATE_INVALID) {
+ printf("%sINVALID", sep);
+ sep = ",";
+ }
+ if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_NEW)) {
+ printf("%sNEW", sep);
+ sep = ",";
+ }
+ if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_RELATED)) {
+ printf("%sRELATED", sep);
+ sep = ",";
+ }
+ if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED)) {
+ printf("%sESTABLISHED", sep);
+ sep = ",";
+ }
+ if (statemask & XT_CONNTRACK_STATE_UNTRACKED) {
+ printf("%sUNTRACKED", sep);
+ sep = ",";
+ }
+}
+
+static void
+state_print(const void *ip,
+ const struct xt_entry_match *match,
+ int numeric)
+{
+ const struct xt_state_info *sinfo = (const void *)match->data;
+
+ printf(" state ");
+ state_print_state(sinfo->statemask);
+}
+
+static void state_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_state_info *sinfo = (const void *)match->data;
+
+ printf(" --state ");
+ state_print_state(sinfo->statemask);
}
static struct xtables_match conntrack_mt_reg[] = {
@@ -1173,11 +1165,12 @@ static struct xtables_match conntrack_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_conntrack_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_info)),
.help = conntrack_mt_help,
- .parse = conntrack_parse,
- .final_check = conntrack_mt_check,
+ .x6_parse = conntrack_parse,
+ .x6_fcheck = conntrack_mt_check,
.print = conntrack_print,
.save = conntrack_save,
- .extra_opts = conntrack_mt_opts_v0,
+ .alias = conntrack_print_name_alias,
+ .x6_options = conntrack_mt_opts_v0,
},
{
.version = XTABLES_VERSION,
@@ -1187,11 +1180,12 @@ static struct xtables_match conntrack_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
.help = conntrack_mt_help,
- .parse = conntrack1_mt4_parse,
- .final_check = conntrack_mt_check,
+ .x6_parse = conntrack1_mt_parse,
+ .x6_fcheck = conntrack_mt_check,
.print = conntrack1_mt4_print,
.save = conntrack1_mt4_save,
- .extra_opts = conntrack_mt_opts,
+ .alias = conntrack_print_name_alias,
+ .x6_options = conntrack2_mt_opts,
},
{
.version = XTABLES_VERSION,
@@ -1201,11 +1195,12 @@ static struct xtables_match conntrack_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
.help = conntrack_mt_help,
- .parse = conntrack1_mt6_parse,
- .final_check = conntrack_mt_check,
+ .x6_parse = conntrack1_mt_parse,
+ .x6_fcheck = conntrack_mt_check,
.print = conntrack1_mt6_print,
.save = conntrack1_mt6_save,
- .extra_opts = conntrack_mt_opts,
+ .alias = conntrack_print_name_alias,
+ .x6_options = conntrack2_mt_opts,
},
{
.version = XTABLES_VERSION,
@@ -1215,11 +1210,12 @@ static struct xtables_match conntrack_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo2)),
.userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo2)),
.help = conntrack_mt_help,
- .parse = conntrack2_mt4_parse,
- .final_check = conntrack_mt_check,
- .print = conntrack_mt_print,
- .save = conntrack_mt_save,
- .extra_opts = conntrack_mt_opts,
+ .x6_parse = conntrack2_mt_parse,
+ .x6_fcheck = conntrack_mt_check,
+ .print = conntrack2_mt_print,
+ .save = conntrack2_mt_save,
+ .alias = conntrack_print_name_alias,
+ .x6_options = conntrack2_mt_opts,
},
{
.version = XTABLES_VERSION,
@@ -1229,11 +1225,100 @@ static struct xtables_match conntrack_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo2)),
.userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo2)),
.help = conntrack_mt_help,
- .parse = conntrack2_mt6_parse,
- .final_check = conntrack_mt_check,
- .print = conntrack_mt6_print,
- .save = conntrack_mt6_save,
- .extra_opts = conntrack_mt_opts,
+ .x6_parse = conntrack2_mt_parse,
+ .x6_fcheck = conntrack_mt_check,
+ .print = conntrack2_mt6_print,
+ .save = conntrack2_mt6_save,
+ .alias = conntrack_print_name_alias,
+ .x6_options = conntrack2_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "conntrack",
+ .revision = 3,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo3)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo3)),
+ .help = conntrack_mt_help,
+ .x6_parse = conntrack3_mt_parse,
+ .x6_fcheck = conntrack_mt_check,
+ .print = conntrack3_mt_print,
+ .save = conntrack3_mt_save,
+ .alias = conntrack_print_name_alias,
+ .x6_options = conntrack3_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "conntrack",
+ .revision = 3,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo3)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo3)),
+ .help = conntrack_mt_help,
+ .x6_parse = conntrack3_mt_parse,
+ .x6_fcheck = conntrack_mt_check,
+ .print = conntrack3_mt6_print,
+ .save = conntrack3_mt6_save,
+ .alias = conntrack_print_name_alias,
+ .x6_options = conntrack3_mt_opts,
+ },
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "state",
+ .real_name = "conntrack",
+ .revision = 1,
+ .ext_flags = XTABLES_EXT_ALIAS,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
+ .help = state_help,
+ .print = state_print,
+ .save = state_save,
+ .x6_parse = state_ct1_parse,
+ .x6_options = state_opts,
+ },
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "state",
+ .real_name = "conntrack",
+ .revision = 2,
+ .ext_flags = XTABLES_EXT_ALIAS,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo2)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo2)),
+ .help = state_help,
+ .print = state_print,
+ .save = state_save,
+ .x6_parse = state_ct23_parse,
+ .x6_options = state_opts,
+ },
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "state",
+ .real_name = "conntrack",
+ .revision = 3,
+ .ext_flags = XTABLES_EXT_ALIAS,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo3)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo3)),
+ .help = state_help,
+ .print = state_print,
+ .save = state_save,
+ .x6_parse = state_ct23_parse,
+ .x6_options = state_opts,
+ },
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "state",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_state_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_state_info)),
+ .help = state_help,
+ .print = state_print,
+ .save = state_save,
+ .x6_parse = state_parse,
+ .x6_options = state_opts,
},
};
diff --git a/extensions/libxt_conntrack.man b/extensions/libxt_conntrack.man
index ec51ef5..4b13f0f 100644
--- a/extensions/libxt_conntrack.man
+++ b/extensions/libxt_conntrack.man
@@ -1,36 +1,37 @@
This module, when combined with connection tracking, allows access to the
connection tracking state for this packet/connection.
.TP
-[\fB!\fR] \fB\-\-ctstate\fP \fIstatelist\fP
-\fIstatelist\fR is a comma separated list of the connection states to match.
+[\fB!\fP] \fB\-\-ctstate\fP \fIstatelist\fP
+\fIstatelist\fP is a comma separated list of the connection states to match.
Possible states are listed below.
.TP
-[\fB!\fR] \fB\-\-ctproto\fP \fIl4proto\fP
+[\fB!\fP] \fB\-\-ctproto\fP \fIl4proto\fP
Layer-4 protocol to match (by number or name)
.TP
-[\fB!\fR] \fB\-\-ctorigsrc\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+[\fB!\fP] \fB\-\-ctorigsrc\fP \fIaddress\fP[\fB/\fP\fImask\fP]
.TP
-[\fB!\fR] \fB\-\-ctorigdst\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+[\fB!\fP] \fB\-\-ctorigdst\fP \fIaddress\fP[\fB/\fP\fImask\fP]
.TP
-[\fB!\fR] \fB\-\-ctreplsrc\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+[\fB!\fP] \fB\-\-ctreplsrc\fP \fIaddress\fP[\fB/\fP\fImask\fP]
.TP
-[\fB!\fR] \fB\-\-ctrepldst\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+[\fB!\fP] \fB\-\-ctrepldst\fP \fIaddress\fP[\fB/\fP\fImask\fP]
Match against original/reply source/destination address
.TP
-[\fB!\fR] \fB\-\-ctorigsrcport\fP \fIport\fP
+[\fB!\fP] \fB\-\-ctorigsrcport\fP \fIport\fP[\fB:\fP\fIport\fP]
.TP
-[\fB!\fR] \fB\-\-ctorigdstport\fP \fIport\fP
+[\fB!\fP] \fB\-\-ctorigdstport\fP \fIport\fP[\fB:\fP\fIport\fP]
.TP
-[\fB!\fR] \fB\-\-ctreplsrcport\fP \fIport\fP
+[\fB!\fP] \fB\-\-ctreplsrcport\fP \fIport\fP[\fB:\fP\fIport\fP]
.TP
-[\fB!\fR] \fB\-\-ctrepldstport\fP \fIport\fP
+[\fB!\fP] \fB\-\-ctrepldstport\fP \fIport\fP[\fB:\fP\fIport\fP]
Match against original/reply source/destination port (TCP/UDP/etc.) or GRE key.
+Matching against port ranges is only supported in kernel versions above 2.6.38.
.TP
-[\fB!\fR] \fB\-\-ctstatus\fP \fIstatelist\fP
-\fIstatuslist\fR is a comma separated list of the connection statuses to match.
+[\fB!\fP] \fB\-\-ctstatus\fP \fIstatelist\fP
+\fIstatuslist\fP is a comma separated list of the connection statuses to match.
Possible statuses are listed below.
.TP
-[\fB!\fR] \fB\-\-ctexpire\fP \fItime\fP[\fB:\fP\fItime\fP]
+[\fB!\fP] \fB\-\-ctexpire\fP \fItime\fP[\fB:\fP\fItime\fP]
Match remaining lifetime in seconds against given value or range of values
(inclusive)
.TP
@@ -40,46 +41,46 @@ specified at all, matches packets in both directions.
.PP
States for \fB\-\-ctstate\fP:
.TP
-\fBINVALID\fR
-meaning that the packet is associated with no known connection
+\fBINVALID\fP
+The packet is associated with no known connection.
.TP
-\fBNEW\fR
-meaning that the packet has started a new connection, or otherwise associated
-with a connection which has not seen packets in both directions, and
+\fBNEW\fP
+The packet has started a new connection or otherwise associated
+with a connection which has not seen packets in both directions.
.TP
-\fBESTABLISHED\fR
-meaning that the packet is associated with a connection which has seen packets
-in both directions,
+\fBESTABLISHED\fP
+The packet is associated with a connection which has seen packets
+in both directions.
.TP
-\fBRELATED\fR
-meaning that the packet is starting a new connection, but is associated with an
-existing connection, such as an FTP data transfer, or an ICMP error.
+\fBRELATED\fP
+The packet is starting a new connection, but is associated with an
+existing connection, such as an FTP data transfer or an ICMP error.
.TP
-\fBUNTRACKED\fR
-meaning that the packet is not tracked at all, which happens if you use
-the NOTRACK target in raw table.
+\fBUNTRACKED\fP
+The packet is not tracked at all, which happens if you explicitly untrack it
+by using \-j CT \-\-notrack in the raw table.
.TP
-\fBSNAT\fR
+\fBSNAT\fP
A virtual state, matching if the original source address differs from the reply
destination.
.TP
-\fBDNAT\fR
+\fBDNAT\fP
A virtual state, matching if the original destination differs from the reply
source.
.PP
Statuses for \fB\-\-ctstatus\fP:
.TP
-\fBNONE\fR
+\fBNONE\fP
None of the below.
.TP
-\fBEXPECTED\fR
-This is an expected connection (i.e. a conntrack helper set it up)
+\fBEXPECTED\fP
+This is an expected connection (i.e. a conntrack helper set it up).
.TP
-\fBSEEN_REPLY\fR
+\fBSEEN_REPLY\fP
Conntrack has seen packets in both directions.
.TP
-\fBASSURED\fR
+\fBASSURED\fP
Conntrack entry should never be early-expired.
.TP
-\fBCONFIRMED\fR
+\fBCONFIRMED\fP
Connection is confirmed: originating packet has left box.
diff --git a/extensions/libxt_cpu.c b/extensions/libxt_cpu.c
new file mode 100644
index 0000000..404a6a6
--- /dev/null
+++ b/extensions/libxt_cpu.c
@@ -0,0 +1,63 @@
+#include <stdio.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_cpu.h>
+
+enum {
+ O_CPU = 0,
+};
+
+static void cpu_help(void)
+{
+ printf(
+"cpu match options:\n"
+"[!] --cpu number Match CPU number\n");
+}
+
+static const struct xt_option_entry cpu_opts[] = {
+ {.name = "cpu", .id = O_CPU, .type = XTTYPE_UINT32,
+ .flags = XTOPT_INVERT | XTOPT_MAND | XTOPT_PUT,
+ XTOPT_POINTER(struct xt_cpu_info, cpu)},
+ XTOPT_TABLEEND,
+};
+
+static void cpu_parse(struct xt_option_call *cb)
+{
+ struct xt_cpu_info *cpuinfo = cb->data;
+
+ xtables_option_parse(cb);
+ if (cb->invert)
+ cpuinfo->invert = true;
+}
+
+static void
+cpu_print(const void *ip, const struct xt_entry_match *match, int numeric)
+{
+ const struct xt_cpu_info *info = (void *)match->data;
+
+ printf(" cpu %s%u", info->invert ? "! ":"", info->cpu);
+}
+
+static void cpu_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_cpu_info *info = (void *)match->data;
+
+ printf("%s --cpu %u", info->invert ? " !" : "", info->cpu);
+}
+
+static struct xtables_match cpu_match = {
+ .family = NFPROTO_UNSPEC,
+ .name = "cpu",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_cpu_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_cpu_info)),
+ .help = cpu_help,
+ .print = cpu_print,
+ .save = cpu_save,
+ .x6_parse = cpu_parse,
+ .x6_options = cpu_opts,
+};
+
+void _init(void)
+{
+ xtables_register_match(&cpu_match);
+}
diff --git a/extensions/libxt_cpu.man b/extensions/libxt_cpu.man
new file mode 100644
index 0000000..d9ea5c2
--- /dev/null
+++ b/extensions/libxt_cpu.man
@@ -0,0 +1,15 @@
+.TP
+[\fB!\fP] \fB\-\-cpu\fP \fInumber\fP
+Match cpu handling this packet. cpus are numbered from 0 to NR_CPUS-1
+Can be used in combination with RPS (Remote Packet Steering) or
+multiqueue NICs to spread network traffic on different queues.
+.PP
+Example:
+.PP
+iptables \-t nat \-A PREROUTING \-p tcp \-\-dport 80 \-m cpu \-\-cpu 0
+\-j REDIRECT \-\-to\-port 8080
+.PP
+iptables \-t nat \-A PREROUTING \-p tcp \-\-dport 80 \-m cpu \-\-cpu 1
+\-j REDIRECT \-\-to\-port 8081
+.PP
+Available since Linux 2.6.36.
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index 8d0b13a..a35cabb 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -5,14 +5,12 @@
* This program is distributed under the terms of GNU GPL v2, 1991
*
*/
+#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <netdb.h>
-#include <ctype.h>
-
-#include <netinet/in.h>
+#include <arpa/inet.h>
#include <xtables.h>
#include <linux/dccp.h>
#include <linux/netfilter/x_tables.h>
@@ -25,12 +23,12 @@
#define DEBUGP(format, fist...)
#endif
-static void dccp_init(struct xt_entry_match *m)
-{
- struct xt_dccp_info *einfo = (struct xt_dccp_info *)m->data;
-
- memset(einfo, 0, sizeof(struct xt_dccp_info));
-}
+enum {
+ O_SOURCE_PORT = 0,
+ O_DEST_PORT,
+ O_DCCP_TYPES,
+ O_DCCP_OPTION,
+};
static void dccp_help(void)
{
@@ -39,44 +37,30 @@ static void dccp_help(void)
"[!] --source-port port[:port] match source port(s)\n"
" --sport ...\n"
"[!] --destination-port port[:port] match destination port(s)\n"
-" --dport ...\n");
+" --dport ...\n"
+"[!] --dccp-types type[,...] match when packet is one of the given types\n"
+"[!] --dccp-option option match if option (by number!) is set\n"
+);
}
-static const struct option dccp_opts[] = {
- { .name = "source-port", .has_arg = 1, .val = '1' },
- { .name = "sport", .has_arg = 1, .val = '1' },
- { .name = "destination-port", .has_arg = 1, .val = '2' },
- { .name = "dport", .has_arg = 1, .val = '2' },
- { .name = "dccp-types", .has_arg = 1, .val = '3' },
- { .name = "dccp-option", .has_arg = 1, .val = '4' },
- { .name = NULL }
+#define s struct xt_dccp_info
+static const struct xt_option_entry dccp_opts[] = {
+ {.name = "source-port", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
+ {.name = "sport", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
+ {.name = "destination-port", .id = O_DEST_PORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
+ {.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
+ {.name = "dccp-types", .id = O_DCCP_TYPES, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "dccp-option", .id = O_DCCP_OPTION, .type = XTTYPE_UINT8,
+ .min = 1, .max = UINT8_MAX, .flags = XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(s, option)},
+ XTOPT_TABLEEND,
};
-
-static void
-parse_dccp_ports(const char *portstring,
- u_int16_t *ports)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(portstring);
- DEBUGP("%s\n", portstring);
- if ((cp = strchr(buffer, ':')) == NULL) {
- ports[0] = ports[1] = xtables_parse_port(buffer, "dccp");
- }
- else {
- *cp = '\0';
- cp++;
-
- ports[0] = buffer[0] ? xtables_parse_port(buffer, "dccp") : 0;
- ports[1] = cp[0] ? xtables_parse_port(cp, "dccp") : 0xFFFF;
-
- if (ports[0] > ports[1])
- xtables_error(PARAMETER_PROBLEM,
- "invalid portrange (min > max)");
- }
- free(buffer);
-}
+#undef s
static const char *const dccp_pkt_types[] = {
[DCCP_PKT_REQUEST] = "REQUEST",
@@ -92,10 +76,10 @@ static const char *const dccp_pkt_types[] = {
[DCCP_PKT_INVALID] = "INVALID",
};
-static u_int16_t
+static uint16_t
parse_dccp_types(const char *typestring)
{
- u_int16_t typemask = 0;
+ uint16_t typemask = 0;
char *ptr, *buffer;
buffer = strdup(typestring);
@@ -116,82 +100,40 @@ parse_dccp_types(const char *typestring)
return typemask;
}
-static u_int8_t parse_dccp_option(char *optstring)
-{
- unsigned int ret;
-
- if (!xtables_strtoui(optstring, NULL, &ret, 1, UINT8_MAX))
- xtables_error(PARAMETER_PROBLEM, "Bad DCCP option \"%s\"",
- optstring);
-
- return ret;
-}
-
-static int
-dccp_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void dccp_parse(struct xt_option_call *cb)
{
- struct xt_dccp_info *einfo
- = (struct xt_dccp_info *)(*match)->data;
+ struct xt_dccp_info *einfo = cb->data;
- switch (c) {
- case '1':
- if (*flags & XT_DCCP_SRC_PORTS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--source-port' allowed");
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SOURCE_PORT:
einfo->flags |= XT_DCCP_SRC_PORTS;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_dccp_ports(optarg, einfo->spts);
- if (invert)
+ if (cb->invert)
einfo->invflags |= XT_DCCP_SRC_PORTS;
- *flags |= XT_DCCP_SRC_PORTS;
break;
-
- case '2':
- if (*flags & XT_DCCP_DEST_PORTS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--destination-port' allowed");
+ case O_DEST_PORT:
einfo->flags |= XT_DCCP_DEST_PORTS;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_dccp_ports(optarg, einfo->dpts);
- if (invert)
+ if (cb->invert)
einfo->invflags |= XT_DCCP_DEST_PORTS;
- *flags |= XT_DCCP_DEST_PORTS;
break;
-
- case '3':
- if (*flags & XT_DCCP_TYPE)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--dccp-types' allowed");
+ case O_DCCP_TYPES:
einfo->flags |= XT_DCCP_TYPE;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- einfo->typemask = parse_dccp_types(optarg);
- if (invert)
+ einfo->typemask = parse_dccp_types(cb->arg);
+ if (cb->invert)
einfo->invflags |= XT_DCCP_TYPE;
- *flags |= XT_DCCP_TYPE;
break;
-
- case '4':
- if (*flags & XT_DCCP_OPTION)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--dccp-option' allowed");
+ case O_DCCP_OPTION:
einfo->flags |= XT_DCCP_OPTION;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- einfo->option = parse_dccp_option(optarg);
- if (invert)
+ if (cb->invert)
einfo->invflags |= XT_DCCP_OPTION;
- *flags |= XT_DCCP_OPTION;
break;
- default:
- return 0;
}
- return 1;
}
-static char *
+static const char *
port_to_service(int port)
{
- struct servent *service;
+ const struct servent *service;
if ((service = getservbyport(htons(port), "dccp")))
return service->s_name;
@@ -200,9 +142,9 @@ port_to_service(int port)
}
static void
-print_port(u_int16_t port, int numeric)
+print_port(uint16_t port, int numeric)
{
- char *service;
+ const char *service;
if (numeric || (service = port_to_service(port)) == NULL)
printf("%u", port);
@@ -211,13 +153,13 @@ print_port(u_int16_t port, int numeric)
}
static void
-print_ports(const char *name, u_int16_t min, u_int16_t max,
+print_ports(const char *name, uint16_t min, uint16_t max,
int invert, int numeric)
{
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
@@ -227,18 +169,18 @@ print_ports(const char *name, u_int16_t min, u_int16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
static void
-print_types(u_int16_t types, int inverted, int numeric)
+print_types(uint16_t types, int inverted, int numeric)
{
int have_type = 0;
if (inverted)
- printf("! ");
+ printf(" !");
+ printf(" ");
while (types) {
unsigned int i;
@@ -259,10 +201,10 @@ print_types(u_int16_t types, int inverted, int numeric)
}
static void
-print_option(u_int8_t option, int invert, int numeric)
+print_option(uint8_t option, int invert, int numeric)
{
if (option || invert)
- printf("option=%s%u ", invert ? "!" : "", option);
+ printf(" option=%s%u", invert ? "!" : "", option);
}
static void
@@ -271,7 +213,7 @@ dccp_print(const void *ip, const struct xt_entry_match *match, int numeric)
const struct xt_dccp_info *einfo =
(const struct xt_dccp_info *)match->data;
- printf("dccp ");
+ printf(" dccp");
if (einfo->flags & XT_DCCP_SRC_PORTS) {
print_ports("spt", einfo->spts[0], einfo->spts[1],
@@ -304,32 +246,33 @@ static void dccp_save(const void *ip, const struct xt_entry_match *match)
if (einfo->flags & XT_DCCP_SRC_PORTS) {
if (einfo->invflags & XT_DCCP_SRC_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->spts[0] != einfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
einfo->spts[0], einfo->spts[1]);
else
- printf("--sport %u ", einfo->spts[0]);
+ printf(" --sport %u", einfo->spts[0]);
}
if (einfo->flags & XT_DCCP_DEST_PORTS) {
if (einfo->invflags & XT_DCCP_DEST_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->dpts[0] != einfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
einfo->dpts[0], einfo->dpts[1]);
else
- printf("--dport %u ", einfo->dpts[0]);
+ printf(" --dport %u", einfo->dpts[0]);
}
if (einfo->flags & XT_DCCP_TYPE) {
- printf("--dccp-type ");
- print_types(einfo->typemask, einfo->invflags & XT_DCCP_TYPE,0);
+ printf("%s --dccp-types",
+ einfo->invflags & XT_DCCP_TYPE ? " !" : "");
+ print_types(einfo->typemask, false, 0);
}
if (einfo->flags & XT_DCCP_OPTION) {
- printf("--dccp-option %s%u ",
- einfo->typemask & XT_DCCP_OPTION ? "! " : "",
+ printf("%s --dccp-option %u",
+ einfo->invflags & XT_DCCP_OPTION ? " !" : "",
einfo->option);
}
}
@@ -341,11 +284,10 @@ static struct xtables_match dccp_match = {
.size = XT_ALIGN(sizeof(struct xt_dccp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_dccp_info)),
.help = dccp_help,
- .init = dccp_init,
- .parse = dccp_parse,
.print = dccp_print,
.save = dccp_save,
- .extra_opts = dccp_opts,
+ .x6_parse = dccp_parse,
+ .x6_options = dccp_opts,
};
void _init(void)
diff --git a/extensions/libxt_dccp.man b/extensions/libxt_dccp.man
index 82c3f70..71beb4b 100644
--- a/extensions/libxt_dccp.man
+++ b/extensions/libxt_dccp.man
@@ -9,4 +9,4 @@ list of packet types. Packet types are:
.BR "REQUEST RESPONSE DATA ACK DATAACK CLOSEREQ CLOSE RESET SYNC SYNCACK INVALID" .
.TP
[\fB!\fP] \fB\-\-dccp\-option\fP \fInumber\fP
-Match if DCP option set.
+Match if DCCP option set.
diff --git a/extensions/libxt_devgroup.c b/extensions/libxt_devgroup.c
new file mode 100644
index 0000000..4a69c82
--- /dev/null
+++ b/extensions/libxt_devgroup.c
@@ -0,0 +1,172 @@
+/* Shared library add-on to iptables to add devgroup matching support.
+ *
+ * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_devgroup.h>
+
+static void devgroup_help(void)
+{
+ printf(
+"devgroup match options:\n"
+"[!] --src-group value[/mask] Match device group of incoming device\n"
+"[!] --dst-group value[/mask] Match device group of outgoing device\n"
+ );
+}
+
+enum {
+ O_SRC_GROUP = 0,
+ O_DST_GROUP,
+};
+
+static const struct xt_option_entry devgroup_opts[] = {
+ {.name = "src-group", .id = O_SRC_GROUP, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "dst-group", .id = O_DST_GROUP, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ XTOPT_TABLEEND,
+};
+
+/* array of devgroups from /etc/iproute2/group_map */
+static struct xtables_lmap *devgroups;
+
+static void devgroup_init(struct xt_entry_match *match)
+{
+ const char file[] = "/etc/iproute2/group_map";
+ devgroups = xtables_lmap_init(file);
+ if (devgroups == NULL && errno != ENOENT)
+ fprintf(stderr, "Warning: %s: %s\n", file, strerror(errno));
+}
+
+static void devgroup_parse_groupspec(const char *arg, unsigned int *group,
+ unsigned int *mask)
+{
+ char *end;
+ bool ok;
+
+ ok = xtables_strtoui(arg, &end, group, 0, UINT32_MAX);
+ if (ok && (*end == '/' || *end == '\0')) {
+ if (*end == '/')
+ ok = xtables_strtoui(end + 1, NULL, mask,
+ 0, UINT32_MAX);
+ else
+ *mask = ~0U;
+ if (!ok)
+ xtables_error(PARAMETER_PROBLEM,
+ "Bad group value \"%s\"", arg);
+ } else {
+ *group = xtables_lmap_name2id(devgroups, arg);
+ if (*group == -1)
+ xtables_error(PARAMETER_PROBLEM,
+ "Device group \"%s\" not found", arg);
+ *mask = ~0U;
+ }
+}
+
+static void devgroup_parse(struct xt_option_call *cb)
+{
+ struct xt_devgroup_info *info = cb->data;
+ unsigned int id, mask;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SRC_GROUP:
+ devgroup_parse_groupspec(cb->arg, &id, &mask);
+ info->src_group = id;
+ info->src_mask = mask;
+ info->flags |= XT_DEVGROUP_MATCH_SRC;
+ if (cb->invert)
+ info->flags |= XT_DEVGROUP_INVERT_SRC;
+ break;
+ case O_DST_GROUP:
+ devgroup_parse_groupspec(cb->arg, &id, &mask);
+ info->dst_group = id;
+ info->dst_mask = mask;
+ info->flags |= XT_DEVGROUP_MATCH_DST;
+ if (cb->invert)
+ info->flags |= XT_DEVGROUP_INVERT_DST;
+ break;
+ }
+}
+
+static void
+print_devgroup(unsigned int id, unsigned int mask, int numeric)
+{
+ const char *name = NULL;
+
+ if (mask != 0xffffffff)
+ printf("0x%x/0x%x", id, mask);
+ else {
+ if (numeric == 0)
+ name = xtables_lmap_id2name(devgroups, id);
+ if (name)
+ printf("%s", name);
+ else
+ printf("0x%x", id);
+ }
+}
+
+static void devgroup_show(const char *pfx, const struct xt_devgroup_info *info,
+ int numeric)
+{
+ if (info->flags & XT_DEVGROUP_MATCH_SRC) {
+ if (info->flags & XT_DEVGROUP_INVERT_SRC)
+ printf(" !");
+ printf(" %ssrc-group ", pfx);
+ print_devgroup(info->src_group, info->src_mask, numeric);
+ }
+
+ if (info->flags & XT_DEVGROUP_MATCH_DST) {
+ if (info->flags & XT_DEVGROUP_INVERT_DST)
+ printf(" !");
+ printf(" %sdst-group ", pfx);
+ print_devgroup(info->src_group, info->src_mask, numeric);
+ }
+}
+
+static void devgroup_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ const struct xt_devgroup_info *info = (const void *)match->data;
+
+ devgroup_show("", info, numeric);
+}
+
+static void devgroup_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_devgroup_info *info = (const void *)match->data;
+
+ devgroup_show("--", info, 0);
+}
+
+static void devgroup_check(struct xt_fcheck_call *cb)
+{
+ if (cb->xflags == 0)
+ xtables_error(PARAMETER_PROBLEM,
+ "devgroup match: You must specify either "
+ "'--src-group' or '--dst-group'");
+}
+
+static struct xtables_match devgroup_mt_reg = {
+ .name = "devgroup",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_devgroup_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_devgroup_info)),
+ .init = devgroup_init,
+ .help = devgroup_help,
+ .print = devgroup_print,
+ .save = devgroup_save,
+ .x6_parse = devgroup_parse,
+ .x6_fcheck = devgroup_check,
+ .x6_options = devgroup_opts,
+};
+
+void _init(void)
+{
+ xtables_register_match(&devgroup_mt_reg);
+}
diff --git a/extensions/libxt_devgroup.man b/extensions/libxt_devgroup.man
new file mode 100644
index 0000000..4a66c9f
--- /dev/null
+++ b/extensions/libxt_devgroup.man
@@ -0,0 +1,7 @@
+Match device group of a packets incoming/outgoing interface.
+.TP
+[\fB!\fP] \fB\-\-src\-group\fP \fIname\fP
+Match device group of incoming device
+.TP
+[\fB!\fP] \fB\-\-dst\-group\fP \fIname\fP
+Match device group of outgoing device
diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c
index 1569f7d..02b22a4 100644
--- a/extensions/libxt_dscp.c
+++ b/extensions/libxt_dscp.c
@@ -14,16 +14,19 @@
*/
#include <stdio.h>
#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
-#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_dscp.h>
/* This is evil, but it's my code - HW*/
#include "dscp_helper.c"
+enum {
+ O_DSCP = 0,
+ O_DSCP_CLASS,
+ F_DSCP = 1 << O_DSCP,
+ F_DSCP_CLASS = 1 << O_DSCP_CLASS,
+};
+
static void dscp_help(void)
{
printf(
@@ -37,79 +40,37 @@ static void dscp_help(void)
" These two options are mutually exclusive !\n");
}
-static const struct option dscp_opts[] = {
- { "dscp", 1, NULL, 'F' },
- { "dscp-class", 1, NULL, 'G' },
- { .name = NULL }
+static const struct xt_option_entry dscp_opts[] = {
+ {.name = "dscp", .id = O_DSCP, .excl = F_DSCP_CLASS,
+ .type = XTTYPE_UINT8, .min = 0, .max = XT_DSCP_MAX,
+ .flags = XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(struct xt_dscp_info, dscp)},
+ {.name = "dscp-class", .id = O_DSCP_CLASS, .excl = F_DSCP,
+ .type = XTTYPE_STRING, .flags = XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
-static void
-parse_dscp(const char *s, struct xt_dscp_info *dinfo)
+static void dscp_parse(struct xt_option_call *cb)
{
- unsigned int dscp;
-
- if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "Invalid dscp `%s'\n", s);
+ struct xt_dscp_info *dinfo = cb->data;
- if (dscp > XT_DSCP_MAX)
- xtables_error(PARAMETER_PROBLEM,
- "DSCP `%d` out of range\n", dscp);
-
- dinfo->dscp = dscp;
-}
-
-
-static void
-parse_class(const char *s, struct xt_dscp_info *dinfo)
-{
- unsigned int dscp = class_to_dscp(s);
-
- /* Assign the value */
- dinfo->dscp = dscp;
-}
-
-
-static int
-dscp_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct xt_dscp_info *dinfo
- = (struct xt_dscp_info *)(*match)->data;
-
- switch (c) {
- case 'F':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "DSCP match: Only use --dscp ONCE!");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_dscp(optarg, dinfo);
- if (invert)
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_DSCP:
+ if (cb->invert)
dinfo->invert = 1;
- *flags = 1;
break;
-
- case 'G':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "DSCP match: Only use --dscp-class ONCE!");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_class(optarg, dinfo);
- if (invert)
+ case O_DSCP_CLASS:
+ dinfo->dscp = class_to_dscp(cb->arg);
+ if (cb->invert)
dinfo->invert = 1;
- *flags = 1;
break;
-
- default:
- return 0;
}
-
- return 1;
}
-static void dscp_check(unsigned int flags)
+static void dscp_check(struct xt_fcheck_call *cb)
{
- if (!flags)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM,
"DSCP match: Parameter --dscp is required");
}
@@ -119,7 +80,7 @@ dscp_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_dscp_info *dinfo =
(const struct xt_dscp_info *)match->data;
- printf("DSCP match %s0x%02x", dinfo->invert ? "!" : "", dinfo->dscp);
+ printf(" DSCP match %s0x%02x", dinfo->invert ? "!" : "", dinfo->dscp);
}
static void dscp_save(const void *ip, const struct xt_entry_match *match)
@@ -127,7 +88,7 @@ static void dscp_save(const void *ip, const struct xt_entry_match *match)
const struct xt_dscp_info *dinfo =
(const struct xt_dscp_info *)match->data;
- printf("%s--dscp 0x%02x ", dinfo->invert ? "! " : "", dinfo->dscp);
+ printf("%s --dscp 0x%02x", dinfo->invert ? " !" : "", dinfo->dscp);
}
static struct xtables_match dscp_match = {
@@ -137,11 +98,11 @@ static struct xtables_match dscp_match = {
.size = XT_ALIGN(sizeof(struct xt_dscp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_dscp_info)),
.help = dscp_help,
- .parse = dscp_parse,
- .final_check = dscp_check,
.print = dscp_print,
.save = dscp_save,
- .extra_opts = dscp_opts,
+ .x6_parse = dscp_parse,
+ .x6_fcheck = dscp_check,
+ .x6_options = dscp_opts,
};
void _init(void)
diff --git a/extensions/libxt_ecn.c b/extensions/libxt_ecn.c
new file mode 100644
index 0000000..286782a
--- /dev/null
+++ b/extensions/libxt_ecn.c
@@ -0,0 +1,138 @@
+/* Shared library add-on to iptables for ECN matching
+ *
+ * (C) 2002 by Harald Welte <laforge@netfilter.org>
+ * (C) 2011 by Patrick McHardy <kaber@trash.net>
+ *
+ * This program is distributed under the terms of GNU GPL v2, 1991
+ *
+ * libipt_ecn.c borrowed heavily from libipt_dscp.c
+ *
+ */
+#include <stdio.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_ecn.h>
+
+enum {
+ O_ECN_TCP_CWR = 0,
+ O_ECN_TCP_ECE,
+ O_ECN_IP_ECT,
+};
+
+static void ecn_help(void)
+{
+ printf(
+"ECN match options\n"
+"[!] --ecn-tcp-cwr Match CWR bit of TCP header\n"
+"[!] --ecn-tcp-ece Match ECE bit of TCP header\n"
+"[!] --ecn-ip-ect [0..3] Match ECN codepoint in IPv4/IPv6 header\n");
+}
+
+static const struct xt_option_entry ecn_opts[] = {
+ {.name = "ecn-tcp-cwr", .id = O_ECN_TCP_CWR, .type = XTTYPE_NONE,
+ .flags = XTOPT_INVERT},
+ {.name = "ecn-tcp-ece", .id = O_ECN_TCP_ECE, .type = XTTYPE_NONE,
+ .flags = XTOPT_INVERT},
+ {.name = "ecn-ip-ect", .id = O_ECN_IP_ECT, .type = XTTYPE_UINT8,
+ .min = 0, .max = 3, .flags = XTOPT_INVERT},
+ XTOPT_TABLEEND,
+};
+
+static void ecn_parse(struct xt_option_call *cb)
+{
+ struct xt_ecn_info *einfo = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_ECN_TCP_CWR:
+ einfo->operation |= XT_ECN_OP_MATCH_CWR;
+ if (cb->invert)
+ einfo->invert |= XT_ECN_OP_MATCH_CWR;
+ break;
+ case O_ECN_TCP_ECE:
+ einfo->operation |= XT_ECN_OP_MATCH_ECE;
+ if (cb->invert)
+ einfo->invert |= XT_ECN_OP_MATCH_ECE;
+ break;
+ case O_ECN_IP_ECT:
+ if (cb->invert)
+ einfo->invert |= XT_ECN_OP_MATCH_IP;
+ einfo->operation |= XT_ECN_OP_MATCH_IP;
+ einfo->ip_ect = cb->val.u8;
+ break;
+ }
+}
+
+static void ecn_check(struct xt_fcheck_call *cb)
+{
+ if (cb->xflags == 0)
+ xtables_error(PARAMETER_PROBLEM,
+ "ECN match: some option required");
+}
+
+static void ecn_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ const struct xt_ecn_info *einfo =
+ (const struct xt_ecn_info *)match->data;
+
+ printf(" ECN match");
+
+ if (einfo->operation & XT_ECN_OP_MATCH_ECE) {
+ printf(" %sECE",
+ (einfo->invert & XT_ECN_OP_MATCH_ECE) ? "!" : "");
+ }
+
+ if (einfo->operation & XT_ECN_OP_MATCH_CWR) {
+ printf(" %sCWR",
+ (einfo->invert & XT_ECN_OP_MATCH_CWR) ? "!" : "");
+ }
+
+ if (einfo->operation & XT_ECN_OP_MATCH_IP) {
+ printf(" %sECT=%d",
+ (einfo->invert & XT_ECN_OP_MATCH_IP) ? "!" : "",
+ einfo->ip_ect);
+ }
+}
+
+static void ecn_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_ecn_info *einfo =
+ (const struct xt_ecn_info *)match->data;
+
+ if (einfo->operation & XT_ECN_OP_MATCH_ECE) {
+ if (einfo->invert & XT_ECN_OP_MATCH_ECE)
+ printf(" !");
+ printf(" --ecn-tcp-ece");
+ }
+
+ if (einfo->operation & XT_ECN_OP_MATCH_CWR) {
+ if (einfo->invert & XT_ECN_OP_MATCH_CWR)
+ printf(" !");
+ printf(" --ecn-tcp-cwr");
+ }
+
+ if (einfo->operation & XT_ECN_OP_MATCH_IP) {
+ if (einfo->invert & XT_ECN_OP_MATCH_IP)
+ printf(" !");
+ printf(" --ecn-ip-ect %d", einfo->ip_ect);
+ }
+}
+
+static struct xtables_match ecn_mt_reg = {
+ .name = "ecn",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_ecn_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_ecn_info)),
+ .help = ecn_help,
+ .print = ecn_print,
+ .save = ecn_save,
+ .x6_parse = ecn_parse,
+ .x6_fcheck = ecn_check,
+ .x6_options = ecn_opts,
+};
+
+void _init(void)
+{
+ xtables_register_match(&ecn_mt_reg);
+}
diff --git a/extensions/libipt_ecn.man b/extensions/libxt_ecn.man
index 7f80647..31c0a3e 100644
--- a/extensions/libipt_ecn.man
+++ b/extensions/libxt_ecn.man
@@ -1,4 +1,4 @@
-This allows you to match the ECN bits of the IPv4 and TCP header. ECN is the Explicit Congestion Notification mechanism as specified in RFC3168
+This allows you to match the ECN bits of the IPv4/IPv6 and TCP header. ECN is the Explicit Congestion Notification mechanism as specified in RFC3168
.TP
[\fB!\fP] \fB\-\-ecn\-tcp\-cwr\fP
This matches if the TCP ECN CWR (Congestion Window Received) bit is set.
@@ -7,5 +7,5 @@ This matches if the TCP ECN CWR (Congestion Window Received) bit is set.
This matches if the TCP ECN ECE (ECN Echo) bit is set.
.TP
[\fB!\fP] \fB\-\-ecn\-ip\-ect\fP \fInum\fP
-This matches a particular IPv4 ECT (ECN-Capable Transport). You have to specify
+This matches a particular IPv4/IPv6 ECT (ECN-Capable Transport). You have to specify
a number between `0' and `3'.
diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c
index 18218f4..294338b 100644
--- a/extensions/libxt_esp.c
+++ b/extensions/libxt_esp.c
@@ -1,15 +1,11 @@
-/* Shared library add-on to iptables to add ESP support. */
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <errno.h>
-#include <limits.h>
-
#include <xtables.h>
#include <linux/netfilter/xt_esp.h>
+enum {
+ O_ESPSPI = 0,
+};
+
static void esp_help(void)
{
printf(
@@ -18,100 +14,35 @@ static void esp_help(void)
" match spi (range)\n");
}
-static const struct option esp_opts[] = {
- { "espspi", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry esp_opts[] = {
+ {.name = "espspi", .id = O_ESPSPI, .type = XTTYPE_UINT32RC,
+ .flags = XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(struct xt_esp, spis)},
+ XTOPT_TABLEEND,
};
-static u_int32_t
-parse_esp_spi(const char *spistr)
-{
- unsigned long int spi;
- char* ep;
-
- spi = strtoul(spistr,&ep,0) ;
-
- if ( spistr == ep ) {
- xtables_error(PARAMETER_PROBLEM,
- "ESP no valid digits in spi `%s'", spistr);
- }
- if ( spi == ULONG_MAX && errno == ERANGE ) {
- xtables_error(PARAMETER_PROBLEM,
- "spi `%s' specified too big: would overflow", spistr);
- }
- if ( *spistr != '\0' && *ep != '\0' ) {
- xtables_error(PARAMETER_PROBLEM,
- "ESP error parsing spi `%s'", spistr);
- }
- return spi;
-}
-
-static void
-parse_esp_spis(const char *spistring, u_int32_t *spis)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(spistring);
- if ((cp = strchr(buffer, ':')) == NULL)
- spis[0] = spis[1] = parse_esp_spi(buffer);
- else {
- *cp = '\0';
- cp++;
-
- spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
- spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
- if (spis[0] > spis[1])
- xtables_error(PARAMETER_PROBLEM,
- "Invalid ESP spi range: %s", spistring);
- }
- free(buffer);
-}
-
-static void esp_init(struct xt_entry_match *m)
-{
- struct xt_esp *espinfo = (struct xt_esp *)m->data;
-
- espinfo->spis[1] = 0xFFFFFFFF;
-}
-
-#define ESP_SPI 0x01
-
-static int
-esp_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void esp_parse(struct xt_option_call *cb)
{
- struct xt_esp *espinfo = (struct xt_esp *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & ESP_SPI)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--espspi' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_esp_spis(optarg, espinfo->spis);
- if (invert)
- espinfo->invflags |= XT_ESP_INV_SPI;
- *flags |= ESP_SPI;
- break;
- default:
- return 0;
- }
+ struct xt_esp *espinfo = cb->data;
- return 1;
+ xtables_option_parse(cb);
+ if (cb->nvals == 1)
+ espinfo->spis[1] = espinfo->spis[0];
+ if (cb->invert)
+ espinfo->invflags |= XT_ESP_INV_SPI;
}
static void
-print_spis(const char *name, u_int32_t min, u_int32_t max,
+print_spis(const char *name, uint32_t min, uint32_t max,
int invert)
{
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFFFFFF || invert) {
if (min == max)
- printf("%s:%s%u ", name, inv, min);
+ printf(" %s:%s%u", name, inv, min);
else
- printf("%ss:%s%u:%u ", name, inv, min, max);
+ printf(" %ss:%s%u:%u", name, inv, min, max);
}
}
@@ -120,11 +51,11 @@ esp_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_esp *esp = (struct xt_esp *)match->data;
- printf("esp ");
+ printf(" esp");
print_spis("spi", esp->spis[0], esp->spis[1],
esp->invflags & XT_ESP_INV_SPI);
if (esp->invflags & ~XT_ESP_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
esp->invflags & ~XT_ESP_INV_MASK);
}
@@ -134,15 +65,15 @@ static void esp_save(const void *ip, const struct xt_entry_match *match)
if (!(espinfo->spis[0] == 0
&& espinfo->spis[1] == 0xFFFFFFFF)) {
- printf("%s--espspi ",
- (espinfo->invflags & XT_ESP_INV_SPI) ? "! " : "");
+ printf("%s --espspi ",
+ (espinfo->invflags & XT_ESP_INV_SPI) ? " !" : "");
if (espinfo->spis[0]
!= espinfo->spis[1])
- printf("%u:%u ",
+ printf("%u:%u",
espinfo->spis[0],
espinfo->spis[1]);
else
- printf("%u ",
+ printf("%u",
espinfo->spis[0]);
}
@@ -155,11 +86,10 @@ static struct xtables_match esp_match = {
.size = XT_ALIGN(sizeof(struct xt_esp)),
.userspacesize = XT_ALIGN(sizeof(struct xt_esp)),
.help = esp_help,
- .init = esp_init,
- .parse = esp_parse,
.print = esp_print,
.save = esp_save,
- .extra_opts = esp_opts,
+ .x6_parse = esp_parse,
+ .x6_options = esp_opts,
};
void
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 7442dfc..c5b8d77 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -10,22 +10,30 @@
*
* Error corections by nmalykh@bilim.com (22.01.2005)
*/
+#define _BSD_SOURCE 1
+#define _ISOC99_SOURCE 1
+#include <math.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
-#include <stddef.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_hashlimit.h>
#define XT_HASHLIMIT_BURST 5
+#define XT_HASHLIMIT_BURST_MAX 10000
+
+#define XT_HASHLIMIT_BYTE_EXPIRE 15
+#define XT_HASHLIMIT_BYTE_EXPIRE_BURST 60
/* miliseconds */
#define XT_HASHLIMIT_GCINTERVAL 1000
-#define XT_HASHLIMIT_EXPIRE 10000
+
+struct hashlimit_mt_udata {
+ uint32_t mult;
+};
static void hashlimit_help(void)
{
@@ -45,6 +53,25 @@ static void hashlimit_help(void)
XT_HASHLIMIT_BURST);
}
+enum {
+ O_UPTO = 0,
+ O_ABOVE,
+ O_LIMIT,
+ O_MODE,
+ O_SRCMASK,
+ O_DSTMASK,
+ O_NAME,
+ O_BURST,
+ O_HTABLE_SIZE,
+ O_HTABLE_MAX,
+ O_HTABLE_GCINT,
+ O_HTABLE_EXPIRE,
+ F_BURST = 1 << O_BURST,
+ F_UPTO = 1 << O_UPTO,
+ F_ABOVE = 1 << O_ABOVE,
+ F_HTABLE_EXPIRE = 1 << O_HTABLE_EXPIRE,
+};
+
static void hashlimit_mt_help(void)
{
printf(
@@ -66,54 +93,159 @@ static void hashlimit_mt_help(void)
"\n", XT_HASHLIMIT_BURST);
}
-static const struct option hashlimit_opts[] = {
- { "hashlimit", 1, NULL, '%' },
- { "hashlimit-burst", 1, NULL, '$' },
- { "hashlimit-htable-size", 1, NULL, '&' },
- { "hashlimit-htable-max", 1, NULL, '*' },
- { "hashlimit-htable-gcinterval", 1, NULL, '(' },
- { "hashlimit-htable-expire", 1, NULL, ')' },
- { "hashlimit-mode", 1, NULL, '_' },
- { "hashlimit-name", 1, NULL, '"' },
- { .name = NULL }
+#define s struct xt_hashlimit_info
+static const struct xt_option_entry hashlimit_opts[] = {
+ {.name = "hashlimit", .id = O_UPTO, .excl = F_ABOVE,
+ .type = XTTYPE_STRING},
+ {.name = "hashlimit-burst", .id = O_BURST, .type = XTTYPE_UINT32,
+ .min = 1, .max = XT_HASHLIMIT_BURST_MAX, .flags = XTOPT_PUT,
+ XTOPT_POINTER(s, cfg.burst)},
+ {.name = "hashlimit-htable-size", .id = O_HTABLE_SIZE,
+ .type = XTTYPE_UINT32, .flags = XTOPT_PUT,
+ XTOPT_POINTER(s, cfg.size)},
+ {.name = "hashlimit-htable-max", .id = O_HTABLE_MAX,
+ .type = XTTYPE_UINT32, .flags = XTOPT_PUT,
+ XTOPT_POINTER(s, cfg.max)},
+ {.name = "hashlimit-htable-gcinterval", .id = O_HTABLE_GCINT,
+ .type = XTTYPE_UINT32, .flags = XTOPT_PUT,
+ XTOPT_POINTER(s, cfg.gc_interval)},
+ {.name = "hashlimit-htable-expire", .id = O_HTABLE_EXPIRE,
+ .type = XTTYPE_UINT32, .flags = XTOPT_PUT,
+ XTOPT_POINTER(s, cfg.expire)},
+ {.name = "hashlimit-mode", .id = O_MODE, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND},
+ {.name = "hashlimit-name", .id = O_NAME, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, name), .min = 1},
+ XTOPT_TABLEEND,
};
-
-static const struct option hashlimit_mt_opts[] = {
- {.name = "hashlimit-upto", .has_arg = true, .val = '%'},
- {.name = "hashlimit-above", .has_arg = true, .val = '^'},
- {.name = "hashlimit", .has_arg = true, .val = '%'},
- {.name = "hashlimit-srcmask", .has_arg = true, .val = '<'},
- {.name = "hashlimit-dstmask", .has_arg = true, .val = '>'},
- {.name = "hashlimit-burst", .has_arg = true, .val = '$'},
- {.name = "hashlimit-htable-size", .has_arg = true, .val = '&'},
- {.name = "hashlimit-htable-max", .has_arg = true, .val = '*'},
- {.name = "hashlimit-htable-gcinterval", .has_arg = true, .val = '('},
- {.name = "hashlimit-htable-expire", .has_arg = true, .val = ')'},
- {.name = "hashlimit-mode", .has_arg = true, .val = '_'},
- {.name = "hashlimit-name", .has_arg = true, .val = '"'},
- {},
+#undef s
+
+#define s struct xt_hashlimit_mtinfo1
+static const struct xt_option_entry hashlimit_mt_opts[] = {
+ {.name = "hashlimit-upto", .id = O_UPTO, .excl = F_ABOVE,
+ .type = XTTYPE_STRING, .flags = XTOPT_INVERT},
+ {.name = "hashlimit-above", .id = O_ABOVE, .excl = F_UPTO,
+ .type = XTTYPE_STRING, .flags = XTOPT_INVERT},
+ {.name = "hashlimit", .id = O_UPTO, .excl = F_ABOVE,
+ .type = XTTYPE_STRING, .flags = XTOPT_INVERT}, /* old name */
+ {.name = "hashlimit-srcmask", .id = O_SRCMASK, .type = XTTYPE_PLEN},
+ {.name = "hashlimit-dstmask", .id = O_DSTMASK, .type = XTTYPE_PLEN},
+ {.name = "hashlimit-burst", .id = O_BURST, .type = XTTYPE_STRING},
+ {.name = "hashlimit-htable-size", .id = O_HTABLE_SIZE,
+ .type = XTTYPE_UINT32, .flags = XTOPT_PUT,
+ XTOPT_POINTER(s, cfg.size)},
+ {.name = "hashlimit-htable-max", .id = O_HTABLE_MAX,
+ .type = XTTYPE_UINT32, .flags = XTOPT_PUT,
+ XTOPT_POINTER(s, cfg.max)},
+ {.name = "hashlimit-htable-gcinterval", .id = O_HTABLE_GCINT,
+ .type = XTTYPE_UINT32, .flags = XTOPT_PUT,
+ XTOPT_POINTER(s, cfg.gc_interval)},
+ {.name = "hashlimit-htable-expire", .id = O_HTABLE_EXPIRE,
+ .type = XTTYPE_UINT32, .flags = XTOPT_PUT,
+ XTOPT_POINTER(s, cfg.expire)},
+ {.name = "hashlimit-mode", .id = O_MODE, .type = XTTYPE_STRING},
+ {.name = "hashlimit-name", .id = O_NAME, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, name), .min = 1},
+ XTOPT_TABLEEND,
};
+#undef s
+
+static uint32_t cost_to_bytes(uint32_t cost)
+{
+ uint32_t r;
+
+ r = cost ? UINT32_MAX / cost : UINT32_MAX;
+ r = (r - 1) << XT_HASHLIMIT_BYTE_SHIFT;
+ return r;
+}
+
+static uint64_t bytes_to_cost(uint32_t bytes)
+{
+ uint32_t r = bytes >> XT_HASHLIMIT_BYTE_SHIFT;
+ return UINT32_MAX / (r+1);
+}
+
+static uint32_t get_factor(int chr)
+{
+ switch (chr) {
+ case 'm': return 1024 * 1024;
+ case 'k': return 1024;
+ }
+ return 1;
+}
+
+static void burst_error(void)
+{
+ xtables_error(PARAMETER_PROBLEM, "bad value for option "
+ "\"--hashlimit-burst\", or out of range (1-%u).", XT_HASHLIMIT_BURST_MAX);
+}
+
+static uint32_t parse_burst(const char *burst, struct xt_hashlimit_mtinfo1 *info)
+{
+ uintmax_t v;
+ char *end;
+
+ if (!xtables_strtoul(burst, &end, &v, 1, UINT32_MAX) ||
+ (*end == 0 && v > XT_HASHLIMIT_BURST_MAX))
+ burst_error();
+
+ v *= get_factor(*end);
+ if (v > UINT32_MAX)
+ xtables_error(PARAMETER_PROBLEM, "bad value for option "
+ "\"--hashlimit-burst\", value \"%s\" too large "
+ "(max %umb).", burst, UINT32_MAX/1024/1024);
+ return v;
+}
+
+static bool parse_bytes(const char *rate, uint32_t *val, struct hashlimit_mt_udata *ud)
+{
+ unsigned int factor = 1;
+ uint64_t tmp;
+ int r;
+ const char *mode = strstr(rate, "b/s");
+ if (!mode || mode == rate)
+ return false;
+
+ mode--;
+ r = atoi(rate);
+ if (r == 0)
+ return false;
+
+ factor = get_factor(*mode);
+ tmp = (uint64_t) r * factor;
+ if (tmp > UINT32_MAX)
+ xtables_error(PARAMETER_PROBLEM,
+ "Rate value too large \"%llu\" (max %u)\n",
+ (unsigned long long)tmp, UINT32_MAX);
+
+ *val = bytes_to_cost(tmp);
+ if (*val == 0)
+ xtables_error(PARAMETER_PROBLEM, "Rate too high \"%s\"\n", rate);
+
+ ud->mult = XT_HASHLIMIT_BYTE_EXPIRE;
+ return true;
+}
static
-int parse_rate(const char *rate, u_int32_t *val)
+int parse_rate(const char *rate, uint32_t *val, struct hashlimit_mt_udata *ud)
{
const char *delim;
- u_int32_t r;
- u_int32_t mult = 1; /* Seconds by default. */
+ uint32_t r;
+ ud->mult = 1; /* Seconds by default. */
delim = strchr(rate, '/');
if (delim) {
if (strlen(delim+1) == 0)
return 0;
if (strncasecmp(delim+1, "second", strlen(delim+1)) == 0)
- mult = 1;
+ ud->mult = 1;
else if (strncasecmp(delim+1, "minute", strlen(delim+1)) == 0)
- mult = 60;
+ ud->mult = 60;
else if (strncasecmp(delim+1, "hour", strlen(delim+1)) == 0)
- mult = 60*60;
+ ud->mult = 60*60;
else if (strncasecmp(delim+1, "day", strlen(delim+1)) == 0)
- mult = 24*60*60;
+ ud->mult = 24*60*60;
else
return 0;
}
@@ -121,12 +253,13 @@ int parse_rate(const char *rate, u_int32_t *val)
if (!r)
return 0;
- /* This would get mapped to infinite (1/day is minimum they
- can specify, so we're ok at that end). */
- if (r / mult > XT_HASHLIMIT_SCALE)
+ *val = XT_HASHLIMIT_SCALE * ud->mult / r;
+ if (*val == 0)
+ /*
+ * The rate maps to infinity. (1/day is the minimum they can
+ * specify, so we are ok at that end).
+ */
xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate);
-
- *val = XT_HASHLIMIT_SCALE * mult / r;
return 1;
}
@@ -134,10 +267,8 @@ static void hashlimit_init(struct xt_entry_match *m)
{
struct xt_hashlimit_info *r = (struct xt_hashlimit_info *)m->data;
- r->cfg.mode = 0;
r->cfg.burst = XT_HASHLIMIT_BURST;
r->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL;
- r->cfg.expire = XT_HASHLIMIT_EXPIRE;
}
@@ -148,7 +279,6 @@ static void hashlimit_mt4_init(struct xt_entry_match *match)
info->cfg.mode = 0;
info->cfg.burst = XT_HASHLIMIT_BURST;
info->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL;
- info->cfg.expire = XT_HASHLIMIT_EXPIRE;
info->cfg.srcmask = 32;
info->cfg.dstmask = 32;
}
@@ -160,13 +290,12 @@ static void hashlimit_mt6_init(struct xt_entry_match *match)
info->cfg.mode = 0;
info->cfg.burst = XT_HASHLIMIT_BURST;
info->cfg.gc_interval = XT_HASHLIMIT_GCINTERVAL;
- info->cfg.expire = XT_HASHLIMIT_EXPIRE;
info->cfg.srcmask = 128;
info->cfg.dstmask = 128;
}
/* Parse a 'mode' parameter into the required bitmask */
-static int parse_mode(uint32_t *mode, char *option_arg)
+static int parse_mode(uint32_t *mode, const char *option_arg)
{
char *tok;
char *arg = strdup(option_arg);
@@ -194,309 +323,176 @@ static int parse_mode(uint32_t *mode, char *option_arg)
return 0;
}
-enum {
- PARAM_LIMIT = 1 << 0,
- PARAM_BURST = 1 << 1,
- PARAM_MODE = 1 << 2,
- PARAM_NAME = 1 << 3,
- PARAM_SIZE = 1 << 4,
- PARAM_MAX = 1 << 5,
- PARAM_GCINTERVAL = 1 << 6,
- PARAM_EXPIRE = 1 << 7,
- PARAM_SRCMASK = 1 << 8,
- PARAM_DSTMASK = 1 << 9,
-};
-
-static int
-hashlimit_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void hashlimit_parse(struct xt_option_call *cb)
{
- struct xt_hashlimit_info *r =
- (struct xt_hashlimit_info *)(*match)->data;
- unsigned int num;
-
- switch(c) {
- case '%':
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit",
- *flags & PARAM_LIMIT);
- if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
- if (!parse_rate(optarg, &r->cfg.avg))
- xtables_error(PARAMETER_PROBLEM,
- "bad rate `%s'", optarg);
- *flags |= PARAM_LIMIT;
- break;
+ struct xt_hashlimit_info *info = cb->data;
- case '$':
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst",
- *flags & PARAM_BURST);
- if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
- if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
- xtables_error(PARAMETER_PROBLEM,
- "bad --hashlimit-burst `%s'", optarg);
- r->cfg.burst = num;
- *flags |= PARAM_BURST;
- break;
- case '&':
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size",
- *flags & PARAM_SIZE);
- if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "bad --hashlimit-htable-size: `%s'", optarg);
- r->cfg.size = num;
- *flags |= PARAM_SIZE;
- break;
- case '*':
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max",
- *flags & PARAM_MAX);
- if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "bad --hashlimit-htable-max: `%s'", optarg);
- r->cfg.max = num;
- *flags |= PARAM_MAX;
- break;
- case '(':
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
- "--hashlimit-htable-gcinterval",
- *flags & PARAM_GCINTERVAL);
- if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "bad --hashlimit-htable-gcinterval: `%s'",
- optarg);
- /* FIXME: not HZ dependent!! */
- r->cfg.gc_interval = num;
- *flags |= PARAM_GCINTERVAL;
- break;
- case ')':
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
- "--hashlimit-htable-expire", *flags & PARAM_EXPIRE);
- if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "bad --hashlimit-htable-expire: `%s'", optarg);
- /* FIXME: not HZ dependent */
- r->cfg.expire = num;
- *flags |= PARAM_EXPIRE;
- break;
- case '_':
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode",
- *flags & PARAM_MODE);
- if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
- if (parse_mode(&r->cfg.mode, optarg) < 0)
- xtables_error(PARAMETER_PROBLEM,
- "bad --hashlimit-mode: `%s'\n", optarg);
- *flags |= PARAM_MODE;
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_UPTO:
+ if (!parse_rate(cb->arg, &info->cfg.avg, cb->udata))
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
+ "--hashlimit-upto", cb->arg);
break;
- case '"':
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name",
- *flags & PARAM_NAME);
- if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
- if (strlen(optarg) == 0)
- xtables_error(PARAMETER_PROBLEM, "Zero-length name?");
- strncpy(r->name, optarg, sizeof(r->name));
- *flags |= PARAM_NAME;
+ case O_MODE:
+ if (parse_mode(&info->cfg.mode, cb->arg) < 0)
+ xtables_param_act(XTF_BAD_VALUE, "hashlimit",
+ "--hashlimit-mode", cb->arg);
break;
- default:
- return 0;
}
-
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "hashlimit does not support invert");
-
- return 1;
}
-static int
-hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags,
- int c, int invert, unsigned int maxmask)
+static void hashlimit_mt_parse(struct xt_option_call *cb)
{
- unsigned int num;
+ struct xt_hashlimit_mtinfo1 *info = cb->data;
- switch(c) {
- case '%': /* --hashlimit / --hashlimit-below */
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-upto",
- *flags & PARAM_LIMIT);
- if (invert)
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_BURST:
+ info->cfg.burst = parse_burst(cb->arg, info);
+ break;
+ case O_UPTO:
+ if (cb->invert)
info->cfg.mode |= XT_HASHLIMIT_INVERT;
- if (!parse_rate(optarg, &info->cfg.avg))
+ if (parse_bytes(cb->arg, &info->cfg.avg, cb->udata))
+ info->cfg.mode |= XT_HASHLIMIT_BYTES;
+ else if (!parse_rate(cb->arg, &info->cfg.avg, cb->udata))
xtables_param_act(XTF_BAD_VALUE, "hashlimit",
- "--hashlimit-upto", optarg);
- *flags |= PARAM_LIMIT;
- return true;
-
- case '^': /* --hashlimit-above == !--hashlimit-below */
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-above",
- *flags & PARAM_LIMIT);
- if (!invert)
+ "--hashlimit-upto", cb->arg);
+ break;
+ case O_ABOVE:
+ if (!cb->invert)
info->cfg.mode |= XT_HASHLIMIT_INVERT;
- if (!parse_rate(optarg, &info->cfg.avg))
- xtables_param_act(XTF_BAD_VALUE, "hashlimit",
- "--hashlimit-above", optarg);
- *flags |= PARAM_LIMIT;
- return true;
-
- case '$': /* --hashlimit-burst */
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst",
- *flags & PARAM_BURST);
- if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
- xtables_param_act(XTF_BAD_VALUE, "hashlimit",
- "--hashlimit-burst", optarg);
- info->cfg.burst = num;
- *flags |= PARAM_BURST;
- return true;
-
- case '&': /* --hashlimit-htable-size */
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size",
- *flags & PARAM_SIZE);
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "hashlimit",
- "--hashlimit-htable-size", optarg);
- info->cfg.size = num;
- *flags |= PARAM_SIZE;
- return true;
-
- case '*': /* --hashlimit-htable-max */
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max",
- *flags & PARAM_MAX);
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "hashlimit",
- "--hashlimit-htable-max", optarg);
- info->cfg.max = num;
- *flags |= PARAM_MAX;
- return true;
-
- case '(': /* --hashlimit-htable-gcinterval */
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
- "--hashlimit-htable-gcinterval",
- *flags & PARAM_GCINTERVAL);
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "hashlimit",
- "--hashlimit-htable-gcinterval", optarg);
- /* FIXME: not HZ dependent!! */
- info->cfg.gc_interval = num;
- *flags |= PARAM_GCINTERVAL;
- return true;
-
- case ')': /* --hashlimit-htable-expire */
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
- "--hashlimit-htable-expire", *flags & PARAM_EXPIRE);
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
+ if (parse_bytes(cb->arg, &info->cfg.avg, cb->udata))
+ info->cfg.mode |= XT_HASHLIMIT_BYTES;
+ else if (!parse_rate(cb->arg, &info->cfg.avg, cb->udata))
xtables_param_act(XTF_BAD_VALUE, "hashlimit",
- "--hashlimit-htable-expire", optarg);
- /* FIXME: not HZ dependent */
- info->cfg.expire = num;
- *flags |= PARAM_EXPIRE;
- return true;
-
- case '_':
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode",
- *flags & PARAM_MODE);
- if (parse_mode(&info->cfg.mode, optarg) < 0)
- xtables_param_act(XTF_BAD_VALUE, "hashlimit",
- "--hashlimit-mode", optarg);
- *flags |= PARAM_MODE;
- return true;
-
- case '"': /* --hashlimit-name */
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name",
- *flags & PARAM_NAME);
- if (strlen(optarg) == 0)
- xtables_error(PARAMETER_PROBLEM, "Zero-length name?");
- strncpy(info->name, optarg, sizeof(info->name));
- info->name[sizeof(info->name)-1] = '\0';
- *flags |= PARAM_NAME;
- return true;
-
- case '<': /* --hashlimit-srcmask */
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-srcmask",
- *flags & PARAM_SRCMASK);
- if (!xtables_strtoui(optarg, NULL, &num, 0, maxmask))
- xtables_param_act(XTF_BAD_VALUE, "hashlimit",
- "--hashlimit-srcmask", optarg);
- info->cfg.srcmask = num;
- *flags |= PARAM_SRCMASK;
- return true;
-
- case '>': /* --hashlimit-dstmask */
- xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-dstmask",
- *flags & PARAM_DSTMASK);
- if (!xtables_strtoui(optarg, NULL, &num, 0, maxmask))
+ "--hashlimit-above", cb->arg);
+ break;
+ case O_MODE:
+ if (parse_mode(&info->cfg.mode, cb->arg) < 0)
xtables_param_act(XTF_BAD_VALUE, "hashlimit",
- "--hashlimit-dstmask", optarg);
- info->cfg.dstmask = num;
- *flags |= PARAM_DSTMASK;
- return true;
+ "--hashlimit-mode", cb->arg);
+ break;
+ case O_SRCMASK:
+ info->cfg.srcmask = cb->val.hlen;
+ break;
+ case O_DSTMASK:
+ info->cfg.dstmask = cb->val.hlen;
+ break;
}
- return false;
}
-static int
-hashlimit_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void hashlimit_check(struct xt_fcheck_call *cb)
{
- return hashlimit_mt_parse((void *)(*match)->data,
- flags, c, invert, 32);
-}
-
-static int
-hashlimit_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- return hashlimit_mt_parse((void *)(*match)->data,
- flags, c, invert, 128);
-}
+ const struct hashlimit_mt_udata *udata = cb->udata;
+ struct xt_hashlimit_info *info = cb->data;
-static void hashlimit_check(unsigned int flags)
-{
- if (!(flags & PARAM_LIMIT))
+ if (!(cb->xflags & (F_UPTO | F_ABOVE)))
xtables_error(PARAMETER_PROBLEM,
"You have to specify --hashlimit");
- if (!(flags & PARAM_MODE))
- xtables_error(PARAMETER_PROBLEM,
- "You have to specify --hashlimit-mode");
- if (!(flags & PARAM_NAME))
- xtables_error(PARAMETER_PROBLEM,
- "You have to specify --hashlimit-name");
+ if (!(cb->xflags & F_HTABLE_EXPIRE))
+ info->cfg.expire = udata->mult * 1000; /* from s to msec */
}
-static void hashlimit_mt_check(unsigned int flags)
+static void hashlimit_mt_check(struct xt_fcheck_call *cb)
{
- if (!(flags & PARAM_LIMIT))
- xtables_error(PARAMETER_PROBLEM, "You have to specify "
- "--hashlimit-upto or --hashlimit-above");
- if (!(flags & PARAM_NAME))
+ const struct hashlimit_mt_udata *udata = cb->udata;
+ struct xt_hashlimit_mtinfo1 *info = cb->data;
+
+ if (!(cb->xflags & (F_UPTO | F_ABOVE)))
xtables_error(PARAMETER_PROBLEM,
- "You have to specify --hashlimit-name");
+ "You have to specify --hashlimit");
+ if (!(cb->xflags & F_HTABLE_EXPIRE))
+ info->cfg.expire = udata->mult * 1000; /* from s to msec */
+
+ if (info->cfg.mode & XT_HASHLIMIT_BYTES) {
+ uint32_t burst = 0;
+ if (cb->xflags & F_BURST) {
+ if (info->cfg.burst < cost_to_bytes(info->cfg.avg))
+ xtables_error(PARAMETER_PROBLEM,
+ "burst cannot be smaller than %ub", cost_to_bytes(info->cfg.avg));
+
+ burst = info->cfg.burst;
+ burst /= cost_to_bytes(info->cfg.avg);
+ if (info->cfg.burst % cost_to_bytes(info->cfg.avg))
+ burst++;
+ if (!(cb->xflags & F_HTABLE_EXPIRE))
+ info->cfg.expire = XT_HASHLIMIT_BYTE_EXPIRE_BURST * 1000;
+ }
+ info->cfg.burst = burst;
+ } else if (info->cfg.burst > XT_HASHLIMIT_BURST_MAX)
+ burst_error();
}
static const struct rates
{
const char *name;
- u_int32_t mult;
+ uint32_t mult;
} rates[] = { { "day", XT_HASHLIMIT_SCALE*24*60*60 },
{ "hour", XT_HASHLIMIT_SCALE*60*60 },
{ "min", XT_HASHLIMIT_SCALE*60 },
{ "sec", XT_HASHLIMIT_SCALE } };
-static void print_rate(u_int32_t period)
+static uint32_t print_rate(uint32_t period)
{
unsigned int i;
+ if (period == 0) {
+ printf(" %f", INFINITY);
+ return 0;
+ }
+
for (i = 1; i < ARRAY_SIZE(rates); ++i)
if (period > rates[i].mult
|| rates[i].mult/period < rates[i].mult%period)
break;
- printf("%u/%s ", rates[i-1].mult / period, rates[i-1].name);
+ printf(" %u/%s", rates[i-1].mult / period, rates[i-1].name);
+ /* return in msec */
+ return rates[i-1].mult / XT_HASHLIMIT_SCALE * 1000;
+}
+
+static const struct {
+ const char *name;
+ uint32_t thresh;
+} units[] = {
+ { "m", 1024 * 1024 },
+ { "k", 1024 },
+ { "", 1 },
+};
+
+static uint32_t print_bytes(uint32_t avg, uint32_t burst, const char *prefix)
+{
+ unsigned int i;
+ unsigned long long r;
+
+ r = cost_to_bytes(avg);
+
+ for (i = 0; i < ARRAY_SIZE(units) -1; ++i)
+ if (r >= units[i].thresh &&
+ bytes_to_cost(r & ~(units[i].thresh - 1)) == avg)
+ break;
+ printf(" %llu%sb/s", r/units[i].thresh, units[i].name);
+
+ if (burst == 0)
+ return XT_HASHLIMIT_BYTE_EXPIRE * 1000;
+
+ r *= burst;
+ printf(" %s", prefix);
+ for (i = 0; i < ARRAY_SIZE(units) -1; ++i)
+ if (r >= units[i].thresh)
+ break;
+
+ printf("burst %llu%sb", r / units[i].thresh, units[i].name);
+ return XT_HASHLIMIT_BYTE_EXPIRE_BURST * 1000;
}
static void print_mode(unsigned int mode, char separator)
{
bool prevmode = false;
+ putchar(' ');
if (mode & XT_HASHLIMIT_HASH_SIP) {
fputs("srcip", stdout);
prevmode = 1;
@@ -518,54 +514,63 @@ static void print_mode(unsigned int mode, char separator)
putchar(separator);
fputs("dstport", stdout);
}
- putchar(' ');
}
static void hashlimit_print(const void *ip,
const struct xt_entry_match *match, int numeric)
{
const struct xt_hashlimit_info *r = (const void *)match->data;
- fputs("limit: avg ", stdout); print_rate(r->cfg.avg);
- printf("burst %u ", r->cfg.burst);
- fputs("mode ", stdout);
+ uint32_t quantum;
+
+ fputs(" limit: avg", stdout);
+ quantum = print_rate(r->cfg.avg);
+ printf(" burst %u", r->cfg.burst);
+ fputs(" mode", stdout);
print_mode(r->cfg.mode, '-');
if (r->cfg.size)
- printf("htable-size %u ", r->cfg.size);
+ printf(" htable-size %u", r->cfg.size);
if (r->cfg.max)
- printf("htable-max %u ", r->cfg.max);
+ printf(" htable-max %u", r->cfg.max);
if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("htable-gcinterval %u ", r->cfg.gc_interval);
- if (r->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("htable-expire %u ", r->cfg.expire);
+ printf(" htable-gcinterval %u", r->cfg.gc_interval);
+ if (r->cfg.expire != quantum)
+ printf(" htable-expire %u", r->cfg.expire);
}
static void
hashlimit_mt_print(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
{
+ uint32_t quantum;
+
if (info->cfg.mode & XT_HASHLIMIT_INVERT)
- fputs("limit: above ", stdout);
+ fputs(" limit: above", stdout);
else
- fputs("limit: up to ", stdout);
- print_rate(info->cfg.avg);
- printf("burst %u ", info->cfg.burst);
+ fputs(" limit: up to", stdout);
+
+ if (info->cfg.mode & XT_HASHLIMIT_BYTES) {
+ quantum = print_bytes(info->cfg.avg, info->cfg.burst, "");
+ } else {
+ quantum = print_rate(info->cfg.avg);
+ printf(" burst %u", info->cfg.burst);
+ }
if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) {
- fputs("mode ", stdout);
+ fputs(" mode", stdout);
print_mode(info->cfg.mode, '-');
}
if (info->cfg.size != 0)
- printf("htable-size %u ", info->cfg.size);
+ printf(" htable-size %u", info->cfg.size);
if (info->cfg.max != 0)
- printf("htable-max %u ", info->cfg.max);
+ printf(" htable-max %u", info->cfg.max);
if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("htable-gcinterval %u ", info->cfg.gc_interval);
- if (info->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("htable-expire %u ", info->cfg.expire);
+ printf(" htable-gcinterval %u", info->cfg.gc_interval);
+ if (info->cfg.expire != quantum)
+ printf(" htable-expire %u", info->cfg.expire);
if (info->cfg.srcmask != dmask)
- printf("srcmask %u ", info->cfg.srcmask);
+ printf(" srcmask %u", info->cfg.srcmask);
if (info->cfg.dstmask != dmask)
- printf("dstmask %u ", info->cfg.dstmask);
+ printf(" dstmask %u", info->cfg.dstmask);
}
static void
@@ -589,56 +594,65 @@ hashlimit_mt6_print(const void *ip, const struct xt_entry_match *match,
static void hashlimit_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_hashlimit_info *r = (const void *)match->data;
+ uint32_t quantum;
- fputs("--hashlimit ", stdout); print_rate(r->cfg.avg);
- printf("--hashlimit-burst %u ", r->cfg.burst);
+ fputs(" --hashlimit", stdout);
+ quantum = print_rate(r->cfg.avg);
+ printf(" --hashlimit-burst %u", r->cfg.burst);
- fputs("--hashlimit-mode ", stdout);
+ fputs(" --hashlimit-mode", stdout);
print_mode(r->cfg.mode, ',');
-
- printf("--hashlimit-name %s ", r->name);
+
+ printf(" --hashlimit-name %s", r->name);
if (r->cfg.size)
- printf("--hashlimit-htable-size %u ", r->cfg.size);
+ printf(" --hashlimit-htable-size %u", r->cfg.size);
if (r->cfg.max)
- printf("--hashlimit-htable-max %u ", r->cfg.max);
+ printf(" --hashlimit-htable-max %u", r->cfg.max);
if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("--hashlimit-htable-gcinterval %u ", r->cfg.gc_interval);
- if (r->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("--hashlimit-htable-expire %u ", r->cfg.expire);
+ printf(" --hashlimit-htable-gcinterval %u", r->cfg.gc_interval);
+ if (r->cfg.expire != quantum)
+ printf(" --hashlimit-htable-expire %u", r->cfg.expire);
}
static void
hashlimit_mt_save(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
{
+ uint32_t quantum;
+
if (info->cfg.mode & XT_HASHLIMIT_INVERT)
- fputs("--hashlimit-above ", stdout);
+ fputs(" --hashlimit-above", stdout);
else
- fputs("--hashlimit-upto ", stdout);
- print_rate(info->cfg.avg);
- printf("--hashlimit-burst %u ", info->cfg.burst);
+ fputs(" --hashlimit-upto", stdout);
+
+ if (info->cfg.mode & XT_HASHLIMIT_BYTES) {
+ quantum = print_bytes(info->cfg.avg, info->cfg.burst, "--hashlimit-");
+ } else {
+ quantum = print_rate(info->cfg.avg);
+ printf(" --hashlimit-burst %u", info->cfg.burst);
+ }
if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) {
- fputs("--hashlimit-mode ", stdout);
+ fputs(" --hashlimit-mode", stdout);
print_mode(info->cfg.mode, ',');
}
- printf("--hashlimit-name %s ", info->name);
+ printf(" --hashlimit-name %s", info->name);
if (info->cfg.size != 0)
- printf("--hashlimit-htable-size %u ", info->cfg.size);
+ printf(" --hashlimit-htable-size %u", info->cfg.size);
if (info->cfg.max != 0)
- printf("--hashlimit-htable-max %u ", info->cfg.max);
+ printf(" --hashlimit-htable-max %u", info->cfg.max);
if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("--hashlimit-htable-gcinterval %u ", info->cfg.gc_interval);
- if (info->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("--hashlimit-htable-expire %u ", info->cfg.expire);
+ printf(" --hashlimit-htable-gcinterval %u", info->cfg.gc_interval);
+ if (info->cfg.expire != quantum)
+ printf(" --hashlimit-htable-expire %u", info->cfg.expire);
if (info->cfg.srcmask != dmask)
- printf("--hashlimit-srcmask %u ", info->cfg.srcmask);
+ printf(" --hashlimit-srcmask %u", info->cfg.srcmask);
if (info->cfg.dstmask != dmask)
- printf("--hashlimit-dstmask %u ", info->cfg.dstmask);
+ printf(" --hashlimit-dstmask %u", info->cfg.dstmask);
}
static void
@@ -667,11 +681,12 @@ static struct xtables_match hashlimit_mt_reg[] = {
.userspacesize = offsetof(struct xt_hashlimit_info, hinfo),
.help = hashlimit_help,
.init = hashlimit_init,
- .parse = hashlimit_parse,
- .final_check = hashlimit_check,
+ .x6_parse = hashlimit_parse,
+ .x6_fcheck = hashlimit_check,
.print = hashlimit_print,
.save = hashlimit_save,
- .extra_opts = hashlimit_opts,
+ .x6_options = hashlimit_opts,
+ .udata_size = sizeof(struct hashlimit_mt_udata),
},
{
.version = XTABLES_VERSION,
@@ -682,11 +697,12 @@ static struct xtables_match hashlimit_mt_reg[] = {
.userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
.help = hashlimit_mt_help,
.init = hashlimit_mt4_init,
- .parse = hashlimit_mt4_parse,
- .final_check = hashlimit_mt_check,
+ .x6_parse = hashlimit_mt_parse,
+ .x6_fcheck = hashlimit_mt_check,
.print = hashlimit_mt4_print,
.save = hashlimit_mt4_save,
- .extra_opts = hashlimit_mt_opts,
+ .x6_options = hashlimit_mt_opts,
+ .udata_size = sizeof(struct hashlimit_mt_udata),
},
{
.version = XTABLES_VERSION,
@@ -697,11 +713,12 @@ static struct xtables_match hashlimit_mt_reg[] = {
.userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
.help = hashlimit_mt_help,
.init = hashlimit_mt6_init,
- .parse = hashlimit_mt6_parse,
- .final_check = hashlimit_mt_check,
+ .x6_parse = hashlimit_mt_parse,
+ .x6_fcheck = hashlimit_mt_check,
.print = hashlimit_mt6_print,
.save = hashlimit_mt6_save,
- .extra_opts = hashlimit_mt_opts,
+ .x6_options = hashlimit_mt_opts,
+ .udata_size = sizeof(struct hashlimit_mt_udata),
},
};
diff --git a/extensions/libxt_hashlimit.man b/extensions/libxt_hashlimit.man
index b870f55..6aac3f2 100644
--- a/extensions/libxt_hashlimit.man
+++ b/extensions/libxt_hashlimit.man
@@ -1,32 +1,26 @@
-\fBhashlimit\fR uses hash buckets to express a rate limiting match (like the
-\fBlimit\fR match) for a group of connections using a \fBsingle\fR iptables
+\fBhashlimit\fP uses hash buckets to express a rate limiting match (like the
+\fBlimit\fP match) for a group of connections using a \fBsingle\fP iptables
rule. Grouping can be done per-hostgroup (source and/or destination address)
-and/or per-port. It gives you the ability to express "\fIN\fR packets per time
-quantum per group":
-.TP
-matching on source host
-"1000 packets per second for every host in 192.168.0.0/16"
-.TP
-matching on source port
-"100 packets per second for every service of 192.168.1.1"
-.TP
-matching on subnet
-"10000 packets per minute for every /28 subnet in 10.0.0.0/8"
+and/or per-port. It gives you the ability to express "\fIN\fP packets per time
+quantum per group" or "\fIN\fP bytes per seconds" (see below for some examples).
.PP
A hash limit option (\fB\-\-hashlimit\-upto\fP, \fB\-\-hashlimit\-above\fP) and
\fB\-\-hashlimit\-name\fP are required.
.TP
\fB\-\-hashlimit\-upto\fP \fIamount\fP[\fB/second\fP|\fB/minute\fP|\fB/hour\fP|\fB/day\fP]
-Match if the rate is below or equal to \fIamount\fR/quantum. It is specified as
-a number, with an optional time quantum suffix; the default is 3/hour.
+Match if the rate is below or equal to \fIamount\fP/quantum. It is specified either as
+a number, with an optional time quantum suffix (the default is 3/hour), or as
+\fIamount\fPb/second (number of bytes per second).
.TP
\fB\-\-hashlimit\-above\fP \fIamount\fP[\fB/second\fP|\fB/minute\fP|\fB/hour\fP|\fB/day\fP]
-Match if the rate is above \fIamount\fR/quantum.
+Match if the rate is above \fIamount\fP/quantum.
.TP
\fB\-\-hashlimit\-burst\fP \fIamount\fP
Maximum initial number of packets to match: this number gets recharged by one
every time the limit specified above is not reached, up to this number; the
-default is 5.
+default is 5. When byte-based rate matching is requested, this option specifies
+the amount of bytes that can exceed the given rate. This option should be used
+with caution -- if the entry expires, the burst value is reset too.
.TP
\fB\-\-hashlimit\-mode\fP {\fBsrcip\fP|\fBsrcport\fP|\fBdstip\fP|\fBdstport\fP}\fB,\fP...
A comma-separated list of objects to take into consideration. If no
@@ -36,7 +30,7 @@ expensive of doing the hash housekeeping.
\fB\-\-hashlimit\-srcmask\fP \fIprefix\fP
When \-\-hashlimit\-mode srcip is used, all source addresses encountered will be
grouped according to the given prefix length and the so-created subnet will be
-subject to hashlimit. \fIprefix\fR must be between (inclusive) 0 and 32. Note
+subject to hashlimit. \fIprefix\fP must be between (inclusive) 0 and 32. Note
that \-\-hashlimit\-srcmask 0 is basically doing the same thing as not specifying
srcip for \-\-hashlimit\-mode, but is technically more expensive.
.TP
@@ -57,3 +51,26 @@ After how many milliseconds do hash entries expire.
.TP
\fB\-\-hashlimit\-htable\-gcinterval\fP \fImsec\fP
How many milliseconds between garbage collection intervals.
+.PP
+Examples:
+.TP
+matching on source host
+"1000 packets per second for every host in 192.168.0.0/16" =>
+\-s 192.168.0.0/16 \-\-hashlimit\-mode srcip \-\-hashlimit\-upto 1000/sec
+.TP
+matching on source port
+"100 packets per second for every service of 192.168.1.1" =>
+\-s 192.168.1.1 \-\-hashlimit\-mode srcport \-\-hashlimit\-upto 100/sec
+.TP
+matching on subnet
+"10000 packets per minute for every /28 subnet (groups of 8 addresses)
+in 10.0.0.0/8" =>
+\-s 10.0.0.0/8 \-\-hashlimit\-mask 28 \-\-hashlimit\-upto 10000/min
+.TP
+matching bytes per second
+"flows exceeding 512kbyte/s" =>
+\-\-hashlimit-mode srcip,dstip,srcport,dstport \-\-hashlimit\-above 512kb/s
+.TP
+matching bytes per second
+"hosts that exceed 512kbyte/s, but permit up to 1Megabytes without matching"
+\-\-hashlimit-mode dstip \-\-hashlimit\-above 512kb/s \-\-hashlimit-burst 1mb
diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c
index 35b5f15..c9f9435 100644
--- a/extensions/libxt_helper.c
+++ b/extensions/libxt_helper.c
@@ -1,13 +1,11 @@
-/* Shared library add-on to iptables to add related packet matching support. */
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
#include <linux/netfilter/xt_helper.h>
+enum {
+ O_HELPER = 0,
+};
+
static void helper_help(void)
{
printf(
@@ -15,41 +13,20 @@ static void helper_help(void)
"[!] --helper string Match helper identified by string\n");
}
-static const struct option helper_opts[] = {
- { "helper", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry helper_opts[] = {
+ {.name = "helper", .id = O_HELPER, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(struct xt_helper_info, name)},
+ XTOPT_TABLEEND,
};
-static int
-helper_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void helper_parse(struct xt_option_call *cb)
{
- struct xt_helper_info *info = (struct xt_helper_info *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "helper match: Only use --helper ONCE!");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- strncpy(info->name, optarg, 29);
- info->name[29] = '\0';
- if (invert)
- info->invert = 1;
- *flags = 1;
- break;
+ struct xt_helper_info *info = cb->data;
- default:
- return 0;
- }
- return 1;
-}
-
-static void helper_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM,
- "helper match: You must specify `--helper'");
+ xtables_option_parse(cb);
+ if (cb->invert)
+ info->invert = 1;
}
static void
@@ -57,14 +34,14 @@ helper_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_helper_info *info = (const void *)match->data;
- printf("helper match %s\"%s\" ", info->invert ? "! " : "", info->name);
+ printf(" helper match %s\"%s\"", info->invert ? "! " : "", info->name);
}
static void helper_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_helper_info *info = (const void *)match->data;
- printf("%s--helper ",info->invert ? "! " : "");
+ printf("%s --helper", info->invert ? " !" : "");
xtables_save_string(info->name);
}
@@ -74,11 +51,10 @@ static struct xtables_match helper_match = {
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_helper_info)),
.help = helper_help,
- .parse = helper_parse,
- .final_check = helper_check,
.print = helper_print,
.save = helper_save,
- .extra_opts = helper_opts,
+ .x6_parse = helper_parse,
+ .x6_options = helper_opts,
};
void _init(void)
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 55a2f84..2c9ea99 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -1,11 +1,7 @@
-/* Shared library add-on to iptables to add IP range matching support. */
+#include <stdint.h>
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
-
-#include <netinet/in.h>
#include <xtables.h>
#include <linux/netfilter.h>
#include <linux/netfilter/xt_iprange.h>
@@ -20,12 +16,12 @@ struct ipt_iprange_info {
struct ipt_iprange dst;
/* Flags from above */
- u_int8_t flags;
+ uint8_t flags;
};
enum {
- F_SRCIP = 1 << 0,
- F_DSTIP = 1 << 1,
+ O_SRC_RANGE = 0,
+ O_DST_RANGE,
};
static void iprange_mt_help(void)
@@ -36,10 +32,12 @@ static void iprange_mt_help(void)
"[!] --dst-range ip[-ip] Match destination IP in the specified range\n");
}
-static const struct option iprange_mt_opts[] = {
- {.name = "src-range", .has_arg = true, .val = '1'},
- {.name = "dst-range", .has_arg = true, .val = '2'},
- { .name = NULL }
+static const struct xt_option_entry iprange_mt_opts[] = {
+ {.name = "src-range", .id = O_SRC_RANGE, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "dst-range", .id = O_DST_RANGE, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
static void
@@ -72,14 +70,18 @@ iprange_parse_spec(const char *from, const char *to, union nf_inet_addr *range,
}
}
-static void iprange_parse_range(char *arg, union nf_inet_addr *range,
- u_int8_t family, const char *optname)
+static void iprange_parse_range(const char *oarg, union nf_inet_addr *range,
+ uint8_t family, const char *optname)
{
+ char *arg = strdup(oarg);
char *dash;
+ if (arg == NULL)
+ xtables_error(RESOURCE_PROBLEM, "strdup");
dash = strchr(arg, '-');
if (dash == NULL) {
iprange_parse_spec(arg, arg, range, family, optname);
+ free(arg);
return;
}
@@ -88,111 +90,71 @@ static void iprange_parse_range(char *arg, union nf_inet_addr *range,
if (memcmp(&range[0], &range[1], sizeof(*range)) > 0)
fprintf(stderr, "xt_iprange: range %s-%s is reversed and "
"will never match\n", arg, dash + 1);
+ free(arg);
}
-static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void iprange_parse(struct xt_option_call *cb)
{
- struct ipt_iprange_info *info = (struct ipt_iprange_info *)(*match)->data;
+ struct ipt_iprange_info *info = cb->data;
union nf_inet_addr range[2];
- switch (c) {
- case '1':
- if (*flags & IPRANGE_SRC)
- xtables_error(PARAMETER_PROBLEM,
- "iprange match: Only use --src-range ONCE!");
- *flags |= IPRANGE_SRC;
-
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SRC_RANGE:
info->flags |= IPRANGE_SRC;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- if (invert)
+ if (cb->invert)
info->flags |= IPRANGE_SRC_INV;
- iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range");
+ iprange_parse_range(cb->arg, range, NFPROTO_IPV4, "--src-range");
info->src.min_ip = range[0].ip;
info->src.max_ip = range[1].ip;
break;
-
- case '2':
- if (*flags & IPRANGE_DST)
- xtables_error(PARAMETER_PROBLEM,
- "iprange match: Only use --dst-range ONCE!");
- *flags |= IPRANGE_DST;
-
+ case O_DST_RANGE:
info->flags |= IPRANGE_DST;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- if (invert)
+ if (cb->invert)
info->flags |= IPRANGE_DST_INV;
-
- iprange_parse_range(optarg, range, NFPROTO_IPV4, "--dst-range");
+ iprange_parse_range(cb->arg, range, NFPROTO_IPV4, "--dst-range");
info->dst.min_ip = range[0].ip;
info->dst.max_ip = range[1].ip;
break;
-
- default:
- return 0;
}
- return 1;
}
-static int
-iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void iprange_mt_parse(struct xt_option_call *cb, uint8_t nfproto)
{
- struct xt_iprange_mtinfo *info = (void *)(*match)->data;
+ struct xt_iprange_mtinfo *info = cb->data;
- switch (c) {
- case '1': /* --src-range */
- iprange_parse_range(optarg, &info->src_min, NFPROTO_IPV4,
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SRC_RANGE:
+ iprange_parse_range(cb->arg, &info->src_min, nfproto,
"--src-range");
info->flags |= IPRANGE_SRC;
- if (invert)
+ if (cb->invert)
info->flags |= IPRANGE_SRC_INV;
- *flags |= F_SRCIP;
- return true;
-
- case '2': /* --dst-range */
- iprange_parse_range(optarg, &info->dst_min, NFPROTO_IPV4,
+ break;
+ case O_DST_RANGE:
+ iprange_parse_range(cb->arg, &info->dst_min, nfproto,
"--dst-range");
info->flags |= IPRANGE_DST;
- if (invert)
+ if (cb->invert)
info->flags |= IPRANGE_DST_INV;
- *flags |= F_DSTIP;
- return true;
+ break;
}
- return false;
}
-static int
-iprange_mt6_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void iprange_mt4_parse(struct xt_option_call *cb)
{
- struct xt_iprange_mtinfo *info = (void *)(*match)->data;
-
- switch (c) {
- case '1': /* --src-range */
- iprange_parse_range(optarg, &info->src_min, NFPROTO_IPV6,
- "--src-range");
- info->flags |= IPRANGE_SRC;
- if (invert)
- info->flags |= IPRANGE_SRC_INV;
- *flags |= F_SRCIP;
- return true;
+ iprange_mt_parse(cb, NFPROTO_IPV4);
+}
- case '2': /* --dst-range */
- iprange_parse_range(optarg, &info->dst_min, NFPROTO_IPV6,
- "--dst-range");
- info->flags |= IPRANGE_DST;
- if (invert)
- info->flags |= IPRANGE_DST_INV;
- *flags |= F_DSTIP;
- return true;
- }
- return false;
+static void iprange_mt6_parse(struct xt_option_call *cb)
+{
+ iprange_mt_parse(cb, NFPROTO_IPV6);
}
-static void iprange_mt_check(unsigned int flags)
+static void iprange_mt_check(struct xt_fcheck_call *cb)
{
- if (flags == 0)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM,
"iprange match: You must specify `--src-range' or `--dst-range'");
}
@@ -204,7 +166,7 @@ print_iprange(const struct ipt_iprange *range)
byte_min = (const unsigned char *)&range->min_ip;
byte_max = (const unsigned char *)&range->max_ip;
- printf("%u.%u.%u.%u-%u.%u.%u.%u ",
+ printf(" %u.%u.%u.%u-%u.%u.%u.%u",
byte_min[0], byte_min[1], byte_min[2], byte_min[3],
byte_max[0], byte_max[1], byte_max[2], byte_max[3]);
}
@@ -215,15 +177,15 @@ static void iprange_print(const void *ip, const struct xt_entry_match *match,
const struct ipt_iprange_info *info = (const void *)match->data;
if (info->flags & IPRANGE_SRC) {
- printf("source IP range ");
+ printf(" source IP range");
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
+ printf(" !");
print_iprange(&info->src);
}
if (info->flags & IPRANGE_DST) {
- printf("destination IP range ");
+ printf(" destination IP range");
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
+ printf(" !");
print_iprange(&info->dst);
}
}
@@ -235,22 +197,22 @@ iprange_mt4_print(const void *ip, const struct xt_entry_match *match,
const struct xt_iprange_mtinfo *info = (const void *)match->data;
if (info->flags & IPRANGE_SRC) {
- printf("source IP range ");
+ printf(" source IP range");
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
+ printf(" !");
/*
* ipaddr_to_numeric() uses a static buffer, so cannot
* combine the printf() calls.
*/
- printf("%s", xtables_ipaddr_to_numeric(&info->src_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in));
+ printf(" %s", xtables_ipaddr_to_numeric(&info->src_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->src_max.in));
}
if (info->flags & IPRANGE_DST) {
- printf("destination IP range ");
+ printf(" destination IP range");
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("%s", xtables_ipaddr_to_numeric(&info->dst_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in));
+ printf(" !");
+ printf(" %s", xtables_ipaddr_to_numeric(&info->dst_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->dst_max.in));
}
}
@@ -261,22 +223,22 @@ iprange_mt6_print(const void *ip, const struct xt_entry_match *match,
const struct xt_iprange_mtinfo *info = (const void *)match->data;
if (info->flags & IPRANGE_SRC) {
- printf("source IP range ");
+ printf(" source IP range");
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
+ printf(" !");
/*
* ipaddr_to_numeric() uses a static buffer, so cannot
* combine the printf() calls.
*/
- printf("%s", xtables_ip6addr_to_numeric(&info->src_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6));
+ printf(" %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->src_max.in6));
}
if (info->flags & IPRANGE_DST) {
- printf("destination IP range ");
+ printf(" destination IP range");
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("%s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6));
+ printf(" !");
+ printf(" %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
}
@@ -286,16 +248,14 @@ static void iprange_save(const void *ip, const struct xt_entry_match *match)
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
- printf("--src-range ");
+ printf(" !");
+ printf(" --src-range");
print_iprange(&info->src);
- if (info->flags & IPRANGE_DST)
- fputc(' ', stdout);
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("--dst-range ");
+ printf(" !");
+ printf(" --dst-range");
print_iprange(&info->dst);
}
}
@@ -306,15 +266,15 @@ static void iprange_mt4_save(const void *ip, const struct xt_entry_match *match)
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
- printf("--src-range %s", xtables_ipaddr_to_numeric(&info->src_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in));
+ printf(" !");
+ printf(" --src-range %s", xtables_ipaddr_to_numeric(&info->src_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->src_max.in));
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("--dst-range %s", xtables_ipaddr_to_numeric(&info->dst_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in));
+ printf(" !");
+ printf(" --dst-range %s", xtables_ipaddr_to_numeric(&info->dst_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->dst_max.in));
}
}
@@ -324,15 +284,15 @@ static void iprange_mt6_save(const void *ip, const struct xt_entry_match *match)
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
- printf("--src-range %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6));
+ printf(" !");
+ printf(" --src-range %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->src_max.in6));
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("--dst-range %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6));
+ printf(" !");
+ printf(" --dst-range %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
}
@@ -345,11 +305,11 @@ static struct xtables_match iprange_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct ipt_iprange_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_iprange_info)),
.help = iprange_mt_help,
- .parse = iprange_parse,
- .final_check = iprange_mt_check,
+ .x6_parse = iprange_parse,
+ .x6_fcheck = iprange_mt_check,
.print = iprange_print,
.save = iprange_save,
- .extra_opts = iprange_mt_opts,
+ .x6_options = iprange_mt_opts,
},
{
.version = XTABLES_VERSION,
@@ -359,11 +319,11 @@ static struct xtables_match iprange_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
.userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
.help = iprange_mt_help,
- .parse = iprange_mt4_parse,
- .final_check = iprange_mt_check,
+ .x6_parse = iprange_mt4_parse,
+ .x6_fcheck = iprange_mt_check,
.print = iprange_mt4_print,
.save = iprange_mt4_save,
- .extra_opts = iprange_mt_opts,
+ .x6_options = iprange_mt_opts,
},
{
.version = XTABLES_VERSION,
@@ -373,11 +333,11 @@ static struct xtables_match iprange_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
.userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
.help = iprange_mt_help,
- .parse = iprange_mt6_parse,
- .final_check = iprange_mt_check,
+ .x6_parse = iprange_mt6_parse,
+ .x6_fcheck = iprange_mt_check,
.print = iprange_mt6_print,
.save = iprange_mt6_save,
- .extra_opts = iprange_mt_opts,
+ .x6_options = iprange_mt_opts,
},
};
diff --git a/extensions/libxt_iprange.man b/extensions/libxt_iprange.man
index 9f65de4..9bbaac3 100644
--- a/extensions/libxt_iprange.man
+++ b/extensions/libxt_iprange.man
@@ -1,7 +1,7 @@
This matches on a given arbitrary range of IP addresses.
.TP
-[\fB!\fR] \fB\-\-src\-range\fP \fIfrom\fP[\fB\-\fP\fIto\fP]
+[\fB!\fP] \fB\-\-src\-range\fP \fIfrom\fP[\fB\-\fP\fIto\fP]
Match source IP in the specified range.
.TP
-[\fB!\fR] \fB\-\-dst\-range\fP \fIfrom\fP[\fB\-\fP\fIto\fP]
+[\fB!\fP] \fB\-\-dst\-range\fP \fIfrom\fP[\fB\-\fP\fIto\fP]
Match destination IP in the specified range.
diff --git a/extensions/libxt_ipvs.c b/extensions/libxt_ipvs.c
new file mode 100644
index 0000000..4672766
--- /dev/null
+++ b/extensions/libxt_ipvs.c
@@ -0,0 +1,285 @@
+/*
+ * Shared library add-on to iptables to add IPVS matching.
+ *
+ * Detailed doc is in the kernel module source net/netfilter/xt_ipvs.c
+ *
+ * Author: Hannes Eder <heder@google.com>
+ */
+#include <stdbool.h>
+#include <stdio.h>
+#include <string.h>
+#include <xtables.h>
+#include <linux/ip_vs.h>
+#include <linux/netfilter/xt_ipvs.h>
+
+enum {
+ /* For xt_ipvs: make sure this matches up with %XT_IPVS_*'s order */
+ O_IPVS = 0,
+ O_VPROTO,
+ O_VADDR,
+ O_VPORT,
+ O_VDIR,
+ O_VMETHOD,
+ O_VPORTCTL,
+};
+
+#define s struct xt_ipvs_mtinfo
+static const struct xt_option_entry ipvs_mt_opts[] = {
+ {.name = "ipvs", .id = O_IPVS, .type = XTTYPE_NONE,
+ .flags = XTOPT_INVERT},
+ {.name = "vproto", .id = O_VPROTO, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, l4proto)},
+ {.name = "vaddr", .id = O_VADDR, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_INVERT},
+ {.name = "vport", .id = O_VPORT, .type = XTTYPE_PORT,
+ .flags = XTOPT_NBO | XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(s, vport)},
+ {.name = "vdir", .id = O_VDIR, .type = XTTYPE_STRING},
+ {.name = "vmethod", .id = O_VMETHOD, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "vportctl", .id = O_VPORTCTL, .type = XTTYPE_PORT,
+ .flags = XTOPT_NBO | XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(s, vportctl)},
+ XTOPT_TABLEEND,
+};
+#undef s
+
+static void ipvs_mt_help(void)
+{
+ printf(
+"IPVS match options:\n"
+"[!] --ipvs packet belongs to an IPVS connection\n"
+"\n"
+"Any of the following options implies --ipvs (even negated)\n"
+"[!] --vproto protocol VIP protocol to match; by number or name,\n"
+" e.g. \"tcp\"\n"
+"[!] --vaddr address[/mask] VIP address to match\n"
+"[!] --vport port VIP port to match; by number or name,\n"
+" e.g. \"http\"\n"
+" --vdir {ORIGINAL|REPLY} flow direction of packet\n"
+"[!] --vmethod {GATE|IPIP|MASQ} IPVS forwarding method used\n"
+"[!] --vportctl port VIP port of the controlling connection to\n"
+" match, e.g. 21 for FTP\n"
+ );
+}
+
+static void ipvs_mt_parse(struct xt_option_call *cb)
+{
+ struct xt_ipvs_mtinfo *data = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_VPROTO:
+ data->l4proto = cb->val.protocol;
+ break;
+ case O_VADDR:
+ memcpy(&data->vaddr, &cb->val.haddr, sizeof(cb->val.haddr));
+ memcpy(&data->vmask, &cb->val.hmask, sizeof(cb->val.hmask));
+ break;
+ case O_VDIR:
+ if (strcasecmp(cb->arg, "ORIGINAL") == 0) {
+ data->bitmask |= XT_IPVS_DIR;
+ data->invert &= ~XT_IPVS_DIR;
+ } else if (strcasecmp(cb->arg, "REPLY") == 0) {
+ data->bitmask |= XT_IPVS_DIR;
+ data->invert |= XT_IPVS_DIR;
+ } else {
+ xtables_param_act(XTF_BAD_VALUE,
+ "ipvs", "--vdir", cb->arg);
+ }
+ break;
+ case O_VMETHOD:
+ if (strcasecmp(cb->arg, "GATE") == 0)
+ data->fwd_method = IP_VS_CONN_F_DROUTE;
+ else if (strcasecmp(cb->arg, "IPIP") == 0)
+ data->fwd_method = IP_VS_CONN_F_TUNNEL;
+ else if (strcasecmp(cb->arg, "MASQ") == 0)
+ data->fwd_method = IP_VS_CONN_F_MASQ;
+ else
+ xtables_param_act(XTF_BAD_VALUE,
+ "ipvs", "--vmethod", cb->arg);
+ break;
+ }
+ data->bitmask |= 1 << cb->entry->id;
+ if (cb->invert)
+ data->invert |= 1 << cb->entry->id;
+}
+
+static void ipvs_mt_check(struct xt_fcheck_call *cb)
+{
+ struct xt_ipvs_mtinfo *info = cb->data;
+
+ if (cb->xflags == 0)
+ xtables_error(PARAMETER_PROBLEM,
+ "IPVS: At least one option is required");
+ if (info->bitmask & XT_IPVS_ONCE_MASK) {
+ if (info->invert & XT_IPVS_IPVS_PROPERTY)
+ xtables_error(PARAMETER_PROBLEM,
+ "! --ipvs cannot be together with"
+ " other options");
+ info->bitmask |= XT_IPVS_IPVS_PROPERTY;
+ }
+}
+
+/* Shamelessly copied from libxt_conntrack.c */
+static void ipvs_mt_dump_addr(const union nf_inet_addr *addr,
+ const union nf_inet_addr *mask,
+ unsigned int family, bool numeric)
+{
+ char buf[BUFSIZ];
+
+ if (family == NFPROTO_IPV4) {
+ if (!numeric && addr->ip == 0) {
+ printf(" anywhere");
+ return;
+ }
+ if (numeric)
+ strcpy(buf, xtables_ipaddr_to_numeric(&addr->in));
+ else
+ strcpy(buf, xtables_ipaddr_to_anyname(&addr->in));
+ strcat(buf, xtables_ipmask_to_numeric(&mask->in));
+ printf(" %s", buf);
+ } else if (family == NFPROTO_IPV6) {
+ if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
+ addr->ip6[2] == 0 && addr->ip6[3] == 0) {
+ printf(" anywhere");
+ return;
+ }
+ if (numeric)
+ strcpy(buf, xtables_ip6addr_to_numeric(&addr->in6));
+ else
+ strcpy(buf, xtables_ip6addr_to_anyname(&addr->in6));
+ strcat(buf, xtables_ip6mask_to_numeric(&mask->in6));
+ printf(" %s", buf);
+ }
+}
+
+static void ipvs_mt_dump(const void *ip, const struct xt_ipvs_mtinfo *data,
+ unsigned int family, bool numeric, const char *prefix)
+{
+ if (data->bitmask == XT_IPVS_IPVS_PROPERTY) {
+ if (data->invert & XT_IPVS_IPVS_PROPERTY)
+ printf(" !");
+ printf(" %sipvs", prefix);
+ }
+
+ if (data->bitmask & XT_IPVS_PROTO) {
+ if (data->invert & XT_IPVS_PROTO)
+ printf(" !");
+ printf(" %sproto %u", prefix, data->l4proto);
+ }
+
+ if (data->bitmask & XT_IPVS_VADDR) {
+ if (data->invert & XT_IPVS_VADDR)
+ printf(" !");
+
+ printf(" %svaddr", prefix);
+ ipvs_mt_dump_addr(&data->vaddr, &data->vmask, family, numeric);
+ }
+
+ if (data->bitmask & XT_IPVS_VPORT) {
+ if (data->invert & XT_IPVS_VPORT)
+ printf(" !");
+
+ printf(" %svport %u", prefix, ntohs(data->vport));
+ }
+
+ if (data->bitmask & XT_IPVS_DIR) {
+ if (data->invert & XT_IPVS_DIR)
+ printf(" %svdir REPLY", prefix);
+ else
+ printf(" %svdir ORIGINAL", prefix);
+ }
+
+ if (data->bitmask & XT_IPVS_METHOD) {
+ if (data->invert & XT_IPVS_METHOD)
+ printf(" !");
+
+ printf(" %svmethod", prefix);
+ switch (data->fwd_method) {
+ case IP_VS_CONN_F_DROUTE:
+ printf(" GATE");
+ break;
+ case IP_VS_CONN_F_TUNNEL:
+ printf(" IPIP");
+ break;
+ case IP_VS_CONN_F_MASQ:
+ printf(" MASQ");
+ break;
+ default:
+ /* Hu? */
+ printf(" UNKNOWN");
+ break;
+ }
+ }
+
+ if (data->bitmask & XT_IPVS_VPORTCTL) {
+ if (data->invert & XT_IPVS_VPORTCTL)
+ printf(" !");
+
+ printf(" %svportctl %u", prefix, ntohs(data->vportctl));
+ }
+}
+
+static void ipvs_mt4_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ const struct xt_ipvs_mtinfo *data = (const void *)match->data;
+ ipvs_mt_dump(ip, data, NFPROTO_IPV4, numeric, "");
+}
+
+static void ipvs_mt6_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ const struct xt_ipvs_mtinfo *data = (const void *)match->data;
+ ipvs_mt_dump(ip, data, NFPROTO_IPV6, numeric, "");
+}
+
+static void ipvs_mt4_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_ipvs_mtinfo *data = (const void *)match->data;
+ ipvs_mt_dump(ip, data, NFPROTO_IPV4, true, "--");
+}
+
+static void ipvs_mt6_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_ipvs_mtinfo *data = (const void *)match->data;
+ ipvs_mt_dump(ip, data, NFPROTO_IPV6, true, "--");
+}
+
+static struct xtables_match ipvs_matches_reg[] = {
+ {
+ .version = XTABLES_VERSION,
+ .name = "ipvs",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_ipvs_mtinfo)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_ipvs_mtinfo)),
+ .help = ipvs_mt_help,
+ .x6_parse = ipvs_mt_parse,
+ .x6_fcheck = ipvs_mt_check,
+ .print = ipvs_mt4_print,
+ .save = ipvs_mt4_save,
+ .x6_options = ipvs_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "ipvs",
+ .revision = 0,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_ipvs_mtinfo)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_ipvs_mtinfo)),
+ .help = ipvs_mt_help,
+ .x6_parse = ipvs_mt_parse,
+ .x6_fcheck = ipvs_mt_check,
+ .print = ipvs_mt6_print,
+ .save = ipvs_mt6_save,
+ .x6_options = ipvs_mt_opts,
+ },
+};
+
+void _init(void)
+{
+ xtables_register_matches(ipvs_matches_reg,
+ ARRAY_SIZE(ipvs_matches_reg));
+}
diff --git a/extensions/libxt_ipvs.man b/extensions/libxt_ipvs.man
new file mode 100644
index 0000000..db9bc66
--- /dev/null
+++ b/extensions/libxt_ipvs.man
@@ -0,0 +1,24 @@
+Match IPVS connection properties.
+.TP
+[\fB!\fP] \fB\-\-ipvs\fP
+packet belongs to an IPVS connection
+.TP
+Any of the following options implies \-\-ipvs (even negated)
+.TP
+[\fB!\fP] \fB\-\-vproto\fP \fIprotocol\fP
+VIP protocol to match; by number or name, e.g. "tcp"
+.TP
+[\fB!\fP] \fB\-\-vaddr\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+VIP address to match
+.TP
+[\fB!\fP] \fB\-\-vport\fP \fIport\fP
+VIP port to match; by number or name, e.g. "http"
+.TP
+\fB\-\-vdir\fP {\fBORIGINAL\fP|\fBREPLY\fP}
+flow direction of packet
+.TP
+[\fB!\fP] \fB\-\-vmethod\fP {\fBGATE\fP|\fBIPIP\fP|\fBMASQ\fP}
+IPVS forwarding method used
+.TP
+[\fB!\fP] \fB\-\-vportctl\fP \fIport\fP
+VIP port of the controlling connection to match, e.g. 21 for FTP
diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c
index 96e8b6c..6ea7646 100644
--- a/extensions/libxt_length.c
+++ b/extensions/libxt_length.c
@@ -1,13 +1,11 @@
-/* Shared library add-on to iptables to add packet length matching support. */
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
#include <linux/netfilter/xt_length.h>
+enum {
+ O_LENGTH = 0,
+};
+
static void length_help(void)
{
printf(
@@ -16,78 +14,23 @@ static void length_help(void)
" of values (inclusive)\n");
}
-static const struct option length_opts[] = {
- { "length", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry length_opts[] = {
+ {.name = "length", .id = O_LENGTH, .type = XTTYPE_UINT16RC,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
-static u_int16_t
-parse_length(const char *s)
-{
- unsigned int len;
-
- if (!xtables_strtoui(s, NULL, &len, 0, UINT32_MAX))
- xtables_error(PARAMETER_PROBLEM, "length invalid: \"%s\"\n", s);
- else
- return len;
-}
-
-/* If a single value is provided, min and max are both set to the value */
-static void
-parse_lengths(const char *s, struct xt_length_info *info)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(s);
- if ((cp = strchr(buffer, ':')) == NULL)
- info->min = info->max = parse_length(buffer);
- else {
- *cp = '\0';
- cp++;
-
- info->min = buffer[0] ? parse_length(buffer) : 0;
- info->max = cp[0] ? parse_length(cp) : 0xFFFF;
- }
- free(buffer);
-
- if (info->min > info->max)
- xtables_error(PARAMETER_PROBLEM,
- "length min. range value `%u' greater than max. "
- "range value `%u'", info->min, info->max);
-
-}
-
-static int
-length_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void length_parse(struct xt_option_call *cb)
{
- struct xt_length_info *info = (struct xt_length_info *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "length: `--length' may only be "
- "specified once");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_lengths(optarg, info);
- if (invert)
- info->invert = 1;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
- return 1;
-}
+ struct xt_length_info *info = cb->data;
-static void length_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM,
- "length: You must specify `--length'");
+ xtables_option_parse(cb);
+ info->min = cb->val.u16_range[0];
+ info->max = cb->val.u16_range[0];
+ if (cb->nvals >= 2)
+ info->max = cb->val.u16_range[1];
+ if (cb->invert)
+ info->invert = 1;
}
static void
@@ -95,22 +38,22 @@ length_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_length_info *info = (void *)match->data;
- printf("length %s", info->invert ? "!" : "");
+ printf(" length %s", info->invert ? "!" : "");
if (info->min == info->max)
- printf("%u ", info->min);
+ printf("%u", info->min);
else
- printf("%u:%u ", info->min, info->max);
+ printf("%u:%u", info->min, info->max);
}
static void length_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_length_info *info = (void *)match->data;
- printf("%s--length ", info->invert ? "! " : "");
+ printf("%s --length ", info->invert ? " !" : "");
if (info->min == info->max)
- printf("%u ", info->min);
+ printf("%u", info->min);
else
- printf("%u:%u ", info->min, info->max);
+ printf("%u:%u", info->min, info->max);
}
static struct xtables_match length_match = {
@@ -120,11 +63,10 @@ static struct xtables_match length_match = {
.size = XT_ALIGN(sizeof(struct xt_length_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_length_info)),
.help = length_help,
- .parse = length_parse,
- .final_check = length_check,
.print = length_print,
.save = length_save,
- .extra_opts = length_opts,
+ .x6_parse = length_parse,
+ .x6_options = length_opts,
};
void _init(void)
diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c
index c836303..f75ef2f 100644
--- a/extensions/libxt_limit.c
+++ b/extensions/libxt_limit.c
@@ -3,20 +3,24 @@
* Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
* Hervé Eychenne <rv@wallfire.org>
*/
-
+#define _BSD_SOURCE 1
+#define _ISOC99_SOURCE 1
+#include <math.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
-#include <stddef.h>
#include <linux/netfilter/x_tables.h>
-/* For 64bit kernel / 32bit userspace */
#include <linux/netfilter/xt_limit.h>
#define XT_LIMIT_AVG "3/hour"
#define XT_LIMIT_BURST 5
+enum {
+ O_LIMIT = 0,
+ O_BURST,
+};
+
static void limit_help(void)
{
printf(
@@ -28,18 +32,20 @@ static void limit_help(void)
XT_LIMIT_BURST);
}
-static const struct option limit_opts[] = {
- { "limit", 1, NULL, '%' },
- { "limit-burst", 1, NULL, '$' },
- { .name = NULL }
+static const struct xt_option_entry limit_opts[] = {
+ {.name = "limit", .id = O_LIMIT, .type = XTTYPE_STRING},
+ {.name = "limit-burst", .id = O_BURST, .type = XTTYPE_UINT32,
+ .flags = XTOPT_PUT, XTOPT_POINTER(struct xt_rateinfo, burst),
+ .min = 0, .max = 10000},
+ XTOPT_TABLEEND,
};
static
-int parse_rate(const char *rate, u_int32_t *val)
+int parse_rate(const char *rate, uint32_t *val)
{
const char *delim;
- u_int32_t r;
- u_int32_t mult = 1; /* Seconds by default. */
+ uint32_t r;
+ uint32_t mult = 1; /* Seconds by default. */
delim = strchr(rate, '/');
if (delim) {
@@ -61,12 +67,13 @@ int parse_rate(const char *rate, u_int32_t *val)
if (!r)
return 0;
- /* This would get mapped to infinite (1/day is minimum they
- can specify, so we're ok at that end). */
- if (r / mult > XT_LIMIT_SCALE)
- xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate);
-
*val = XT_LIMIT_SCALE * mult / r;
+ if (*val == 0)
+ /*
+ * The rate maps to infinity. (1/day is the minimum they can
+ * specify, so we are ok at that end).
+ */
+ xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate);
return 1;
}
@@ -85,76 +92,64 @@ static void limit_init(struct xt_entry_match *m)
"Sorry: burst too large for that avg rate.\n");
*/
-static int
-limit_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void limit_parse(struct xt_option_call *cb)
{
- struct xt_rateinfo *r = (struct xt_rateinfo *)(*match)->data;
- unsigned int num;
-
- switch(c) {
- case '%':
- if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
- if (!parse_rate(optarg, &r->avg))
- xtables_error(PARAMETER_PROBLEM,
- "bad rate `%s'", optarg);
- break;
+ struct xt_rateinfo *r = cb->data;
- case '$':
- if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
- if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_LIMIT:
+ if (!parse_rate(cb->arg, &r->avg))
xtables_error(PARAMETER_PROBLEM,
- "bad --limit-burst `%s'", optarg);
- r->burst = num;
+ "bad rate \"%s\"'", cb->arg);
break;
-
- default:
- return 0;
}
-
- if (invert)
+ if (cb->invert)
xtables_error(PARAMETER_PROBLEM,
"limit does not support invert");
-
- return 1;
}
static const struct rates
{
const char *name;
- u_int32_t mult;
+ uint32_t mult;
} rates[] = { { "day", XT_LIMIT_SCALE*24*60*60 },
{ "hour", XT_LIMIT_SCALE*60*60 },
{ "min", XT_LIMIT_SCALE*60 },
{ "sec", XT_LIMIT_SCALE } };
-static void print_rate(u_int32_t period)
+static void print_rate(uint32_t period)
{
unsigned int i;
+ if (period == 0) {
+ printf(" %f", INFINITY);
+ return;
+ }
+
for (i = 1; i < ARRAY_SIZE(rates); ++i)
if (period > rates[i].mult
|| rates[i].mult/period < rates[i].mult%period)
break;
- printf("%u/%s ", rates[i-1].mult / period, rates[i-1].name);
+ printf(" %u/%s", rates[i-1].mult / period, rates[i-1].name);
}
static void
limit_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_rateinfo *r = (const void *)match->data;
- printf("limit: avg "); print_rate(r->avg);
- printf("burst %u ", r->burst);
+ printf(" limit: avg"); print_rate(r->avg);
+ printf(" burst %u", r->burst);
}
static void limit_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_rateinfo *r = (const void *)match->data;
- printf("--limit "); print_rate(r->avg);
+ printf(" --limit"); print_rate(r->avg);
if (r->burst != XT_LIMIT_BURST)
- printf("--limit-burst %u ", r->burst);
+ printf(" --limit-burst %u", r->burst);
}
static struct xtables_match limit_match = {
@@ -165,10 +160,10 @@ static struct xtables_match limit_match = {
.userspacesize = offsetof(struct xt_rateinfo, prev),
.help = limit_help,
.init = limit_init,
- .parse = limit_parse,
+ .x6_parse = limit_parse,
.print = limit_print,
.save = limit_save,
- .extra_opts = limit_opts,
+ .x6_options = limit_opts,
};
void _init(void)
diff --git a/extensions/libxt_limit.man b/extensions/libxt_limit.man
index 9f51ce3..6fb94cc 100644
--- a/extensions/libxt_limit.man
+++ b/extensions/libxt_limit.man
@@ -1,8 +1,11 @@
This module matches at a limited rate using a token bucket filter.
-A rule using this extension will match until this limit is reached
-(unless the `!' flag is used). It can be used in combination with the
+A rule using this extension will match until this limit is reached.
+It can be used in combination with the
.B LOG
target to give limited logging, for example.
+.PP
+xt_limit has no negation support - you will have to use \-m hashlimit !
+\-\-hashlimit \fIrate\fP in this case whilst omitting \-\-hashlimit\-mode.
.TP
\fB\-\-limit\fP \fIrate\fP[\fB/second\fP|\fB/minute\fP|\fB/hour\fP|\fB/day\fP]
Maximum average matching rate: specified as a number, with an optional
diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c
index 00996a0..f171d15 100644
--- a/extensions/libxt_mac.c
+++ b/extensions/libxt_mac.c
@@ -1,9 +1,4 @@
-/* Shared library add-on to iptables to add MAC address support. */
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
#if defined(__GLIBC__) && __GLIBC__ == 2
#include <net/ethernet.h>
#else
@@ -12,6 +7,10 @@
#include <xtables.h>
#include <linux/netfilter/xt_mac.h>
+enum {
+ O_MAC = 0,
+};
+
static void mac_help(void)
{
printf(
@@ -20,82 +19,41 @@ static void mac_help(void)
" Match source MAC address\n");
}
-static const struct option mac_opts[] = {
- { "mac-source", 1, NULL, '1' },
- { .name = NULL }
+#define s struct xt_mac_info
+static const struct xt_option_entry mac_opts[] = {
+ {.name = "mac-source", .id = O_MAC, .type = XTTYPE_ETHERMAC,
+ .flags = XTOPT_MAND | XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(s, srcaddr)},
+ XTOPT_TABLEEND,
};
+#undef s
-static void
-parse_mac(const char *mac, struct xt_mac_info *info)
+static void mac_parse(struct xt_option_call *cb)
{
- unsigned int i = 0;
-
- if (strlen(mac) != ETH_ALEN*3-1)
- xtables_error(PARAMETER_PROBLEM, "Bad mac address \"%s\"", mac);
+ struct xt_mac_info *macinfo = cb->data;
- for (i = 0; i < ETH_ALEN; i++) {
- long number;
- char *end;
-
- number = strtol(mac + i*3, &end, 16);
-
- if (end == mac + i*3 + 2
- && number >= 0
- && number <= 255)
- info->srcaddr[i] = number;
- else
- xtables_error(PARAMETER_PROBLEM,
- "Bad mac address `%s'", mac);
- }
+ xtables_option_parse(cb);
+ if (cb->invert)
+ macinfo->invert = 1;
}
-static int
-mac_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct xt_mac_info *macinfo = (struct xt_mac_info *)(*match)->data;
-
- switch (c) {
- case '1':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_mac(optarg, macinfo);
- if (invert)
- macinfo->invert = 1;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-static void print_mac(const unsigned char macaddress[ETH_ALEN])
+static void print_mac(const unsigned char *macaddress)
{
unsigned int i;
- printf("%02X", macaddress[0]);
- for (i = 1; i < ETH_ALEN; i++)
+ printf(" %02X", macaddress[0]);
+ for (i = 1; i < ETH_ALEN; ++i)
printf(":%02X", macaddress[i]);
- printf(" ");
-}
-
-static void mac_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM,
- "You must specify `--mac-source'");
}
static void
mac_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_mac_info *info = (void *)match->data;
- printf("MAC ");
+ printf(" MAC");
if (info->invert)
- printf("! ");
+ printf(" !");
print_mac(info->srcaddr);
}
@@ -105,9 +63,9 @@ static void mac_save(const void *ip, const struct xt_entry_match *match)
const struct xt_mac_info *info = (void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mac-source ");
+ printf(" --mac-source");
print_mac(info->srcaddr);
}
@@ -118,11 +76,10 @@ static struct xtables_match mac_match = {
.size = XT_ALIGN(sizeof(struct xt_mac_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mac_info)),
.help = mac_help,
- .parse = mac_parse,
- .final_check = mac_check,
+ .x6_parse = mac_parse,
.print = mac_print,
.save = mac_save,
- .extra_opts = mac_opts,
+ .x6_options = mac_opts,
};
void _init(void)
diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c
index 8013c9a..7f8c995 100644
--- a/extensions/libxt_mark.c
+++ b/extensions/libxt_mark.c
@@ -1,21 +1,15 @@
-/* Shared library add-on to iptables to add NFMARK matching support. */
#include <stdbool.h>
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
#include <linux/netfilter/xt_mark.h>
struct xt_mark_info {
unsigned long mark, mask;
- u_int8_t invert;
+ uint8_t invert;
};
enum {
- F_MARK = 1 << 0,
+ O_MARK = 0,
};
static void mark_mt_help(void)
@@ -25,80 +19,40 @@ static void mark_mt_help(void)
"[!] --mark value[/mask] Match nfmark value with optional mask\n");
}
-static const struct option mark_mt_opts[] = {
- {.name = "mark", .has_arg = true, .val = '1'},
- { .name = NULL }
+static const struct xt_option_entry mark_mt_opts[] = {
+ {.name = "mark", .id = O_MARK, .type = XTTYPE_MARKMASK32,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
-static int mark_mt_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void mark_mt_parse(struct xt_option_call *cb)
{
- struct xt_mark_mtinfo1 *info = (void *)(*match)->data;
- unsigned int mark, mask = UINT32_MAX;
- char *end;
-
- switch (c) {
- case '1': /* --mark */
- xtables_param_act(XTF_ONLY_ONCE, "mark", "--mark", *flags & F_MARK);
- if (!xtables_strtoui(optarg, &end, &mark, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg);
- if (*end == '/')
- if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg);
- if (*end != '\0')
- xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg);
-
- if (invert)
- info->invert = true;
- info->mark = mark;
- info->mask = mask;
- *flags |= F_MARK;
- return true;
- }
- return false;
+ struct xt_mark_mtinfo1 *info = cb->data;
+
+ xtables_option_parse(cb);
+ if (cb->invert)
+ info->invert = true;
+ info->mark = cb->val.mark;
+ info->mask = cb->val.mask;
}
-static int
-mark_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void mark_parse(struct xt_option_call *cb)
{
- struct xt_mark_info *markinfo = (struct xt_mark_info *)(*match)->data;
-
- switch (c) {
- char *end;
- case '1':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- markinfo->mark = strtoul(optarg, &end, 0);
- if (*end == '/') {
- markinfo->mask = strtoul(end+1, &end, 0);
- } else
- markinfo->mask = 0xffffffff;
- if (*end != '\0' || end == optarg)
- xtables_error(PARAMETER_PROBLEM, "Bad MARK value \"%s\"", optarg);
- if (invert)
- markinfo->invert = 1;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
- return 1;
+ struct xt_mark_info *markinfo = cb->data;
+
+ xtables_option_parse(cb);
+ if (cb->invert)
+ markinfo->invert = 1;
+ markinfo->mark = cb->val.mark;
+ markinfo->mask = cb->val.mask;
}
static void print_mark(unsigned int mark, unsigned int mask)
{
if (mask != 0xffffffffU)
- printf("0x%x/0x%x ", mark, mask);
+ printf(" 0x%x/0x%x", mark, mask);
else
- printf("0x%x ", mark);
-}
-
-static void mark_mt_check(unsigned int flags)
-{
- if (flags == 0)
- xtables_error(PARAMETER_PROBLEM,
- "mark match: The --mark option is required");
+ printf(" 0x%x", mark);
}
static void
@@ -106,9 +60,9 @@ mark_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_mark_mtinfo1 *info = (const void *)match->data;
- printf("mark match ");
+ printf(" mark match");
if (info->invert)
- printf("!");
+ printf(" !");
print_mark(info->mark, info->mask);
}
@@ -117,10 +71,10 @@ mark_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_mark_info *info = (const void *)match->data;
- printf("MARK match ");
+ printf(" MARK match");
if (info->invert)
- printf("!");
+ printf(" !");
print_mark(info->mark, info->mask);
}
@@ -130,9 +84,9 @@ static void mark_mt_save(const void *ip, const struct xt_entry_match *match)
const struct xt_mark_mtinfo1 *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
@@ -142,9 +96,9 @@ mark_save(const void *ip, const struct xt_entry_match *match)
const struct xt_mark_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
@@ -157,11 +111,10 @@ static struct xtables_match mark_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_mark_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)),
.help = mark_mt_help,
- .parse = mark_parse,
- .final_check = mark_mt_check,
.print = mark_print,
.save = mark_save,
- .extra_opts = mark_mt_opts,
+ .x6_parse = mark_parse,
+ .x6_options = mark_mt_opts,
},
{
.version = XTABLES_VERSION,
@@ -171,11 +124,10 @@ static struct xtables_match mark_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
.help = mark_mt_help,
- .parse = mark_mt_parse,
- .final_check = mark_mt_check,
.print = mark_mt_print,
.save = mark_mt_save,
- .extra_opts = mark_mt_opts,
+ .x6_parse = mark_mt_parse,
+ .x6_options = mark_mt_opts,
},
};
diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c
index e8a0dab..03af5a9 100644
--- a/extensions/libxt_multiport.c
+++ b/extensions/libxt_multiport.c
@@ -1,18 +1,23 @@
-/* Shared library add-on to iptables to add multiple TCP port support. */
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
-#include <libiptc/libiptc.h>
-#include <libiptc/libip6tc.h>
#include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <linux/netfilter/xt_multiport.h>
+enum {
+ O_SOURCE_PORTS = 0,
+ O_DEST_PORTS,
+ O_SD_PORTS,
+ F_SOURCE_PORTS = 1 << O_SOURCE_PORTS,
+ F_DEST_PORTS = 1 << O_DEST_PORTS,
+ F_SD_PORTS = 1 << O_SD_PORTS,
+ F_ANY = F_SOURCE_PORTS | F_DEST_PORTS | F_SD_PORTS,
+};
+
/* Function which prints out usage message. */
static void multiport_help(void)
{
@@ -43,17 +48,22 @@ static void multiport_help_v1(void)
" match both source and destination port(s)\n");
}
-static const struct option multiport_opts[] = {
- { "source-ports", 1, NULL, '1' },
- { "sports", 1, NULL, '1' }, /* synonym */
- { "destination-ports", 1, NULL, '2' },
- { "dports", 1, NULL, '2' }, /* synonym */
- { "ports", 1, NULL, '3' },
- { .name = NULL }
+static const struct xt_option_entry multiport_opts[] = {
+ {.name = "source-ports", .id = O_SOURCE_PORTS, .type = XTTYPE_STRING,
+ .excl = F_ANY, .flags = XTOPT_INVERT},
+ {.name = "sports", .id = O_SOURCE_PORTS, .type = XTTYPE_STRING,
+ .excl = F_ANY, .flags = XTOPT_INVERT},
+ {.name = "destination-ports", .id = O_DEST_PORTS,
+ .type = XTTYPE_STRING, .excl = F_ANY, .flags = XTOPT_INVERT},
+ {.name = "dports", .id = O_DEST_PORTS, .type = XTTYPE_STRING,
+ .excl = F_ANY, .flags = XTOPT_INVERT},
+ {.name = "ports", .id = O_SD_PORTS, .type = XTTYPE_STRING,
+ .excl = F_ANY, .flags = XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
-static char *
-proto_to_name(u_int8_t proto)
+static const char *
+proto_to_name(uint8_t proto)
{
switch (proto) {
case IPPROTO_TCP:
@@ -72,7 +82,7 @@ proto_to_name(u_int8_t proto)
}
static unsigned int
-parse_multi_ports(const char *portstring, u_int16_t *ports, const char *proto)
+parse_multi_ports(const char *portstring, uint16_t *ports, const char *proto)
{
char *buffer, *cp, *next;
unsigned int i;
@@ -98,7 +108,7 @@ parse_multi_ports_v1(const char *portstring,
{
char *buffer, *cp, *next, *range;
unsigned int i;
- u_int16_t m;
+ uint16_t m;
buffer = strdup(portstring);
if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
@@ -132,9 +142,9 @@ parse_multi_ports_v1(const char *portstring,
}
static const char *
-check_proto(u_int16_t pnum, u_int8_t invflags)
+check_proto(uint16_t pnum, uint8_t invflags)
{
- char *proto;
+ const char *proto;
if (invflags & XT_INV_PROTO)
xtables_error(PARAMETER_PROBLEM,
@@ -151,149 +161,104 @@ check_proto(u_int16_t pnum, u_int8_t invflags)
"multiport only works with TCP, UDP, UDPLITE, SCTP and DCCP");
}
-/* Function which parses command options; returns true if it
- ate an option */
-static int
-__multiport_parse(int c, char **argv, int invert, unsigned int *flags,
- struct xt_entry_match **match, u_int16_t pnum,
- u_int8_t invflags)
+static void __multiport_parse(struct xt_option_call *cb, uint16_t pnum,
+ uint8_t invflags)
{
const char *proto;
- struct xt_multiport *multiinfo
- = (struct xt_multiport *)(*match)->data;
+ struct xt_multiport *multiinfo = cb->data;
- switch (c) {
- case '1':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SOURCE_PORTS:
proto = check_proto(pnum, invflags);
- multiinfo->count = parse_multi_ports(optarg,
+ multiinfo->count = parse_multi_ports(cb->arg,
multiinfo->ports, proto);
multiinfo->flags = XT_MULTIPORT_SOURCE;
break;
-
- case '2':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+ case O_DEST_PORTS:
proto = check_proto(pnum, invflags);
- multiinfo->count = parse_multi_ports(optarg,
+ multiinfo->count = parse_multi_ports(cb->arg,
multiinfo->ports, proto);
multiinfo->flags = XT_MULTIPORT_DESTINATION;
break;
-
- case '3':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+ case O_SD_PORTS:
proto = check_proto(pnum, invflags);
- multiinfo->count = parse_multi_ports(optarg,
+ multiinfo->count = parse_multi_ports(cb->arg,
multiinfo->ports, proto);
multiinfo->flags = XT_MULTIPORT_EITHER;
break;
-
- default:
- return 0;
}
-
- if (invert)
+ if (cb->invert)
xtables_error(PARAMETER_PROBLEM,
- "multiport does not support invert");
-
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "multiport can only have one option");
- *flags = 1;
- return 1;
+ "multiport.0 does not support invert");
}
-static int
-multiport_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *e, struct xt_entry_match **match)
+static void multiport_parse(struct xt_option_call *cb)
{
- const struct ipt_entry *entry = e;
- return __multiport_parse(c, argv, invert, flags, match,
+ const struct ipt_entry *entry = cb->xt_entry;
+ return __multiport_parse(cb,
entry->ip.proto, entry->ip.invflags);
}
-static int
-multiport_parse6(int c, char **argv, int invert, unsigned int *flags,
- const void *e, struct xt_entry_match **match)
+static void multiport_parse6(struct xt_option_call *cb)
{
- const struct ip6t_entry *entry = e;
- return __multiport_parse(c, argv, invert, flags, match,
+ const struct ip6t_entry *entry = cb->xt_entry;
+ return __multiport_parse(cb,
entry->ipv6.proto, entry->ipv6.invflags);
}
-static int
-__multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags,
- struct xt_entry_match **match, u_int16_t pnum,
- u_int8_t invflags)
+static void __multiport_parse_v1(struct xt_option_call *cb, uint16_t pnum,
+ uint8_t invflags)
{
const char *proto;
- struct xt_multiport_v1 *multiinfo
- = (struct xt_multiport_v1 *)(*match)->data;
+ struct xt_multiport_v1 *multiinfo = cb->data;
- switch (c) {
- case '1':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SOURCE_PORTS:
proto = check_proto(pnum, invflags);
- parse_multi_ports_v1(optarg, multiinfo, proto);
+ parse_multi_ports_v1(cb->arg, multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_SOURCE;
break;
-
- case '2':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+ case O_DEST_PORTS:
proto = check_proto(pnum, invflags);
- parse_multi_ports_v1(optarg, multiinfo, proto);
+ parse_multi_ports_v1(cb->arg, multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_DESTINATION;
break;
-
- case '3':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+ case O_SD_PORTS:
proto = check_proto(pnum, invflags);
- parse_multi_ports_v1(optarg, multiinfo, proto);
+ parse_multi_ports_v1(cb->arg, multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_EITHER;
break;
-
- default:
- return 0;
}
-
- if (invert)
+ if (cb->invert)
multiinfo->invert = 1;
-
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "multiport can only have one option");
- *flags = 1;
- return 1;
}
-static int
-multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags,
- const void *e, struct xt_entry_match **match)
+static void multiport_parse_v1(struct xt_option_call *cb)
{
- const struct ipt_entry *entry = e;
- return __multiport_parse_v1(c, argv, invert, flags, match,
+ const struct ipt_entry *entry = cb->xt_entry;
+ return __multiport_parse_v1(cb,
entry->ip.proto, entry->ip.invflags);
}
-static int
-multiport_parse6_v1(int c, char **argv, int invert, unsigned int *flags,
- const void *e, struct xt_entry_match **match)
+static void multiport_parse6_v1(struct xt_option_call *cb)
{
- const struct ip6t_entry *entry = e;
- return __multiport_parse_v1(c, argv, invert, flags, match,
+ const struct ip6t_entry *entry = cb->xt_entry;
+ return __multiport_parse_v1(cb,
entry->ipv6.proto, entry->ipv6.invflags);
}
-/* Final check; must specify something. */
-static void multiport_check(unsigned int flags)
+static void multiport_check(struct xt_fcheck_call *cb)
{
- if (!flags)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM, "multiport expection an option");
}
-static char *
-port_to_service(int port, u_int8_t proto)
+static const char *
+port_to_service(int port, uint8_t proto)
{
- struct servent *service;
+ const struct servent *service;
if ((service = getservbyport(htons(port), proto_to_name(proto))))
return service->s_name;
@@ -302,9 +267,9 @@ port_to_service(int port, u_int8_t proto)
}
static void
-print_port(u_int16_t port, u_int8_t protocol, int numeric)
+print_port(uint16_t port, uint8_t protocol, int numeric)
{
- char *service;
+ const char *service;
if (numeric || (service = port_to_service(port, protocol)) == NULL)
printf("%u", port);
@@ -312,16 +277,15 @@ print_port(u_int16_t port, u_int8_t protocol, int numeric)
printf("%s", service);
}
-/* Prints out the matchinfo. */
static void
__multiport_print(const struct xt_entry_match *match, int numeric,
- u_int16_t proto)
+ uint16_t proto)
{
const struct xt_multiport *multiinfo
= (const struct xt_multiport *)match->data;
unsigned int i;
- printf("multiport ");
+ printf(" multiport ");
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
@@ -345,7 +309,6 @@ __multiport_print(const struct xt_entry_match *match, int numeric,
printf("%s", i ? "," : "");
print_port(multiinfo->ports[i], proto, numeric);
}
- printf(" ");
}
static void multiport_print(const void *ip_void,
@@ -363,13 +326,13 @@ static void multiport_print6(const void *ip_void,
}
static void __multiport_print_v1(const struct xt_entry_match *match,
- int numeric, u_int16_t proto)
+ int numeric, uint16_t proto)
{
const struct xt_multiport_v1 *multiinfo
= (const struct xt_multiport_v1 *)match->data;
unsigned int i;
- printf("multiport ");
+ printf(" multiport ");
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
@@ -390,7 +353,7 @@ static void __multiport_print_v1(const struct xt_entry_match *match,
}
if (multiinfo->invert)
- printf("! ");
+ printf(" !");
for (i=0; i < multiinfo->count; i++) {
printf("%s", i ? "," : "");
@@ -400,7 +363,6 @@ static void __multiport_print_v1(const struct xt_entry_match *match,
print_port(multiinfo->ports[++i], proto, numeric);
}
}
- printf(" ");
}
static void multiport_print_v1(const void *ip_void,
@@ -417,9 +379,8 @@ static void multiport_print6_v1(const void *ip_void,
__multiport_print_v1(match, numeric, ip->proto);
}
-/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void __multiport_save(const struct xt_entry_match *match,
- u_int16_t proto)
+ uint16_t proto)
{
const struct xt_multiport *multiinfo
= (const struct xt_multiport *)match->data;
@@ -427,15 +388,15 @@ static void __multiport_save(const struct xt_entry_match *match,
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
- printf("--sports ");
+ printf(" --sports ");
break;
case XT_MULTIPORT_DESTINATION:
- printf("--dports ");
+ printf(" --dports ");
break;
case XT_MULTIPORT_EITHER:
- printf("--ports ");
+ printf(" --ports ");
break;
}
@@ -443,7 +404,6 @@ static void __multiport_save(const struct xt_entry_match *match,
printf("%s", i ? "," : "");
print_port(multiinfo->ports[i], proto, 1);
}
- printf(" ");
}
static void multiport_save(const void *ip_void,
@@ -461,26 +421,26 @@ static void multiport_save6(const void *ip_void,
}
static void __multiport_save_v1(const struct xt_entry_match *match,
- u_int16_t proto)
+ uint16_t proto)
{
const struct xt_multiport_v1 *multiinfo
= (const struct xt_multiport_v1 *)match->data;
unsigned int i;
if (multiinfo->invert)
- printf("! ");
+ printf(" !");
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
- printf("--sports ");
+ printf(" --sports ");
break;
case XT_MULTIPORT_DESTINATION:
- printf("--dports ");
+ printf(" --dports ");
break;
case XT_MULTIPORT_EITHER:
- printf("--ports ");
+ printf(" --ports ");
break;
}
@@ -492,7 +452,6 @@ static void __multiport_save_v1(const struct xt_entry_match *match,
print_port(multiinfo->ports[++i], proto, 1);
}
}
- printf(" ");
}
static void multiport_save_v1(const void *ip_void,
@@ -518,11 +477,11 @@ static struct xtables_match multiport_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_multiport)),
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
.help = multiport_help,
- .parse = multiport_parse,
- .final_check = multiport_check,
+ .x6_parse = multiport_parse,
+ .x6_fcheck = multiport_check,
.print = multiport_print,
.save = multiport_save,
- .extra_opts = multiport_opts,
+ .x6_options = multiport_opts,
},
{
.family = NFPROTO_IPV6,
@@ -532,11 +491,11 @@ static struct xtables_match multiport_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_multiport)),
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
.help = multiport_help,
- .parse = multiport_parse6,
- .final_check = multiport_check,
+ .x6_parse = multiport_parse6,
+ .x6_fcheck = multiport_check,
.print = multiport_print6,
.save = multiport_save6,
- .extra_opts = multiport_opts,
+ .x6_options = multiport_opts,
},
{
.family = NFPROTO_IPV4,
@@ -546,11 +505,11 @@ static struct xtables_match multiport_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
.help = multiport_help_v1,
- .parse = multiport_parse_v1,
- .final_check = multiport_check,
+ .x6_parse = multiport_parse_v1,
+ .x6_fcheck = multiport_check,
.print = multiport_print_v1,
.save = multiport_save_v1,
- .extra_opts = multiport_opts,
+ .x6_options = multiport_opts,
},
{
.family = NFPROTO_IPV6,
@@ -560,11 +519,11 @@ static struct xtables_match multiport_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
.help = multiport_help_v1,
- .parse = multiport_parse6_v1,
- .final_check = multiport_check,
+ .x6_parse = multiport_parse6_v1,
+ .x6_fcheck = multiport_check,
.print = multiport_print6_v1,
.save = multiport_save6_v1,
- .extra_opts = multiport_opts,
+ .x6_options = multiport_opts,
},
};
diff --git a/extensions/libxt_multiport.man b/extensions/libxt_multiport.man
index caf5c56..7eb083e 100644
--- a/extensions/libxt_multiport.man
+++ b/extensions/libxt_multiport.man
@@ -1,9 +1,8 @@
This module matches a set of source or destination ports. Up to 15
ports can be specified. A port range (port:port) counts as two
-ports. It can only be used in conjunction with
-\fB\-p tcp\fP
-or
-\fB\-p udp\fP.
+ports. It can only be used in conjunction with one of the
+following protocols:
+\fBtcp\fP, \fBudp\fP, \fBudplite\fP, \fBdccp\fP and \fBsctp\fP.
.TP
[\fB!\fP] \fB\-\-source\-ports\fP,\fB\-\-sports\fP \fIport\fP[\fB,\fP\fIport\fP|\fB,\fP\fIport\fP\fB:\fP\fIport\fP]...
Match if the source port is one of the given ports. The flag
diff --git a/extensions/libxt_nfacct.c b/extensions/libxt_nfacct.c
new file mode 100644
index 0000000..2ad59d5
--- /dev/null
+++ b/extensions/libxt_nfacct.c
@@ -0,0 +1,89 @@
+/*
+ * (C) 2011 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2011 by Intra2Net AG <http://www.intra2net.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 (or
+ * any later at your option) as published by the Free Software Foundation.
+ */
+#include <stdbool.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <getopt.h>
+#include <xtables.h>
+
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_nfacct.h>
+
+enum {
+ O_NAME = 0,
+};
+
+#define s struct xt_nfacct_match_info
+static const struct xt_option_entry nfacct_opts[] = {
+ {.name = "nfacct-name", .id = O_NAME, .type = XTTYPE_STRING,
+ .min = 1, .flags = XTOPT_MAND|XTOPT_PUT, XTOPT_POINTER(s, name)},
+ XTOPT_TABLEEND,
+};
+#undef s
+
+static void nfacct_help(void)
+{
+ printf("nfacct match options:\n"
+ " --nfacct-name STRING Name of accouting area\n");
+}
+
+static void nfacct_parse(struct xt_option_call *cb)
+{
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_NAME:
+ if (strchr(cb->arg, '\n') != NULL)
+ xtables_error(PARAMETER_PROBLEM,
+ "Newlines not allowed in --nfacct-name");
+ break;
+ }
+}
+
+static void
+nfacct_print_name(const struct xt_nfacct_match_info *info, char *name)
+{
+ printf(" %snfacct-name ", name);
+ xtables_save_string(info->name);
+}
+
+static void nfacct_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ const struct xt_nfacct_match_info *info =
+ (struct xt_nfacct_match_info *)match->data;
+
+ nfacct_print_name(info, "");
+}
+
+static void nfacct_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_nfacct_match_info *info =
+ (struct xt_nfacct_match_info *)match->data;
+
+ nfacct_print_name(info, "--");
+}
+
+static struct xtables_match nfacct_match = {
+ .family = NFPROTO_UNSPEC,
+ .name = "nfacct",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_nfacct_match_info)),
+ .userspacesize = offsetof(struct xt_nfacct_match_info, nfacct),
+ .help = nfacct_help,
+ .x6_parse = nfacct_parse,
+ .print = nfacct_print,
+ .save = nfacct_save,
+ .x6_options = nfacct_opts,
+};
+
+void _init(void)
+{
+ xtables_register_match(&nfacct_match);
+}
diff --git a/extensions/libxt_nfacct.man b/extensions/libxt_nfacct.man
new file mode 100644
index 0000000..b755f97
--- /dev/null
+++ b/extensions/libxt_nfacct.man
@@ -0,0 +1,30 @@
+The nfacct match provides the extended accounting infrastructure for iptables.
+You have to use this match together with the standalone user-space utility
+.B nfacct(8)
+.PP
+The only option available for this match is the following:
+.TP
+\fB\-\-nfacct\-name\fP \fIname\fP
+This allows you to specify the existing object name that will be use for
+accounting the traffic that this rule-set is matching.
+.PP
+To use this extension, you have to create an accounting object:
+.IP
+nfacct add http\-traffic
+.PP
+Then, you have to attach it to the accounting object via iptables:
+.IP
+iptables \-I INPUT \-p tcp \-\-sport 80 \-m nfacct \-\-nfacct\-name http\-traffic
+.IP
+iptables \-I OUTPUT \-p tcp \-\-dport 80 \-m nfacct \-\-nfacct\-name http\-traffic
+.PP
+Then, you can check for the amount of traffic that the rules match:
+.IP
+nfacct get http\-traffic
+.IP
+{ pkts = 00000000000000000156, bytes = 00000000000000151786 } = http-traffic;
+.PP
+You can obtain
+.B nfacct(8)
+from http://www.netfilter.org or, alternatively, from the git.netfilter.org
+repository.
diff --git a/extensions/libxt_osf.c b/extensions/libxt_osf.c
index 07b86e4..52dba47 100644
--- a/extensions/libxt_osf.c
+++ b/extensions/libxt_osf.c
@@ -20,23 +20,19 @@
/*
* xtables interface for OS fingerprint matching module.
*/
-
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <ctype.h>
-
-#include <linux/types.h>
-
#include <xtables.h>
-
#include <netinet/ip.h>
#include <netinet/tcp.h>
-
#include <linux/netfilter/xt_osf.h>
+enum {
+ O_GENRE = 0,
+ O_TTL,
+ O_LOGLEVEL,
+};
+
static void osf_help(void)
{
printf("OS fingerprint match options:\n"
@@ -52,87 +48,58 @@ static void osf_help(void)
);
}
-
-static const struct option osf_opts[] = {
- { .name = "genre", .has_arg = true, .val = '1' },
- { .name = "ttl", .has_arg = true, .val = '2' },
- { .name = "log", .has_arg = true, .val = '3' },
- { .name = NULL }
+#define s struct xt_osf_info
+static const struct xt_option_entry osf_opts[] = {
+ {.name = "genre", .id = O_GENRE, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(s, genre)},
+ {.name = "ttl", .id = O_TTL, .type = XTTYPE_UINT32,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl), .min = 0, .max = 2},
+ {.name = "log", .id = O_LOGLEVEL, .type = XTTYPE_UINT32,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, loglevel), .min = 0, .max = 2},
+ XTOPT_TABLEEND,
};
+#undef s
-
-static void osf_parse_string(const char *s, struct xt_osf_info *info)
+static void osf_parse(struct xt_option_call *cb)
{
- if (strlen(s) < MAXGENRELEN)
- strcpy(info->genre, s);
- else
- xtables_error(PARAMETER_PROBLEM,
- "Genre string too long `%s' [%zd], max=%d",
- s, strlen(s), MAXGENRELEN);
-}
-
-static int osf_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- struct xt_entry_match **match)
-{
- struct xt_osf_info *info = (struct xt_osf_info *)(*match)->data;
+ struct xt_osf_info *info = cb->data;
- switch(c) {
- case '1': /* --genre */
- if (*flags & XT_OSF_GENRE)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple genre parameter");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- osf_parse_string(argv[optind-1], info);
- if (invert)
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_GENRE:
+ if (cb->invert)
info->flags |= XT_OSF_INVERT;
- info->len=strlen(info->genre);
- *flags |= XT_OSF_GENRE;
+ info->len = strlen(info->genre);
break;
- case '2': /* --ttl */
- if (*flags & XT_OSF_TTL)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple ttl parameter");
- *flags |= XT_OSF_TTL;
+ case O_TTL:
info->flags |= XT_OSF_TTL;
- if (!xtables_strtoui(argv[optind-1], NULL, &info->ttl, 0, 2))
- xtables_error(PARAMETER_PROBLEM, "TTL parameter is too big");
break;
- case '3': /* --log */
- if (*flags & XT_OSF_LOG)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple log parameter");
- *flags |= XT_OSF_LOG;
- if (!xtables_strtoui(argv[optind-1], NULL, &info->loglevel, 0, 2))
- xtables_error(PARAMETER_PROBLEM, "Log level parameter is too big");
+ case O_LOGLEVEL:
info->flags |= XT_OSF_LOG;
break;
- default:
- return 0;
}
-
- return 1;
-}
-
-static void osf_final_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM,
- "OS fingerprint match: You must specify `--genre'");
}
static void osf_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_osf_info *info = (const struct xt_osf_info*) match->data;
- printf("OS fingerprint match %s%s ", (info->flags & XT_OSF_INVERT) ? "! " : "", info->genre);
+ printf(" OS fingerprint match %s%s", (info->flags & XT_OSF_INVERT) ? "! " : "", info->genre);
}
static void osf_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_osf_info *info = (const struct xt_osf_info*) match->data;
- printf("--genre %s%s ", (info->flags & XT_OSF_INVERT) ? "! ": "", info->genre);
+ if (info->flags & XT_OSF_INVERT)
+ printf(" !");
+
+ printf(" --genre %s", info->genre);
+ if (info->flags & XT_OSF_TTL)
+ printf(" --ttl %u", info->ttl);
+ if (info->flags & XT_OSF_LOG)
+ printf(" --log %u", info->loglevel);
}
static struct xtables_match osf_match = {
@@ -141,12 +108,11 @@ static struct xtables_match osf_match = {
.size = XT_ALIGN(sizeof(struct xt_osf_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_osf_info)),
.help = osf_help,
- .parse = osf_parse,
+ .x6_parse = osf_parse,
.print = osf_print,
- .final_check = osf_final_check,
.save = osf_save,
- .extra_opts = osf_opts,
- .family = NFPROTO_IPV4
+ .x6_options = osf_opts,
+ .family = NFPROTO_IPV4,
};
void _init(void)
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index b595d97..d9adc12 100644
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -4,16 +4,11 @@
* Copyright © CC Computer Consultants GmbH, 2007 - 2008
* Jan Engelhardt <jengelh@computergmbh.de>
*/
-#include <getopt.h>
#include <grp.h>
-#include <netdb.h>
#include <pwd.h>
#include <stdbool.h>
#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
#include <limits.h>
-
#include <xtables.h>
#include <linux/netfilter/xt_owner.h>
@@ -37,7 +32,7 @@ struct ipt_owner_info {
pid_t pid;
pid_t sid;
char comm[16];
- u_int8_t match, invert; /* flags */
+ uint8_t match, invert; /* flags */
};
struct ip6t_owner_info {
@@ -46,7 +41,7 @@ struct ip6t_owner_info {
pid_t pid;
pid_t sid;
char comm[16];
- u_int8_t match, invert; /* flags */
+ uint8_t match, invert; /* flags */
};
/*
@@ -55,17 +50,16 @@ struct ip6t_owner_info {
*/
enum {
- FLAG_UID_OWNER = 1 << 0,
- FLAG_GID_OWNER = 1 << 1,
- FLAG_SOCKET_EXISTS = 1 << 2,
- FLAG_PID_OWNER = 1 << 3,
- FLAG_SID_OWNER = 1 << 4,
- FLAG_COMM = 1 << 5,
+ O_USER = 0,
+ O_GROUP,
+ O_SOCK_EXISTS,
+ O_PROCESS,
+ O_SESSION,
+ O_COMM,
};
static void owner_mt_help_v0(void)
{
-#ifdef IPT_OWNER_COMM
printf(
"owner match options:\n"
"[!] --uid-owner userid Match local UID\n"
@@ -74,15 +68,6 @@ static void owner_mt_help_v0(void)
"[!] --sid-owner sessionid Match local SID\n"
"[!] --cmd-owner name Match local command name\n"
"NOTE: PID, SID and command matching are broken on SMP\n");
-#else
- printf(
-"owner match options:\n"
-"[!] --uid-owner userid Match local UID\n"
-"[!] --gid-owner groupid Match local GID\n"
-"[!] --pid-owner processid Match local PID\n"
-"[!] --sid-owner sessionid Match local SID\n"
-"NOTE: PID and SID matching are broken on SMP\n");
-#endif /* IPT_OWNER_COMM */
}
static void owner_mt6_help_v0(void)
@@ -105,174 +90,137 @@ static void owner_mt_help(void)
"[!] --socket-exists Match if socket exists\n");
}
-static const struct option owner_mt_opts_v0[] = {
- {.name = "uid-owner", .has_arg = true, .val = 'u'},
- {.name = "gid-owner", .has_arg = true, .val = 'g'},
- {.name = "pid-owner", .has_arg = true, .val = 'p'},
- {.name = "sid-owner", .has_arg = true, .val = 's'},
-#ifdef IPT_OWNER_COMM
- {.name = "cmd-owner", .has_arg = true, .val = 'c'},
-#endif
- { .name = NULL }
+#define s struct ipt_owner_info
+static const struct xt_option_entry owner_mt_opts_v0[] = {
+ {.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "pid-owner", .id = O_PROCESS, .type = XTTYPE_UINT32,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, pid),
+ .max = INT_MAX},
+ {.name = "sid-owner", .id = O_SESSION, .type = XTTYPE_UINT32,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, sid),
+ .max = INT_MAX},
+ {.name = "cmd-owner", .id = O_COMM, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, comm)},
+ XTOPT_TABLEEND,
};
-
-static const struct option owner_mt6_opts_v0[] = {
- {.name = "uid-owner", .has_arg = true, .val = 'u'},
- {.name = "gid-owner", .has_arg = true, .val = 'g'},
- {.name = "pid-owner", .has_arg = true, .val = 'p'},
- {.name = "sid-owner", .has_arg = true, .val = 's'},
- { .name = NULL }
+#undef s
+
+#define s struct ip6t_owner_info
+static const struct xt_option_entry owner_mt6_opts_v0[] = {
+ {.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "pid-owner", .id = O_PROCESS, .type = XTTYPE_UINT32,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, pid),
+ .max = INT_MAX},
+ {.name = "sid-owner", .id = O_SESSION, .type = XTTYPE_UINT32,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, sid),
+ .max = INT_MAX},
+ XTOPT_TABLEEND,
};
-
-static const struct option owner_mt_opts[] = {
- {.name = "uid-owner", .has_arg = true, .val = 'u'},
- {.name = "gid-owner", .has_arg = true, .val = 'g'},
- {.name = "socket-exists", .has_arg = false, .val = 'k'},
- { .name = NULL }
+#undef s
+
+static const struct xt_option_entry owner_mt_opts[] = {
+ {.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "socket-exists", .id = O_SOCK_EXISTS, .type = XTTYPE_NONE,
+ .flags = XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
-static int
-owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void owner_mt_parse_v0(struct xt_option_call *cb)
{
- struct ipt_owner_info *info = (void *)(*match)->data;
+ struct ipt_owner_info *info = cb->data;
struct passwd *pwd;
struct group *grp;
unsigned int id;
- switch (c) {
- case 'u':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER);
- if ((pwd = getpwnam(optarg)) != NULL)
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_USER:
+ if ((pwd = getpwnam(cb->arg)) != NULL)
id = pwd->pw_uid;
- else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1))
- xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", optarg);
- if (invert)
+ else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", cb->arg);
+ if (cb->invert)
info->invert |= IPT_OWNER_UID;
info->match |= IPT_OWNER_UID;
info->uid = id;
- *flags |= FLAG_UID_OWNER;
- return true;
-
- case 'g':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER);
- if ((grp = getgrnam(optarg)) != NULL)
+ break;
+ case O_GROUP:
+ if ((grp = getgrnam(cb->arg)) != NULL)
id = grp->gr_gid;
- else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1))
- xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", optarg);
- if (invert)
+ else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", cb->arg);
+ if (cb->invert)
info->invert |= IPT_OWNER_GID;
info->match |= IPT_OWNER_GID;
info->gid = id;
- *flags |= FLAG_GID_OWNER;
- return true;
-
- case 'p':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER);
- if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX))
- xtables_param_act(XTF_BAD_VALUE, "owner", "--pid-owner", optarg);
- if (invert)
+ break;
+ case O_PROCESS:
+ if (cb->invert)
info->invert |= IPT_OWNER_PID;
info->match |= IPT_OWNER_PID;
- info->pid = id;
- *flags |= FLAG_PID_OWNER;
- return true;
-
- case 's':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER);
- if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX))
- xtables_param_act(XTF_BAD_VALUE, "owner", "--sid-value", optarg);
- if (invert)
+ break;
+ case O_SESSION:
+ if (cb->invert)
info->invert |= IPT_OWNER_SID;
info->match |= IPT_OWNER_SID;
- info->sid = id;
- *flags |= FLAG_SID_OWNER;
- return true;
-
-#ifdef IPT_OWNER_COMM
- case 'c':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--cmd-owner", *flags & FLAG_COMM);
- if (strlen(optarg) > sizeof(info->comm))
- xtables_error(PARAMETER_PROBLEM, "owner match: command "
- "\"%s\" too long, max. %zu characters",
- optarg, sizeof(info->comm));
-
- info->comm[sizeof(info->comm)-1] = '\0';
- strncpy(info->comm, optarg, sizeof(info->comm));
-
- if (invert)
+ break;
+ case O_COMM:
+ if (cb->invert)
info->invert |= IPT_OWNER_COMM;
info->match |= IPT_OWNER_COMM;
- *flags |= FLAG_COMM;
- return true;
-#endif
+ break;
}
- return false;
}
-static int
-owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void owner_mt6_parse_v0(struct xt_option_call *cb)
{
- struct ip6t_owner_info *info = (void *)(*match)->data;
+ struct ip6t_owner_info *info = cb->data;
struct passwd *pwd;
struct group *grp;
unsigned int id;
- switch (c) {
- case 'u':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner",
- *flags & FLAG_UID_OWNER);
- if ((pwd = getpwnam(optarg)) != NULL)
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_USER:
+ if ((pwd = getpwnam(cb->arg)) != NULL)
id = pwd->pw_uid;
- else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1))
- xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", optarg);
- if (invert)
+ else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", cb->arg);
+ if (cb->invert)
info->invert |= IP6T_OWNER_UID;
info->match |= IP6T_OWNER_UID;
info->uid = id;
- *flags |= FLAG_UID_OWNER;
- return true;
-
- case 'g':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner",
- *flags & FLAG_GID_OWNER);
- if ((grp = getgrnam(optarg)) != NULL)
+ break;
+ case O_GROUP:
+ if ((grp = getgrnam(cb->arg)) != NULL)
id = grp->gr_gid;
- else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1))
- xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", optarg);
- if (invert)
+ else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1))
+ xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", cb->arg);
+ if (cb->invert)
info->invert |= IP6T_OWNER_GID;
info->match |= IP6T_OWNER_GID;
info->gid = id;
- *flags |= FLAG_GID_OWNER;
- return true;
-
- case 'p':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--pid-owner",
- *flags & FLAG_PID_OWNER);
- if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX))
- xtables_param_act(XTF_BAD_VALUE, "owner", "--pid-owner", optarg);
- if (invert)
+ break;
+ case O_PROCESS:
+ if (cb->invert)
info->invert |= IP6T_OWNER_PID;
info->match |= IP6T_OWNER_PID;
- info->pid = id;
- *flags |= FLAG_PID_OWNER;
- return true;
-
- case 's':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--sid-owner",
- *flags & FLAG_SID_OWNER);
- if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX))
- xtables_param_act(XTF_BAD_VALUE, "owner", "--sid-owner", optarg);
- if (invert)
+ break;
+ case O_SESSION:
+ if (cb->invert)
info->invert |= IP6T_OWNER_SID;
info->match |= IP6T_OWNER_SID;
- info->sid = id;
- *flags |= FLAG_SID_OWNER;
- return true;
+ break;
}
- return false;
}
static void owner_parse_range(const char *s, unsigned int *from,
@@ -291,61 +239,48 @@ static void owner_parse_range(const char *s, unsigned int *from,
xtables_param_act(XTF_BAD_VALUE, "owner", opt, s);
}
-static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void owner_mt_parse(struct xt_option_call *cb)
{
- struct xt_owner_match_info *info = (void *)(*match)->data;
+ struct xt_owner_match_info *info = cb->data;
struct passwd *pwd;
struct group *grp;
unsigned int from, to;
- switch (c) {
- case 'u':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner",
- *flags & FLAG_UID_OWNER);
- if ((pwd = getpwnam(optarg)) != NULL)
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_USER:
+ if ((pwd = getpwnam(cb->arg)) != NULL)
from = to = pwd->pw_uid;
else
- owner_parse_range(optarg, &from, &to, "--uid-owner");
- if (invert)
+ owner_parse_range(cb->arg, &from, &to, "--uid-owner");
+ if (cb->invert)
info->invert |= XT_OWNER_UID;
info->match |= XT_OWNER_UID;
info->uid_min = from;
info->uid_max = to;
- *flags |= FLAG_UID_OWNER;
- return true;
-
- case 'g':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner",
- *flags & FLAG_GID_OWNER);
- if ((grp = getgrnam(optarg)) != NULL)
+ break;
+ case O_GROUP:
+ if ((grp = getgrnam(cb->arg)) != NULL)
from = to = grp->gr_gid;
else
- owner_parse_range(optarg, &from, &to, "--gid-owner");
- if (invert)
+ owner_parse_range(cb->arg, &from, &to, "--gid-owner");
+ if (cb->invert)
info->invert |= XT_OWNER_GID;
info->match |= XT_OWNER_GID;
info->gid_min = from;
info->gid_max = to;
- *flags |= FLAG_GID_OWNER;
- return true;
-
- case 'k':
- xtables_param_act(XTF_ONLY_ONCE, "owner", "--socket-exists",
- *flags & FLAG_SOCKET_EXISTS);
- if (invert)
+ break;
+ case O_SOCK_EXISTS:
+ if (cb->invert)
info->invert |= XT_OWNER_SOCKET;
info->match |= XT_OWNER_SOCKET;
- *flags |= FLAG_SOCKET_EXISTS;
- return true;
-
+ break;
}
- return false;
}
-static void owner_mt_check(unsigned int flags)
+static void owner_mt_check(struct xt_fcheck_call *cb)
{
- if (flags == 0)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM, "owner: At least one of "
"--uid-owner, --gid-owner or --socket-exists "
"is required");
@@ -353,13 +288,13 @@ static void owner_mt_check(unsigned int flags)
static void
owner_mt_print_item_v0(const struct ipt_owner_info *info, const char *label,
- u_int8_t flag, bool numeric)
+ uint8_t flag, bool numeric)
{
if (!(info->match & flag))
return;
if (info->invert & flag)
- printf("! ");
- printf("%s ", label);
+ printf(" !");
+ printf(" %s", label);
switch (info->match & flag) {
case IPT_OWNER_UID:
@@ -367,11 +302,11 @@ owner_mt_print_item_v0(const struct ipt_owner_info *info, const char *label,
struct passwd *pwd = getpwuid(info->uid);
if (pwd != NULL && pwd->pw_name != NULL) {
- printf("%s ", pwd->pw_name);
+ printf(" %s", pwd->pw_name);
break;
}
}
- printf("%u ", (unsigned int)info->uid);
+ printf(" %u", (unsigned int)info->uid);
break;
case IPT_OWNER_GID:
@@ -379,38 +314,36 @@ owner_mt_print_item_v0(const struct ipt_owner_info *info, const char *label,
struct group *grp = getgrgid(info->gid);
if (grp != NULL && grp->gr_name != NULL) {
- printf("%s ", grp->gr_name);
+ printf(" %s", grp->gr_name);
break;
}
}
- printf("%u ", (unsigned int)info->gid);
+ printf(" %u", (unsigned int)info->gid);
break;
case IPT_OWNER_PID:
- printf("%u ", (unsigned int)info->pid);
+ printf(" %u", (unsigned int)info->pid);
break;
case IPT_OWNER_SID:
- printf("%u ", (unsigned int)info->sid);
+ printf(" %u", (unsigned int)info->sid);
break;
-#ifdef IPT_OWNER_COMM
case IPT_OWNER_COMM:
- printf("%.*s ", (int)sizeof(info->comm), info->comm);
+ printf(" %.*s", (int)sizeof(info->comm), info->comm);
break;
-#endif
}
}
static void
owner_mt6_print_item_v0(const struct ip6t_owner_info *info, const char *label,
- u_int8_t flag, bool numeric)
+ uint8_t flag, bool numeric)
{
if (!(info->match & flag))
return;
if (info->invert & flag)
- printf("! ");
- printf("%s ", label);
+ printf(" !");
+ printf(" %s", label);
switch (info->match & flag) {
case IP6T_OWNER_UID:
@@ -418,11 +351,11 @@ owner_mt6_print_item_v0(const struct ip6t_owner_info *info, const char *label,
struct passwd *pwd = getpwuid(info->uid);
if (pwd != NULL && pwd->pw_name != NULL) {
- printf("%s ", pwd->pw_name);
+ printf(" %s", pwd->pw_name);
break;
}
}
- printf("%u ", (unsigned int)info->uid);
+ printf(" %u", (unsigned int)info->uid);
break;
case IP6T_OWNER_GID:
@@ -430,64 +363,64 @@ owner_mt6_print_item_v0(const struct ip6t_owner_info *info, const char *label,
struct group *grp = getgrgid(info->gid);
if (grp != NULL && grp->gr_name != NULL) {
- printf("%s ", grp->gr_name);
+ printf(" %s", grp->gr_name);
break;
}
}
- printf("%u ", (unsigned int)info->gid);
+ printf(" %u", (unsigned int)info->gid);
break;
case IP6T_OWNER_PID:
- printf("%u ", (unsigned int)info->pid);
+ printf(" %u", (unsigned int)info->pid);
break;
case IP6T_OWNER_SID:
- printf("%u ", (unsigned int)info->sid);
+ printf(" %u", (unsigned int)info->sid);
break;
}
}
static void
owner_mt_print_item(const struct xt_owner_match_info *info, const char *label,
- u_int8_t flag, bool numeric)
+ uint8_t flag, bool numeric)
{
if (!(info->match & flag))
return;
if (info->invert & flag)
- printf("! ");
- printf("%s ", label);
+ printf(" !");
+ printf(" %s", label);
switch (info->match & flag) {
case XT_OWNER_UID:
if (info->uid_min != info->uid_max) {
- printf("%u-%u ", (unsigned int)info->uid_min,
+ printf(" %u-%u", (unsigned int)info->uid_min,
(unsigned int)info->uid_max);
break;
} else if (!numeric) {
const struct passwd *pwd = getpwuid(info->uid_min);
if (pwd != NULL && pwd->pw_name != NULL) {
- printf("%s ", pwd->pw_name);
+ printf(" %s", pwd->pw_name);
break;
}
}
- printf("%u ", (unsigned int)info->uid_min);
+ printf(" %u", (unsigned int)info->uid_min);
break;
case XT_OWNER_GID:
if (info->gid_min != info->gid_max) {
- printf("%u-%u ", (unsigned int)info->gid_min,
+ printf(" %u-%u", (unsigned int)info->gid_min,
(unsigned int)info->gid_max);
break;
} else if (!numeric) {
const struct group *grp = getgrgid(info->gid_min);
if (grp != NULL && grp->gr_name != NULL) {
- printf("%s ", grp->gr_name);
+ printf(" %s", grp->gr_name);
break;
}
}
- printf("%u ", (unsigned int)info->gid_min);
+ printf(" %u", (unsigned int)info->gid_min);
break;
}
}
@@ -502,9 +435,7 @@ owner_mt_print_v0(const void *ip, const struct xt_entry_match *match,
owner_mt_print_item_v0(info, "owner GID match", IPT_OWNER_GID, numeric);
owner_mt_print_item_v0(info, "owner PID match", IPT_OWNER_PID, numeric);
owner_mt_print_item_v0(info, "owner SID match", IPT_OWNER_SID, numeric);
-#ifdef IPT_OWNER_COMM
owner_mt_print_item_v0(info, "owner CMD match", IPT_OWNER_COMM, numeric);
-#endif
}
static void
@@ -538,9 +469,7 @@ owner_mt_save_v0(const void *ip, const struct xt_entry_match *match)
owner_mt_print_item_v0(info, "--gid-owner", IPT_OWNER_GID, true);
owner_mt_print_item_v0(info, "--pid-owner", IPT_OWNER_PID, true);
owner_mt_print_item_v0(info, "--sid-owner", IPT_OWNER_SID, true);
-#ifdef IPT_OWNER_COMM
owner_mt_print_item_v0(info, "--cmd-owner", IPT_OWNER_COMM, true);
-#endif
}
static void
@@ -558,9 +487,9 @@ static void owner_mt_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_owner_match_info *info = (void *)match->data;
- owner_mt_print_item(info, "--socket-exists", XT_OWNER_SOCKET, false);
- owner_mt_print_item(info, "--uid-owner", XT_OWNER_UID, false);
- owner_mt_print_item(info, "--gid-owner", XT_OWNER_GID, false);
+ owner_mt_print_item(info, "--socket-exists", XT_OWNER_SOCKET, true);
+ owner_mt_print_item(info, "--uid-owner", XT_OWNER_UID, true);
+ owner_mt_print_item(info, "--gid-owner", XT_OWNER_GID, true);
}
static struct xtables_match owner_mt_reg[] = {
@@ -572,11 +501,11 @@ static struct xtables_match owner_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct ipt_owner_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_owner_info)),
.help = owner_mt_help_v0,
- .parse = owner_mt_parse_v0,
- .final_check = owner_mt_check,
+ .x6_parse = owner_mt_parse_v0,
+ .x6_fcheck = owner_mt_check,
.print = owner_mt_print_v0,
.save = owner_mt_save_v0,
- .extra_opts = owner_mt_opts_v0,
+ .x6_options = owner_mt_opts_v0,
},
{
.version = XTABLES_VERSION,
@@ -586,11 +515,11 @@ static struct xtables_match owner_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct ip6t_owner_info)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_owner_info)),
.help = owner_mt6_help_v0,
- .parse = owner_mt6_parse_v0,
- .final_check = owner_mt_check,
+ .x6_parse = owner_mt6_parse_v0,
+ .x6_fcheck = owner_mt_check,
.print = owner_mt6_print_v0,
.save = owner_mt6_save_v0,
- .extra_opts = owner_mt6_opts_v0,
+ .x6_options = owner_mt6_opts_v0,
},
{
.version = XTABLES_VERSION,
@@ -600,11 +529,11 @@ static struct xtables_match owner_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_owner_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)),
.help = owner_mt_help,
- .parse = owner_mt_parse,
- .final_check = owner_mt_check,
+ .x6_parse = owner_mt_parse,
+ .x6_fcheck = owner_mt_check,
.print = owner_mt_print,
.save = owner_mt_save,
- .extra_opts = owner_mt_opts,
+ .x6_options = owner_mt_opts,
},
};
diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c
index 5382ab6..a11faf4 100644
--- a/extensions/libxt_physdev.c
+++ b/extensions/libxt_physdev.c
@@ -1,16 +1,14 @@
-/* Shared library add-on to iptables to add bridge port matching support. */
#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <ctype.h>
#include <xtables.h>
#include <linux/netfilter/xt_physdev.h>
-#if defined(__GLIBC__) && __GLIBC__ == 2
-#include <net/ethernet.h>
-#else
-#include <linux/if_ether.h>
-#endif
+
+enum {
+ O_PHYSDEV_IN = 0,
+ O_PHYSDEV_OUT,
+ O_PHYSDEV_IS_IN,
+ O_PHYSDEV_IS_OUT,
+ O_PHYSDEV_IS_BRIDGED,
+};
static void physdev_help(void)
{
@@ -23,91 +21,63 @@ static void physdev_help(void)
" [!] --physdev-is-bridged it's a bridged packet\n");
}
-static const struct option physdev_opts[] = {
- { "physdev-in", 1, NULL, '1' },
- { "physdev-out", 1, NULL, '2' },
- { "physdev-is-in", 0, NULL, '3' },
- { "physdev-is-out", 0, NULL, '4' },
- { "physdev-is-bridged", 0, NULL, '5' },
- { .name = NULL }
+#define s struct xt_physdev_info
+static const struct xt_option_entry physdev_opts[] = {
+ {.name = "physdev-in", .id = O_PHYSDEV_IN, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, physindev)},
+ {.name = "physdev-out", .id = O_PHYSDEV_OUT, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, physoutdev)},
+ {.name = "physdev-is-in", .id = O_PHYSDEV_IS_IN, .type = XTTYPE_NONE,
+ .flags = XTOPT_INVERT},
+ {.name = "physdev-is-out", .id = O_PHYSDEV_IS_OUT,
+ .type = XTTYPE_NONE, .flags = XTOPT_INVERT},
+ {.name = "physdev-is-bridged", .id = O_PHYSDEV_IS_BRIDGED,
+ .type = XTTYPE_NONE, .flags = XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
+#undef s
-static int
-physdev_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void physdev_parse(struct xt_option_call *cb)
{
- struct xt_physdev_info *info =
- (struct xt_physdev_info*)(*match)->data;
+ struct xt_physdev_info *info = cb->data;
- switch (c) {
- case '1':
- if (*flags & XT_PHYSDEV_OP_IN)
- goto multiple_use;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- xtables_parse_interface(optarg, info->physindev,
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_PHYSDEV_IN:
+ xtables_parse_interface(cb->arg, info->physindev,
(unsigned char *)info->in_mask);
- if (invert)
+ if (cb->invert)
info->invert |= XT_PHYSDEV_OP_IN;
info->bitmask |= XT_PHYSDEV_OP_IN;
- *flags |= XT_PHYSDEV_OP_IN;
break;
-
- case '2':
- if (*flags & XT_PHYSDEV_OP_OUT)
- goto multiple_use;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- xtables_parse_interface(optarg, info->physoutdev,
+ case O_PHYSDEV_OUT:
+ xtables_parse_interface(cb->arg, info->physoutdev,
(unsigned char *)info->out_mask);
- if (invert)
+ if (cb->invert)
info->invert |= XT_PHYSDEV_OP_OUT;
info->bitmask |= XT_PHYSDEV_OP_OUT;
- *flags |= XT_PHYSDEV_OP_OUT;
break;
-
- case '3':
- if (*flags & XT_PHYSDEV_OP_ISIN)
- goto multiple_use;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+ case O_PHYSDEV_IS_IN:
info->bitmask |= XT_PHYSDEV_OP_ISIN;
- if (invert)
+ if (cb->invert)
info->invert |= XT_PHYSDEV_OP_ISIN;
- *flags |= XT_PHYSDEV_OP_ISIN;
break;
-
- case '4':
- if (*flags & XT_PHYSDEV_OP_ISOUT)
- goto multiple_use;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+ case O_PHYSDEV_IS_OUT:
info->bitmask |= XT_PHYSDEV_OP_ISOUT;
- if (invert)
+ if (cb->invert)
info->invert |= XT_PHYSDEV_OP_ISOUT;
- *flags |= XT_PHYSDEV_OP_ISOUT;
break;
-
- case '5':
- if (*flags & XT_PHYSDEV_OP_BRIDGED)
- goto multiple_use;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- if (invert)
+ case O_PHYSDEV_IS_BRIDGED:
+ if (cb->invert)
info->invert |= XT_PHYSDEV_OP_BRIDGED;
- *flags |= XT_PHYSDEV_OP_BRIDGED;
info->bitmask |= XT_PHYSDEV_OP_BRIDGED;
break;
-
- default:
- return 0;
}
-
- return 1;
-multiple_use:
- xtables_error(PARAMETER_PROBLEM,
- "multiple use of the same physdev option is not allowed");
-
}
-static void physdev_check(unsigned int flags)
+static void physdev_check(struct xt_fcheck_call *cb)
{
- if (flags == 0)
+ if (cb->xflags == 0)
xtables_error(PARAMETER_PROBLEM, "PHYSDEV: no physdev option specified");
}
@@ -116,7 +86,7 @@ physdev_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_physdev_info *info = (const void *)match->data;
- printf("PHYSDEV match");
+ printf(" PHYSDEV match");
if (info->bitmask & XT_PHYSDEV_OP_ISIN)
printf("%s --physdev-is-in",
info->invert & XT_PHYSDEV_OP_ISIN ? " !":"");
@@ -133,7 +103,6 @@ physdev_print(const void *ip, const struct xt_entry_match *match, int numeric)
if (info->bitmask & XT_PHYSDEV_OP_BRIDGED)
printf("%s --physdev-is-bridged",
info->invert & XT_PHYSDEV_OP_BRIDGED ? " !":"");
- printf(" ");
}
static void physdev_save(const void *ip, const struct xt_entry_match *match)
@@ -141,23 +110,23 @@ static void physdev_save(const void *ip, const struct xt_entry_match *match)
const struct xt_physdev_info *info = (const void *)match->data;
if (info->bitmask & XT_PHYSDEV_OP_ISIN)
- printf("%s--physdev-is-in ",
- (info->invert & XT_PHYSDEV_OP_ISIN) ? "! " : "");
+ printf("%s --physdev-is-in",
+ (info->invert & XT_PHYSDEV_OP_ISIN) ? " !" : "");
if (info->bitmask & XT_PHYSDEV_OP_IN)
- printf("%s--physdev-in %s ",
- (info->invert & XT_PHYSDEV_OP_IN) ? "! " : "",
+ printf("%s --physdev-in %s",
+ (info->invert & XT_PHYSDEV_OP_IN) ? " !" : "",
info->physindev);
if (info->bitmask & XT_PHYSDEV_OP_ISOUT)
- printf("%s--physdev-is-out ",
- (info->invert & XT_PHYSDEV_OP_ISOUT) ? "! " : "");
+ printf("%s --physdev-is-out",
+ (info->invert & XT_PHYSDEV_OP_ISOUT) ? " !" : "");
if (info->bitmask & XT_PHYSDEV_OP_OUT)
- printf("%s--physdev-out %s ",
- (info->invert & XT_PHYSDEV_OP_OUT) ? "! " : "",
+ printf("%s --physdev-out %s",
+ (info->invert & XT_PHYSDEV_OP_OUT) ? " !" : "",
info->physoutdev);
if (info->bitmask & XT_PHYSDEV_OP_BRIDGED)
- printf("%s--physdev-is-bridged ",
- (info->invert & XT_PHYSDEV_OP_BRIDGED) ? "! " : "");
+ printf("%s --physdev-is-bridged",
+ (info->invert & XT_PHYSDEV_OP_BRIDGED) ? " !" : "");
}
static struct xtables_match physdev_match = {
@@ -167,11 +136,11 @@ static struct xtables_match physdev_match = {
.size = XT_ALIGN(sizeof(struct xt_physdev_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_physdev_info)),
.help = physdev_help,
- .parse = physdev_parse,
- .final_check = physdev_check,
.print = physdev_print,
.save = physdev_save,
- .extra_opts = physdev_opts,
+ .x6_parse = physdev_parse,
+ .x6_fcheck = physdev_check,
+ .x6_options = physdev_opts,
};
void _init(void)
diff --git a/extensions/libxt_pkttype.c b/extensions/libxt_pkttype.c
index cd83e73..b72c013 100644
--- a/extensions/libxt_pkttype.c
+++ b/extensions/libxt_pkttype.c
@@ -5,20 +5,15 @@
* Michal Ludvig <michal@logix.cz>
*/
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#if defined(__GLIBC__) && __GLIBC__ == 2
-#include <net/ethernet.h>
-#else
-#include <linux/if_ether.h>
-#endif
#include <xtables.h>
+#define __aligned_u64 __u64 __attribute__((aligned(8)))
#include <linux/if_packet.h>
#include <linux/netfilter/xt_pkttype.h>
-#define PKTTYPE_VERSION "0.1"
+enum {
+ O_PKTTYPE = 0,
+};
struct pkttypes {
const char *name;
@@ -60,9 +55,10 @@ static void pkttype_help(void)
print_types();
}
-static const struct option pkttype_opts[] = {
- {"pkt-type", 1, NULL, '1'},
- { .name = NULL }
+static const struct xt_option_entry pkttype_opts[] = {
+ {.name = "pkt-type", .id = O_PKTTYPE, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
static void parse_pkttype(const char *pkttype, struct xt_pkttype_info *info)
@@ -79,32 +75,14 @@ static void parse_pkttype(const char *pkttype, struct xt_pkttype_info *info)
xtables_error(PARAMETER_PROBLEM, "Bad packet type '%s'", pkttype);
}
-static int pkttype_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void pkttype_parse(struct xt_option_call *cb)
{
- struct xt_pkttype_info *info = (struct xt_pkttype_info *)(*match)->data;
-
- switch(c)
- {
- case '1':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_pkttype(optarg, info);
- if(invert)
- info->invert=1;
- *flags=1;
- break;
-
- default:
- return 0;
- }
+ struct xt_pkttype_info *info = cb->data;
- return 1;
-}
-
-static void pkttype_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM, "You must specify \"--pkt-type\"");
+ xtables_option_parse(cb);
+ parse_pkttype(cb->arg, info);
+ if (cb->invert)
+ info->invert = 1;
}
static void print_pkttype(const struct xt_pkttype_info *info)
@@ -114,11 +92,11 @@ static void print_pkttype(const struct xt_pkttype_info *info)
for (i = 0; i < ARRAY_SIZE(supported_types); ++i)
if(supported_types[i].pkttype==info->pkttype)
{
- printf("%s ", supported_types[i].name);
+ printf("%s", supported_types[i].name);
return;
}
- printf("%d ", info->pkttype); /* in case we didn't find an entry in named-packtes */
+ printf("%d", info->pkttype); /* in case we didn't find an entry in named-packtes */
}
static void pkttype_print(const void *ip, const struct xt_entry_match *match,
@@ -126,7 +104,7 @@ static void pkttype_print(const void *ip, const struct xt_entry_match *match,
{
const struct xt_pkttype_info *info = (const void *)match->data;
- printf("PKTTYPE %s= ", info->invert?"!":"");
+ printf(" PKTTYPE %s= ", info->invert ? "!" : "");
print_pkttype(info);
}
@@ -134,7 +112,7 @@ static void pkttype_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_pkttype_info *info = (const void *)match->data;
- printf("%s--pkt-type ", info->invert ? "! " : "");
+ printf("%s --pkt-type ", info->invert ? " !" : "");
print_pkttype(info);
}
@@ -145,11 +123,10 @@ static struct xtables_match pkttype_match = {
.size = XT_ALIGN(sizeof(struct xt_pkttype_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_pkttype_info)),
.help = pkttype_help,
- .parse = pkttype_parse,
- .final_check = pkttype_check,
.print = pkttype_print,
.save = pkttype_save,
- .extra_opts = pkttype_opts,
+ .x6_parse = pkttype_parse,
+ .x6_options = pkttype_opts,
};
void _init(void)
diff --git a/extensions/libxt_policy.c b/extensions/libxt_policy.c
index a87ddd8..0a64a80 100644
--- a/extensions/libxt_policy.c
+++ b/extensions/libxt_policy.c
@@ -1,24 +1,28 @@
-/* Shared library add-on to iptables to add policy support. */
+/*
+ * Copyright (c) 2005-2013 Patrick McHardy <kaber@trash.net>
+ */
+
+#include <stdbool.h>
+#include <stdint.h>
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
-#include <syslog.h>
-#include <getopt.h>
#include <netdb.h>
-#include <errno.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
#include <xtables.h>
-
#include <linux/netfilter/xt_policy.h>
-/*
- * HACK: global pointer to current matchinfo for making
- * final checks and adjustments in final_check.
- */
-static struct xt_policy_info *policy_info;
+enum {
+ O_DIRECTION = 0,
+ O_POLICY,
+ O_STRICT,
+ O_REQID,
+ O_SPI,
+ O_PROTO,
+ O_MODE,
+ O_TUNNELSRC,
+ O_TUNNELDST,
+ O_NEXT,
+ F_STRICT = 1 << O_STRICT,
+};
static void policy_help(void)
{
@@ -29,6 +33,7 @@ static void policy_help(void)
" --pol none|ipsec match policy\n"
" --strict match entire policy instead of single element\n"
" at any position\n"
+"These options may be used repeatedly, to describe policy elements:\n"
"[!] --reqid reqid match reqid\n"
"[!] --spi spi match SPI\n"
"[!] --proto proto match protocol (ah/esp/ipcomp)\n"
@@ -38,60 +43,28 @@ static void policy_help(void)
" --next begin next element in policy\n");
}
-static const struct option policy_opts[] =
-{
- {
- .name = "dir",
- .has_arg = 1,
- .val = '1',
- },
- {
- .name = "pol",
- .has_arg = 1,
- .val = '2',
- },
- {
- .name = "strict",
- .val = '3'
- },
- {
- .name = "reqid",
- .has_arg = 1,
- .val = '4',
- },
- {
- .name = "spi",
- .has_arg = 1,
- .val = '5'
- },
- {
- .name = "tunnel-src",
- .has_arg = 1,
- .val = '6'
- },
- {
- .name = "tunnel-dst",
- .has_arg = 1,
- .val = '7'
- },
- {
- .name = "proto",
- .has_arg = 1,
- .val = '8'
- },
- {
- .name = "mode",
- .has_arg = 1,
- .val = '9'
- },
- {
- .name = "next",
- .val = 'a'
- },
- { .name = NULL }
+static const struct xt_option_entry policy_opts[] = {
+ {.name = "dir", .id = O_DIRECTION, .type = XTTYPE_STRING},
+ {.name = "pol", .id = O_POLICY, .type = XTTYPE_STRING},
+ {.name = "strict", .id = O_STRICT, .type = XTTYPE_NONE},
+ {.name = "reqid", .id = O_REQID, .type = XTTYPE_UINT32,
+ .flags = XTOPT_MULTI | XTOPT_INVERT},
+ {.name = "spi", .id = O_SPI, .type = XTTYPE_UINT32,
+ .flags = XTOPT_MULTI | XTOPT_INVERT},
+ {.name = "tunnel-src", .id = O_TUNNELSRC, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_MULTI | XTOPT_INVERT},
+ {.name = "tunnel-dst", .id = O_TUNNELDST, .type = XTTYPE_HOSTMASK,
+ .flags = XTOPT_MULTI | XTOPT_INVERT},
+ {.name = "proto", .id = O_PROTO, .type = XTTYPE_PROTOCOL,
+ .flags = XTOPT_MULTI | XTOPT_INVERT},
+ {.name = "mode", .id = O_MODE, .type = XTTYPE_STRING,
+ .flags = XTOPT_MULTI | XTOPT_INVERT},
+ {.name = "next", .id = O_NEXT, .type = XTTYPE_NONE,
+ .flags = XTOPT_MULTI, .also = F_STRICT},
+ XTOPT_TABLEEND,
};
-static int parse_direction(char *s)
+static int parse_direction(const char *s)
{
if (strcmp(s, "in") == 0)
return XT_POLICY_MATCH_IN;
@@ -100,7 +73,7 @@ static int parse_direction(char *s)
xtables_error(PARAMETER_PROBLEM, "policy_match: invalid dir \"%s\"", s);
}
-static int parse_policy(char *s)
+static int parse_policy(const char *s)
{
if (strcmp(s, "none") == 0)
return XT_POLICY_MATCH_NONE;
@@ -109,7 +82,7 @@ static int parse_policy(char *s)
xtables_error(PARAMETER_PROBLEM, "policy match: invalid policy \"%s\"", s);
}
-static int parse_mode(char *s)
+static int parse_mode(const char *s)
{
if (strcmp(s, "transport") == 0)
return XT_POLICY_MODE_TRANSPORT;
@@ -118,178 +91,95 @@ static int parse_mode(char *s)
xtables_error(PARAMETER_PROBLEM, "policy match: invalid mode \"%s\"", s);
}
-static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
- struct xt_policy_info *info, uint8_t family)
+static void policy_parse(struct xt_option_call *cb)
{
+ struct xt_policy_info *info = cb->data;
struct xt_policy_elem *e = &info->pol[info->len];
- struct in_addr *addr = NULL, mask;
- struct in6_addr *addr6 = NULL, mask6;
- unsigned int naddr = 0, num;
- int mode;
-
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- switch (c) {
- case '1':
- if (info->flags & (XT_POLICY_MATCH_IN | XT_POLICY_MATCH_OUT))
- xtables_error(PARAMETER_PROBLEM,
- "policy match: double --dir option");
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "policy match: can't invert --dir option");
- info->flags |= parse_direction(optarg);
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_DIRECTION:
+ info->flags |= parse_direction(cb->arg);
break;
- case '2':
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "policy match: can't invert --policy option");
-
- info->flags |= parse_policy(optarg);
+ case O_POLICY:
+ info->flags |= parse_policy(cb->arg);
break;
- case '3':
- if (info->flags & XT_POLICY_MATCH_STRICT)
- xtables_error(PARAMETER_PROBLEM,
- "policy match: double --strict option");
-
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "policy match: can't invert --strict option");
-
+ case O_STRICT:
info->flags |= XT_POLICY_MATCH_STRICT;
break;
- case '4':
+ case O_REQID:
if (e->match.reqid)
xtables_error(PARAMETER_PROBLEM,
"policy match: double --reqid option");
-
e->match.reqid = 1;
- e->invert.reqid = invert;
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "policy", "--spi", optarg);
- e->reqid = num;
+ e->invert.reqid = cb->invert;
+ e->reqid = cb->val.u32;
break;
- case '5':
+ case O_SPI:
if (e->match.spi)
xtables_error(PARAMETER_PROBLEM,
"policy match: double --spi option");
-
e->match.spi = 1;
- e->invert.spi = invert;
- if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
- xtables_param_act(XTF_BAD_VALUE, "policy", "--spi", optarg);
- e->spi = num;
+ e->invert.spi = cb->invert;
+ e->spi = cb->val.u32;
break;
- case '6':
+ case O_TUNNELSRC:
if (e->match.saddr)
xtables_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-src option");
- if (family == NFPROTO_IPV6)
- xtables_ip6parse_any(optarg, &addr6, &mask6, &naddr);
- else
- xtables_ipparse_any(optarg, &addr, &mask, &naddr);
- if (naddr > 1)
- xtables_error(PARAMETER_PROBLEM,
- "policy match: name resolves to multiple IPs");
-
e->match.saddr = 1;
- e->invert.saddr = invert;
- if (family == NFPROTO_IPV6) {
- memcpy(&e->saddr.a6, addr6, sizeof(*addr6));
- memcpy(&e->smask.a6, &mask6, sizeof(mask6));
- } else {
- e->saddr.a4 = addr[0];
- e->smask.a4 = mask;
- }
+ e->invert.saddr = cb->invert;
+ memcpy(&e->saddr, &cb->val.haddr, sizeof(cb->val.haddr));
+ memcpy(&e->smask, &cb->val.hmask, sizeof(cb->val.hmask));
break;
- case '7':
+ case O_TUNNELDST:
if (e->match.daddr)
xtables_error(PARAMETER_PROBLEM,
"policy match: double --tunnel-dst option");
-
- if (family == NFPROTO_IPV6)
- xtables_ip6parse_any(optarg, &addr6, &mask6, &naddr);
- else
- xtables_ipparse_any(optarg, &addr, &mask, &naddr);
- if (naddr > 1)
- xtables_error(PARAMETER_PROBLEM,
- "policy match: name resolves to multiple IPs");
-
e->match.daddr = 1;
- e->invert.daddr = invert;
- if (family == NFPROTO_IPV6) {
- memcpy(&e->daddr.a6, addr6, sizeof(*addr6));
- memcpy(&e->dmask.a6, &mask6, sizeof(mask6));
- } else {
- e->daddr.a4 = addr[0];
- e->dmask.a4 = mask;
- }
+ e->invert.daddr = cb->invert;
+ memcpy(&e->daddr, &cb->val.haddr, sizeof(cb->val.haddr));
+ memcpy(&e->dmask, &cb->val.hmask, sizeof(cb->val.hmask));
break;
- case '8':
+ case O_PROTO:
if (e->match.proto)
xtables_error(PARAMETER_PROBLEM,
"policy match: double --proto option");
-
- e->proto = xtables_parse_protocol(optarg);
+ e->proto = cb->val.protocol;
if (e->proto != IPPROTO_AH && e->proto != IPPROTO_ESP &&
e->proto != IPPROTO_COMP)
xtables_error(PARAMETER_PROBLEM,
- "policy match: protocol must ah/esp/ipcomp");
+ "policy match: protocol must be ah/esp/ipcomp");
e->match.proto = 1;
- e->invert.proto = invert;
+ e->invert.proto = cb->invert;
break;
- case '9':
+ case O_MODE:
if (e->match.mode)
xtables_error(PARAMETER_PROBLEM,
"policy match: double --mode option");
-
- mode = parse_mode(optarg);
e->match.mode = 1;
- e->invert.mode = invert;
- e->mode = mode;
+ e->invert.mode = cb->invert;
+ e->mode = parse_mode(cb->arg);
break;
- case 'a':
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "policy match: can't invert --next option");
-
+ case O_NEXT:
if (++info->len == XT_POLICY_MAX_ELEM)
xtables_error(PARAMETER_PROBLEM,
"policy match: maximum policy depth reached");
break;
- default:
- return 0;
}
-
- policy_info = info;
- return 1;
}
-static int policy4_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void policy_check(struct xt_fcheck_call *cb)
{
- return policy_parse(c, argv, invert, flags, (void *)(*match)->data,
- NFPROTO_IPV4);
-}
-
-static int policy6_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- return policy_parse(c, argv, invert, flags, (void *)(*match)->data,
- NFPROTO_IPV6);
-}
-
-static void policy_check(unsigned int flags)
-{
- struct xt_policy_info *info = policy_info;
- struct xt_policy_elem *e;
+ struct xt_policy_info *info = cb->data;
+ const struct xt_policy_elem *e;
int i;
- if (info == NULL)
- xtables_error(PARAMETER_PROBLEM,
- "policy match: no parameters given");
-
+ /*
+ * The old "no parameters given" check is carried out
+ * by testing for --dir.
+ */
if (!(info->flags & (XT_POLICY_MATCH_IN | XT_POLICY_MATCH_OUT)))
xtables_error(PARAMETER_PROBLEM,
"policy match: neither --dir in nor --dir out specified");
@@ -305,9 +195,14 @@ static void policy_check(unsigned int flags)
} else
info->len++; /* increase len by 1, no --next after last element */
+ /*
+ * This is already represented with O_NEXT requiring F_STRICT in the
+ * options table, but will keep this code as a comment for reference.
+ *
if (!(info->flags & XT_POLICY_MATCH_STRICT) && info->len > 1)
xtables_error(PARAMETER_PROBLEM,
"policy match: multiple elements but no --strict");
+ */
for (i = 0; i < info->len; i++) {
e = &info->pol[i];
@@ -316,7 +211,10 @@ static void policy_check(unsigned int flags)
!(e->match.reqid || e->match.spi || e->match.saddr ||
e->match.daddr || e->match.proto || e->match.mode))
xtables_error(PARAMETER_PROBLEM,
- "policy match: empty policy element");
+ "policy match: empty policy element %u. "
+ "--strict is in effect, but at least one of "
+ "reqid, spi, tunnel-src, tunnel-dst, proto or "
+ "mode is required.", i);
if ((e->match.saddr || e->match.daddr)
&& ((e->mode == XT_POLICY_MODE_TUNNEL && e->invert.mode) ||
@@ -327,40 +225,40 @@ static void policy_check(unsigned int flags)
}
}
-static void print_mode(const char *prefix, u_int8_t mode, int numeric)
+static void print_mode(const char *prefix, uint8_t mode, int numeric)
{
- printf("%smode ", prefix);
+ printf(" %smode ", prefix);
switch (mode) {
case XT_POLICY_MODE_TRANSPORT:
- printf("transport ");
+ printf("transport");
break;
case XT_POLICY_MODE_TUNNEL:
- printf("tunnel ");
+ printf("tunnel");
break;
default:
- printf("??? ");
+ printf("???");
break;
}
}
-static void print_proto(const char *prefix, u_int8_t proto, int numeric)
+static void print_proto(const char *prefix, uint8_t proto, int numeric)
{
- struct protoent *p = NULL;
+ const struct protoent *p = NULL;
- printf("%sproto ", prefix);
+ printf(" %sproto ", prefix);
if (!numeric)
p = getprotobynumber(proto);
if (p != NULL)
- printf("%s ", p->p_name);
+ printf("%s", p->p_name);
else
- printf("%u ", proto);
+ printf("%u", proto);
}
#define PRINT_INVERT(x) \
do { \
if (x) \
- printf("! "); \
+ printf(" !"); \
} while(0)
static void print_entry(const char *prefix, const struct xt_policy_elem *e,
@@ -368,11 +266,11 @@ static void print_entry(const char *prefix, const struct xt_policy_elem *e,
{
if (e->match.reqid) {
PRINT_INVERT(e->invert.reqid);
- printf("%sreqid %u ", prefix, e->reqid);
+ printf(" %sreqid %u", prefix, e->reqid);
}
if (e->match.spi) {
PRINT_INVERT(e->invert.spi);
- printf("%sspi 0x%x ", prefix, e->spi);
+ printf(" %sspi 0x%x", prefix, e->spi);
}
if (e->match.proto) {
PRINT_INVERT(e->invert.proto);
@@ -385,41 +283,41 @@ static void print_entry(const char *prefix, const struct xt_policy_elem *e,
if (e->match.daddr) {
PRINT_INVERT(e->invert.daddr);
if (family == NFPROTO_IPV6)
- printf("%stunnel-dst %s%s ", prefix,
+ printf(" %stunnel-dst %s%s", prefix,
xtables_ip6addr_to_numeric(&e->daddr.a6),
xtables_ip6mask_to_numeric(&e->dmask.a6));
else
- printf("%stunnel-dst %s%s ", prefix,
+ printf(" %stunnel-dst %s%s", prefix,
xtables_ipaddr_to_numeric(&e->daddr.a4),
xtables_ipmask_to_numeric(&e->dmask.a4));
}
if (e->match.saddr) {
PRINT_INVERT(e->invert.saddr);
if (family == NFPROTO_IPV6)
- printf("%stunnel-src %s%s ", prefix,
+ printf(" %stunnel-src %s%s", prefix,
xtables_ip6addr_to_numeric(&e->saddr.a6),
xtables_ip6mask_to_numeric(&e->smask.a6));
else
- printf("%stunnel-src %s%s ", prefix,
+ printf(" %stunnel-src %s%s", prefix,
xtables_ipaddr_to_numeric(&e->saddr.a4),
xtables_ipmask_to_numeric(&e->smask.a4));
}
}
-static void print_flags(char *prefix, const struct xt_policy_info *info)
+static void print_flags(const char *prefix, const struct xt_policy_info *info)
{
if (info->flags & XT_POLICY_MATCH_IN)
- printf("%sdir in ", prefix);
+ printf(" %sdir in", prefix);
else
- printf("%sdir out ", prefix);
+ printf(" %sdir out", prefix);
if (info->flags & XT_POLICY_MATCH_NONE)
- printf("%spol none ", prefix);
+ printf(" %spol none", prefix);
else
- printf("%spol ipsec ", prefix);
+ printf(" %spol ipsec", prefix);
if (info->flags & XT_POLICY_MATCH_STRICT)
- printf("%sstrict ", prefix);
+ printf(" %sstrict", prefix);
}
static void policy4_print(const void *ip, const struct xt_entry_match *match,
@@ -428,11 +326,11 @@ static void policy4_print(const void *ip, const struct xt_entry_match *match,
const struct xt_policy_info *info = (void *)match->data;
unsigned int i;
- printf("policy match ");
+ printf(" policy match");
print_flags("", info);
for (i = 0; i < info->len; i++) {
if (info->len > 1)
- printf("[%u] ", i);
+ printf(" [%u]", i);
print_entry("", &info->pol[i], numeric, NFPROTO_IPV4);
}
}
@@ -443,11 +341,11 @@ static void policy6_print(const void *ip, const struct xt_entry_match *match,
const struct xt_policy_info *info = (void *)match->data;
unsigned int i;
- printf("policy match ");
+ printf(" policy match");
print_flags("", info);
for (i = 0; i < info->len; i++) {
if (info->len > 1)
- printf("[%u] ", i);
+ printf(" [%u]", i);
print_entry("", &info->pol[i], numeric, NFPROTO_IPV6);
}
}
@@ -461,7 +359,7 @@ static void policy4_save(const void *ip, const struct xt_entry_match *match)
for (i = 0; i < info->len; i++) {
print_entry("--", &info->pol[i], false, NFPROTO_IPV4);
if (i + 1 < info->len)
- printf("--next ");
+ printf(" --next");
}
}
@@ -474,7 +372,7 @@ static void policy6_save(const void *ip, const struct xt_entry_match *match)
for (i = 0; i < info->len; i++) {
print_entry("--", &info->pol[i], false, NFPROTO_IPV6);
if (i + 1 < info->len)
- printf("--next ");
+ printf(" --next");
}
}
@@ -486,11 +384,11 @@ static struct xtables_match policy_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_policy_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
.help = policy_help,
- .parse = policy4_parse,
- .final_check = policy_check,
+ .x6_parse = policy_parse,
+ .x6_fcheck = policy_check,
.print = policy4_print,
.save = policy4_save,
- .extra_opts = policy_opts,
+ .x6_options = policy_opts,
},
{
.name = "policy",
@@ -499,11 +397,11 @@ static struct xtables_match policy_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_policy_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
.help = policy_help,
- .parse = policy6_parse,
- .final_check = policy_check,
+ .x6_parse = policy_parse,
+ .x6_fcheck = policy_check,
.print = policy6_print,
.save = policy6_save,
- .extra_opts = policy_opts,
+ .x6_options = policy_opts,
},
};
diff --git a/extensions/libxt_policy.man b/extensions/libxt_policy.man
index 3500025..1b834fa 100644
--- a/extensions/libxt_policy.man
+++ b/extensions/libxt_policy.man
@@ -13,11 +13,16 @@ is valid in the
chains.
.TP
\fB\-\-pol\fP {\fBnone\fP|\fBipsec\fP}
-Matches if the packet is subject to IPsec processing.
+Matches if the packet is subject to IPsec processing. \fB\-\-pol none\fP
+cannot be combined with \fB\-\-strict\fP.
.TP
\fB\-\-strict\fP
Selects whether to match the exact policy or match if any rule of
the policy matches the given policy.
+.PP
+For each policy element that is to be described, one can use one or more of
+the following options. When \fB\-\-strict\fP is in effect, at least one must be
+used per element.
.TP
[\fB!\fP] \fB\-\-reqid\fP \fIid\fP
Matches the reqid of the policy rule. The reqid can be specified with
diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c
index ac7c686..ff498da 100644
--- a/extensions/libxt_quota.c
+++ b/extensions/libxt_quota.c
@@ -3,17 +3,19 @@
*
* Sam Johnston <samj@samj.net>
*/
-#include <stddef.h>
#include <stdio.h>
-#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
-
#include <linux/netfilter/xt_quota.h>
-static const struct option quota_opts[] = {
- {"quota", 1, NULL, '1'},
- { .name = NULL }
+enum {
+ O_QUOTA = 0,
+};
+
+static const struct xt_option_entry quota_opts[] = {
+ {.name = "quota", .id = O_QUOTA, .type = XTTYPE_UINT64,
+ .flags = XTOPT_MAND | XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(struct xt_quota_info, quota)},
+ XTOPT_TABLEEND,
};
static void quota_help(void)
@@ -26,55 +28,26 @@ static void
quota_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_quota_info *q = (const void *)match->data;
- printf("quota: %llu bytes", (unsigned long long) q->quota);
+ printf(" quota: %llu bytes", (unsigned long long)q->quota);
}
static void
quota_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_quota_info *q = (const void *)match->data;
- printf("--quota %llu ", (unsigned long long) q->quota);
-}
-
-/* parse quota option */
-static int
-parse_quota(const char *s, u_int64_t * quota)
-{
- *quota = strtoull(s, NULL, 10);
-
-#ifdef DEBUG_XT_QUOTA
- printf("Quota: %llu\n", *quota);
-#endif
- if (*quota == UINT64_MAX)
- xtables_error(PARAMETER_PROBLEM, "quota invalid: '%s'\n", s);
- else
- return 1;
+ if (q->flags & XT_QUOTA_INVERT)
+ printf("! ");
+ printf(" --quota %llu", (unsigned long long) q->quota);
}
-static int
-quota_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void quota_parse(struct xt_option_call *cb)
{
- struct xt_quota_info *info = (struct xt_quota_info *) (*match)->data;
-
- switch (c) {
- case '1':
- if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
- xtables_error(PARAMETER_PROBLEM, "quota: unexpected '!'");
- if (!parse_quota(optarg, &info->quota))
- xtables_error(PARAMETER_PROBLEM,
- "bad quota: '%s'", optarg);
-
- if (invert)
- info->flags |= XT_QUOTA_INVERT;
-
- break;
+ struct xt_quota_info *info = cb->data;
- default:
- return 0;
- }
- return 1;
+ xtables_option_parse(cb);
+ if (cb->invert)
+ info->flags |= XT_QUOTA_INVERT;
}
static struct xtables_match quota_match = {
@@ -82,12 +55,12 @@ static struct xtables_match quota_match = {
.name = "quota",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof (struct xt_quota_info)),
- .userspacesize = offsetof(struct xt_quota_info, quota),
+ .userspacesize = offsetof(struct xt_quota_info, master),
.help = quota_help,
- .parse = quota_parse,
.print = quota_print,
.save = quota_save,
- .extra_opts = quota_opts,
+ .x6_parse = quota_parse,
+ .x6_options = quota_opts,
};
void
diff --git a/extensions/libxt_quota.man b/extensions/libxt_quota.man
index 8d9e18b..fbecf37 100644
--- a/extensions/libxt_quota.man
+++ b/extensions/libxt_quota.man
@@ -1,5 +1,7 @@
Implements network quotas by decrementing a byte counter with each
-packet.
+packet. The condition matches until the byte counter reaches zero. Behavior
+is reversed with negation (i.e. the condition does not match until the
+byte counter reaches zero).
.TP
[\fB!\fP] \fB\-\-quota\fP \fIbytes\fP
The quota in bytes.
diff --git a/extensions/libxt_rateest.c b/extensions/libxt_rateest.c
index ad0884e..fb24412 100644
--- a/extensions/libxt_rateest.c
+++ b/extensions/libxt_rateest.c
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2008-2013 Patrick McHardy <kaber@trash.net>
+ */
+
+#include <stdbool.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -7,9 +12,6 @@
#include <xtables.h>
#include <linux/netfilter/xt_rateest.h>
-/* Ugly hack to pass info to final_check function. We should fix the API */
-static struct xt_rateest_match_info *rateest_info;
-
static void rateest_help(void)
{
printf(
@@ -40,20 +42,20 @@ enum rateest_options {
};
static const struct option rateest_opts[] = {
- { "rateest1", 1, NULL, OPT_RATEEST1 },
- { "rateest", 1, NULL, OPT_RATEEST1 }, /* alias for absolute mode */
- { "rateest2", 1, NULL, OPT_RATEEST2 },
- { "rateest-bps1", 0, NULL, OPT_RATEEST_BPS1 },
- { "rateest-pps1", 0, NULL, OPT_RATEEST_PPS1 },
- { "rateest-bps2", 0, NULL, OPT_RATEEST_BPS2 },
- { "rateest-pps2", 0, NULL, OPT_RATEEST_PPS2 },
- { "rateest-bps", 0, NULL, OPT_RATEEST_BPS2 }, /* alias for absolute mode */
- { "rateest-pps", 0, NULL, OPT_RATEEST_PPS2 }, /* alias for absolute mode */
- { "rateest-delta", 0, NULL, OPT_RATEEST_DELTA },
- { "rateest-lt", 0, NULL, OPT_RATEEST_LT },
- { "rateest-gt", 0, NULL, OPT_RATEEST_GT },
- { "rateest-eq", 0, NULL, OPT_RATEEST_EQ },
- { .name = NULL }
+ {.name = "rateest1", .has_arg = true, .val = OPT_RATEEST1},
+ {.name = "rateest", .has_arg = true, .val = OPT_RATEEST1}, /* alias for absolute mode */
+ {.name = "rateest2", .has_arg = true, .val = OPT_RATEEST2},
+ {.name = "rateest-bps1", .has_arg = false, .val = OPT_RATEEST_BPS1},
+ {.name = "rateest-pps1", .has_arg = false, .val = OPT_RATEEST_PPS1},
+ {.name = "rateest-bps2", .has_arg = false, .val = OPT_RATEEST_BPS2},
+ {.name = "rateest-pps2", .has_arg = false, .val = OPT_RATEEST_PPS2},
+ {.name = "rateest-bps", .has_arg = false, .val = OPT_RATEEST_BPS2}, /* alias for absolute mode */
+ {.name = "rateest-pps", .has_arg = false, .val = OPT_RATEEST_PPS2}, /* alias for absolute mode */
+ {.name = "rateest-delta", .has_arg = false, .val = OPT_RATEEST_DELTA},
+ {.name = "rateest-lt", .has_arg = false, .val = OPT_RATEEST_LT},
+ {.name = "rateest-gt", .has_arg = false, .val = OPT_RATEEST_GT},
+ {.name = "rateest-eq", .has_arg = false, .val = OPT_RATEEST_EQ},
+ XT_GETOPT_TABLEEND,
};
/* Copied from iproute. See http://physics.nist.gov/cuu/Units/binary.html */
@@ -64,11 +66,11 @@ static const struct rate_suffix {
{ "bit", 1. },
{ "Kibit", 1024. },
{ "kbit", 1000. },
- { "mibit", 1024.*1024. },
+ { "Mibit", 1024.*1024. },
{ "mbit", 1000000. },
- { "gibit", 1024.*1024.*1024. },
+ { "Gibit", 1024.*1024.*1024. },
{ "gbit", 1000000000. },
- { "tibit", 1024.*1024.*1024.*1024. },
+ { "Tibit", 1024.*1024.*1024.*1024. },
{ "tbit", 1000000000000. },
{ "Bps", 8. },
{ "KiBps", 8.*1024. },
@@ -79,11 +81,11 @@ static const struct rate_suffix {
{ "GBps", 8000000000. },
{ "TiBps", 8.*1024.*1024.*1024.*1024. },
{ "TBps", 8000000000000. },
- { .name = NULL }
+ {NULL},
};
static int
-rateest_get_rate(u_int32_t *rate, const char *str)
+rateest_get_rate(uint32_t *rate, const char *str)
{
char *p;
double bps = strtod(str, &p);
@@ -114,11 +116,8 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
struct xt_rateest_match_info *info = (void *)(*match)->data;
unsigned int val;
- rateest_info = info;
-
switch (c) {
case OPT_RATEEST1:
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (invert)
xtables_error(PARAMETER_PROBLEM,
"rateest: rateest can't be inverted");
@@ -132,7 +131,6 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST2:
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (invert)
xtables_error(PARAMETER_PROBLEM,
"rateest: rateest can't be inverted");
@@ -147,7 +145,6 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_BPS1:
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (invert)
xtables_error(PARAMETER_PROBLEM,
"rateest: rateest-bps can't be inverted");
@@ -171,7 +168,6 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_PPS1:
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (invert)
xtables_error(PARAMETER_PROBLEM,
"rateest: rateest-pps can't be inverted");
@@ -196,7 +192,6 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_BPS2:
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (invert)
xtables_error(PARAMETER_PROBLEM,
"rateest: rateest-bps can't be inverted");
@@ -220,7 +215,6 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_PPS2:
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (invert)
xtables_error(PARAMETER_PROBLEM,
"rateest: rateest-pps can't be inverted");
@@ -245,7 +239,6 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_DELTA:
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (invert)
xtables_error(PARAMETER_PROBLEM,
"rateest: rateest-delta can't be inverted");
@@ -259,8 +252,6 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_EQ:
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
if (*flags & (1 << c))
xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify lt/gt/eq twice");
@@ -272,8 +263,6 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_LT:
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
if (*flags & (1 << c))
xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify lt/gt/eq twice");
@@ -285,8 +274,6 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
break;
case OPT_RATEEST_GT:
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
if (*flags & (1 << c))
xtables_error(PARAMETER_PROBLEM,
"rateest: can't specify lt/gt/eq twice");
@@ -296,18 +283,14 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
info->flags |= XT_RATEEST_MATCH_INVERT;
break;
-
- default:
- return 0;
}
return 1;
}
-static void
-rateest_final_check(unsigned int flags)
+static void rateest_final_check(struct xt_fcheck_call *cb)
{
- struct xt_rateest_match_info *info = rateest_info;
+ struct xt_rateest_match_info *info = cb->data;
if (info == NULL)
xtables_error(PARAMETER_PROBLEM, "rateest match: "
@@ -317,18 +300,18 @@ rateest_final_check(unsigned int flags)
}
static void
-rateest_print_rate(u_int32_t rate, int numeric)
+rateest_print_rate(uint32_t rate, int numeric)
{
double tmp = (double)rate*8;
if (numeric)
- printf("%u ", rate);
+ printf(" %u", rate);
else if (tmp >= 1000.0*1000000.0)
- printf("%.0fMbit ", tmp/1000000.0);
+ printf(" %.0fMbit", tmp/1000000.0);
else if (tmp >= 1000.0 * 1000.0)
- printf("%.0fKbit ", tmp/1000.0);
+ printf(" %.0fKbit", tmp/1000.0);
else
- printf("%.0fbit ", tmp);
+ printf(" %.0fbit", tmp);
}
static void
@@ -336,17 +319,17 @@ rateest_print_mode(const struct xt_rateest_match_info *info,
const char *prefix)
{
if (info->flags & XT_RATEEST_MATCH_INVERT)
- printf("! ");
+ printf(" !");
switch (info->mode) {
case XT_RATEEST_MATCH_EQ:
- printf("%seq ", prefix);
+ printf(" %seq", prefix);
break;
case XT_RATEEST_MATCH_LT:
- printf("%slt ", prefix);
+ printf(" %slt", prefix);
break;
case XT_RATEEST_MATCH_GT:
- printf("%sgt ", prefix);
+ printf(" %sgt", prefix);
break;
default:
exit(1);
@@ -358,78 +341,91 @@ rateest_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_rateest_match_info *info = (const void *)match->data;
- printf("rateest match ");
+ printf(" rateest match ");
- printf("%s ", info->name1);
+ printf("%s", info->name1);
if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("delta ");
+ printf(" delta");
if (info->flags & XT_RATEEST_MATCH_BPS) {
- printf("bps ");
+ printf(" bps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
rateest_print_rate(info->bps1, numeric);
if (info->flags & XT_RATEEST_MATCH_ABS) {
- rateest_print_mode(info, "");
rateest_print_rate(info->bps2, numeric);
+ rateest_print_mode(info, "");
}
}
if (info->flags & XT_RATEEST_MATCH_PPS) {
- printf("pps ");
+ printf(" pps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("%u ", info->pps1);
+ printf(" %u", info->pps1);
if (info->flags & XT_RATEEST_MATCH_ABS) {
rateest_print_mode(info, "");
- printf("%u ", info->pps2);
+ printf(" %u", info->pps2);
}
}
if (info->flags & XT_RATEEST_MATCH_REL) {
rateest_print_mode(info, "");
- printf("%s ", info->name2);
- if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("delta ");
+ printf(" %s", info->name2);
if (info->flags & XT_RATEEST_MATCH_BPS) {
- printf("bps ");
+ printf(" bps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
rateest_print_rate(info->bps2, numeric);
}
if (info->flags & XT_RATEEST_MATCH_PPS) {
- printf("pps ");
+ printf(" pps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("%u ", info->pps2);
+ printf(" %u", info->pps2);
}
}
}
+static void __rateest_save_rate(const struct xt_rateest_match_info *info,
+ const char *name, uint32_t r1, uint32_t r2,
+ int numeric)
+{
+ if (info->flags & XT_RATEEST_MATCH_DELTA) {
+ printf(" --rateest-%s1", name);
+ rateest_print_rate(r1, numeric);
+ rateest_print_mode(info, "--rateest-");
+ printf(" --rateest-%s2", name);
+ } else {
+ rateest_print_mode(info, "--rateest-");
+ printf(" --rateest-%s", name);
+ }
+
+ if (info->flags & (XT_RATEEST_MATCH_ABS|XT_RATEEST_MATCH_DELTA))
+ rateest_print_rate(r2, numeric);
+}
+
+static void rateest_save_rates(const struct xt_rateest_match_info *info)
+{
+ if (info->flags & XT_RATEEST_MATCH_BPS)
+ __rateest_save_rate(info, "bps", info->bps1, info->bps2, 0);
+ if (info->flags & XT_RATEEST_MATCH_PPS)
+ __rateest_save_rate(info, "pps", info->pps1, info->pps2, 1);
+}
+
+
static void
rateest_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_rateest_match_info *info = (const void *)match->data;
+ if (info->flags & XT_RATEEST_MATCH_DELTA)
+ printf(" --rateest-delta");
+
if (info->flags & XT_RATEEST_MATCH_REL) {
- printf("--rateest1 %s ", info->name1);
- if (info->flags & XT_RATEEST_MATCH_BPS)
- printf("--rateest-bps ");
- if (info->flags & XT_RATEEST_MATCH_PPS)
- printf("--rateest-pps ");
- rateest_print_mode(info, "--rateest-");
- printf("--rateest2 %s ", info->name2);
- } else {
- printf("--rateest %s ", info->name1);
- if (info->flags & XT_RATEEST_MATCH_BPS) {
- printf("--rateest-bps1 ");
- rateest_print_rate(info->bps1, 0);
- printf("--rateest-bps2 ");
- rateest_print_rate(info->bps2, 0);
- rateest_print_mode(info, "--rateest-");
- }
- if (info->flags & XT_RATEEST_MATCH_PPS) {
- printf("--rateest-pps ");
- rateest_print_mode(info, "--rateest-");
- printf("%u ", info->pps2);
- }
+ printf(" --rateest1 %s", info->name1);
+ rateest_save_rates(info);
+ printf(" --rateest2 %s", info->name2);
+ } else { /* XT_RATEEST_MATCH_ABS */
+ printf(" --rateest %s", info->name1);
+ rateest_save_rates(info);
}
}
@@ -441,7 +437,7 @@ static struct xtables_match rateest_mt_reg = {
.userspacesize = XT_ALIGN(offsetof(struct xt_rateest_match_info, est1)),
.help = rateest_help,
.parse = rateest_parse,
- .final_check = rateest_final_check,
+ .x6_fcheck = rateest_final_check,
.print = rateest_print,
.save = rateest_save,
.extra_opts = rateest_opts,
diff --git a/extensions/libxt_rateest.man b/extensions/libxt_rateest.man
index de064af..42a82f3 100644
--- a/extensions/libxt_rateest.man
+++ b/extensions/libxt_rateest.man
@@ -1,25 +1,38 @@
The rate estimator can match on estimated rates as collected by the RATEEST
target. It supports matching on absolute bps/pps values, comparing two rate
estimators and matching on the difference between two rate estimators.
-.TP
-\fB\-\-rateest1\fP \fIname\fP
-Name of the first rate estimator.
-.TP
-\fB\-\-rateest2\fP \fIname\fP
-Name of the second rate estimator (if difference is to be calculated).
+.PP
+For a better understanding of the available options, these are all possible
+combinations:
+.\" * Absolute:
+.IP \(bu 4
+\fBrateest\fP \fIoperator\fP \fBrateest-bps\fP
+.IP \(bu 4
+\fBrateest\fP \fIoperator\fP \fBrateest-pps\fP
+.\" * Absolute + Delta:
+.IP \(bu 4
+(\fBrateest\fP minus \fBrateest-bps1\fP) \fIoperator\fP \fBrateest-bps2\fP
+.IP \(bu 4
+(\fBrateest\fP minus \fBrateest-pps1\fP) \fIoperator\fP \fBrateest-pps2\fP
+.\" * Relative:
+.IP \(bu 4
+\fBrateest1\fP \fIoperator\fP \fBrateest2\fP \fBrateest-bps\fP(without rate!)
+.IP \(bu 4
+\fBrateest1\fP \fIoperator\fP \fBrateest2\fP \fBrateest-pps\fP(without rate!)
+.\" * Relative + Delta:
+.IP \(bu 4
+(\fBrateest1\fP minus \fBrateest-bps1\fP) \fIoperator\fP
+(\fBrateest2\fP minus \fBrateest-bps2\fP)
+.IP \(bu 4
+(\fBrateest1\fP minus \fBrateest-pps1\fP) \fIoperator\fP
+(\fBrateest2\fP minus \fBrateest-pps2\fP)
.TP
\fB\-\-rateest\-delta\fP
-Compare difference(s) to given rate(s)
-.TP
-\fB\-\-rateest\-bps1\fP \fIvalue\fP
-.TP
-\fB\-\-rateest\-bps2\fP \fIvalue\fP
-Compare bytes per second.
-.TP
-\fB\-\-rateest\-pps1\fP \fIvalue\fP
-.TP
-\fB\-\-rateest\-pps2\fP \fIvalue\fP
-Compare packets per second.
+For each estimator (either absolute or relative mode), calculate the difference
+between the estimator-determined flow rate and the static value chosen with the
+BPS/PPS options. If the flow rate is higher than the specified BPS/PPS, 0 will
+be used instead of a negative value. In other words, "max(0, rateest#_rate -
+rateest#_bps)" is used.
.TP
[\fB!\fP] \fB\-\-rateest\-lt\fP
Match if rate is less than given rate/estimator.
@@ -30,6 +43,34 @@ Match if rate is greater than given rate/estimator.
[\fB!\fP] \fB\-\-rateest\-eq\fP
Match if rate is equal to given rate/estimator.
.PP
+In the so-called "absolute mode", only one rate estimator is used and compared
+against a static value, while in "relative mode", two rate estimators are
+compared against another.
+.TP
+\fB\-\-rateest\fP \fIname\fP
+Name of the one rate estimator for absolute mode.
+.TP
+\fB\-\-rateest1\fP \fIname\fP
+.TP
+\fB\-\-rateest2\fP \fIname\fP
+The names of the two rate estimators for relative mode.
+.TP
+\fB\-\-rateest\-bps\fP [\fIvalue\fP]
+.TP
+\fB\-\-rateest\-pps\fP [\fIvalue\fP]
+.TP
+\fB\-\-rateest\-bps1\fP [\fIvalue\fP]
+.TP
+\fB\-\-rateest\-bps2\fP [\fIvalue\fP]
+.TP
+\fB\-\-rateest\-pps1\fP [\fIvalue\fP]
+.TP
+\fB\-\-rateest\-pps2\fP [\fIvalue\fP]
+Compare the estimator(s) by bytes or packets per second, and compare against
+the chosen value. See the above bullet list for which option is to be used in
+which case. A unit suffix may be used - available ones are: bit, [kmgt]bit,
+[KMGT]ibit, Bps, [KMGT]Bps, [KMGT]iBps.
+.PP
Example: This is what can be used to route outgoing data connections from an
FTP server over two lines based on the available bandwidth at the time the data
connection was started:
diff --git a/extensions/libxt_recent.c b/extensions/libxt_recent.c
index ecc17ad..e1801f1 100644
--- a/extensions/libxt_recent.c
+++ b/extensions/libxt_recent.c
@@ -1,26 +1,83 @@
-/* Shared library add-on to iptables to add recent matching support. */
+#include <stdbool.h>
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
#include <linux/netfilter/xt_recent.h>
-static const struct option recent_opts[] = {
- { .name = "set", .has_arg = 0, .val = 201 },
- { .name = "rcheck", .has_arg = 0, .val = 202 },
- { .name = "update", .has_arg = 0, .val = 203 },
- { .name = "seconds", .has_arg = 1, .val = 204 },
- { .name = "hitcount", .has_arg = 1, .val = 205 },
- { .name = "remove", .has_arg = 0, .val = 206 },
- { .name = "rttl", .has_arg = 0, .val = 207 },
- { .name = "name", .has_arg = 1, .val = 208 },
- { .name = "rsource", .has_arg = 0, .val = 209 },
- { .name = "rdest", .has_arg = 0, .val = 210 },
- { .name = NULL }
+enum {
+ O_SET = 0,
+ O_RCHECK,
+ O_UPDATE,
+ O_REMOVE,
+ O_SECONDS,
+ O_REAP,
+ O_HITCOUNT,
+ O_RTTL,
+ O_NAME,
+ O_RSOURCE,
+ O_RDEST,
+ O_MASK,
+ F_SET = 1 << O_SET,
+ F_RCHECK = 1 << O_RCHECK,
+ F_UPDATE = 1 << O_UPDATE,
+ F_REMOVE = 1 << O_REMOVE,
+ F_SECONDS = 1 << O_SECONDS,
+ F_ANY_OP = F_SET | F_RCHECK | F_UPDATE | F_REMOVE,
+};
+
+#define s struct xt_recent_mtinfo
+static const struct xt_option_entry recent_opts_v0[] = {
+ {.name = "set", .id = O_SET, .type = XTTYPE_NONE,
+ .excl = F_ANY_OP, .flags = XTOPT_INVERT},
+ {.name = "rcheck", .id = O_RCHECK, .type = XTTYPE_NONE,
+ .excl = F_ANY_OP, .flags = XTOPT_INVERT},
+ {.name = "update", .id = O_UPDATE, .type = XTTYPE_NONE,
+ .excl = F_ANY_OP, .flags = XTOPT_INVERT},
+ {.name = "remove", .id = O_REMOVE, .type = XTTYPE_NONE,
+ .excl = F_ANY_OP, .flags = XTOPT_INVERT},
+ {.name = "seconds", .id = O_SECONDS, .type = XTTYPE_UINT32,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, seconds), .min = 1},
+ {.name = "reap", .id = O_REAP, .type = XTTYPE_NONE,
+ .also = F_SECONDS },
+ {.name = "hitcount", .id = O_HITCOUNT, .type = XTTYPE_UINT32,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, hit_count)},
+ {.name = "rttl", .id = O_RTTL, .type = XTTYPE_NONE,
+ .excl = F_SET | F_REMOVE},
+ {.name = "name", .id = O_NAME, .type = XTTYPE_STRING,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, name)},
+ {.name = "rsource", .id = O_RSOURCE, .type = XTTYPE_NONE},
+ {.name = "rdest", .id = O_RDEST, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
+#undef s
+
+#define s struct xt_recent_mtinfo_v1
+static const struct xt_option_entry recent_opts_v1[] = {
+ {.name = "set", .id = O_SET, .type = XTTYPE_NONE,
+ .excl = F_ANY_OP, .flags = XTOPT_INVERT},
+ {.name = "rcheck", .id = O_RCHECK, .type = XTTYPE_NONE,
+ .excl = F_ANY_OP, .flags = XTOPT_INVERT},
+ {.name = "update", .id = O_UPDATE, .type = XTTYPE_NONE,
+ .excl = F_ANY_OP, .flags = XTOPT_INVERT},
+ {.name = "remove", .id = O_REMOVE, .type = XTTYPE_NONE,
+ .excl = F_ANY_OP, .flags = XTOPT_INVERT},
+ {.name = "seconds", .id = O_SECONDS, .type = XTTYPE_UINT32,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, seconds), .min = 1},
+ {.name = "reap", .id = O_REAP, .type = XTTYPE_NONE,
+ .also = F_SECONDS },
+ {.name = "hitcount", .id = O_HITCOUNT, .type = XTTYPE_UINT32,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, hit_count)},
+ {.name = "rttl", .id = O_RTTL, .type = XTTYPE_NONE,
+ .excl = F_SET | F_REMOVE},
+ {.name = "name", .id = O_NAME, .type = XTTYPE_STRING,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, name)},
+ {.name = "rsource", .id = O_RSOURCE, .type = XTTYPE_NONE},
+ {.name = "rdest", .id = O_RDEST, .type = XTTYPE_NONE},
+ {.name = "mask", .id = O_MASK, .type = XTTYPE_HOST,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, mask)},
+ XTOPT_TABLEEND,
+};
+#undef s
static void recent_help(void)
{
@@ -33,6 +90,8 @@ static void recent_help(void)
" --seconds seconds For check and update commands above.\n"
" Specifies that the match will only occur if source address last seen within\n"
" the last 'seconds' seconds.\n"
+" --reap Purge entries older then 'seconds'.\n"
+" Can only be used in conjunction with the seconds option.\n"
" --hitcount hits For check and update commands above.\n"
" Specifies that the match will only occur if source address seen hits times.\n"
" May be used in conjunction with the seconds option.\n"
@@ -44,190 +103,253 @@ static void recent_help(void)
" --name name Name of the recent list to be used. DEFAULT used if none given.\n"
" --rsource Match/Save the source address of each packet in the recent list table (default).\n"
" --rdest Match/Save the destination address of each packet in the recent list table.\n"
-"xt_recent by: Stephen Frost <sfrost@snowman.net>. http://snowman.net/projects/ipt_recent/\n");
+" --mask netmask Netmask that will be applied to this recent list.\n"
+"xt_recent by: Stephen Frost <sfrost@snowman.net>.\n");
}
-static void recent_init(struct xt_entry_match *match)
+enum {
+ XT_RECENT_REV_0 = 0,
+ XT_RECENT_REV_1,
+};
+
+static void recent_init(struct xt_entry_match *match, unsigned int rev)
{
- struct xt_recent_mtinfo *info = (void *)(match)->data;
+ struct xt_recent_mtinfo *info = (struct xt_recent_mtinfo *)match->data;
+ struct xt_recent_mtinfo_v1 *info_v1 =
+ (struct xt_recent_mtinfo_v1 *)match->data;
strncpy(info->name,"DEFAULT", XT_RECENT_NAME_LEN);
/* even though XT_RECENT_NAME_LEN is currently defined as 200,
* better be safe, than sorry */
info->name[XT_RECENT_NAME_LEN-1] = '\0';
info->side = XT_RECENT_SOURCE;
+ if (rev == XT_RECENT_REV_1)
+ memset(&info_v1->mask, 0xFF, sizeof(info_v1->mask));
}
-#define RECENT_CMDS \
- (XT_RECENT_SET | XT_RECENT_CHECK | \
- XT_RECENT_UPDATE | XT_RECENT_REMOVE)
-
-static int recent_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void recent_parse(struct xt_option_call *cb)
{
- struct xt_recent_mtinfo *info = (void *)(*match)->data;
-
- switch (c) {
- case 201:
- if (*flags & RECENT_CMDS)
- xtables_error(PARAMETER_PROBLEM,
- "recent: only one of `--set', `--rcheck' "
- "`--update' or `--remove' may be set");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- info->check_set |= XT_RECENT_SET;
- if (invert) info->invert = 1;
- *flags |= XT_RECENT_SET;
- break;
-
- case 202:
- if (*flags & RECENT_CMDS)
- xtables_error(PARAMETER_PROBLEM,
- "recent: only one of `--set', `--rcheck' "
- "`--update' or `--remove' may be set");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- info->check_set |= XT_RECENT_CHECK;
- if(invert) info->invert = 1;
- *flags |= XT_RECENT_CHECK;
- break;
-
- case 203:
- if (*flags & RECENT_CMDS)
- xtables_error(PARAMETER_PROBLEM,
- "recent: only one of `--set', `--rcheck' "
- "`--update' or `--remove' may be set");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- info->check_set |= XT_RECENT_UPDATE;
- if (invert) info->invert = 1;
- *flags |= XT_RECENT_UPDATE;
- break;
-
- case 204:
- info->seconds = atoi(optarg);
- break;
-
- case 205:
- info->hit_count = atoi(optarg);
- break;
-
- case 206:
- if (*flags & RECENT_CMDS)
- xtables_error(PARAMETER_PROBLEM,
- "recent: only one of `--set', `--rcheck' "
- "`--update' or `--remove' may be set");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- info->check_set |= XT_RECENT_REMOVE;
- if (invert) info->invert = 1;
- *flags |= XT_RECENT_REMOVE;
- break;
-
- case 207:
- info->check_set |= XT_RECENT_TTL;
- *flags |= XT_RECENT_TTL;
- break;
-
- case 208:
- strncpy(info->name,optarg, XT_RECENT_NAME_LEN);
- info->name[XT_RECENT_NAME_LEN-1] = '\0';
- break;
-
- case 209:
- info->side = XT_RECENT_SOURCE;
- break;
-
- case 210:
- info->side = XT_RECENT_DEST;
- break;
-
- default:
- return 0;
- }
+ struct xt_recent_mtinfo *info = cb->data;
- return 1;
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SET:
+ info->check_set |= XT_RECENT_SET;
+ if (cb->invert)
+ info->invert = true;
+ break;
+ case O_RCHECK:
+ info->check_set |= XT_RECENT_CHECK;
+ if (cb->invert)
+ info->invert = true;
+ break;
+ case O_UPDATE:
+ info->check_set |= XT_RECENT_UPDATE;
+ if (cb->invert)
+ info->invert = true;
+ break;
+ case O_REMOVE:
+ info->check_set |= XT_RECENT_REMOVE;
+ if (cb->invert)
+ info->invert = true;
+ break;
+ case O_RTTL:
+ info->check_set |= XT_RECENT_TTL;
+ break;
+ case O_RSOURCE:
+ info->side = XT_RECENT_SOURCE;
+ break;
+ case O_RDEST:
+ info->side = XT_RECENT_DEST;
+ break;
+ case O_REAP:
+ info->check_set |= XT_RECENT_REAP;
+ break;
+ }
}
-static void recent_check(unsigned int flags)
+static void recent_check(struct xt_fcheck_call *cb)
{
- if (!(flags & RECENT_CMDS))
+ if (!(cb->xflags & F_ANY_OP))
xtables_error(PARAMETER_PROBLEM,
"recent: you must specify one of `--set', `--rcheck' "
"`--update' or `--remove'");
- if ((flags & XT_RECENT_TTL) &&
- (flags & (XT_RECENT_SET | XT_RECENT_REMOVE)))
- xtables_error(PARAMETER_PROBLEM,
- "recent: --rttl may only be used with --rcheck or "
- "--update");
}
static void recent_print(const void *ip, const struct xt_entry_match *match,
- int numeric)
+ unsigned int family)
{
- const struct xt_recent_mtinfo *info = (const void *)match->data;
+ const struct xt_recent_mtinfo_v1 *info = (const void *)match->data;
if (info->invert)
- fputc('!', stdout);
+ printf(" !");
- printf("recent: ");
+ printf(" recent:");
if (info->check_set & XT_RECENT_SET)
- printf("SET ");
+ printf(" SET");
if (info->check_set & XT_RECENT_CHECK)
- printf("CHECK ");
+ printf(" CHECK");
if (info->check_set & XT_RECENT_UPDATE)
- printf("UPDATE ");
+ printf(" UPDATE");
if (info->check_set & XT_RECENT_REMOVE)
- printf("REMOVE ");
- if(info->seconds) printf("seconds: %d ",info->seconds);
- if(info->hit_count) printf("hit_count: %d ",info->hit_count);
+ printf(" REMOVE");
+ if(info->seconds) printf(" seconds: %d", info->seconds);
+ if (info->check_set & XT_RECENT_REAP)
+ printf(" reap");
+ if(info->hit_count) printf(" hit_count: %d", info->hit_count);
if (info->check_set & XT_RECENT_TTL)
- printf("TTL-Match ");
- if(info->name) printf("name: %s ",info->name);
+ printf(" TTL-Match");
+ if(info->name) printf(" name: %s", info->name);
if (info->side == XT_RECENT_SOURCE)
- printf("side: source ");
+ printf(" side: source");
if (info->side == XT_RECENT_DEST)
- printf("side: dest ");
+ printf(" side: dest");
+
+ switch(family) {
+ case NFPROTO_IPV4:
+ printf(" mask: %s",
+ xtables_ipaddr_to_numeric(&info->mask.in));
+ break;
+ case NFPROTO_IPV6:
+ printf(" mask: %s",
+ xtables_ip6addr_to_numeric(&info->mask.in6));
+ break;
+ }
}
-static void recent_save(const void *ip, const struct xt_entry_match *match)
+static void recent_save(const void *ip, const struct xt_entry_match *match,
+ unsigned int family)
{
- const struct xt_recent_mtinfo *info = (const void *)match->data;
+ const struct xt_recent_mtinfo_v1 *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
if (info->check_set & XT_RECENT_SET)
- printf("--set ");
+ printf(" --set");
if (info->check_set & XT_RECENT_CHECK)
- printf("--rcheck ");
+ printf(" --rcheck");
if (info->check_set & XT_RECENT_UPDATE)
- printf("--update ");
+ printf(" --update");
if (info->check_set & XT_RECENT_REMOVE)
- printf("--remove ");
- if(info->seconds) printf("--seconds %d ",info->seconds);
- if(info->hit_count) printf("--hitcount %d ",info->hit_count);
+ printf(" --remove");
+ if(info->seconds) printf(" --seconds %d", info->seconds);
+ if (info->check_set & XT_RECENT_REAP)
+ printf(" --reap");
+ if(info->hit_count) printf(" --hitcount %d", info->hit_count);
if (info->check_set & XT_RECENT_TTL)
- printf("--rttl ");
- if(info->name) printf("--name %s ",info->name);
+ printf(" --rttl");
+ if(info->name) printf(" --name %s",info->name);
+
+ switch(family) {
+ case NFPROTO_IPV4:
+ printf(" --mask %s",
+ xtables_ipaddr_to_numeric(&info->mask.in));
+ break;
+ case NFPROTO_IPV6:
+ printf(" --mask %s",
+ xtables_ip6addr_to_numeric(&info->mask.in6));
+ break;
+ }
+
if (info->side == XT_RECENT_SOURCE)
- printf("--rsource ");
+ printf(" --rsource");
if (info->side == XT_RECENT_DEST)
- printf("--rdest ");
+ printf(" --rdest");
+}
+
+static void recent_init_v0(struct xt_entry_match *match)
+{
+ recent_init(match, XT_RECENT_REV_0);
+}
+
+static void recent_init_v1(struct xt_entry_match *match)
+{
+ recent_init(match, XT_RECENT_REV_1);
+}
+
+static void recent_save_v0(const void *ip, const struct xt_entry_match *match)
+{
+ recent_save(ip, match, NFPROTO_UNSPEC);
+}
+
+static void recent_save_v4(const void *ip, const struct xt_entry_match *match)
+{
+ recent_save(ip, match, NFPROTO_IPV4);
+}
+
+static void recent_save_v6(const void *ip, const struct xt_entry_match *match)
+{
+ recent_save(ip, match, NFPROTO_IPV6);
+}
+
+static void recent_print_v0(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ recent_print(ip, match, NFPROTO_UNSPEC);
+}
+
+static void recent_print_v4(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ recent_print(ip, match, NFPROTO_IPV4);
+}
+
+static void recent_print_v6(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ recent_print(ip, match, NFPROTO_IPV6);
}
-static struct xtables_match recent_mt_reg = {
- .name = "recent",
- .version = XTABLES_VERSION,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
- .help = recent_help,
- .init = recent_init,
- .parse = recent_parse,
- .final_check = recent_check,
- .print = recent_print,
- .save = recent_save,
- .extra_opts = recent_opts,
+static struct xtables_match recent_mt_reg[] = {
+ {
+ .name = "recent",
+ .version = XTABLES_VERSION,
+ .revision = 0,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
+ .help = recent_help,
+ .init = recent_init_v0,
+ .x6_parse = recent_parse,
+ .x6_fcheck = recent_check,
+ .print = recent_print_v0,
+ .save = recent_save_v0,
+ .x6_options = recent_opts_v0,
+ },
+ {
+ .name = "recent",
+ .version = XTABLES_VERSION,
+ .revision = 1,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo_v1)),
+ .help = recent_help,
+ .init = recent_init_v1,
+ .x6_parse = recent_parse,
+ .x6_fcheck = recent_check,
+ .print = recent_print_v4,
+ .save = recent_save_v4,
+ .x6_options = recent_opts_v1,
+ },
+ {
+ .name = "recent",
+ .version = XTABLES_VERSION,
+ .revision = 1,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo_v1)),
+ .help = recent_help,
+ .init = recent_init_v1,
+ .x6_parse = recent_parse,
+ .x6_fcheck = recent_check,
+ .print = recent_print_v6,
+ .save = recent_save_v6,
+ .x6_options = recent_opts_v1,
+ },
};
void _init(void)
{
- xtables_register_match(&recent_mt_reg);
+ xtables_register_matches(recent_mt_reg, ARRAY_SIZE(recent_mt_reg));
}
diff --git a/extensions/libxt_recent.man b/extensions/libxt_recent.man
index 532c328..419be25 100644
--- a/extensions/libxt_recent.man
+++ b/extensions/libxt_recent.man
@@ -10,12 +10,12 @@ mutually exclusive.
.TP
\fB\-\-name\fP \fIname\fP
Specify the list to use for the commands. If no name is given then
-\fBDEFAULT\fR will be used.
+\fBDEFAULT\fP will be used.
.TP
-[\fB!\fR] \fB\-\-set\fP
+[\fB!\fP] \fB\-\-set\fP
This will add the source address of the packet to the list. If the source
address is already in the list, this will update the existing entry. This will
-always return success (or failure if \fB!\fR is passed in).
+always return success (or failure if \fB!\fP is passed in).
.TP
\fB\-\-rsource\fP
Match/save the source address of each packet in the recent list table. This
@@ -24,14 +24,17 @@ is the default.
\fB\-\-rdest\fP
Match/save the destination address of each packet in the recent list table.
.TP
-[\fB!\fR] \fB\-\-rcheck\fP
+\fB\-\-mask\fP \fInetmask\fP
+Netmask that will be applied to this recent list.
+.TP
+[\fB!\fP] \fB\-\-rcheck\fP
Check if the source address of the packet is currently in the list.
.TP
-[\fB!\fR] \fB\-\-update\fP
+[\fB!\fP] \fB\-\-update\fP
Like \fB\-\-rcheck\fP, except it will update the "last seen" timestamp if it
matches.
.TP
-[\fB!\fR] \fB\-\-remove\fP
+[\fB!\fP] \fB\-\-remove\fP
Check if the source address of the packet is currently in the list and if so
that address will be removed from the list and the rule will return true. If
the address is not found, false is returned.
@@ -41,6 +44,11 @@ This option must be used in conjunction with one of \fB\-\-rcheck\fP or
\fB\-\-update\fP. When used, this will narrow the match to only happen when the
address is in the list and was seen within the last given number of seconds.
.TP
+\fB\-\-reap\fP
+This option can only be used in conjunction with \fB\-\-seconds\fP.
+When used, this will cause entries older than the last given number of seconds
+to be purged.
+.TP
\fB\-\-hitcount\fP \fIhits\fP
This option must be used in conjunction with one of \fB\-\-rcheck\fP or
\fB\-\-update\fP. When used, this will narrow the match to only happen when the
@@ -65,40 +73,37 @@ iptables \-A FORWARD \-m recent \-\-name badguy \-\-rcheck \-\-seconds 60 \-j DR
.IP
iptables \-A FORWARD \-p tcp \-i eth0 \-\-dport 139 \-m recent \-\-name badguy \-\-set \-j DROP
.PP
-Steve's ipt_recent website (http://snowman.net/projects/ipt_recent/) also has
-some examples of usage.
-.PP
-\fB/proc/net/xt_recent/*\fR are the current lists of addresses and information
+\fB/proc/net/xt_recent/*\fP are the current lists of addresses and information
about each entry of each list.
.PP
-Each file in \fB/proc/net/xt_recent/\fR can be read from to see the current
+Each file in \fB/proc/net/xt_recent/\fP can be read from to see the current
list or written two using the following commands to modify the list:
.TP
-\fBecho +\fR\fIaddr\fR\fB >/proc/net/xt_recent/DEFAULT\fR
-to add \fIaddr\fR to the DEFAULT list
+\fBecho +\fP\fIaddr\fP\fB >/proc/net/xt_recent/DEFAULT\fP
+to add \fIaddr\fP to the DEFAULT list
.TP
\fBecho \-\fP\fIaddr\fP\fB >/proc/net/xt_recent/DEFAULT\fP
-to remove \fIaddr\fR from the DEFAULT list
+to remove \fIaddr\fP from the DEFAULT list
.TP
-\fBecho / >/proc/net/xt_recent/DEFAULT\fR
+\fBecho / >/proc/net/xt_recent/DEFAULT\fP
to flush the DEFAULT list (remove all entries).
.PP
The module itself accepts parameters, defaults shown:
.TP
-\fBip_list_tot\fR=\fI100\fR
+\fBip_list_tot\fP=\fI100\fP
Number of addresses remembered per table.
.TP
-\fBip_pkt_list_tot\fR=\fI20\fR
+\fBip_pkt_list_tot\fP=\fI20\fP
Number of packets per address remembered.
.TP
-\fBip_list_hash_size\fR=\fI0\fR
+\fBip_list_hash_size\fP=\fI0\fP
Hash table size. 0 means to calculate it based on ip_list_tot, default: 512.
.TP
-\fBip_list_perms\fR=\fI0644\fR
+\fBip_list_perms\fP=\fI0644\fP
Permissions for /proc/net/xt_recent/* files.
.TP
-\fBip_list_uid\fR=\fI0\fR
+\fBip_list_uid\fP=\fI0\fP
Numerical UID for ownership of /proc/net/xt_recent/* files.
.TP
-\fBip_list_gid\fR=\fI0\fR
+\fBip_list_gid\fP=\fI0\fP
Numerical GID for ownership of /proc/net/xt_recent/* files.
diff --git a/extensions/libxt_rpfilter.c b/extensions/libxt_rpfilter.c
new file mode 100644
index 0000000..168e703
--- /dev/null
+++ b/extensions/libxt_rpfilter.c
@@ -0,0 +1,96 @@
+#include <stdio.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_rpfilter.h>
+
+enum {
+ O_RPF_LOOSE = 0,
+ O_RPF_VMARK = 1,
+ O_RPF_ACCEPT_LOCAL = 2,
+ O_RPF_INVERT = 3,
+};
+
+static void rpfilter_help(void)
+{
+ printf(
+"rpfilter match options:\n"
+" --loose permit reverse path via any interface\n"
+" --validmark use skb nfmark when performing route lookup\n"
+" --accept-local do not reject packets with a local source address\n"
+" --invert match packets that failed the reverse path test\n"
+ );
+}
+
+static const struct xt_option_entry rpfilter_opts[] = {
+ {.name = "loose", .id = O_RPF_LOOSE, .type = XTTYPE_NONE, },
+ {.name = "validmark", .id = O_RPF_VMARK, .type = XTTYPE_NONE, },
+ {.name = "accept-local", .id = O_RPF_ACCEPT_LOCAL, .type = XTTYPE_NONE, },
+ {.name = "invert", .id = O_RPF_INVERT, .type = XTTYPE_NONE, },
+ XTOPT_TABLEEND,
+};
+
+static void rpfilter_parse(struct xt_option_call *cb)
+{
+ struct xt_rpfilter_info *rpfinfo = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_RPF_LOOSE:
+ rpfinfo->flags |= XT_RPFILTER_LOOSE;
+ break;
+ case O_RPF_VMARK:
+ rpfinfo->flags |= XT_RPFILTER_VALID_MARK;
+ break;
+ case O_RPF_ACCEPT_LOCAL:
+ rpfinfo->flags |= XT_RPFILTER_ACCEPT_LOCAL;
+ break;
+ case O_RPF_INVERT:
+ rpfinfo->flags |= XT_RPFILTER_INVERT;
+ break;
+ }
+}
+
+static void
+rpfilter_print_prefix(const void *ip, const void *matchinfo,
+ const char *prefix)
+{
+ const struct xt_rpfilter_info *info = matchinfo;
+ if (info->flags & XT_RPFILTER_LOOSE)
+ printf(" %s%s", prefix, rpfilter_opts[O_RPF_LOOSE].name);
+ if (info->flags & XT_RPFILTER_VALID_MARK)
+ printf(" %s%s", prefix, rpfilter_opts[O_RPF_VMARK].name);
+ if (info->flags & XT_RPFILTER_ACCEPT_LOCAL)
+ printf(" %s%s", prefix, rpfilter_opts[O_RPF_ACCEPT_LOCAL].name);
+ if (info->flags & XT_RPFILTER_INVERT)
+ printf(" %s%s", prefix, rpfilter_opts[O_RPF_INVERT].name);
+}
+
+
+static void
+rpfilter_print(const void *ip, const struct xt_entry_match *match, int numeric)
+{
+ printf(" rpfilter");
+ return rpfilter_print_prefix(ip, match->data, "");
+}
+
+static void rpfilter_save(const void *ip, const struct xt_entry_match *match)
+{
+ return rpfilter_print_prefix(ip, match->data, "--");
+}
+
+static struct xtables_match rpfilter_match = {
+ .family = NFPROTO_UNSPEC,
+ .name = "rpfilter",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_rpfilter_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_rpfilter_info)),
+ .help = rpfilter_help,
+ .print = rpfilter_print,
+ .save = rpfilter_save,
+ .x6_parse = rpfilter_parse,
+ .x6_options = rpfilter_opts,
+};
+
+void _init(void)
+{
+ xtables_register_match(&rpfilter_match);
+}
diff --git a/extensions/libxt_rpfilter.man b/extensions/libxt_rpfilter.man
new file mode 100644
index 0000000..f7f56d2
--- /dev/null
+++ b/extensions/libxt_rpfilter.man
@@ -0,0 +1,39 @@
+Performs a reverse path filter test on a packet.
+If a reply to the packet would be sent via the same interface
+that the packet arrived on, the packet will match.
+Note that, unlike the in-kernel rp_filter, packets protected
+by IPSec are not treated specially. Combine this match with
+the policy match if you want this.
+Also, packets arriving via the loopback interface are always permitted.
+This match can only be used in the PREROUTING chain of the raw or mangle table.
+.TP
+\fB\-\-loose\fP
+Used to specifiy that the reverse path filter test should match
+even if the selected output device is not the expected one.
+.TP
+\fB\-\-validmark\fP
+Also use the packets' nfmark value when performing the reverse path route lookup.
+.TP
+\fB\-\-accept\-local\fP
+This will permit packets arriving from the network with a source address that is also
+assigned to the local machine.
+.TP
+\fB\-\-invert\fP
+This will invert the sense of the match. Instead of matching packets that passed the
+reverse path filter test, match those that have failed it.
+.PP
+Example to log and drop packets failing the reverse path filter test:
+
+iptables \-t raw \-N RPFILTER
+
+iptables \-t raw \-A RPFILTER \-m rpfilter \-j RETURN
+
+iptables \-t raw \-A RPFILTER \-m limit \-\-limit 10/minute \-j NFLOG \-\-nflog\-prefix "rpfilter drop"
+
+iptables \-t raw \-A RPFILTER \-j DROP
+
+iptables \-t raw \-A PREROUTING \-j RPFILTER
+
+Example to drop failed packets, without logging:
+
+iptables \-t raw \-A RPFILTER \-m rpfilter \-\-invert \-j DROP
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index d321fb8..56a4cdf 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -7,6 +7,7 @@
* libipt_ecn.c borrowed heavily from libipt_dscp.c
*
*/
+#include <stdbool.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -27,15 +28,13 @@
#endif
static void
-print_chunk(u_int32_t chunknum, int numeric);
+print_chunk(uint32_t chunknum, int numeric);
static void sctp_init(struct xt_entry_match *m)
{
int i;
struct xt_sctp_info *einfo = (struct xt_sctp_info *)m->data;
- memset(einfo, 0, sizeof(struct xt_sctp_info));
-
for (i = 0; i < XT_NUM_SCTP_FLAGS; i++) {
einfo->flag_info[i].chunktype = -1;
}
@@ -55,17 +54,17 @@ static void sctp_help(void)
}
static const struct option sctp_opts[] = {
- { .name = "source-port", .has_arg = 1, .val = '1' },
- { .name = "sport", .has_arg = 1, .val = '1' },
- { .name = "destination-port", .has_arg = 1, .val = '2' },
- { .name = "dport", .has_arg = 1, .val = '2' },
- { .name = "chunk-types", .has_arg = 1, .val = '3' },
- { .name = NULL }
+ {.name = "source-port", .has_arg = true, .val = '1'},
+ {.name = "sport", .has_arg = true, .val = '1'},
+ {.name = "destination-port", .has_arg = true, .val = '2'},
+ {.name = "dport", .has_arg = true, .val = '2'},
+ {.name = "chunk-types", .has_arg = true, .val = '3'},
+ XT_GETOPT_TABLEEND,
};
static void
parse_sctp_ports(const char *portstring,
- u_int16_t *ports)
+ uint16_t *ports)
{
char *buffer;
char *cp;
@@ -258,7 +257,6 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags,
xtables_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
einfo->flags |= XT_SCTP_SRC_PORTS;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
parse_sctp_ports(optarg, einfo->spts);
if (invert)
einfo->invflags |= XT_SCTP_SRC_PORTS;
@@ -270,7 +268,6 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags,
xtables_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
einfo->flags |= XT_SCTP_DEST_PORTS;
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
parse_sctp_ports(optarg, einfo->dpts);
if (invert)
einfo->invflags |= XT_SCTP_DEST_PORTS;
@@ -281,8 +278,6 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & XT_SCTP_CHUNK_TYPES)
xtables_error(PARAMETER_PROBLEM,
"Only one `--chunk-types' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
xtables_error(PARAMETER_PROBLEM,
@@ -295,17 +290,14 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags,
optind++;
*flags |= XT_SCTP_CHUNK_TYPES;
break;
-
- default:
- return 0;
}
return 1;
}
-static char *
+static const char *
port_to_service(int port)
{
- struct servent *service;
+ const struct servent *service;
if ((service = getservbyport(htons(port), "sctp")))
return service->s_name;
@@ -314,9 +306,9 @@ port_to_service(int port)
}
static void
-print_port(u_int16_t port, int numeric)
+print_port(uint16_t port, int numeric)
{
- char *service;
+ const char *service;
if (numeric || (service = port_to_service(port)) == NULL)
printf("%u", port);
@@ -325,13 +317,13 @@ print_port(u_int16_t port, int numeric)
}
static void
-print_ports(const char *name, u_int16_t min, u_int16_t max,
+print_ports(const char *name, uint16_t min, uint16_t max,
int invert, int numeric)
{
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
@@ -341,12 +333,11 @@ print_ports(const char *name, u_int16_t min, u_int16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
static void
-print_chunk_flags(u_int32_t chunknum, u_int8_t chunk_flags, u_int8_t chunk_flags_mask)
+print_chunk_flags(uint32_t chunknum, uint8_t chunk_flags, uint8_t chunk_flags_mask)
{
int i;
@@ -369,7 +360,7 @@ print_chunk_flags(u_int32_t chunknum, u_int8_t chunk_flags, u_int8_t chunk_flags
}
static void
-print_chunk(u_int32_t chunknum, int numeric)
+print_chunk(uint32_t chunknum, int numeric)
{
if (numeric) {
printf("0x%04X", chunknum);
@@ -386,26 +377,26 @@ print_chunk(u_int32_t chunknum, int numeric)
static void
print_chunks(const struct xt_sctp_info *einfo, int numeric)
{
- u_int32_t chunk_match_type = einfo->chunk_match_type;
+ uint32_t chunk_match_type = einfo->chunk_match_type;
const struct xt_sctp_flag_info *flag_info = einfo->flag_info;
int flag_count = einfo->flag_count;
int i, j;
int flag;
switch (chunk_match_type) {
- case SCTP_CHUNK_MATCH_ANY: printf("any "); break;
- case SCTP_CHUNK_MATCH_ALL: printf("all "); break;
- case SCTP_CHUNK_MATCH_ONLY: printf("only "); break;
- default: printf("Never reach herer\n"); break;
+ case SCTP_CHUNK_MATCH_ANY: printf(" any"); break;
+ case SCTP_CHUNK_MATCH_ALL: printf(" all"); break;
+ case SCTP_CHUNK_MATCH_ONLY: printf(" only"); break;
+ default: printf("Never reach here\n"); break;
}
if (SCTP_CHUNKMAP_IS_CLEAR(einfo->chunkmap)) {
- printf("NONE ");
+ printf(" NONE");
goto out;
}
if (SCTP_CHUNKMAP_IS_ALL_SET(einfo->chunkmap)) {
- printf("ALL ");
+ printf(" ALL");
goto out;
}
@@ -414,6 +405,8 @@ print_chunks(const struct xt_sctp_info *einfo, int numeric)
if (SCTP_CHUNKMAP_IS_SET(einfo->chunkmap, i)) {
if (flag)
printf(",");
+ else
+ putchar(' ');
flag = 1;
print_chunk(i, numeric);
for (j = 0; j < flag_count; j++) {
@@ -424,9 +417,6 @@ print_chunks(const struct xt_sctp_info *einfo, int numeric)
}
}
}
-
- if (flag)
- printf(" ");
out:
return;
}
@@ -437,7 +427,7 @@ sctp_print(const void *ip, const struct xt_entry_match *match, int numeric)
const struct xt_sctp_info *einfo =
(const struct xt_sctp_info *)match->data;
- printf("sctp ");
+ printf(" sctp");
if (einfo->flags & XT_SCTP_SRC_PORTS) {
print_ports("spt", einfo->spts[0], einfo->spts[1],
@@ -455,7 +445,7 @@ sctp_print(const void *ip, const struct xt_entry_match *match, int numeric)
/* FIXME: print_chunks() is used in save() where the printing of '!'
s taken care of, so we need to do that here as well */
if (einfo->invflags & XT_SCTP_CHUNK_TYPES) {
- printf("! ");
+ printf(" !");
}
print_chunks(einfo, numeric);
}
@@ -468,28 +458,28 @@ static void sctp_save(const void *ip, const struct xt_entry_match *match)
if (einfo->flags & XT_SCTP_SRC_PORTS) {
if (einfo->invflags & XT_SCTP_SRC_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->spts[0] != einfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
einfo->spts[0], einfo->spts[1]);
else
- printf("--sport %u ", einfo->spts[0]);
+ printf(" --sport %u", einfo->spts[0]);
}
if (einfo->flags & XT_SCTP_DEST_PORTS) {
if (einfo->invflags & XT_SCTP_DEST_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->dpts[0] != einfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
einfo->dpts[0], einfo->dpts[1]);
else
- printf("--dport %u ", einfo->dpts[0]);
+ printf(" --dport %u", einfo->dpts[0]);
}
if (einfo->flags & XT_SCTP_CHUNK_TYPES) {
if (einfo->invflags & XT_SCTP_CHUNK_TYPES)
- printf("! ");
- printf("--chunk-types ");
+ printf(" !");
+ printf(" --chunk-types");
print_chunks(einfo, 0);
}
diff --git a/extensions/libxt_set.c b/extensions/libxt_set.c
index 75fa3c2..2cb9e78 100644
--- a/extensions/libxt_set.c
+++ b/extensions/libxt_set.c
@@ -9,6 +9,7 @@
*/
/* Shared library add-on to iptables to add IP set matching. */
+#include <stdbool.h>
#include <stdio.h>
#include <netdb.h>
#include <string.h>
@@ -21,8 +22,10 @@
#include <linux/netfilter/xt_set.h>
#include "libxt_set.h"
+/* Revision 0 */
+
static void
-set_help(void)
+set_help_v0(void)
{
printf("set match options:\n"
" [!] --match-set name flags\n"
@@ -31,14 +34,14 @@ set_help(void)
" 'src' and 'dst' specifications.\n");
}
-static const struct option set_opts[] = {
- { .name = "match-set", .has_arg = true, .val = '1'},
- { .name = "set", .has_arg = true, .val = '2'},
- { .name = NULL }
+static const struct option set_opts_v0[] = {
+ {.name = "match-set", .has_arg = true, .val = '1'},
+ {.name = "set", .has_arg = true, .val = '2'},
+ XT_GETOPT_TABLEEND,
};
static void
-set_check(unsigned int flags)
+set_check_v0(unsigned int flags)
{
if (!flags)
xtables_error(PARAMETER_PROBLEM,
@@ -61,8 +64,6 @@ set_parse_v0(int c, char **argv, int invert, unsigned int *flags,
if (info->u.flags[0])
xtables_error(PARAMETER_PROBLEM,
"--match-set can be specified only once");
-
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (invert)
info->u.flags[0] |= IPSET_MATCH_INV;
@@ -84,9 +85,6 @@ set_parse_v0(int c, char **argv, int invert, unsigned int *flags,
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
@@ -99,8 +97,8 @@ print_match_v0(const char *prefix, const struct xt_set_info_v0 *info)
char setname[IPSET_MAXNAMELEN];
get_set_byid(setname, info->index);
- printf("%s%s %s",
- (info->u.flags[0] & IPSET_MATCH_INV) ? "! " : "",
+ printf("%s %s %s",
+ (info->u.flags[0] & IPSET_MATCH_INV) ? " !" : "",
prefix,
setname);
for (i = 0; i < IPSET_DIM_MAX; i++) {
@@ -110,7 +108,6 @@ print_match_v0(const char *prefix, const struct xt_set_info_v0 *info)
i == 0 ? " " : ",",
info->u.flags[i] & IPSET_SRC ? "src" : "dst");
}
- printf(" ");
}
/* Prints out the matchinfo. */
@@ -130,12 +127,13 @@ set_save_v0(const void *ip, const struct xt_entry_match *match)
print_match_v0("--match-set", &info->match_set);
}
+/* Revision 1 */
static int
-set_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+set_parse_v1(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_match **match)
{
- struct xt_set_info_match *myinfo =
- (struct xt_set_info_match *) (*match)->data;
+ struct xt_set_info_match_v1 *myinfo =
+ (struct xt_set_info_match_v1 *) (*match)->data;
struct xt_set_info *info = &myinfo->match_set;
switch (c) {
@@ -146,8 +144,6 @@ set_parse(int c, char **argv, int invert, unsigned int *flags,
if (info->dim)
xtables_error(PARAMETER_PROBLEM,
"--match-set can be specified only once");
-
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (invert)
info->flags |= IPSET_INV_MATCH;
@@ -169,9 +165,6 @@ set_parse(int c, char **argv, int invert, unsigned int *flags,
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
@@ -184,8 +177,8 @@ print_match(const char *prefix, const struct xt_set_info *info)
char setname[IPSET_MAXNAMELEN];
get_set_byid(setname, info->index);
- printf("%s%s %s",
- (info->flags & IPSET_INV_MATCH) ? "! " : "",
+ printf("%s %s %s",
+ (info->flags & IPSET_INV_MATCH) ? " !" : "",
prefix,
setname);
for (i = 1; i <= info->dim; i++) {
@@ -193,26 +186,317 @@ print_match(const char *prefix, const struct xt_set_info *info)
i == 1 ? " " : ",",
info->flags & (1 << i) ? "src" : "dst");
}
- printf(" ");
}
/* Prints out the matchinfo. */
static void
-set_print(const void *ip, const struct xt_entry_match *match, int numeric)
+set_print_v1(const void *ip, const struct xt_entry_match *match, int numeric)
{
- const struct xt_set_info_match *info = (const void *)match->data;
+ const struct xt_set_info_match_v1 *info = (const void *)match->data;
print_match("match-set", &info->match_set);
}
static void
-set_save(const void *ip, const struct xt_entry_match *match)
+set_save_v1(const void *ip, const struct xt_entry_match *match)
{
- const struct xt_set_info_match *info = (const void *)match->data;
+ const struct xt_set_info_match_v1 *info = (const void *)match->data;
print_match("--match-set", &info->match_set);
}
+/* Revision 2 */
+static void
+set_help_v2(void)
+{
+ printf("set match options:\n"
+ " [!] --match-set name flags [--return-nomatch]\n"
+ " 'name' is the set name from to match,\n"
+ " 'flags' are the comma separated list of\n"
+ " 'src' and 'dst' specifications.\n");
+}
+
+static const struct option set_opts_v2[] = {
+ {.name = "match-set", .has_arg = true, .val = '1'},
+ {.name = "set", .has_arg = true, .val = '2'},
+ {.name = "return-nomatch", .has_arg = false, .val = '3'},
+ XT_GETOPT_TABLEEND,
+};
+
+static int
+set_parse_v2(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_match **match)
+{
+ struct xt_set_info_match_v1 *myinfo =
+ (struct xt_set_info_match_v1 *) (*match)->data;
+ struct xt_set_info *info = &myinfo->match_set;
+
+ switch (c) {
+ case '3':
+ info->flags |= IPSET_RETURN_NOMATCH;
+ break;
+ case '2':
+ fprintf(stderr,
+ "--set option deprecated, please use --match-set\n");
+ case '1': /* --match-set <set> <flag>[,<flag> */
+ if (info->dim)
+ xtables_error(PARAMETER_PROBLEM,
+ "--match-set can be specified only once");
+ if (invert)
+ info->flags |= IPSET_INV_MATCH;
+
+ if (!argv[optind]
+ || argv[optind][0] == '-'
+ || argv[optind][0] == '!')
+ xtables_error(PARAMETER_PROBLEM,
+ "--match-set requires two args.");
+
+ if (strlen(optarg) > IPSET_MAXNAMELEN - 1)
+ xtables_error(PARAMETER_PROBLEM,
+ "setname `%s' too long, max %d characters.",
+ optarg, IPSET_MAXNAMELEN - 1);
+
+ get_set_byname(optarg, info);
+ parse_dirs(argv[optind], info);
+ DEBUGP("parse: set index %u\n", info->index);
+ optind++;
+
+ *flags = 1;
+ break;
+ }
+
+ return 1;
+}
+
+/* Prints out the matchinfo. */
+static void
+set_print_v2(const void *ip, const struct xt_entry_match *match, int numeric)
+{
+ const struct xt_set_info_match_v1 *info = (const void *)match->data;
+
+ print_match("match-set", &info->match_set);
+ if (info->match_set.flags & IPSET_RETURN_NOMATCH)
+ printf(" return-nomatch");
+}
+
+static void
+set_save_v2(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_set_info_match_v1 *info = (const void *)match->data;
+
+ print_match("--match-set", &info->match_set);
+ if (info->match_set.flags & IPSET_RETURN_NOMATCH)
+ printf(" --return-nomatch");
+}
+
+/* Revision 3 */
+static void
+set_help_v3(void)
+{
+ printf("set match options:\n"
+ " [!] --match-set name flags [--return-nomatch]\n"
+ " [! --update-counters] [! --update-subcounters]\n"
+ " [[!] --packets-eq value | --packets-lt value | --packets-gt value\n"
+ " [[!] --bytes-eq value | --bytes-lt value | --bytes-gt value\n"
+ " 'name' is the set name from to match,\n"
+ " 'flags' are the comma separated list of\n"
+ " 'src' and 'dst' specifications.\n");
+}
+
+static const struct option set_opts_v3[] = {
+ {.name = "match-set", .has_arg = true, .val = '1'},
+ {.name = "set", .has_arg = true, .val = '2'},
+ {.name = "return-nomatch", .has_arg = false, .val = '3'},
+ {.name = "update-counters", .has_arg = false, .val = '4'},
+ {.name = "packets-eq", .has_arg = true, .val = '5'},
+ {.name = "packets-lt", .has_arg = true, .val = '6'},
+ {.name = "packets-gt", .has_arg = true, .val = '7'},
+ {.name = "bytes-eq", .has_arg = true, .val = '8'},
+ {.name = "bytes-lt", .has_arg = true, .val = '9'},
+ {.name = "bytes-gt", .has_arg = true, .val = '0'},
+ {.name = "update-subcounters", .has_arg = false, .val = 'a'},
+ XT_GETOPT_TABLEEND,
+};
+
+static uint64_t
+parse_counter(const char *opt)
+{
+ uintmax_t value;
+
+ if (!xtables_strtoul(opt, NULL, &value, 0, UINT64_MAX))
+ xtables_error(PARAMETER_PROBLEM,
+ "Cannot parse %s as a counter value\n",
+ opt);
+ return (uint64_t)value;
+}
+
+static int
+set_parse_v3(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_match **match)
+{
+ struct xt_set_info_match_v3 *info =
+ (struct xt_set_info_match_v3 *) (*match)->data;
+
+ switch (c) {
+ case 'a':
+ if (invert)
+ info->flags |= IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE;
+ break;
+ case '0':
+ if (info->bytes.op != IPSET_COUNTER_NONE)
+ xtables_error(PARAMETER_PROBLEM,
+ "only one of the --bytes-[eq|lt|gt]"
+ " is allowed\n");
+ if (invert)
+ xtables_error(PARAMETER_PROBLEM,
+ "--bytes-gt option cannot be inverted\n");
+ info->bytes.op = IPSET_COUNTER_GT;
+ info->bytes.value = parse_counter(optarg);
+ break;
+ case '9':
+ if (info->bytes.op != IPSET_COUNTER_NONE)
+ xtables_error(PARAMETER_PROBLEM,
+ "only one of the --bytes-[eq|lt|gt]"
+ " is allowed\n");
+ if (invert)
+ xtables_error(PARAMETER_PROBLEM,
+ "--bytes-lt option cannot be inverted\n");
+ info->bytes.op = IPSET_COUNTER_LT;
+ info->bytes.value = parse_counter(optarg);
+ break;
+ case '8':
+ if (info->bytes.op != IPSET_COUNTER_NONE)
+ xtables_error(PARAMETER_PROBLEM,
+ "only one of the --bytes-[eq|lt|gt]"
+ " is allowed\n");
+ info->bytes.op = invert ? IPSET_COUNTER_NE : IPSET_COUNTER_EQ;
+ info->bytes.value = parse_counter(optarg);
+ break;
+ case '7':
+ if (info->packets.op != IPSET_COUNTER_NONE)
+ xtables_error(PARAMETER_PROBLEM,
+ "only one of the --packets-[eq|lt|gt]"
+ " is allowed\n");
+ if (invert)
+ xtables_error(PARAMETER_PROBLEM,
+ "--packets-gt option cannot be inverted\n");
+ info->packets.op = IPSET_COUNTER_GT;
+ info->packets.value = parse_counter(optarg);
+ break;
+ case '6':
+ if (info->packets.op != IPSET_COUNTER_NONE)
+ xtables_error(PARAMETER_PROBLEM,
+ "only one of the --packets-[eq|lt|gt]"
+ " is allowed\n");
+ if (invert)
+ xtables_error(PARAMETER_PROBLEM,
+ "--packets-lt option cannot be inverted\n");
+ info->packets.op = IPSET_COUNTER_LT;
+ info->packets.value = parse_counter(optarg);
+ break;
+ case '5':
+ if (info->packets.op != IPSET_COUNTER_NONE)
+ xtables_error(PARAMETER_PROBLEM,
+ "only one of the --packets-[eq|lt|gt]"
+ " is allowed\n");
+ info->packets.op = invert ? IPSET_COUNTER_NE : IPSET_COUNTER_EQ;
+ info->packets.value = parse_counter(optarg);
+ break;
+ case '4':
+ if (invert)
+ info->flags |= IPSET_FLAG_SKIP_COUNTER_UPDATE;
+ break;
+ case '3':
+ if (invert)
+ xtables_error(PARAMETER_PROBLEM,
+ "--return-nomatch flag cannot be inverted\n");
+ info->flags |= IPSET_FLAG_RETURN_NOMATCH;
+ break;
+ case '2':
+ fprintf(stderr,
+ "--set option deprecated, please use --match-set\n");
+ case '1': /* --match-set <set> <flag>[,<flag> */
+ if (info->match_set.dim)
+ xtables_error(PARAMETER_PROBLEM,
+ "--match-set can be specified only once");
+ if (invert)
+ info->match_set.flags |= IPSET_INV_MATCH;
+
+ if (!argv[optind]
+ || argv[optind][0] == '-'
+ || argv[optind][0] == '!')
+ xtables_error(PARAMETER_PROBLEM,
+ "--match-set requires two args.");
+
+ if (strlen(optarg) > IPSET_MAXNAMELEN - 1)
+ xtables_error(PARAMETER_PROBLEM,
+ "setname `%s' too long, max %d characters.",
+ optarg, IPSET_MAXNAMELEN - 1);
+
+ get_set_byname(optarg, &info->match_set);
+ parse_dirs(argv[optind], &info->match_set);
+ DEBUGP("parse: set index %u\n", info->match_set.index);
+ optind++;
+
+ *flags = 1;
+ break;
+ }
+
+ return 1;
+}
+
+static void
+set_printv3_counter(const struct ip_set_counter_match *c, const char *name,
+ const char *sep)
+{
+ switch (c->op) {
+ case IPSET_COUNTER_EQ:
+ printf(" %s%s-eq %llu", sep, name, c->value);
+ break;
+ case IPSET_COUNTER_NE:
+ printf(" ! %s%s-eq %llu", sep, name, c->value);
+ break;
+ case IPSET_COUNTER_LT:
+ printf(" %s%s-lt %llu", sep, name, c->value);
+ break;
+ case IPSET_COUNTER_GT:
+ printf(" %s%s-gt %llu", sep, name, c->value);
+ break;
+ }
+}
+
+static void
+set_print_v3_matchinfo(const struct xt_set_info_match_v3 *info,
+ const char *opt, const char *sep)
+{
+ print_match(opt, &info->match_set);
+ if (info->flags & IPSET_FLAG_RETURN_NOMATCH)
+ printf(" %sreturn-nomatch", sep);
+ if ((info->flags & IPSET_FLAG_SKIP_COUNTER_UPDATE))
+ printf(" ! %supdate-counters", sep);
+ if ((info->flags & IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE))
+ printf(" ! %supdate-subcounters", sep);
+ set_printv3_counter(&info->packets, "packets", sep);
+ set_printv3_counter(&info->bytes, "bytes", sep);
+}
+
+/* Prints out the matchinfo. */
+static void
+set_print_v3(const void *ip, const struct xt_entry_match *match, int numeric)
+{
+ const struct xt_set_info_match_v3 *info = (const void *)match->data;
+
+ set_print_v3_matchinfo(info, "match-set", "");
+}
+
+static void
+set_save_v3(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_set_info_match_v3 *info = (const void *)match->data;
+
+ set_print_v3_matchinfo(info, "--match-set", "--");
+}
+
static struct xtables_match set_mt_reg[] = {
{
.name = "set",
@@ -221,26 +505,54 @@ static struct xtables_match set_mt_reg[] = {
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct xt_set_info_match_v0)),
.userspacesize = XT_ALIGN(sizeof(struct xt_set_info_match_v0)),
- .help = set_help,
+ .help = set_help_v0,
.parse = set_parse_v0,
- .final_check = set_check,
+ .final_check = set_check_v0,
.print = set_print_v0,
.save = set_save_v0,
- .extra_opts = set_opts,
+ .extra_opts = set_opts_v0,
},
{
.name = "set",
.revision = 1,
.version = XTABLES_VERSION,
.family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_set_info_match)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_set_info_match)),
- .help = set_help,
- .parse = set_parse,
- .final_check = set_check,
- .print = set_print,
- .save = set_save,
- .extra_opts = set_opts,
+ .size = XT_ALIGN(sizeof(struct xt_set_info_match_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_set_info_match_v1)),
+ .help = set_help_v0,
+ .parse = set_parse_v1,
+ .final_check = set_check_v0,
+ .print = set_print_v1,
+ .save = set_save_v1,
+ .extra_opts = set_opts_v0,
+ },
+ {
+ .name = "set",
+ .revision = 2,
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_set_info_match_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_set_info_match_v1)),
+ .help = set_help_v2,
+ .parse = set_parse_v2,
+ .final_check = set_check_v0,
+ .print = set_print_v2,
+ .save = set_save_v2,
+ .extra_opts = set_opts_v2,
+ },
+ {
+ .name = "set",
+ .revision = 3,
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_set_info_match_v3)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_set_info_match_v3)),
+ .help = set_help_v3,
+ .parse = set_parse_v3,
+ .final_check = set_check_v0,
+ .print = set_print_v3,
+ .save = set_save_v3,
+ .extra_opts = set_opts_v3,
},
};
diff --git a/extensions/libxt_set.h b/extensions/libxt_set.h
index 6b93691..5a1bdcf 100644
--- a/extensions/libxt_set.h
+++ b/extensions/libxt_set.h
@@ -2,9 +2,11 @@
#define _LIBXT_SET_H
#include <unistd.h>
+#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <errno.h>
+#include "../iptables/xshared.h"
#ifdef DEBUG
#define DEBUGP(x, args...) fprintf(stderr, x , ## args)
@@ -23,6 +25,12 @@ get_version(unsigned *version)
xtables_error(OTHER_PROBLEM,
"Can't open socket to ipset.\n");
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ xtables_error(OTHER_PROBLEM,
+ "Could not set close on exec: %s\n",
+ strerror(errno));
+ }
+
req_version.op = IP_SET_OP_VERSION;
res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req_version, &size);
if (res != 0)
@@ -64,13 +72,13 @@ get_set_byid(char *setname, ip_set_id_t idx)
}
static void
-get_set_byname(const char *setname, struct xt_set_info *info)
+get_set_byname_only(const char *setname, struct xt_set_info *info,
+ int sockfd, unsigned int version)
{
- struct ip_set_req_get_set req;
+ struct ip_set_req_get_set req = { .version = version };
socklen_t size = sizeof(struct ip_set_req_get_set);
- int res, sockfd;
+ int res;
- sockfd = get_version(&req.version);
req.op = IP_SET_OP_GET_BYNAME;
strncpy(req.set.name, setname, IPSET_MAXNAMELEN);
req.set.name[IPSET_MAXNAMELEN - 1] = '\0';
@@ -94,6 +102,49 @@ get_set_byname(const char *setname, struct xt_set_info *info)
}
static void
+get_set_byname(const char *setname, struct xt_set_info *info)
+{
+ struct ip_set_req_get_set_family req;
+ socklen_t size = sizeof(struct ip_set_req_get_set_family);
+ int res, sockfd, version;
+
+ sockfd = get_version(&req.version);
+ version = req.version;
+ req.op = IP_SET_OP_GET_FNAME;
+ strncpy(req.set.name, setname, IPSET_MAXNAMELEN);
+ req.set.name[IPSET_MAXNAMELEN - 1] = '\0';
+ res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req, &size);
+
+ if (res != 0 && errno == EBADMSG)
+ /* Backward compatibility */
+ return get_set_byname_only(setname, info, sockfd, version);
+
+ close(sockfd);
+ if (res != 0)
+ xtables_error(OTHER_PROBLEM,
+ "Problem when communicating with ipset, errno=%d.\n",
+ errno);
+ if (size != sizeof(struct ip_set_req_get_set_family))
+ xtables_error(OTHER_PROBLEM,
+ "Incorrect return size from kernel during ipset lookup, "
+ "(want %zu, got %zu)\n",
+ sizeof(struct ip_set_req_get_set_family),
+ (size_t)size);
+ if (req.set.index == IPSET_INVALID_ID)
+ xtables_error(PARAMETER_PROBLEM,
+ "Set %s doesn't exist.\n", setname);
+ if (!(req.family == afinfo->family ||
+ req.family == NFPROTO_UNSPEC))
+ xtables_error(PARAMETER_PROBLEM,
+ "The protocol family of set %s is %s, "
+ "which is not applicable.\n",
+ setname,
+ req.family == NFPROTO_IPV4 ? "IPv4" : "IPv6");
+
+ info->index = req.set.index;
+}
+
+static void
parse_dirs_v0(const char *opt_arg, struct xt_set_info_v0 *info)
{
char *saved = strdup(opt_arg);
@@ -114,7 +165,7 @@ parse_dirs_v0(const char *opt_arg, struct xt_set_info_v0 *info)
if (tmp)
xtables_error(PARAMETER_PROBLEM,
"Can't be more src/dst options than %i.",
- IPSET_DIM_MAX - 1);
+ IPSET_DIM_MAX);
free(saved);
}
@@ -124,9 +175,8 @@ parse_dirs(const char *opt_arg, struct xt_set_info *info)
{
char *saved = strdup(opt_arg);
char *ptr, *tmp = saved;
- int i = 0;
- while (i < (IPSET_DIM_MAX - 1) && tmp != NULL) {
+ while (info->dim < IPSET_DIM_MAX && tmp != NULL) {
info->dim++;
ptr = strsep(&tmp, ",");
if (strncmp(ptr, "src", 3) == 0)
@@ -139,7 +189,7 @@ parse_dirs(const char *opt_arg, struct xt_set_info *info)
if (tmp)
xtables_error(PARAMETER_PROBLEM,
"Can't be more src/dst options than %i.",
- IPSET_DIM_MAX - 1);
+ IPSET_DIM_MAX);
free(saved);
}
diff --git a/extensions/libxt_set.man b/extensions/libxt_set.man
index aca1bfc..7012ef2 100644
--- a/extensions/libxt_set.man
+++ b/extensions/libxt_set.man
@@ -14,10 +14,52 @@ address and destination port pair can be found in the specified set. If
the set type of the specified set is single dimension (for example ipmap),
then the command will match packets for which the source address can be
found in the specified set.
+.TP
+\fB\-\-return\-nomatch\fP
+If the \fB\-\-return\-nomatch\fP option is specified and the set type
+supports the \fBnomatch\fP flag, then the matching is reversed: a match
+with an element flagged with \fBnomatch\fP returns \fBtrue\fP, while a
+match with a plain element returns \fBfalse\fP.
+.TP
+\fB!\fP \fB\-\-update\-counters\fP
+If the \fB\-\-update\-counters\fP flag is negated, then the packet and
+byte counters of the matching element in the set won't be updated. Default
+the packet and byte counters are updated.
+.TP
+\fB!\fP \fB\-\-update\-subcounters\fP
+If the \fB\-\-update\-subcounters\fP flag is negated, then the packet and
+byte counters of the matching element in the member set of a list type of
+set won't be updated. Default the packet and byte counters are updated.
+.TP
+[\fB!\fP] \fB\-\-packets\-eq\fP \fIvalue\fP
+If the packet is matched an element in the set, match only if the
+packet counter of the element matches the given value too.
+.TP
+\fB\-\-packets\-lt\fP \fIvalue\fP
+If the packet is matched an element in the set, match only if the
+packet counter of the element is less than the given value as well.
+.TP
+\fB\-\-packets\-gt\fP \fIvalue\fP
+If the packet is matched an element in the set, match only if the
+packet counter of the element is greater than the given value as well.
+.TP
+[\fB!\fP] \fB\-bytes\-eq\fP \fIvalue\fP
+If the packet is matched an element in the set, match only if the
+byte counter of the element matches the given value too.
+.TP
+\fB\-\-bytes\-lt\fP \fIvalue\fP
+If the packet is matched an element in the set, match only if the
+byte counter of the element is less than the given value as well.
+.TP
+\fB\-\-bytes\-gt\fP \fIvalue\fP
+If the packet is matched an element in the set, match only if the
+byte counter of the element is greater than the given value as well.
+.PP
+The packet and byte counters related options and flags are ignored
+when the set was defined without counter support.
.PP
-The option \fB\-\-match\-set\fR can be replaced by \fB\-\-set\fR if that does
+The option \fB\-\-match\-set\fP can be replaced by \fB\-\-set\fP if that does
not clash with an option of other extensions.
.PP
-Use of -m set requires that ipset kernel support is provided. As standard
-kernels do not ship this currently, the ipset or Xtables-addons package needs
-to be installed.
+Use of -m set requires that ipset kernel support is provided, which, for
+standard kernels, is the case since Linux 2.6.39.
diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c
index 1490473..f19c280 100644
--- a/extensions/libxt_socket.c
+++ b/extensions/libxt_socket.c
@@ -3,17 +3,142 @@
*
* Copyright (C) 2007 BalaBit IT Ltd.
*/
+#include <stdio.h>
#include <xtables.h>
+#include <linux/netfilter/xt_socket.h>
-static struct xtables_match socket_mt_reg = {
- .name = "socket",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(0),
- .userspacesize = XT_ALIGN(0),
+enum {
+ O_TRANSPARENT = 0,
+ O_NOWILDCARD = 1,
+};
+
+static const struct xt_option_entry socket_mt_opts[] = {
+ {.name = "transparent", .id = O_TRANSPARENT, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
+};
+
+static const struct xt_option_entry socket_mt_opts_v2[] = {
+ {.name = "transparent", .id = O_TRANSPARENT, .type = XTTYPE_NONE},
+ {.name = "nowildcard", .id = O_NOWILDCARD, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
+};
+
+static void socket_mt_help(void)
+{
+ printf(
+ "socket match options:\n"
+ " --transparent Ignore non-transparent sockets\n\n");
+}
+
+static void socket_mt_help_v2(void)
+{
+ printf(
+ "socket match options:\n"
+ " --nowildcard Do not ignore LISTEN sockets bound on INADDR_ANY\n"
+ " --transparent Ignore non-transparent sockets\n\n");
+}
+
+static void socket_mt_parse(struct xt_option_call *cb)
+{
+ struct xt_socket_mtinfo1 *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TRANSPARENT:
+ info->flags |= XT_SOCKET_TRANSPARENT;
+ break;
+ }
+}
+
+static void socket_mt_parse_v2(struct xt_option_call *cb)
+{
+ struct xt_socket_mtinfo2 *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_TRANSPARENT:
+ info->flags |= XT_SOCKET_TRANSPARENT;
+ break;
+ case O_NOWILDCARD:
+ info->flags |= XT_SOCKET_NOWILDCARD;
+ break;
+ }
+}
+
+static void
+socket_mt_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_socket_mtinfo1 *info = (const void *)match->data;
+
+ if (info->flags & XT_SOCKET_TRANSPARENT)
+ printf(" --transparent");
+}
+
+static void
+socket_mt_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ printf(" socket");
+ socket_mt_save(ip, match);
+}
+
+static void
+socket_mt_save_v2(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_socket_mtinfo2 *info = (const void *)match->data;
+
+ if (info->flags & XT_SOCKET_TRANSPARENT)
+ printf(" --transparent");
+ if (info->flags & XT_SOCKET_NOWILDCARD)
+ printf(" --nowildcard");
+}
+
+static void
+socket_mt_print_v2(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ printf(" socket");
+ socket_mt_save_v2(ip, match);
+}
+
+static struct xtables_match socket_mt_reg[] = {
+ {
+ .name = "socket",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(0),
+ .userspacesize = XT_ALIGN(0),
+ },
+ {
+ .name = "socket",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)),
+ .help = socket_mt_help,
+ .print = socket_mt_print,
+ .save = socket_mt_save,
+ .x6_parse = socket_mt_parse,
+ .x6_options = socket_mt_opts,
+ },
+ {
+ .name = "socket",
+ .revision = 2,
+ .family = NFPROTO_UNSPEC,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo2)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo2)),
+ .help = socket_mt_help_v2,
+ .print = socket_mt_print_v2,
+ .save = socket_mt_save_v2,
+ .x6_parse = socket_mt_parse_v2,
+ .x6_options = socket_mt_opts_v2,
+ },
};
void _init(void)
{
- xtables_register_match(&socket_mt_reg);
+ xtables_register_matches(socket_mt_reg, ARRAY_SIZE(socket_mt_reg));
}
diff --git a/extensions/libxt_socket.man b/extensions/libxt_socket.man
index 50c8854..2ef32ce 100644
--- a/extensions/libxt_socket.man
+++ b/extensions/libxt_socket.man
@@ -1,2 +1,22 @@
-This matches if an open socket can be found by doing a socket lookup on the
-packet.
+This matches if an open TCP/UDP socket can be found by doing a socket lookup on the
+packet. It matches if there is an established or non\-zero bound listening
+socket (possibly with a non\-local address). The lookup is performed using
+the \fBpacket\fP tuple of TCP/UDP packets, or the original TCP/UDP header
+\fBembedded\fP in an ICMP/ICPMv6 error packet.
+.TP
+\fB\-\-transparent\fP
+Ignore non-transparent sockets.
+.TP
+\fB\-\-nowildcard\fP
+Do not ignore sockets bound to 'any' address.
+The socket match won't accept zero\-bound listeners by default, since
+then local services could intercept traffic that would otherwise be forwarded.
+This option therefore has security implications when used to match traffic being
+forwarded to redirect such packets to local machine with policy routing.
+When using the socket match to implement fully transparent
+proxies bound to non\-local addresses it is recommended to use the \-\-transparent
+option instead.
+.PP
+Example (assuming packets with mark 1 are delivered locally):
+.IP
+\-t mangle \-A PREROUTING \-m socket \-\-transparent \-j MARK \-\-set\-mark 1
diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c
deleted file mode 100644
index d8159e5..0000000
--- a/extensions/libxt_state.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/* Shared library add-on to iptables to add state tracking support. */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <xtables.h>
-#include <linux/netfilter/nf_conntrack_common.h>
-#include <linux/netfilter/xt_state.h>
-
-#ifndef XT_STATE_UNTRACKED
-#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
-#endif
-
-static void
-state_help(void)
-{
- printf(
-"state match options:\n"
-" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n"
-" State(s) to match\n");
-}
-
-static const struct option state_opts[] = {
- { "state", 1, NULL, '1' },
- { .name = NULL }
-};
-
-static int
-state_parse_state(const char *state, size_t len, struct xt_state_info *sinfo)
-{
- if (strncasecmp(state, "INVALID", len) == 0)
- sinfo->statemask |= XT_STATE_INVALID;
- else if (strncasecmp(state, "NEW", len) == 0)
- sinfo->statemask |= XT_STATE_BIT(IP_CT_NEW);
- else if (strncasecmp(state, "ESTABLISHED", len) == 0)
- sinfo->statemask |= XT_STATE_BIT(IP_CT_ESTABLISHED);
- else if (strncasecmp(state, "RELATED", len) == 0)
- sinfo->statemask |= XT_STATE_BIT(IP_CT_RELATED);
- else if (strncasecmp(state, "UNTRACKED", len) == 0)
- sinfo->statemask |= XT_STATE_UNTRACKED;
- else
- return 0;
- return 1;
-}
-
-static void
-state_parse_states(const char *arg, struct xt_state_info *sinfo)
-{
- const char *comma;
-
- while ((comma = strchr(arg, ',')) != NULL) {
- if (comma == arg || !state_parse_state(arg, comma-arg, sinfo))
- xtables_error(PARAMETER_PROBLEM, "Bad state \"%s\"", arg);
- arg = comma+1;
- }
- if (!*arg)
- xtables_error(PARAMETER_PROBLEM, "\"--state\" requires a list of "
- "states with no spaces, e.g. "
- "ESTABLISHED,RELATED");
- if (strlen(arg) == 0 || !state_parse_state(arg, strlen(arg), sinfo))
- xtables_error(PARAMETER_PROBLEM, "Bad state \"%s\"", arg);
-}
-
-static int
-state_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- struct xt_entry_match **match)
-{
- struct xt_state_info *sinfo = (struct xt_state_info *)(*match)->data;
-
- switch (c) {
- case '1':
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
- state_parse_states(optarg, sinfo);
- if (invert)
- sinfo->statemask = ~sinfo->statemask;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-static void state_final_check(unsigned int flags)
-{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM, "You must specify \"--state\"");
-}
-
-static void state_print_state(unsigned int statemask)
-{
- const char *sep = "";
-
- if (statemask & XT_STATE_INVALID) {
- printf("%sINVALID", sep);
- sep = ",";
- }
- if (statemask & XT_STATE_BIT(IP_CT_NEW)) {
- printf("%sNEW", sep);
- sep = ",";
- }
- if (statemask & XT_STATE_BIT(IP_CT_RELATED)) {
- printf("%sRELATED", sep);
- sep = ",";
- }
- if (statemask & XT_STATE_BIT(IP_CT_ESTABLISHED)) {
- printf("%sESTABLISHED", sep);
- sep = ",";
- }
- if (statemask & XT_STATE_UNTRACKED) {
- printf("%sUNTRACKED", sep);
- sep = ",";
- }
- printf(" ");
-}
-
-static void
-state_print(const void *ip,
- const struct xt_entry_match *match,
- int numeric)
-{
- const struct xt_state_info *sinfo = (const void *)match->data;
-
- printf("state ");
- state_print_state(sinfo->statemask);
-}
-
-static void state_save(const void *ip, const struct xt_entry_match *match)
-{
- const struct xt_state_info *sinfo = (const void *)match->data;
-
- printf("--state ");
- state_print_state(sinfo->statemask);
-}
-
-static struct xtables_match state_match = {
- .family = NFPROTO_UNSPEC,
- .name = "state",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_state_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_state_info)),
- .help = state_help,
- .parse = state_parse,
- .final_check = state_final_check,
- .print = state_print,
- .save = state_save,
- .extra_opts = state_opts,
-};
-
-void _init(void)
-{
- xtables_register_match(&state_match);
-}
diff --git a/extensions/libxt_state.man b/extensions/libxt_state.man
index 37d095b..ec096ca 100644
--- a/extensions/libxt_state.man
+++ b/extensions/libxt_state.man
@@ -1,24 +1,8 @@
-This module, when combined with connection tracking, allows access to
-the connection tracking state for this packet.
+The "state" extension is a subset of the "conntrack" module.
+"state" allows access to the connection tracking state for this packet.
.TP
[\fB!\fP] \fB\-\-state\fP \fIstate\fP
-Where state is a comma separated list of the connection states to
-match. Possible states are
-.B INVALID
-meaning that the packet could not be identified for some reason which
-includes running out of memory and ICMP errors which don't correspond to any
-known connection,
-.B ESTABLISHED
-meaning that the packet is associated with a connection which has seen
-packets in both directions,
-.B NEW
-meaning that the packet has started a new connection, or otherwise
-associated with a connection which has not seen packets in both
-directions, and
-.B RELATED
-meaning that the packet is starting a new connection, but is
-associated with an existing connection, such as an FTP data transfer,
-or an ICMP error.
-.B UNTRACKED
-meaning that the packet is not tracked at all, which happens if you use
-the NOTRACK target in raw table.
+Where state is a comma separated list of the connection states to match. Only a
+subset of the states unterstood by "conntrack" are recognized: \fBINVALID\fP,
+\fBESTABLISHED\fP, \fBNEW\fP, \fBRELATED\fP or \fBUNTRACKED\fP. For their
+description, see the "conntrack" heading in this manpage.
diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c
index 913aa2c..b6ae5f5 100644
--- a/extensions/libxt_statistic.c
+++ b/extensions/libxt_statistic.c
@@ -1,144 +1,118 @@
+/*
+ * Copyright (c) 2006-2013 Patrick McHardy <kaber@trash.net>
+ */
+
+#include <math.h>
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <getopt.h>
-
#include <xtables.h>
#include <linux/netfilter/xt_statistic.h>
+enum {
+ O_MODE = 0,
+ O_PROBABILITY,
+ O_EVERY,
+ O_PACKET,
+ F_PROBABILITY = 1 << O_PROBABILITY,
+ F_EVERY = 1 << O_EVERY,
+ F_PACKET = 1 << O_PACKET,
+};
+
static void statistic_help(void)
{
printf(
"statistic match options:\n"
" --mode mode Match mode (random, nth)\n"
" random mode:\n"
-" --probability p Probability\n"
+"[!] --probability p Probability\n"
" nth mode:\n"
-" --every n Match every nth packet\n"
+"[!] --every n Match every nth packet\n"
" --packet p Initial counter value (0 <= p <= n-1, default 0)\n");
}
-static const struct option statistic_opts[] = {
- { "mode", 1, NULL, '1' },
- { "probability", 1, NULL, '2' },
- { "every", 1, NULL, '3' },
- { "packet", 1, NULL, '4' },
- { .name = NULL }
+#define s struct xt_statistic_info
+static const struct xt_option_entry statistic_opts[] = {
+ {.name = "mode", .id = O_MODE, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND},
+ {.name = "probability", .id = O_PROBABILITY, .type = XTTYPE_DOUBLE,
+ .flags = XTOPT_INVERT, .min = 0, .max = 1,
+ .excl = F_EVERY | F_PACKET},
+ {.name = "every", .id = O_EVERY, .type = XTTYPE_UINT32, .min = 1,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, u.nth.every),
+ .excl = F_PROBABILITY, .also = F_PACKET},
+ {.name = "packet", .id = O_PACKET, .type = XTTYPE_UINT32,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, u.nth.packet),
+ .excl = F_PROBABILITY, .also = F_EVERY},
+ XTOPT_TABLEEND,
};
+#undef s
-static struct xt_statistic_info *global_info;
-
-static void statistic_mt_init(struct xt_entry_match *match)
-{
- global_info = (void *)match->data;
-}
-
-static int
-statistic_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void statistic_parse(struct xt_option_call *cb)
{
- struct xt_statistic_info *info = (void *)(*match)->data;
- unsigned int val;
- double prob;
+ struct xt_statistic_info *info = cb->data;
- if (invert)
+ if (cb->invert)
info->flags |= XT_STATISTIC_INVERT;
- switch (c) {
- case '1':
- if (*flags & 0x1)
- xtables_error(PARAMETER_PROBLEM, "double --mode");
- if (!strcmp(optarg, "random"))
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_MODE:
+ if (strcmp(cb->arg, "random") == 0)
info->mode = XT_STATISTIC_MODE_RANDOM;
- else if (!strcmp(optarg, "nth"))
+ else if (strcmp(cb->arg, "nth") == 0)
info->mode = XT_STATISTIC_MODE_NTH;
else
- xtables_error(PARAMETER_PROBLEM, "Bad mode \"%s\"", optarg);
- *flags |= 0x1;
+ xtables_error(PARAMETER_PROBLEM, "Bad mode \"%s\"",
+ cb->arg);
break;
- case '2':
- if (*flags & 0x2)
- xtables_error(PARAMETER_PROBLEM, "double --probability");
- prob = atof(optarg);
- if (prob < 0 || prob > 1)
- xtables_error(PARAMETER_PROBLEM,
- "--probability must be between 0 and 1");
- info->u.random.probability = 0x80000000 * prob;
- *flags |= 0x2;
+ case O_PROBABILITY:
+ info->u.random.probability = lround(0x80000000 * cb->val.dbl);
break;
- case '3':
- if (*flags & 0x4)
- xtables_error(PARAMETER_PROBLEM, "double --every");
- if (!xtables_strtoui(optarg, NULL, &val, 0, UINT32_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "cannot parse --every `%s'", optarg);
- info->u.nth.every = val;
- if (info->u.nth.every == 0)
- xtables_error(PARAMETER_PROBLEM, "--every cannot be 0");
- info->u.nth.every--;
- *flags |= 0x4;
+ case O_EVERY:
+ --info->u.nth.every;
break;
- case '4':
- if (*flags & 0x8)
- xtables_error(PARAMETER_PROBLEM, "double --packet");
- if (!xtables_strtoui(optarg, NULL, &val, 0, UINT32_MAX))
- xtables_error(PARAMETER_PROBLEM,
- "cannot parse --packet `%s'", optarg);
- info->u.nth.packet = val;
- *flags |= 0x8;
- break;
- default:
- return 0;
}
- return 1;
}
-static void statistic_check(unsigned int flags)
+static void statistic_check(struct xt_fcheck_call *cb)
{
- if (!(flags & 0x1))
- xtables_error(PARAMETER_PROBLEM, "no mode specified");
- if ((flags & 0x2) && (flags & (0x4 | 0x8)))
- xtables_error(PARAMETER_PROBLEM,
- "both nth and random parameters given");
- if (flags & 0x2 && global_info->mode != XT_STATISTIC_MODE_RANDOM)
- xtables_error(PARAMETER_PROBLEM,
- "--probability can only be used in random mode");
- if (flags & 0x4 && global_info->mode != XT_STATISTIC_MODE_NTH)
- xtables_error(PARAMETER_PROBLEM,
- "--every can only be used in nth mode");
- if (flags & 0x8 && global_info->mode != XT_STATISTIC_MODE_NTH)
+ struct xt_statistic_info *info = cb->data;
+
+ if (info->mode == XT_STATISTIC_MODE_RANDOM &&
+ !(cb->xflags & F_PROBABILITY))
xtables_error(PARAMETER_PROBLEM,
- "--packet can only be used in nth mode");
- if ((flags & 0x8) && !(flags & 0x4))
+ "--probability must be specified when using "
+ "random mode");
+ if (info->mode == XT_STATISTIC_MODE_NTH &&
+ !(cb->xflags & (F_EVERY | F_PACKET)))
xtables_error(PARAMETER_PROBLEM,
- "--packet can only be used with --every");
+ "--every and --packet must be specified when "
+ "using nth mode");
+
/* at this point, info->u.nth.every have been decreased. */
- if (global_info->u.nth.packet > global_info->u.nth.every)
+ if (info->u.nth.packet > info->u.nth.every)
xtables_error(PARAMETER_PROBLEM,
"the --packet p must be 0 <= p <= n-1");
-
- global_info->u.nth.count = global_info->u.nth.every -
- global_info->u.nth.packet;
+ info->u.nth.count = info->u.nth.every - info->u.nth.packet;
}
static void print_match(const struct xt_statistic_info *info, char *prefix)
{
- if (info->flags & XT_STATISTIC_INVERT)
- printf("! ");
-
switch (info->mode) {
case XT_STATISTIC_MODE_RANDOM:
- printf("%smode random %sprobability %f ", prefix, prefix,
+ printf(" %smode random%s %sprobability %.11f", prefix,
+ (info->flags & XT_STATISTIC_INVERT) ? " !" : "",
+ prefix,
1.0 * info->u.random.probability / 0x80000000);
break;
case XT_STATISTIC_MODE_NTH:
- printf("%smode nth %severy %u ", prefix, prefix,
+ printf(" %smode nth%s %severy %u", prefix,
+ (info->flags & XT_STATISTIC_INVERT) ? " !" : "",
+ prefix,
info->u.nth.every + 1);
- if (info->u.nth.packet)
- printf("%spacket %u ", prefix, info->u.nth.packet);
+ if (info->u.nth.packet || *prefix)
+ printf(" %spacket %u", prefix, info->u.nth.packet);
break;
}
}
@@ -148,7 +122,7 @@ statistic_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_statistic_info *info = (const void *)match->data;
- printf("statistic ");
+ printf(" statistic");
print_match(info, "");
}
@@ -165,13 +139,12 @@ static struct xtables_match statistic_match = {
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_statistic_info)),
.userspacesize = offsetof(struct xt_statistic_info, u.nth.count),
- .init = statistic_mt_init,
.help = statistic_help,
- .parse = statistic_parse,
- .final_check = statistic_check,
+ .x6_parse = statistic_parse,
+ .x6_fcheck = statistic_check,
.print = statistic_print,
.save = statistic_save,
- .extra_opts = statistic_opts,
+ .x6_options = statistic_opts,
};
void _init(void)
diff --git a/extensions/libxt_statistic.man b/extensions/libxt_statistic.man
index 8fc3b29..47182bf 100644
--- a/extensions/libxt_statistic.man
+++ b/extensions/libxt_statistic.man
@@ -11,13 +11,12 @@ Set the matching mode of the matching rule, supported modes are
and
.B nth.
.TP
-\fB\-\-probability\fP \fIp\fP
-Set the probability from 0 to 1 for a packet to be randomly
-matched. It works only with the
-.B random
-mode.
+[\fB!\fP] \fB\-\-probability\fP \fIp\fP
+Set the probability for a packet to be randomly matched. It only works with the
+\fBrandom\fP mode. \fIp\fP must be within 0.0 and 1.0. The supported
+granularity is in 1/2147483648th increments.
.TP
-\fB\-\-every\fP \fIn\fP
+[\fB!\fP] \fB\-\-every\fP \fIn\fP
Match one packet every nth packet. It works only with the
.B nth
mode (see also the
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index df6302e..fb15980 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -20,17 +20,26 @@
* updated to work with slightly modified
* ipt_string_info.
*/
-#define _GNU_SOURCE 1
+#define _GNU_SOURCE 1 /* strnlen for older glibcs */
#include <stdio.h>
-#include <netdb.h>
#include <string.h>
#include <stdlib.h>
-#include <getopt.h>
#include <ctype.h>
#include <xtables.h>
-#include <stddef.h>
#include <linux/netfilter/xt_string.h>
+enum {
+ O_FROM = 0,
+ O_TO,
+ O_ALGO,
+ O_ICASE,
+ O_STRING,
+ O_HEX_STRING,
+ F_STRING = 1 << O_STRING,
+ F_HEX_STRING = 1 << O_HEX_STRING,
+ F_OP_ANY = F_STRING | F_HEX_STRING,
+};
+
static void string_help(void)
{
printf(
@@ -43,22 +52,28 @@ static void string_help(void)
"[!] --hex-string string Match a hex string in a packet\n");
}
-static const struct option string_opts[] = {
- { "from", 1, NULL, '1' },
- { "to", 1, NULL, '2' },
- { "algo", 1, NULL, '3' },
- { "string", 1, NULL, '4' },
- { "hex-string", 1, NULL, '5' },
- { "icase", 0, NULL, '6' },
- { .name = NULL }
+#define s struct xt_string_info
+static const struct xt_option_entry string_opts[] = {
+ {.name = "from", .id = O_FROM, .type = XTTYPE_UINT16,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, from_offset)},
+ {.name = "to", .id = O_TO, .type = XTTYPE_UINT16,
+ .flags = XTOPT_PUT, XTOPT_POINTER(s, to_offset)},
+ {.name = "algo", .id = O_ALGO, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, algo)},
+ {.name = "string", .id = O_STRING, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT, .excl = F_HEX_STRING},
+ {.name = "hex-string", .id = O_HEX_STRING, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT, .excl = F_STRING},
+ {.name = "icase", .id = O_ICASE, .type = XTTYPE_NONE},
+ XTOPT_TABLEEND,
};
+#undef s
static void string_init(struct xt_entry_match *m)
{
struct xt_string_info *i = (struct xt_string_info *) m->data;
- if (i->to_offset == 0)
- i->to_offset = UINT16_MAX;
+ i->to_offset = UINT16_MAX;
}
static void
@@ -74,17 +89,6 @@ parse_string(const char *s, struct xt_string_info *info)
}
static void
-parse_algo(const char *s, struct xt_string_info *info)
-{
- /* xt_string needs \0 for algo name */
- if (strlen(s) < XT_STRING_MAX_ALGO_NAME_SIZE) {
- strncpy(info->algo, s, XT_STRING_MAX_ALGO_NAME_SIZE);
- return;
- }
- xtables_error(PARAMETER_PROBLEM, "ALGO too long \"%s\"", s);
-}
-
-static void
parse_hex_string(const char *s, struct xt_string_info *info)
{
int i=0, slen, sindex=0, schar;
@@ -162,97 +166,47 @@ parse_hex_string(const char *s, struct xt_string_info *info)
info->patlen = sindex;
}
-#define STRING 0x1
-#define ALGO 0x2
-#define FROM 0x4
-#define TO 0x8
-#define ICASE 0x10
-
-static int
-string_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void string_parse(struct xt_option_call *cb)
{
- struct xt_string_info *stringinfo =
- (struct xt_string_info *)(*match)->data;
- const int revision = (*match)->u.user.revision;
+ struct xt_string_info *stringinfo = cb->data;
+ const unsigned int revision = (*cb->match)->u.user.revision;
- switch (c) {
- case '1':
- if (*flags & FROM)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple --from");
- stringinfo->from_offset = atoi(optarg);
- *flags |= FROM;
- break;
- case '2':
- if (*flags & TO)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple --to");
- stringinfo->to_offset = atoi(optarg);
- *flags |= TO;
- break;
- case '3':
- if (*flags & ALGO)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple --algo");
- parse_algo(optarg, stringinfo);
- *flags |= ALGO;
- break;
- case '4':
- if (*flags & STRING)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple --string");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_string(optarg, stringinfo);
- if (invert) {
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_STRING:
+ parse_string(cb->arg, stringinfo);
+ if (cb->invert) {
if (revision == 0)
stringinfo->u.v0.invert = 1;
else
stringinfo->u.v1.flags |= XT_STRING_FLAG_INVERT;
}
- *flags |= STRING;
break;
-
- case '5':
- if (*flags & STRING)
- xtables_error(PARAMETER_PROBLEM,
- "Can't specify multiple --hex-string");
-
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_hex_string(optarg, stringinfo); /* sets length */
- if (invert) {
+ case O_HEX_STRING:
+ parse_hex_string(cb->arg, stringinfo); /* sets length */
+ if (cb->invert) {
if (revision == 0)
stringinfo->u.v0.invert = 1;
else
stringinfo->u.v1.flags |= XT_STRING_FLAG_INVERT;
}
- *flags |= STRING;
break;
-
- case '6':
+ case O_ICASE:
if (revision == 0)
xtables_error(VERSION_PROBLEM,
"Kernel doesn't support --icase");
stringinfo->u.v1.flags |= XT_STRING_FLAG_IGNORECASE;
- *flags |= ICASE;
break;
-
- default:
- return 0;
}
- return 1;
}
-static void string_check(unsigned int flags)
+static void string_check(struct xt_fcheck_call *cb)
{
- if (!(flags & STRING))
+ if (!(cb->xflags & F_OP_ANY))
xtables_error(PARAMETER_PROBLEM,
"STRING match: You must specify `--string' or "
"`--hex-string'");
- if (!(flags & ALGO))
- xtables_error(PARAMETER_PROBLEM,
- "STRING match: You must specify `--algo'");
}
/* Test to see if the string contains non-printable chars or quotes */
@@ -264,7 +218,7 @@ is_hex_string(const char *str, const unsigned short int len)
if (! isprint(str[i]))
return 1; /* string contains at least one non-printable char */
/* use hex output if the last char is a "\" */
- if ((unsigned char) str[len-1] == 0x5c)
+ if (str[len-1] == '\\')
return 1;
return 0;
}
@@ -275,29 +229,24 @@ print_hex_string(const char *str, const unsigned short int len)
{
unsigned int i;
/* start hex block */
- printf("\"|");
- for (i=0; i < len; i++) {
- /* see if we need to prepend a zero */
- if ((unsigned char) str[i] <= 0x0F)
- printf("0%x", (unsigned char) str[i]);
- else
- printf("%x", (unsigned char) str[i]);
- }
+ printf(" \"|");
+ for (i=0; i < len; i++)
+ printf("%02x", (unsigned char)str[i]);
/* close hex block */
- printf("|\" ");
+ printf("|\"");
}
static void
print_string(const char *str, const unsigned short int len)
{
unsigned int i;
- printf("\"");
+ printf(" \"");
for (i=0; i < len; i++) {
- if ((unsigned char) str[i] == 0x22) /* escape any embedded quotes */
- printf("%c", 0x5c);
+ if (str[i] == '\"' || str[i] == '\\')
+ putchar('\\');
printf("%c", (unsigned char) str[i]);
}
- printf("\" "); /* closing space and quote */
+ printf("\""); /* closing quote */
}
static void
@@ -310,19 +259,19 @@ string_print(const void *ip, const struct xt_entry_match *match, int numeric)
info->u.v1.flags & XT_STRING_FLAG_INVERT);
if (is_hex_string(info->pattern, info->patlen)) {
- printf("STRING match %s", invert ? "!" : "");
+ printf(" STRING match %s", invert ? "!" : "");
print_hex_string(info->pattern, info->patlen);
} else {
- printf("STRING match %s", invert ? "!" : "");
+ printf(" STRING match %s", invert ? "!" : "");
print_string(info->pattern, info->patlen);
}
- printf("ALGO name %s ", info->algo);
+ printf(" ALGO name %s", info->algo);
if (info->from_offset != 0)
- printf("FROM %u ", info->from_offset);
+ printf(" FROM %u", info->from_offset);
if (info->to_offset != 0)
- printf("TO %u ", info->to_offset);
+ printf(" TO %u", info->to_offset);
if (revision > 0 && info->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
- printf("ICASE ");
+ printf(" ICASE");
}
static void string_save(const void *ip, const struct xt_entry_match *match)
@@ -334,19 +283,19 @@ static void string_save(const void *ip, const struct xt_entry_match *match)
info->u.v1.flags & XT_STRING_FLAG_INVERT);
if (is_hex_string(info->pattern, info->patlen)) {
- printf("%s--hex-string ", (invert) ? "! ": "");
+ printf("%s --hex-string", (invert) ? " !" : "");
print_hex_string(info->pattern, info->patlen);
} else {
- printf("%s--string ", (invert) ? "! ": "");
+ printf("%s --string", (invert) ? " !": "");
print_string(info->pattern, info->patlen);
}
- printf("--algo %s ", info->algo);
+ printf(" --algo %s", info->algo);
if (info->from_offset != 0)
- printf("--from %u ", info->from_offset);
+ printf(" --from %u", info->from_offset);
if (info->to_offset != 0)
- printf("--to %u ", info->to_offset);
+ printf(" --to %u", info->to_offset);
if (revision > 0 && info->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
- printf("--icase ");
+ printf(" --icase");
}
@@ -360,11 +309,11 @@ static struct xtables_match string_mt_reg[] = {
.userspacesize = offsetof(struct xt_string_info, config),
.help = string_help,
.init = string_init,
- .parse = string_parse,
- .final_check = string_check,
.print = string_print,
.save = string_save,
- .extra_opts = string_opts,
+ .x6_parse = string_parse,
+ .x6_fcheck = string_check,
+ .x6_options = string_opts,
},
{
.name = "string",
@@ -375,11 +324,11 @@ static struct xtables_match string_mt_reg[] = {
.userspacesize = offsetof(struct xt_string_info, config),
.help = string_help,
.init = string_init,
- .parse = string_parse,
- .final_check = string_check,
.print = string_print,
.save = string_save,
- .extra_opts = string_opts,
+ .x6_parse = string_parse,
+ .x6_fcheck = string_check,
+ .x6_options = string_opts,
},
};
diff --git a/extensions/libxt_string.man b/extensions/libxt_string.man
index b6b271d..adc9c18 100644
--- a/extensions/libxt_string.man
+++ b/extensions/libxt_string.man
@@ -16,3 +16,13 @@ Matches the given pattern.
.TP
[\fB!\fP] \fB\-\-hex\-string\fP \fIpattern\fP
Matches the given pattern in hex notation.
+.TP
+Examples:
+.IP
+# The string pattern can be used for simple text characters.
+.br
+iptables \-A INPUT \-p tcp \-\-dport 80 \-m string \-\-algo bm \-\-string 'GET /index.html' \-j LOG
+.IP
+# The hex string pattern can be used for non-printable characters, like |0D 0A| or |0D0A|.
+.br
+iptables \-p udp \-\-dport 53 \-m string \-\-algo bm \-\-from 40 \-\-to 57 \-\-hex\-string '|03|www|09|netfilter|03|org|00|'
diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c
index 75551d7..bbdec45 100644
--- a/extensions/libxt_tcp.c
+++ b/extensions/libxt_tcp.c
@@ -1,4 +1,5 @@
/* Shared library add-on to iptables to add TCP support. */
+#include <stdbool.h>
#include <stdio.h>
#include <netdb.h>
#include <string.h>
@@ -26,18 +27,18 @@ static void tcp_help(void)
}
static const struct option tcp_opts[] = {
- { "source-port", 1, NULL, '1' },
- { "sport", 1, NULL, '1' }, /* synonym */
- { "destination-port", 1, NULL, '2' },
- { "dport", 1, NULL, '2' }, /* synonym */
- { "syn", 0, NULL, '3' },
- { "tcp-flags", 1, NULL, '4' },
- { "tcp-option", 1, NULL, '5' },
- { .name = NULL }
+ {.name = "source-port", .has_arg = true, .val = '1'},
+ {.name = "sport", .has_arg = true, .val = '1'}, /* synonym */
+ {.name = "destination-port", .has_arg = true, .val = '2'},
+ {.name = "dport", .has_arg = true, .val = '2'}, /* synonym */
+ {.name = "syn", .has_arg = false, .val = '3'},
+ {.name = "tcp-flags", .has_arg = true, .val = '4'},
+ {.name = "tcp-option", .has_arg = true, .val = '5'},
+ XT_GETOPT_TABLEEND,
};
static void
-parse_tcp_ports(const char *portstring, u_int16_t *ports)
+parse_tcp_ports(const char *portstring, uint16_t *ports)
{
char *buffer;
char *cp;
@@ -114,7 +115,7 @@ parse_tcp_flags(struct xt_tcp *tcpinfo,
}
static void
-parse_tcp_option(const char *option, u_int8_t *result)
+parse_tcp_option(const char *option, uint8_t *result)
{
unsigned int ret;
@@ -147,7 +148,6 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_SRC_PORTS)
xtables_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
parse_tcp_ports(optarg, tcpinfo->spts);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_SRCPT;
@@ -158,7 +158,6 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_DST_PORTS)
xtables_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
parse_tcp_ports(optarg, tcpinfo->dpts);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_DSTPT;
@@ -179,8 +178,6 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags,
xtables_error(PARAMETER_PROBLEM,
"Only one of `--syn' or `--tcp-flags' "
" allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
xtables_error(PARAMETER_PROBLEM,
@@ -196,24 +193,20 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_OPTION)
xtables_error(PARAMETER_PROBLEM,
"Only one `--tcp-option' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
parse_tcp_option(optarg, &tcpinfo->option);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_OPTION;
*flags |= TCP_OPTION;
break;
-
- default:
- return 0;
}
return 1;
}
-static char *
+static const char *
port_to_service(int port)
{
- struct servent *service;
+ const struct servent *service;
if ((service = getservbyport(htons(port), "tcp")))
return service->s_name;
@@ -222,9 +215,9 @@ port_to_service(int port)
}
static void
-print_port(u_int16_t port, int numeric)
+print_port(uint16_t port, int numeric)
{
- char *service;
+ const char *service;
if (numeric || (service = port_to_service(port)) == NULL)
printf("%u", port);
@@ -233,13 +226,13 @@ print_port(u_int16_t port, int numeric)
}
static void
-print_ports(const char *name, u_int16_t min, u_int16_t max,
+print_ports(const char *name, uint16_t min, uint16_t max,
int invert, int numeric)
{
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
@@ -249,19 +242,18 @@ print_ports(const char *name, u_int16_t min, u_int16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
static void
-print_option(u_int8_t option, int invert, int numeric)
+print_option(uint8_t option, int invert, int numeric)
{
if (option || invert)
- printf("option=%s%u ", invert ? "!" : "", option);
+ printf(" option=%s%u", invert ? "!" : "", option);
}
static void
-print_tcpf(u_int8_t flags)
+print_tcpf(uint8_t flags)
{
int have_flag = 0;
@@ -283,17 +275,16 @@ print_tcpf(u_int8_t flags)
}
static void
-print_flags(u_int8_t mask, u_int8_t cmp, int invert, int numeric)
+print_flags(uint8_t mask, uint8_t cmp, int invert, int numeric)
{
if (mask || invert) {
- printf("flags:%s", invert ? "!" : "");
+ printf(" flags:%s", invert ? "!" : "");
if (numeric)
- printf("0x%02X/0x%02X ", mask, cmp);
+ printf("0x%02X/0x%02X", mask, cmp);
else {
print_tcpf(mask);
printf("/");
print_tcpf(cmp);
- printf(" ");
}
}
}
@@ -303,7 +294,7 @@ tcp_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_tcp *tcp = (struct xt_tcp *)match->data;
- printf("tcp ");
+ printf(" tcp");
print_ports("spt", tcp->spts[0], tcp->spts[1],
tcp->invflags & XT_TCP_INV_SRCPT,
numeric);
@@ -317,7 +308,7 @@ tcp_print(const void *ip, const struct xt_entry_match *match, int numeric)
tcp->invflags & XT_TCP_INV_FLAGS,
numeric);
if (tcp->invflags & ~XT_TCP_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
tcp->invflags & ~XT_TCP_INV_MASK);
}
@@ -328,49 +319,46 @@ static void tcp_save(const void *ip, const struct xt_entry_match *match)
if (tcpinfo->spts[0] != 0
|| tcpinfo->spts[1] != 0xFFFF) {
if (tcpinfo->invflags & XT_TCP_INV_SRCPT)
- printf("! ");
+ printf(" !");
if (tcpinfo->spts[0]
!= tcpinfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
tcpinfo->spts[0],
tcpinfo->spts[1]);
else
- printf("--sport %u ",
+ printf(" --sport %u",
tcpinfo->spts[0]);
}
if (tcpinfo->dpts[0] != 0
|| tcpinfo->dpts[1] != 0xFFFF) {
if (tcpinfo->invflags & XT_TCP_INV_DSTPT)
- printf("! ");
+ printf(" !");
if (tcpinfo->dpts[0]
!= tcpinfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
tcpinfo->dpts[0],
tcpinfo->dpts[1]);
else
- printf("--dport %u ",
+ printf(" --dport %u",
tcpinfo->dpts[0]);
}
if (tcpinfo->option
|| (tcpinfo->invflags & XT_TCP_INV_OPTION)) {
if (tcpinfo->invflags & XT_TCP_INV_OPTION)
- printf("! ");
- printf("--tcp-option %u ", tcpinfo->option);
+ printf(" !");
+ printf(" --tcp-option %u", tcpinfo->option);
}
if (tcpinfo->flg_mask
|| (tcpinfo->invflags & XT_TCP_INV_FLAGS)) {
if (tcpinfo->invflags & XT_TCP_INV_FLAGS)
- printf("! ");
- printf("--tcp-flags ");
- if (tcpinfo->flg_mask != 0xFF) {
- print_tcpf(tcpinfo->flg_mask);
- }
+ printf(" !");
+ printf(" --tcp-flags ");
+ print_tcpf(tcpinfo->flg_mask);
printf(" ");
print_tcpf(tcpinfo->flg_cmp);
- printf(" ");
}
}
diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c
index b54a890..c7c5971 100644
--- a/extensions/libxt_tcpmss.c
+++ b/extensions/libxt_tcpmss.c
@@ -1,13 +1,11 @@
-/* Shared library add-on to iptables to add tcp MSS matching support. */
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
#include <linux/netfilter/xt_tcpmss.h>
+enum {
+ O_TCPMSS = 0,
+};
+
static void tcpmss_help(void)
{
printf(
@@ -16,73 +14,23 @@ static void tcpmss_help(void)
" (only valid for TCP SYN or SYN/ACK packets)\n");
}
-static const struct option tcpmss_opts[] = {
- { "mss", 1, NULL, '1' },
- { .name = NULL }
+static const struct xt_option_entry tcpmss_opts[] = {
+ {.name = "mss", .id = O_TCPMSS, .type = XTTYPE_UINT16RC,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
-static u_int16_t
-parse_tcp_mssvalue(const char *mssvalue)
-{
- unsigned int mssvaluenum;
-
- if (xtables_strtoui(mssvalue, NULL, &mssvaluenum, 0, UINT16_MAX))
- return mssvaluenum;
-
- xtables_error(PARAMETER_PROBLEM,
- "Invalid mss `%s' specified", mssvalue);
-}
-
-static void
-parse_tcp_mssvalues(const char *mssvaluestring,
- u_int16_t *mss_min, u_int16_t *mss_max)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(mssvaluestring);
- if ((cp = strchr(buffer, ':')) == NULL)
- *mss_min = *mss_max = parse_tcp_mssvalue(buffer);
- else {
- *cp = '\0';
- cp++;
-
- *mss_min = buffer[0] ? parse_tcp_mssvalue(buffer) : 0;
- *mss_max = cp[0] ? parse_tcp_mssvalue(cp) : 0xFFFF;
- }
- free(buffer);
-}
-
-static int
-tcpmss_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- struct xt_tcpmss_match_info *mssinfo =
- (struct xt_tcpmss_match_info *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--mss' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_tcp_mssvalues(optarg,
- &mssinfo->mss_min, &mssinfo->mss_max);
- if (invert)
- mssinfo->invert = 1;
- *flags = 1;
- break;
- default:
- return 0;
- }
- return 1;
-}
-
-static void tcpmss_check(unsigned int flags)
+static void tcpmss_parse(struct xt_option_call *cb)
{
- if (!flags)
- xtables_error(PARAMETER_PROBLEM,
- "tcpmss match: You must specify `--mss'");
+ struct xt_tcpmss_match_info *mssinfo = cb->data;
+
+ xtables_option_parse(cb);
+ mssinfo->mss_min = cb->val.u16_range[0];
+ mssinfo->mss_max = mssinfo->mss_min;
+ if (cb->nvals == 2)
+ mssinfo->mss_max = cb->val.u16_range[1];
+ if (cb->invert)
+ mssinfo->invert = 1;
}
static void
@@ -90,22 +38,22 @@ tcpmss_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_tcpmss_match_info *info = (void *)match->data;
- printf("tcpmss match %s", info->invert ? "!" : "");
+ printf(" tcpmss match %s", info->invert ? "!" : "");
if (info->mss_min == info->mss_max)
- printf("%u ", info->mss_min);
+ printf("%u", info->mss_min);
else
- printf("%u:%u ", info->mss_min, info->mss_max);
+ printf("%u:%u", info->mss_min, info->mss_max);
}
static void tcpmss_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_tcpmss_match_info *info = (void *)match->data;
- printf("%s--mss ", info->invert ? "! " : "");
+ printf("%s --mss ", info->invert ? " !" : "");
if (info->mss_min == info->mss_max)
- printf("%u ", info->mss_min);
+ printf("%u", info->mss_min);
else
- printf("%u:%u ", info->mss_min, info->mss_max);
+ printf("%u:%u", info->mss_min, info->mss_max);
}
static struct xtables_match tcpmss_match = {
@@ -115,11 +63,10 @@ static struct xtables_match tcpmss_match = {
.size = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
.help = tcpmss_help,
- .parse = tcpmss_parse,
- .final_check = tcpmss_check,
.print = tcpmss_print,
.save = tcpmss_save,
- .extra_opts = tcpmss_opts,
+ .x6_parse = tcpmss_parse,
+ .x6_options = tcpmss_opts,
};
void _init(void)
diff --git a/extensions/libxt_time.c b/extensions/libxt_time.c
index 098fc9c..9c5bda8 100644
--- a/extensions/libxt_time.c
+++ b/extensions/libxt_time.c
@@ -9,44 +9,52 @@
*
* Based on libipt_time.c.
*/
-#include <sys/types.h>
-#include <getopt.h>
-#include <stdbool.h>
-#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#include <stddef.h>
#include <time.h>
-#include <limits.h>
-
+#include <linux/types.h>
#include <linux/netfilter/xt_time.h>
#include <xtables.h>
-enum { /* getopt "seen" bits */
- F_DATE_START = 1 << 0,
- F_DATE_STOP = 1 << 1,
- F_TIME_START = 1 << 2,
- F_TIME_STOP = 1 << 3,
- F_MONTHDAYS = 1 << 4,
- F_WEEKDAYS = 1 << 5,
- F_TIMEZONE = 1 << 6,
+enum {
+ O_DATE_START = 0,
+ O_DATE_STOP,
+ O_TIME_START,
+ O_TIME_STOP,
+ O_TIME_CONTIGUOUS,
+ O_MONTHDAYS,
+ O_WEEKDAYS,
+ O_LOCAL_TZ,
+ O_UTC,
+ O_KERNEL_TZ,
+ F_LOCAL_TZ = 1 << O_LOCAL_TZ,
+ F_UTC = 1 << O_UTC,
+ F_KERNEL_TZ = 1 << O_KERNEL_TZ,
+ F_TIME_CONTIGUOUS = 1 << O_TIME_CONTIGUOUS,
};
static const char *const week_days[] = {
NULL, "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun",
};
-static const struct option time_opts[] = {
- {"datestart", true, NULL, 'D'},
- {"datestop", true, NULL, 'E'},
- {"timestart", true, NULL, 'X'},
- {"timestop", true, NULL, 'Y'},
- {"weekdays", true, NULL, 'w'},
- {"monthdays", true, NULL, 'm'},
- {"localtz", false, NULL, 'l'},
- {"utc", false, NULL, 'u'},
- { .name = NULL }
+static const struct xt_option_entry time_opts[] = {
+ {.name = "datestart", .id = O_DATE_START, .type = XTTYPE_STRING},
+ {.name = "datestop", .id = O_DATE_STOP, .type = XTTYPE_STRING},
+ {.name = "timestart", .id = O_TIME_START, .type = XTTYPE_STRING},
+ {.name = "timestop", .id = O_TIME_STOP, .type = XTTYPE_STRING},
+ {.name = "contiguous", .id = O_TIME_CONTIGUOUS, .type = XTTYPE_NONE},
+ {.name = "weekdays", .id = O_WEEKDAYS, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "monthdays", .id = O_MONTHDAYS, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
+ {.name = "localtz", .id = O_LOCAL_TZ, .type = XTTYPE_NONE,
+ .excl = F_UTC},
+ {.name = "utc", .id = O_UTC, .type = XTTYPE_NONE,
+ .excl = F_LOCAL_TZ | F_KERNEL_TZ},
+ {.name = "kerneltz", .id = O_KERNEL_TZ, .type = XTTYPE_NONE,
+ .excl = F_UTC},
+ XTOPT_TABLEEND,
};
static void time_help(void)
@@ -62,7 +70,7 @@ static void time_help(void)
"[!] --weekdays value List of weekdays on which to match, sep. by comma\n"
" (Possible days: Mon,Tue,Wed,Thu,Fri,Sat,Sun or 1 to 7\n"
" Defaults to all weekdays.)\n"
-" --localtz/--utc Time is interpreted as UTC/local time\n");
+" --kerneltz Work with the kernel timezone instead of UTC\n");
}
static void time_init(struct xt_entry_match *m)
@@ -78,9 +86,6 @@ static void time_init(struct xt_entry_match *m)
/* ...and have no date-begin or date-end boundary */
info->date_start = 0;
info->date_stop = INT_MAX;
-
- /* local time is default */
- info->flags |= XT_TIME_LOCAL_TZ;
}
static time_t time_parse_date(const char *s, bool end)
@@ -138,6 +143,13 @@ static time_t time_parse_date(const char *s, bool end)
tm.tm_hour = hour;
tm.tm_min = minute;
tm.tm_sec = second;
+ tm.tm_isdst = 0;
+ /*
+ * Offsetting, if any, is done by xt_time.ko,
+ * so we have to disable it here in userspace.
+ */
+ setenv("TZ", "UTC", true);
+ tzset();
ret = mktime(&tm);
if (ret >= 0)
return ret;
@@ -246,86 +258,47 @@ static unsigned int time_parse_weekdays(const char *arg)
return ret;
}
-static int time_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void time_parse(struct xt_option_call *cb)
{
- struct xt_time_info *info = (void *)(*match)->data;
-
- switch (c) {
- case 'D': /* --datestart */
- if (*flags & F_DATE_START)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --datestart twice");
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected \"!\" with --datestart");
- info->date_start = time_parse_date(optarg, false);
- *flags |= F_DATE_START;
- return 1;
- case 'E': /* --datestop */
- if (*flags & F_DATE_STOP)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --datestop more than once");
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "unexpected \"!\" with --datestop");
- info->date_stop = time_parse_date(optarg, true);
- *flags |= F_DATE_STOP;
- return 1;
- case 'X': /* --timestart */
- if (*flags & F_TIME_START)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --timestart more than once");
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected \"!\" with --timestart");
- info->daytime_start = time_parse_minutes(optarg);
- *flags |= F_TIME_START;
- return 1;
- case 'Y': /* --timestop */
- if (*flags & F_TIME_STOP)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --timestop more than once");
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected \"!\" with --timestop");
- info->daytime_stop = time_parse_minutes(optarg);
- *flags |= F_TIME_STOP;
- return 1;
- case 'l': /* --localtz */
- if (*flags & F_TIMEZONE)
- xtables_error(PARAMETER_PROBLEM,
- "Can only specify exactly one of --localtz or --utc");
+ struct xt_time_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_DATE_START:
+ info->date_start = time_parse_date(cb->arg, false);
+ break;
+ case O_DATE_STOP:
+ info->date_stop = time_parse_date(cb->arg, true);
+ break;
+ case O_TIME_START:
+ info->daytime_start = time_parse_minutes(cb->arg);
+ break;
+ case O_TIME_STOP:
+ info->daytime_stop = time_parse_minutes(cb->arg);
+ break;
+ case O_TIME_CONTIGUOUS:
+ info->flags |= XT_TIME_CONTIGUOUS;
+ break;
+ case O_LOCAL_TZ:
+ fprintf(stderr, "WARNING: --localtz is being replaced by "
+ "--kerneltz, since \"local\" is ambiguous. Note the "
+ "kernel timezone has caveats - "
+ "see manpage for details.\n");
+ /* fallthrough */
+ case O_KERNEL_TZ:
info->flags |= XT_TIME_LOCAL_TZ;
- *flags |= F_TIMEZONE;
- return 1;
- case 'm': /* --monthdays */
- if (*flags & F_MONTHDAYS)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --monthdays more than once");
- info->monthdays_match = time_parse_monthdays(optarg);
- if (invert)
+ break;
+ case O_MONTHDAYS:
+ info->monthdays_match = time_parse_monthdays(cb->arg);
+ if (cb->invert)
info->monthdays_match ^= XT_TIME_ALL_MONTHDAYS;
- *flags |= F_MONTHDAYS;
- return 1;
- case 'w': /* --weekdays */
- if (*flags & F_WEEKDAYS)
- xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --weekdays more than once");
- info->weekdays_match = time_parse_weekdays(optarg);
- if (invert)
+ break;
+ case O_WEEKDAYS:
+ info->weekdays_match = time_parse_weekdays(cb->arg);
+ if (cb->invert)
info->weekdays_match ^= XT_TIME_ALL_WEEKDAYS;
- *flags |= F_WEEKDAYS;
- return 1;
- case 'u': /* --utc */
- if (*flags & F_TIMEZONE)
- xtables_error(PARAMETER_PROBLEM,
- "Can only specify exactly one of --localtz or --utc");
- info->flags &= ~XT_TIME_LOCAL_TZ;
- *flags |= F_TIMEZONE;
- return 1;
+ break;
}
- return 0;
}
static void time_print_date(time_t date, const char *command)
@@ -336,17 +309,17 @@ static void time_print_date(time_t date, const char *command)
if (date == 0 || date == LONG_MAX)
return;
- t = localtime(&date);
+ t = gmtime(&date);
if (command != NULL)
/*
* Need a contiguous string (no whitespaces), hence using
* the ISO 8601 "T" variant.
*/
- printf("%s %04u-%02u-%02uT%02u:%02u:%02u ",
+ printf(" %s %04u-%02u-%02uT%02u:%02u:%02u",
command, t->tm_year + 1900, t->tm_mon + 1,
t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
else
- printf("%04u-%02u-%02u %02u:%02u:%02u ",
+ printf(" %04u-%02u-%02u %02u:%02u:%02u",
t->tm_year + 1900, t->tm_mon + 1, t->tm_mday,
t->tm_hour, t->tm_min, t->tm_sec);
}
@@ -355,6 +328,7 @@ static void time_print_monthdays(uint32_t mask, bool human_readable)
{
unsigned int i, nbdays = 0;
+ printf(" ");
for (i = 1; i <= 31; ++i)
if (mask & (1 << i)) {
if (nbdays++ > 0)
@@ -376,13 +350,13 @@ static void time_print_monthdays(uint32_t mask, bool human_readable)
break;
}
}
- printf(" ");
}
static void time_print_weekdays(unsigned int mask)
{
unsigned int i, nbdays = 0;
+ printf(" ");
for (i = 1; i <= 7; ++i)
if (mask & (1 << i)) {
if (nbdays > 0)
@@ -391,7 +365,6 @@ static void time_print_weekdays(unsigned int mask)
printf("%s", week_days[i]);
++nbdays;
}
- printf(" ");
}
static inline void divide_time(unsigned int fulltime, unsigned int *hours,
@@ -409,33 +382,35 @@ static void time_print(const void *ip, const struct xt_entry_match *match,
const struct xt_time_info *info = (const void *)match->data;
unsigned int h, m, s;
- printf("TIME ");
+ printf(" TIME");
if (info->daytime_start != XT_TIME_MIN_DAYTIME ||
info->daytime_stop != XT_TIME_MAX_DAYTIME) {
divide_time(info->daytime_start, &h, &m, &s);
- printf("from %02u:%02u:%02u ", h, m, s);
+ printf(" from %02u:%02u:%02u", h, m, s);
divide_time(info->daytime_stop, &h, &m, &s);
- printf("to %02u:%02u:%02u ", h, m, s);
+ printf(" to %02u:%02u:%02u", h, m, s);
}
if (info->weekdays_match != XT_TIME_ALL_WEEKDAYS) {
- printf("on ");
+ printf(" on");
time_print_weekdays(info->weekdays_match);
}
if (info->monthdays_match != XT_TIME_ALL_MONTHDAYS) {
- printf("on ");
+ printf(" on");
time_print_monthdays(info->monthdays_match, true);
}
if (info->date_start != 0) {
- printf("starting from ");
+ printf(" starting from");
time_print_date(info->date_start, NULL);
}
if (info->date_stop != INT_MAX) {
- printf("until date ");
+ printf(" until date");
time_print_date(info->date_stop, NULL);
}
if (!(info->flags & XT_TIME_LOCAL_TZ))
- printf("UTC ");
+ printf(" UTC");
+ if (info->flags & XT_TIME_CONTIGUOUS)
+ printf(" contiguous");
}
static void time_save(const void *ip, const struct xt_entry_match *match)
@@ -446,23 +421,33 @@ static void time_save(const void *ip, const struct xt_entry_match *match)
if (info->daytime_start != XT_TIME_MIN_DAYTIME ||
info->daytime_stop != XT_TIME_MAX_DAYTIME) {
divide_time(info->daytime_start, &h, &m, &s);
- printf("--timestart %02u:%02u:%02u ", h, m, s);
+ printf(" --timestart %02u:%02u:%02u", h, m, s);
divide_time(info->daytime_stop, &h, &m, &s);
- printf("--timestop %02u:%02u:%02u ", h, m, s);
+ printf(" --timestop %02u:%02u:%02u", h, m, s);
}
if (info->monthdays_match != XT_TIME_ALL_MONTHDAYS) {
- printf("--monthdays ");
+ printf(" --monthdays");
time_print_monthdays(info->monthdays_match, false);
}
if (info->weekdays_match != XT_TIME_ALL_WEEKDAYS) {
- printf("--weekdays ");
+ printf(" --weekdays");
time_print_weekdays(info->weekdays_match);
- printf(" ");
}
time_print_date(info->date_start, "--datestart");
time_print_date(info->date_stop, "--datestop");
- if (!(info->flags & XT_TIME_LOCAL_TZ))
- printf("--utc ");
+ if (info->flags & XT_TIME_LOCAL_TZ)
+ printf(" --kerneltz");
+ if (info->flags & XT_TIME_CONTIGUOUS)
+ printf(" --contiguous");
+}
+
+static void time_check(struct xt_fcheck_call *cb)
+{
+ const struct xt_time_info *info = (const void *) cb->data;
+ if ((cb->xflags & F_TIME_CONTIGUOUS) &&
+ info->daytime_start < info->daytime_stop)
+ xtables_error(PARAMETER_PROBLEM,
+ "time: --contiguous only makes sense when stoptime is smaller than starttime");
}
static struct xtables_match time_match = {
@@ -473,10 +458,11 @@ static struct xtables_match time_match = {
.userspacesize = XT_ALIGN(sizeof(struct xt_time_info)),
.help = time_help,
.init = time_init,
- .parse = time_parse,
.print = time_print,
.save = time_save,
- .extra_opts = time_opts,
+ .x6_parse = time_parse,
+ .x6_fcheck = time_check,
+ .x6_options = time_opts,
};
void _init(void)
diff --git a/extensions/libxt_time.man b/extensions/libxt_time.man
index 83625a2..4c0cae0 100644
--- a/extensions/libxt_time.man
+++ b/extensions/libxt_time.man
@@ -1,10 +1,10 @@
This matches if the packet arrival time/date is within a given range. All
-options are optional, but are ANDed when specified.
+options are optional, but are ANDed when specified. All times are interpreted
+as UTC by default.
.TP
\fB\-\-datestart\fP \fIYYYY\fP[\fB\-\fP\fIMM\fP[\fB\-\fP\fIDD\fP[\fBT\fP\fIhh\fP[\fB:\fP\fImm\fP[\fB:\fP\fIss\fP]]]]]
.TP
\fB\-\-datestop\fP \fIYYYY\fP[\fB\-\fP\fIMM\fP[\fB\-\fP\fIDD\fP[\fBT\fP\fIhh\fP[\fB:\fP\fImm\fP[\fB:\fP\fIss\fP]]]]]
-.IP
Only match during the given time, which must be in ISO 8601 "T" notation.
The possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07.
.IP
@@ -14,34 +14,55 @@ and 2038-01-19, respectively.
\fB\-\-timestart\fP \fIhh\fP\fB:\fP\fImm\fP[\fB:\fP\fIss\fP]
.TP
\fB\-\-timestop\fP \fIhh\fP\fB:\fP\fImm\fP[\fB:\fP\fIss\fP]
-.IP
Only match during the given daytime. The possible time range is 00:00:00 to
23:59:59. Leading zeroes are allowed (e.g. "06:03") and correctly interpreted
as base-10.
.TP
-[\fB!\fR] \fB\-\-monthdays\fP \fIday\fP[\fB,\fP\fIday\fP...]
-.IP
-Only match on the given days of the month. Possible values are \fB1\fR
-to \fB31\fR. Note that specifying \fB31\fR will of course not match
+[\fB!\fP] \fB\-\-monthdays\fP \fIday\fP[\fB,\fP\fIday\fP...]
+Only match on the given days of the month. Possible values are \fB1\fP
+to \fB31\fP. Note that specifying \fB31\fP will of course not match
on months which do not have a 31st day; the same goes for 28- or 29-day
February.
.TP
-[\fB!\fR] \fB\-\-weekdays\fP \fIday\fP[\fB,\fP\fIday\fP...]
-.IP
-Only match on the given weekdays. Possible values are \fBMon\fR, \fBTue\fR,
-\fBWed\fR, \fBThu\fR, \fBFri\fR, \fBSat\fR, \fBSun\fR, or values from \fB1\fR
-to \fB7\fR, respectively. You may also use two-character variants (\fBMo\fP,
-\fBTu\fR, etc.).
+[\fB!\fP] \fB\-\-weekdays\fP \fIday\fP[\fB,\fP\fIday\fP...]
+Only match on the given weekdays. Possible values are \fBMon\fP, \fBTue\fP,
+\fBWed\fP, \fBThu\fP, \fBFri\fP, \fBSat\fP, \fBSun\fP, or values from \fB1\fP
+to \fB7\fP, respectively. You may also use two-character variants (\fBMo\fP,
+\fBTu\fP, etc.).
.TP
-\fB\-\-utc\fP
-.IP
-Interpret the times given for \fB\-\-datestart\fP, \fB\-\-datestop\fP,
-\fB\-\-timestart\fP and \fB\-\-timestop\fP to be UTC.
+\fB\-\-contiguous\fP
+When \fB\-\-timestop\fP is smaller than \fB\-\-timestart\fP value, match
+this as a single time period instead distinct intervals. See EXAMPLES.
.TP
-\fB\-\-localtz\fP
-.IP
-Interpret the times given for \fB\-\-datestart\fP, \fB\-\-datestop\fP,
-\fB\-\-timestart\fP and \fB\-\-timestop\fP to be local kernel time. (Default)
+\fB\-\-kerneltz\fP
+Use the kernel timezone instead of UTC to determine whether a packet meets the
+time regulations.
+.PP
+About kernel timezones: Linux keeps the system time in UTC, and always does so.
+On boot, system time is initialized from a referential time source. Where this
+time source has no timezone information, such as the x86 CMOS RTC, UTC will be
+assumed. If the time source is however not in UTC, userspace should provide the
+correct system time and timezone to the kernel once it has the information.
+.PP
+Local time is a feature on top of the (timezone independent) system time. Each
+process has its own idea of local time, specified via the TZ environment
+variable. The kernel also has its own timezone offset variable. The TZ
+userspace environment variable specifies how the UTC-based system time is
+displayed, e.g. when you run date(1), or what you see on your desktop clock.
+The TZ string may resolve to different offsets at different dates, which is
+what enables the automatic time-jumping in userspace. when DST changes. The
+kernel's timezone offset variable is used when it has to convert between
+non-UTC sources, such as FAT filesystems, to UTC (since the latter is what the
+rest of the system uses).
+.PP
+The caveat with the kernel timezone is that Linux distributions may ignore to
+set the kernel timezone, and instead only set the system time. Even if a
+particular distribution does set the timezone at boot, it is usually does not
+keep the kernel timezone offset - which is what changes on DST - up to date.
+ntpd will not touch the kernel timezone, so running it will not resolve the
+issue. As such, one may encounter a timezone that is always +0000, or one that
+is wrong half of the time of the year. As such, \fBusing \-\-kerneltz is highly
+discouraged.\fP
.PP
EXAMPLES. To match on weekends, use:
.IP
@@ -67,3 +88,11 @@ The fourth Friday in the month:
(Note that this exploits a certain mathematical property. It is not possible to
say "fourth Thursday OR fourth Friday" in one rule. It is possible with
multiple rules, though.)
+.PP
+Matching across days might not do what is expected. For instance,
+.IP
+\-m time \-\-weekdays Mo \-\-timestart 23:00 \-\-timestop 01:00
+Will match Monday, for one hour from midnight to 1 a.m., and then
+again for another hour from 23:00 onwards. If this is unwanted, e.g. if you
+would like 'match for two hours from Montay 23:00 onwards' you need to also specify
+the \-\-contiguous option in the example above.
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index 6b8cd89..81c096f 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -16,17 +16,24 @@
#include "tos_values.c"
struct ipt_tos_info {
- u_int8_t tos;
- u_int8_t invert;
+ uint8_t tos;
+ uint8_t invert;
};
enum {
- FLAG_TOS = 1 << 0,
+ O_TOS = 1 << 0,
};
-static const struct option tos_mt_opts[] = {
- {.name = "tos", .has_arg = true, .val = 't'},
- { .name = NULL }
+static const struct xt_option_entry tos_mt_opts_v0[] = {
+ {.name = "tos", .id = O_TOS, .type = XTTYPE_TOSMASK,
+ .flags = XTOPT_INVERT | XTOPT_MAND, .max = 0xFF},
+ XTOPT_TABLEEND,
+};
+
+static const struct xt_option_entry tos_mt_opts[] = {
+ {.name = "tos", .id = O_TOS, .type = XTTYPE_TOSMASK,
+ .flags = XTOPT_INVERT | XTOPT_MAND, .max = 0x3F},
+ XTOPT_TABLEEND,
};
static void tos_mt_help(void)
@@ -46,56 +53,29 @@ static void tos_mt_help(void)
printf("\n");
}
-static int tos_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void tos_mt_parse_v0(struct xt_option_call *cb)
{
- struct ipt_tos_info *info = (void *)(*match)->data;
- struct tos_value_mask tvm;
-
- switch (c) {
- case 't':
- xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS);
- if (!tos_parse_symbolic(optarg, &tvm, 0xFF))
- xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg);
- if (tvm.mask != 0xFF)
- xtables_error(PARAMETER_PROBLEM, "tos: Your kernel is "
- "too old to support anything besides /0xFF "
- "as a mask.");
- info->tos = tvm.value;
- if (invert)
- info->invert = true;
- *flags |= FLAG_TOS;
- return true;
- }
- return false;
+ struct ipt_tos_info *info = cb->data;
+
+ xtables_option_parse(cb);
+ if (cb->val.tos_mask != 0xFF)
+ xtables_error(PARAMETER_PROBLEM, "tos: Your kernel is "
+ "too old to support anything besides /0xFF "
+ "as a mask.");
+ info->tos = cb->val.tos_value;
+ if (cb->invert)
+ info->invert = true;
}
-static int tos_mt_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void tos_mt_parse(struct xt_option_call *cb)
{
- struct xt_tos_match_info *info = (void *)(*match)->data;
- struct tos_value_mask tvm = {.mask = 0xFF};
-
- switch (c) {
- case 't':
- xtables_param_act(XTF_ONLY_ONCE, "tos", "--tos", *flags & FLAG_TOS);
- if (!tos_parse_symbolic(optarg, &tvm, 0x3F))
- xtables_param_act(XTF_BAD_VALUE, "tos", "--tos", optarg);
- info->tos_value = tvm.value;
- info->tos_mask = tvm.mask;
- if (invert)
- info->invert = true;
- *flags |= FLAG_TOS;
- return true;
- }
- return false;
-}
+ struct xt_tos_match_info *info = cb->data;
-static void tos_mt_check(unsigned int flags)
-{
- if (flags == 0)
- xtables_error(PARAMETER_PROBLEM,
- "tos: --tos parameter required");
+ xtables_option_parse(cb);
+ info->tos_value = cb->val.tos_value;
+ info->tos_mask = cb->val.tos_mask;
+ if (cb->invert)
+ info->invert = true;
}
static void tos_mt_print_v0(const void *ip, const struct xt_entry_match *match,
@@ -103,11 +83,11 @@ static void tos_mt_print_v0(const void *ip, const struct xt_entry_match *match,
{
const struct ipt_tos_info *info = (const void *)match->data;
- printf("tos match ");
+ printf(" tos match ");
if (info->invert)
printf("!");
if (numeric || !tos_try_print_symbolic("", info->tos, 0x3F))
- printf("0x%02x ", info->tos);
+ printf("0x%02x", info->tos);
}
static void tos_mt_print(const void *ip, const struct xt_entry_match *match,
@@ -115,12 +95,12 @@ static void tos_mt_print(const void *ip, const struct xt_entry_match *match,
{
const struct xt_tos_match_info *info = (const void *)match->data;
- printf("tos match ");
+ printf(" tos match");
if (info->invert)
printf("!");
if (numeric ||
!tos_try_print_symbolic("", info->tos_value, info->tos_mask))
- printf("0x%02x/0x%02x ", info->tos_value, info->tos_mask);
+ printf("0x%02x/0x%02x", info->tos_value, info->tos_mask);
}
static void tos_mt_save_v0(const void *ip, const struct xt_entry_match *match)
@@ -128,8 +108,8 @@ static void tos_mt_save_v0(const void *ip, const struct xt_entry_match *match)
const struct ipt_tos_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
- printf("--tos 0x%02x ", info->tos);
+ printf(" !");
+ printf(" --tos 0x%02x", info->tos);
}
static void tos_mt_save(const void *ip, const struct xt_entry_match *match)
@@ -137,8 +117,8 @@ static void tos_mt_save(const void *ip, const struct xt_entry_match *match)
const struct xt_tos_match_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
- printf("--tos 0x%02x/0x%02x ", info->tos_value, info->tos_mask);
+ printf(" !");
+ printf(" --tos 0x%02x/0x%02x", info->tos_value, info->tos_mask);
}
static struct xtables_match tos_mt_reg[] = {
@@ -150,11 +130,10 @@ static struct xtables_match tos_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct ipt_tos_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_tos_info)),
.help = tos_mt_help,
- .parse = tos_mt_parse_v0,
- .final_check = tos_mt_check,
.print = tos_mt_print_v0,
.save = tos_mt_save_v0,
- .extra_opts = tos_mt_opts,
+ .x6_parse = tos_mt_parse_v0,
+ .x6_options = tos_mt_opts_v0,
},
{
.version = XTABLES_VERSION,
@@ -164,11 +143,10 @@ static struct xtables_match tos_mt_reg[] = {
.size = XT_ALIGN(sizeof(struct xt_tos_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tos_match_info)),
.help = tos_mt_help,
- .parse = tos_mt_parse,
- .final_check = tos_mt_check,
.print = tos_mt_print,
.save = tos_mt_save,
- .extra_opts = tos_mt_opts,
+ .x6_parse = tos_mt_parse,
+ .x6_options = tos_mt_opts,
},
};
diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 9a61c8a..2a7f5d8 100644
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -10,21 +10,22 @@
* Copyright © CC Computer Consultants GmbH, 2007
* Contact: <jengelh@computergmbh.de>
*/
-#include <sys/types.h>
#include <ctype.h>
#include <errno.h>
-#include <getopt.h>
-#include <netdb.h>
+#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
-#include <string.h>
-
#include <xtables.h>
#include <linux/netfilter/xt_u32.h>
-static const struct option u32_opts[] = {
- {"u32", 1, NULL, 'u'},
- { .name = NULL }
+enum {
+ O_U32 = 0,
+};
+
+static const struct xt_option_entry u32_opts[] = {
+ {.name = "u32", .id = O_U32, .type = XTTYPE_STRING,
+ .flags = XTOPT_MAND | XTOPT_INVERT},
+ XTOPT_TABLEEND,
};
static void u32_help(void)
@@ -44,6 +45,7 @@ static void u32_dump(const struct xt_u32 *data)
const struct xt_u32_test *ct;
unsigned int testind, i;
+ printf(" \"");
for (testind = 0; testind < data->ntests; ++testind) {
ct = &data->tests[testind];
@@ -80,41 +82,34 @@ static void u32_dump(const struct xt_u32 *data)
ct->value[i].max);
}
}
- printf(" ");
+ putchar('\"');
}
/* string_to_number() is not quite what we need here ... */
-static u_int32_t parse_number(char **s, int pos)
+static uint32_t parse_number(const char **s, int pos)
{
- u_int32_t number;
+ unsigned int number;
char *end;
- errno = 0;
- number = strtoul(*s, &end, 0);
- if (end == *s)
+ if (!xtables_strtoui(*s, &end, &number, 0, UINT32_MAX) ||
+ end == *s)
xtables_error(PARAMETER_PROBLEM,
- "u32: at char %d: expected number", pos);
- if (errno != 0)
- xtables_error(PARAMETER_PROBLEM,
- "u32: at char %d: error reading number", pos);
+ "u32: at char %d: not a number or out of range", pos);
*s = end;
return number;
}
-static int u32_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void u32_parse(struct xt_option_call *cb)
{
- struct xt_u32 *data = (void *)(*match)->data;
+ struct xt_u32 *data = cb->data;
unsigned int testind = 0, locind = 0, valind = 0;
struct xt_u32_test *ct = &data->tests[testind]; /* current test */
- char *arg = optarg; /* the argument string */
- char *start = arg;
+ const char *arg = cb->arg; /* the argument string */
+ const char *start = cb->arg;
int state = 0;
- if (c != 'u')
- return 0;
-
- data->invert = invert;
+ xtables_option_parse(cb);
+ data->invert = cb->invert;
/*
* states:
@@ -143,7 +138,7 @@ static int u32_parse(int c, char **argv, int invert, unsigned int *flags,
xtables_error(PARAMETER_PROBLEM,
"u32: at char %u: too many \"&&\"s",
(unsigned int)(arg - start));
- return 1;
+ return;
}
if (state == 0) {
@@ -250,9 +245,9 @@ static void u32_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
const struct xt_u32 *data = (const void *)match->data;
- printf("u32 ");
+ printf(" u32");
if (data->invert)
- printf("! ");
+ printf(" !");
u32_dump(data);
}
@@ -260,8 +255,8 @@ static void u32_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_u32 *data = (const void *)match->data;
if (data->invert)
- printf("! ");
- printf("--u32 ");
+ printf(" !");
+ printf(" --u32");
u32_dump(data);
}
@@ -272,10 +267,10 @@ static struct xtables_match u32_match = {
.size = XT_ALIGN(sizeof(struct xt_u32)),
.userspacesize = XT_ALIGN(sizeof(struct xt_u32)),
.help = u32_help,
- .parse = u32_parse,
.print = u32_print,
.save = u32_save,
- .extra_opts = u32_opts,
+ .x6_parse = u32_parse,
+ .x6_options = u32_opts,
};
void _init(void)
diff --git a/extensions/libxt_u32.man b/extensions/libxt_u32.man
index 2ffab30..7c8615d 100644
--- a/extensions/libxt_u32.man
+++ b/extensions/libxt_u32.man
@@ -11,22 +11,22 @@ value := range | value "," range
.IP
range := number | number ":" number
.PP
-a single number, \fIn\fR, is interpreted the same as \fIn:n\fR. \fIn:m\fR is
-interpreted as the range of numbers \fB>=n\fR and \fB<=m\fR.
+a single number, \fIn\fP, is interpreted the same as \fIn:n\fP. \fIn:m\fP is
+interpreted as the range of numbers \fB>=n\fP and \fB<=m\fP.
.IP "" 4
location := number | location operator number
.IP "" 4
operator := "&" | "<<" | ">>" | "@"
.PP
-The operators \fB&\fR, \fB<<\fR, \fB>>\fR and \fB&&\fR mean the same as in C.
-The \fB=\fR is really a set membership operator and the value syntax describes
-a set. The \fB@\fR operator is what allows moving to the next header and is
+The operators \fB&\fP, \fB<<\fP, \fB>>\fP and \fB&&\fP mean the same as in C.
+The \fB=\fP is really a set membership operator and the value syntax describes
+a set. The \fB@\fP operator is what allows moving to the next header and is
described further below.
.PP
There are currently some artificial implementation limits on the size of the
tests:
.IP " *"
-no more than 10 of "\fB=\fR" (and 9 "\fB&&\fR"s) in the u32 argument
+no more than 10 of "\fB=\fP" (and 9 "\fB&&\fP"s) in the u32 argument
.IP " *"
no more than 10 ranges (and 9 commas) per value
.IP " *"
@@ -35,7 +35,7 @@ no more than 10 numbers (and 9 operators) per location
To describe the meaning of location, imagine the following machine that
interprets it. There are three registers:
.IP
-A is of type \fBchar *\fR, initially the address of the IP header
+A is of type \fBchar *\fP, initially the address of the IP header
.IP
B and C are unsigned 32 bit integers, initially zero
.PP
@@ -81,28 +81,28 @@ First test that it is an ICMP packet, true iff byte 9 (protocol) = 1
.IP
\-\-u32 "\fB6 & 0xFF = 1 &&\fP ...
.IP
-read bytes 6-9, use \fB&\fR to throw away bytes 6-8 and compare the result to
+read bytes 6-9, use \fB&\fP to throw away bytes 6-8 and compare the result to
1. Next test that it is not a fragment. (If so, it might be part of such a
packet but we cannot always tell.) N.B.: This test is generally needed if you
want to match anything beyond the IP header. The last 6 bits of byte 6 and all
of byte 7 are 0 iff this is a complete packet (not a fragment). Alternatively,
you can allow first fragments by only testing the last 5 bits of byte 6.
.IP
- ... \fB4 & 0x3FFF = 0 &&\fR ...
+ ... \fB4 & 0x3FFF = 0 &&\fP ...
.IP
Last test: the first byte past the IP header (the type) is 0. This is where we
have to use the @syntax. The length of the IP header (IHL) in 32 bit words is
stored in the right half of byte 0 of the IP header itself.
.IP
- ... \fB0 >> 22 & 0x3C @ 0 >> 24 = 0\fR"
+ ... \fB0 >> 22 & 0x3C @ 0 >> 24 = 0\fP"
.IP
-The first 0 means read bytes 0-3, \fB>>22\fR means shift that 22 bits to the
+The first 0 means read bytes 0-3, \fB>>22\fP means shift that 22 bits to the
right. Shifting 24 bits would give the first byte, so only 22 bits is four
-times that plus a few more bits. \fB&3C\fR then eliminates the two extra bits
+times that plus a few more bits. \fB&3C\fP then eliminates the two extra bits
on the right and the first four bits of the first byte. For instance, if IHL=5,
then the IP header is 20 (4 x 5) bytes long. In this case, bytes 0-1 are (in
-binary) xxxx0101 yyzzzzzz, \fB>>22\fR gives the 10 bit value xxxx0101yy and
-\fB&3C\fR gives 010100. \fB@\fR means to use this number as a new offset into
+binary) xxxx0101 yyzzzzzz, \fB>>22\fP gives the 10 bit value xxxx0101yy and
+\fB&3C\fP gives 010100. \fB@\fP means to use this number as a new offset into
the packet, and read four bytes starting from there. This is the first 4 bytes
of the ICMP payload, of which byte 0 is the ICMP type. Therefore, we simply
shift the value 24 to the right to throw out all but the first byte and compare
@@ -118,12 +118,12 @@ First we test that the packet is a tcp packet (similar to ICMP).
.IP
Next, test that it is not a fragment (same as above).
.IP
- ... \fB0 >> 22 & 0x3C @ 12 >> 26 & 0x3C @ 8 = 1,2,5,8\fR"
+ ... \fB0 >> 22 & 0x3C @ 12 >> 26 & 0x3C @ 8 = 1,2,5,8\fP"
.IP
-\fB0>>22&3C\fR as above computes the number of bytes in the IP header. \fB@\fR
+\fB0>>22&3C\fP as above computes the number of bytes in the IP header. \fB@\fP
makes this the new offset into the packet, which is the start of the TCP
header. The length of the TCP header (again in 32 bit words) is the left half
-of byte 12 of the TCP header. The \fB12>>26&3C\fR computes this length in bytes
+of byte 12 of the TCP header. The \fB12>>26&3C\fP computes this length in bytes
(similar to the IP header before). "@" makes this the new offset, which is the
start of the TCP payload. Finally, 8 reads bytes 8-12 of the payload and
-\fB=\fR checks whether the result is any of 1, 2, 5 or 8.
+\fB=\fP checks whether the result is any of 1, 2, 5 or 8.
diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
index 135e7af..b9f39ee 100644
--- a/extensions/libxt_udp.c
+++ b/extensions/libxt_udp.c
@@ -1,13 +1,15 @@
-/* Shared library add-on to iptables to add UDP support. */
+#include <stdint.h>
#include <stdio.h>
#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <netinet/in.h>
+#include <arpa/inet.h>
#include <xtables.h>
#include <linux/netfilter/xt_tcpudp.h>
+enum {
+ O_SOURCE_PORT = 0,
+ O_DEST_PORT,
+};
+
static void udp_help(void)
{
printf(
@@ -20,36 +22,19 @@ static void udp_help(void)
" match destination port(s)\n");
}
-static const struct option udp_opts[] = {
- { "source-port", 1, NULL, '1' },
- { "sport", 1, NULL, '1' }, /* synonym */
- { "destination-port", 1, NULL, '2' },
- { "dport", 1, NULL, '2' }, /* synonym */
- { .name = NULL }
+#define s struct xt_udp
+static const struct xt_option_entry udp_opts[] = {
+ {.name = "source-port", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
+ {.name = "sport", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
+ {.name = "destination-port", .id = O_DEST_PORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
+ {.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC,
+ .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
+ XTOPT_TABLEEND,
};
-
-static void
-parse_udp_ports(const char *portstring, u_int16_t *ports)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(portstring);
- if ((cp = strchr(buffer, ':')) == NULL)
- ports[0] = ports[1] = xtables_parse_port(buffer, "udp");
- else {
- *cp = '\0';
- cp++;
-
- ports[0] = buffer[0] ? xtables_parse_port(buffer, "udp") : 0;
- ports[1] = cp[0] ? xtables_parse_port(cp, "udp") : 0xFFFF;
-
- if (ports[0] > ports[1])
- xtables_error(PARAMETER_PROBLEM,
- "invalid portrange (min > max)");
- }
- free(buffer);
-}
+#undef s
static void udp_init(struct xt_entry_match *m)
{
@@ -58,49 +43,27 @@ static void udp_init(struct xt_entry_match *m)
udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
}
-#define UDP_SRC_PORTS 0x01
-#define UDP_DST_PORTS 0x02
-
-static int
-udp_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static void udp_parse(struct xt_option_call *cb)
{
- struct xt_udp *udpinfo = (struct xt_udp *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & UDP_SRC_PORTS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--source-port' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_udp_ports(optarg, udpinfo->spts);
- if (invert)
+ struct xt_udp *udpinfo = cb->data;
+
+ xtables_option_parse(cb);
+ switch (cb->entry->id) {
+ case O_SOURCE_PORT:
+ if (cb->invert)
udpinfo->invflags |= XT_UDP_INV_SRCPT;
- *flags |= UDP_SRC_PORTS;
break;
-
- case '2':
- if (*flags & UDP_DST_PORTS)
- xtables_error(PARAMETER_PROBLEM,
- "Only one `--destination-port' allowed");
- xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_udp_ports(optarg, udpinfo->dpts);
- if (invert)
+ case O_DEST_PORT:
+ if (cb->invert)
udpinfo->invflags |= XT_UDP_INV_DSTPT;
- *flags |= UDP_DST_PORTS;
break;
-
- default:
- return 0;
}
-
- return 1;
}
-static char *
+static const char *
port_to_service(int port)
{
- struct servent *service;
+ const struct servent *service;
if ((service = getservbyport(htons(port), "udp")))
return service->s_name;
@@ -109,9 +72,9 @@ port_to_service(int port)
}
static void
-print_port(u_int16_t port, int numeric)
+print_port(uint16_t port, int numeric)
{
- char *service;
+ const char *service;
if (numeric || (service = port_to_service(port)) == NULL)
printf("%u", port);
@@ -120,13 +83,13 @@ print_port(u_int16_t port, int numeric)
}
static void
-print_ports(const char *name, u_int16_t min, u_int16_t max,
+print_ports(const char *name, uint16_t min, uint16_t max,
int invert, int numeric)
{
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
@@ -136,7 +99,6 @@ print_ports(const char *name, u_int16_t min, u_int16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
@@ -145,7 +107,7 @@ udp_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_udp *udp = (struct xt_udp *)match->data;
- printf("udp ");
+ printf(" udp");
print_ports("spt", udp->spts[0], udp->spts[1],
udp->invflags & XT_UDP_INV_SRCPT,
numeric);
@@ -153,7 +115,7 @@ udp_print(const void *ip, const struct xt_entry_match *match, int numeric)
udp->invflags & XT_UDP_INV_DSTPT,
numeric);
if (udp->invflags & ~XT_UDP_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
udp->invflags & ~XT_UDP_INV_MASK);
}
@@ -164,28 +126,28 @@ static void udp_save(const void *ip, const struct xt_entry_match *match)
if (udpinfo->spts[0] != 0
|| udpinfo->spts[1] != 0xFFFF) {
if (udpinfo->invflags & XT_UDP_INV_SRCPT)
- printf("! ");
+ printf(" !");
if (udpinfo->spts[0]
!= udpinfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
udpinfo->spts[0],
udpinfo->spts[1]);
else
- printf("--sport %u ",
+ printf(" --sport %u",
udpinfo->spts[0]);
}
if (udpinfo->dpts[0] != 0
|| udpinfo->dpts[1] != 0xFFFF) {
if (udpinfo->invflags & XT_UDP_INV_DSTPT)
- printf("! ");
+ printf(" !");
if (udpinfo->dpts[0]
!= udpinfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
udpinfo->dpts[0],
udpinfo->dpts[1]);
else
- printf("--dport %u ",
+ printf(" --dport %u",
udpinfo->dpts[0]);
}
}
@@ -198,10 +160,10 @@ static struct xtables_match udp_match = {
.userspacesize = XT_ALIGN(sizeof(struct xt_udp)),
.help = udp_help,
.init = udp_init,
- .parse = udp_parse,
.print = udp_print,
.save = udp_save,
- .extra_opts = udp_opts,
+ .x6_parse = udp_parse,
+ .x6_options = udp_opts,
};
void
diff --git a/extensions/tos_values.c b/extensions/tos_values.c
index e8f1563..6dc4743 100644
--- a/extensions/tos_values.c
+++ b/extensions/tos_values.c
@@ -20,66 +20,11 @@ static const struct tos_symbol_info {
{IPTOS_RELIABILITY, "Maximize-Reliability"},
{IPTOS_MINCOST, "Minimize-Cost"},
{IPTOS_NORMALSVC, "Normal-Service"},
- { .name = NULL }
+ {},
};
-/*
- * tos_parse_numeric - parse sth. like "15/255"
- *
- * @s: input string
- * @info: accompanying structure
- * @bits: number of bits that are allowed
- * (8 for IPv4 TOS field, 4 for IPv6 Priority Field)
- */
-static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm,
- unsigned int bits)
-{
- const unsigned int max = (1 << bits) - 1;
- unsigned int value;
- char *end;
-
- xtables_strtoui(str, &end, &value, 0, max);
- tvm->value = value;
- tvm->mask = max;
-
- if (*end == '/') {
- const char *p = end + 1;
-
- if (!xtables_strtoui(p, &end, &value, 0, max))
- xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"",
- str);
- tvm->mask = value;
- }
-
- if (*end != '\0')
- xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", str);
- return true;
-}
-
-static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm,
- unsigned int def_mask)
-{
- const unsigned int max = UINT8_MAX;
- const struct tos_symbol_info *symbol;
- char *tmp;
-
- if (xtables_strtoui(str, &tmp, NULL, 0, max))
- return tos_parse_numeric(str, tvm, max);
-
- /* Do not consider ECN bits */
- tvm->mask = def_mask;
- for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol)
- if (strcasecmp(str, symbol->name) == 0) {
- tvm->value = symbol->value;
- return true;
- }
-
- xtables_error(PARAMETER_PROBLEM, "Symbolic name \"%s\" is unknown", str);
- return false;
-}
-
static bool tos_try_print_symbolic(const char *prefix,
- u_int8_t value, u_int8_t mask)
+ uint8_t value, uint8_t mask)
{
const struct tos_symbol_info *symbol;
@@ -88,7 +33,7 @@ static bool tos_try_print_symbolic(const char *prefix,
for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol)
if (value == symbol->value) {
- printf("%s%s ", prefix, symbol->name);
+ printf(" %s%s", prefix, symbol->name);
return true;
}
diff --git a/include/Makefile.am b/include/Makefile.am
index 0a1abea..e695120 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -1,7 +1,7 @@
# -*- Makefile -*-
include_HEADERS =
-nobase_include_HEADERS = xtables.h
+nobase_include_HEADERS = xtables.h xtables-version.h
if ENABLE_LIBIPQ
include_HEADERS += libipq/libipq.h
@@ -9,4 +9,4 @@ endif
nobase_include_HEADERS += \
libiptc/ipt_kernel_headers.h libiptc/libiptc.h \
- libiptc/libip6tc.h libiptc/libxtc.h
+ libiptc/libip6tc.h libiptc/libxtc.h libiptc/xtcshared.h
diff --git a/include/Makefile.in b/include/Makefile.in
index cf3362e..4fbc313 100644
--- a/include/Makefile.in
+++ b/include/Makefile.in
@@ -1,8 +1,9 @@
-# Makefile.in generated by automake 1.10.2 from Makefile.am.
+# Makefile.in generated by automake 1.11.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -17,8 +18,26 @@
# -*- Makefile -*-
VPATH = @srcdir@
-pkglibdir = $(libdir)/@PACKAGE@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
@@ -37,29 +56,54 @@ host_triplet = @host@
subdir = include
DIST_COMMON = $(am__include_HEADERS_DIST) $(nobase_include_HEADERS) \
$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
- $(srcdir)/xtables.h.in
+ $(srcdir)/xtables-version.h.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/configure.ac
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_linker_flags.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES = xtables.h
+CONFIG_CLEAN_FILES = xtables-version.h
+CONFIG_CLEAN_VPATH_FILES =
SOURCES =
DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
am__include_HEADERS_DIST = libipq/libipq.h
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
am__installdirs = "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nobase_includeHEADERS_INSTALL = $(install_sh_DATA)
HEADERS = $(include_HEADERS) $(nobase_include_HEADERS)
ETAGS = etags
CTAGS = ctags
@@ -80,6 +124,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -103,9 +148,11 @@ LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -114,9 +161,12 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -127,6 +177,7 @@ abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
@@ -157,10 +208,13 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
kbuilddir = @kbuilddir@
-kinclude_CFLAGS = @kinclude_CFLAGS@
+kinclude_CPPFLAGS = @kinclude_CPPFLAGS@
ksourcedir = @ksourcedir@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_LDFLAGS2 = @libiptc_LDFLAGS2@
+libnetfilter_conntrack_CFLAGS = @libnetfilter_conntrack_CFLAGS@
+libnetfilter_conntrack_LIBS = @libnetfilter_conntrack_LIBS@
libnfnetlink_CFLAGS = @libnfnetlink_CFLAGS@
libnfnetlink_LIBS = @libnfnetlink_LIBS@
libxtables_vage = @libxtables_vage@
@@ -168,9 +222,9 @@ libxtables_vcurrent = @libxtables_vcurrent@
libxtables_vmajor = @libxtables_vmajor@
localedir = @localedir@
localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
+noundef_LDFLAGS = @noundef_LDFLAGS@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgconfigdir = @pkgconfigdir@
@@ -178,17 +232,20 @@ prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
regular_CFLAGS = @regular_CFLAGS@
+regular_CPPFLAGS = @regular_CPPFLAGS@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xtlibdir = @xtlibdir@
include_HEADERS = $(am__append_1)
-nobase_include_HEADERS = xtables.h libiptc/ipt_kernel_headers.h \
- libiptc/libiptc.h libiptc/libip6tc.h libiptc/libxtc.h
+nobase_include_HEADERS = xtables.h xtables-version.h \
+ libiptc/ipt_kernel_headers.h libiptc/libiptc.h \
+ libiptc/libip6tc.h libiptc/libxtc.h libiptc/xtcshared.h
all: all-am
.SUFFIXES:
@@ -201,9 +258,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/Makefile'; \
- cd $(top_srcdir) && \
- $(AUTOMAKE) --gnu include/Makefile
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu include/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -221,7 +278,8 @@ $(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-xtables.h: $(top_builddir)/config.status $(srcdir)/xtables.h.in
+$(am__aclocal_m4_deps):
+xtables-version.h: $(top_builddir)/config.status $(srcdir)/xtables-version.h.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
mostlyclean-libtool:
@@ -231,40 +289,49 @@ clean-libtool:
-rm -rf .libs _libs
install-includeHEADERS: $(include_HEADERS)
@$(NORMAL_INSTALL)
- test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
- @list='$(include_HEADERS)'; for p in $$list; do \
+ @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
- $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \
done
uninstall-includeHEADERS:
@$(NORMAL_UNINSTALL)
- @list='$(include_HEADERS)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
- rm -f "$(DESTDIR)$(includedir)/$$f"; \
- done
+ @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir)
install-nobase_includeHEADERS: $(nobase_include_HEADERS)
@$(NORMAL_INSTALL)
- test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
- @$(am__vpath_adj_setup) \
- list='$(nobase_include_HEADERS)'; for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- $(am__vpath_adj) \
- echo " $(nobase_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
- $(nobase_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ @list='$(nobase_include_HEADERS)'; test -n "$(includedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \
+ fi; \
+ $(am__nobase_list) | while read dir files; do \
+ xfiles=; for file in $$files; do \
+ if test -f "$$file"; then xfiles="$$xfiles $$file"; \
+ else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \
+ test -z "$$xfiles" || { \
+ test "x$$dir" = x. || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)/$$dir'"; \
+ $(MKDIR_P) "$(DESTDIR)$(includedir)/$$dir"; }; \
+ echo " $(INSTALL_HEADER) $$xfiles '$(DESTDIR)$(includedir)/$$dir'"; \
+ $(INSTALL_HEADER) $$xfiles "$(DESTDIR)$(includedir)/$$dir" || exit $$?; }; \
done
uninstall-nobase_includeHEADERS:
@$(NORMAL_UNINSTALL)
- @$(am__vpath_adj_setup) \
- list='$(nobase_include_HEADERS)'; for p in $$list; do \
- $(am__vpath_adj) \
- echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
- rm -f "$(DESTDIR)$(includedir)/$$f"; \
- done
+ @list='$(nobase_include_HEADERS)'; test -n "$(includedir)" || list=; \
+ $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \
+ dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir)
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@@ -278,7 +345,7 @@ tags: TAGS
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
+ set x; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
@@ -286,29 +353,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$tags $$unique; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$tags $$unique
+ $$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
- && cd $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) $$here
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
@@ -329,13 +401,17 @@ distdir: $(DISTFILES)
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
- cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
- test -f $(distdir)/$$file \
- || cp -p $$d/$$file $(distdir)/$$file \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@@ -356,16 +432,22 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@@ -384,6 +466,8 @@ dvi-am:
html: html-am
+html-am:
+
info: info-am
info-am:
@@ -392,18 +476,28 @@ install-data-am: install-includeHEADERS install-nobase_includeHEADERS
install-dvi: install-dvi-am
+install-dvi-am:
+
install-exec-am:
install-html: install-html-am
+install-html-am:
+
install-info: install-info-am
+install-info-am:
+
install-man:
install-pdf: install-pdf-am
+install-pdf-am:
+
install-ps: install-ps-am
+install-ps-am:
+
installcheck-am:
maintainer-clean: maintainer-clean-am
@@ -441,6 +535,7 @@ uninstall-am: uninstall-includeHEADERS uninstall-nobase_includeHEADERS
uninstall-am uninstall-includeHEADERS \
uninstall-nobase_includeHEADERS
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/include/ip6tables.h b/include/ip6tables.h
index ca0f9a0..5f1c5b6 100644
--- a/include/ip6tables.h
+++ b/include/ip6tables.h
@@ -8,12 +8,12 @@
/* Your shared library should call one of these. */
extern int do_command6(int argc, char *argv[], char **table,
- struct ip6tc_handle **handle);
+ struct xtc_handle **handle, bool restore);
-extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *), int verbose, int builtinstoo, struct ip6tc_handle *handle);
-extern int flush_entries(const ip6t_chainlabel chain, int verbose, struct ip6tc_handle *handle);
-extern int delete_chain(const ip6t_chainlabel chain, int verbose, struct ip6tc_handle *handle);
-void print_rule(const struct ip6t_entry *e, struct ip6tc_handle *h, const char *chain, int counters);
+extern int for_each_chain6(int (*fn)(const xt_chainlabel, int, struct xtc_handle *), int verbose, int builtinstoo, struct xtc_handle *handle);
+extern int flush_entries6(const xt_chainlabel chain, int verbose, struct xtc_handle *handle);
+extern int delete_chain6(const xt_chainlabel chain, int verbose, struct xtc_handle *handle);
+void print_rule6(const struct ip6t_entry *e, struct xtc_handle *h, const char *chain, int counters);
extern struct xtables_globals ip6tables_globals;
diff --git a/include/iptables.h b/include/iptables.h
index 84211c3..ac9dc0e 100644
--- a/include/iptables.h
+++ b/include/iptables.h
@@ -7,24 +7,16 @@
#include <iptables/internal.h>
/* Your shared library should call one of these. */
-extern int do_command(int argc, char *argv[], char **table,
- struct iptc_handle **handle);
-extern int delete_chain(const ipt_chainlabel chain, int verbose,
- struct iptc_handle *handle);
-extern int flush_entries(const ipt_chainlabel chain, int verbose,
- struct iptc_handle *handle);
-extern int for_each_chain(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
- int verbose, int builtinstoo, struct iptc_handle *handle);
-extern void print_rule(const struct ipt_entry *e,
- struct iptc_handle *handle, const char *chain, int counters);
-
-/* kernel revision handling */
-extern int kernel_version;
-extern void get_kernel_version(void);
-#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z)
-#define LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF)
-#define LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF)
-#define LINUX_VERSION_PATCH(x) ( (x) & 0xFF)
+extern int do_command4(int argc, char *argv[], char **table,
+ struct xtc_handle **handle, bool restore);
+extern int delete_chain4(const xt_chainlabel chain, int verbose,
+ struct xtc_handle *handle);
+extern int flush_entries4(const xt_chainlabel chain, int verbose,
+ struct xtc_handle *handle);
+extern int for_each_chain4(int (*fn)(const xt_chainlabel, int, struct xtc_handle *),
+ int verbose, int builtinstoo, struct xtc_handle *handle);
+extern void print_rule4(const struct ipt_entry *e,
+ struct xtc_handle *handle, const char *chain, int counters);
extern struct xtables_globals iptables_globals;
diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
index 33ec69d..9aed80a 100644
--- a/include/libiptc/libip6tc.h
+++ b/include/libiptc/libip6tc.h
@@ -10,15 +10,10 @@
# include <limits.h> /* INT_MAX in ip6_tables.h */
#endif
#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <libiptc/xtcshared.h>
-#ifndef IP6T_MIN_ALIGN
-#define IP6T_MIN_ALIGN (__alignof__(struct ip6t_entry))
-#endif
-#define IP6T_ALIGN(s) (((s) + (IP6T_MIN_ALIGN-1)) & ~(IP6T_MIN_ALIGN-1))
-
-struct ip6tc_handle;
-
-typedef char ip6t_chainlabel[32];
+#define ip6tc_handle xtc_handle
+#define ip6t_chainlabel xt_chainlabel
#define IP6TC_LABEL_ACCEPT "ACCEPT"
#define IP6TC_LABEL_DROP "DROP"
@@ -26,126 +21,132 @@ typedef char ip6t_chainlabel[32];
#define IP6TC_LABEL_RETURN "RETURN"
/* Does this chain exist? */
-int ip6tc_is_chain(const char *chain, struct ip6tc_handle *const handle);
+int ip6tc_is_chain(const char *chain, struct xtc_handle *const handle);
/* Take a snapshot of the rules. Returns NULL on error. */
-struct ip6tc_handle *ip6tc_init(const char *tablename);
+struct xtc_handle *ip6tc_init(const char *tablename);
/* Cleanup after ip6tc_init(). */
-void ip6tc_free(struct ip6tc_handle *h);
+void ip6tc_free(struct xtc_handle *h);
/* Iterator functions to run through the chains. Returns NULL at end. */
-const char *ip6tc_first_chain(struct ip6tc_handle *handle);
-const char *ip6tc_next_chain(struct ip6tc_handle *handle);
+const char *ip6tc_first_chain(struct xtc_handle *handle);
+const char *ip6tc_next_chain(struct xtc_handle *handle);
/* Get first rule in the given chain: NULL for empty chain. */
const struct ip6t_entry *ip6tc_first_rule(const char *chain,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Returns NULL when rules run out. */
const struct ip6t_entry *ip6tc_next_rule(const struct ip6t_entry *prev,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Returns a pointer to the target name of this position. */
const char *ip6tc_get_target(const struct ip6t_entry *e,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Is this a built-in chain? */
-int ip6tc_builtin(const char *chain, struct ip6tc_handle *const handle);
+int ip6tc_builtin(const char *chain, struct xtc_handle *const handle);
/* Get the policy of a given built-in chain */
const char *ip6tc_get_policy(const char *chain,
- struct ip6t_counters *counters,
- struct ip6tc_handle *handle);
+ struct xt_counters *counters,
+ struct xtc_handle *handle);
/* These functions return TRUE for OK or 0 and set errno. If errno ==
0, it means there was a version error (ie. upgrade libiptc). */
/* Rule numbers start at 1 for the first rule. */
/* Insert the entry `fw' in chain `chain' into position `rulenum'. */
-int ip6tc_insert_entry(const ip6t_chainlabel chain,
+int ip6tc_insert_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
unsigned int rulenum,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Atomically replace rule `rulenum' in `chain' with `fw'. */
-int ip6tc_replace_entry(const ip6t_chainlabel chain,
+int ip6tc_replace_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
unsigned int rulenum,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Append entry `fw' to chain `chain'. Equivalent to insert with
rulenum = length of chain. */
-int ip6tc_append_entry(const ip6t_chainlabel chain,
+int ip6tc_append_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
+
+/* Check whether a matching rule exists */
+int ip6tc_check_entry(const xt_chainlabel chain,
+ const struct ip6t_entry *origfw,
+ unsigned char *matchmask,
+ struct xtc_handle *handle);
/* Delete the first rule in `chain' which matches `fw'. */
-int ip6tc_delete_entry(const ip6t_chainlabel chain,
+int ip6tc_delete_entry(const xt_chainlabel chain,
const struct ip6t_entry *origfw,
unsigned char *matchmask,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Delete the rule in position `rulenum' in `chain'. */
-int ip6tc_delete_num_entry(const ip6t_chainlabel chain,
+int ip6tc_delete_num_entry(const xt_chainlabel chain,
unsigned int rulenum,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Check the packet `fw' on chain `chain'. Returns the verdict, or
NULL and sets errno. */
-const char *ip6tc_check_packet(const ip6t_chainlabel chain,
+const char *ip6tc_check_packet(const xt_chainlabel chain,
struct ip6t_entry *,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Flushes the entries in the given chain (ie. empties chain). */
-int ip6tc_flush_entries(const ip6t_chainlabel chain,
- struct ip6tc_handle *handle);
+int ip6tc_flush_entries(const xt_chainlabel chain,
+ struct xtc_handle *handle);
/* Zeroes the counters in a chain. */
-int ip6tc_zero_entries(const ip6t_chainlabel chain,
- struct ip6tc_handle *handle);
+int ip6tc_zero_entries(const xt_chainlabel chain,
+ struct xtc_handle *handle);
/* Creates a new chain. */
-int ip6tc_create_chain(const ip6t_chainlabel chain,
- struct ip6tc_handle *handle);
+int ip6tc_create_chain(const xt_chainlabel chain,
+ struct xtc_handle *handle);
/* Deletes a chain. */
-int ip6tc_delete_chain(const ip6t_chainlabel chain,
- struct ip6tc_handle *handle);
+int ip6tc_delete_chain(const xt_chainlabel chain,
+ struct xtc_handle *handle);
/* Renames a chain. */
-int ip6tc_rename_chain(const ip6t_chainlabel oldname,
- const ip6t_chainlabel newname,
- struct ip6tc_handle *handle);
+int ip6tc_rename_chain(const xt_chainlabel oldname,
+ const xt_chainlabel newname,
+ struct xtc_handle *handle);
/* Sets the policy on a built-in chain. */
-int ip6tc_set_policy(const ip6t_chainlabel chain,
- const ip6t_chainlabel policy,
- struct ip6t_counters *counters,
- struct ip6tc_handle *handle);
+int ip6tc_set_policy(const xt_chainlabel chain,
+ const xt_chainlabel policy,
+ struct xt_counters *counters,
+ struct xtc_handle *handle);
/* Get the number of references to this chain */
-int ip6tc_get_references(unsigned int *ref, const ip6t_chainlabel chain,
- struct ip6tc_handle *handle);
+int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain,
+ struct xtc_handle *handle);
/* read packet and byte counters for a specific rule */
-struct ip6t_counters *ip6tc_read_counter(const ip6t_chainlabel chain,
+struct xt_counters *ip6tc_read_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* zero packet and byte counters for a specific rule */
-int ip6tc_zero_counter(const ip6t_chainlabel chain,
+int ip6tc_zero_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* set packet and byte counters for a specific rule */
-int ip6tc_set_counter(const ip6t_chainlabel chain,
+int ip6tc_set_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct ip6t_counters *counters,
- struct ip6tc_handle *handle);
+ struct xt_counters *counters,
+ struct xtc_handle *handle);
/* Makes the actual changes. */
-int ip6tc_commit(struct ip6tc_handle *handle);
+int ip6tc_commit(struct xtc_handle *handle);
/* Get raw socket. */
int ip6tc_get_raw_socket(void);
@@ -153,9 +154,8 @@ int ip6tc_get_raw_socket(void);
/* Translates errno numbers into more human-readable form than strerror. */
const char *ip6tc_strerror(int err);
-/* Return prefix length, or -1 if not contiguous */
-int ipv6_prefix_length(const struct in6_addr *a);
+extern void dump_entries6(struct xtc_handle *const);
-extern void dump_entries6(struct ip6tc_handle *const);
+extern const struct xtc_ops ip6tc_ops;
#endif /* _LIBIP6TC_H */
diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h
index 5d782da..24cdbdb 100644
--- a/include/libiptc/libiptc.h
+++ b/include/libiptc/libiptc.h
@@ -10,23 +10,14 @@
# include <limits.h> /* INT_MAX in ip_tables.h */
#endif
#include <linux/netfilter_ipv4/ip_tables.h>
+#include <libiptc/xtcshared.h>
#ifdef __cplusplus
extern "C" {
#endif
-#ifndef IPT_MIN_ALIGN
-/* ipt_entry has pointers and u_int64_t's in it, so if you align to
- it, you'll also align to any crazy matches and targets someone
- might write */
-#define IPT_MIN_ALIGN (__alignof__(struct ipt_entry))
-#endif
-
-#define IPT_ALIGN(s) (((s) + ((IPT_MIN_ALIGN)-1)) & ~((IPT_MIN_ALIGN)-1))
-
-struct iptc_handle;
-
-typedef char ipt_chainlabel[32];
+#define iptc_handle xtc_handle
+#define ipt_chainlabel xt_chainlabel
#define IPTC_LABEL_ACCEPT "ACCEPT"
#define IPTC_LABEL_DROP "DROP"
@@ -34,128 +25,134 @@ typedef char ipt_chainlabel[32];
#define IPTC_LABEL_RETURN "RETURN"
/* Does this chain exist? */
-int iptc_is_chain(const char *chain, struct iptc_handle *const handle);
+int iptc_is_chain(const char *chain, struct xtc_handle *const handle);
/* Take a snapshot of the rules. Returns NULL on error. */
-struct iptc_handle *iptc_init(const char *tablename);
+struct xtc_handle *iptc_init(const char *tablename);
/* Cleanup after iptc_init(). */
-void iptc_free(struct iptc_handle *h);
+void iptc_free(struct xtc_handle *h);
/* Iterator functions to run through the chains. Returns NULL at end. */
-const char *iptc_first_chain(struct iptc_handle *handle);
-const char *iptc_next_chain(struct iptc_handle *handle);
+const char *iptc_first_chain(struct xtc_handle *handle);
+const char *iptc_next_chain(struct xtc_handle *handle);
/* Get first rule in the given chain: NULL for empty chain. */
const struct ipt_entry *iptc_first_rule(const char *chain,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Returns NULL when rules run out. */
const struct ipt_entry *iptc_next_rule(const struct ipt_entry *prev,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Returns a pointer to the target name of this entry. */
const char *iptc_get_target(const struct ipt_entry *e,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Is this a built-in chain? */
-int iptc_builtin(const char *chain, struct iptc_handle *const handle);
+int iptc_builtin(const char *chain, struct xtc_handle *const handle);
/* Get the policy of a given built-in chain */
const char *iptc_get_policy(const char *chain,
- struct ipt_counters *counter,
- struct iptc_handle *handle);
+ struct xt_counters *counter,
+ struct xtc_handle *handle);
/* These functions return TRUE for OK or 0 and set errno. If errno ==
0, it means there was a version error (ie. upgrade libiptc). */
/* Rule numbers start at 1 for the first rule. */
/* Insert the entry `e' in chain `chain' into position `rulenum'. */
-int iptc_insert_entry(const ipt_chainlabel chain,
+int iptc_insert_entry(const xt_chainlabel chain,
const struct ipt_entry *e,
unsigned int rulenum,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Atomically replace rule `rulenum' in `chain' with `e'. */
-int iptc_replace_entry(const ipt_chainlabel chain,
+int iptc_replace_entry(const xt_chainlabel chain,
const struct ipt_entry *e,
unsigned int rulenum,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Append entry `e' to chain `chain'. Equivalent to insert with
rulenum = length of chain. */
-int iptc_append_entry(const ipt_chainlabel chain,
+int iptc_append_entry(const xt_chainlabel chain,
const struct ipt_entry *e,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
+
+/* Check whether a mathching rule exists */
+int iptc_check_entry(const xt_chainlabel chain,
+ const struct ipt_entry *origfw,
+ unsigned char *matchmask,
+ struct xtc_handle *handle);
/* Delete the first rule in `chain' which matches `e', subject to
matchmask (array of length == origfw) */
-int iptc_delete_entry(const ipt_chainlabel chain,
+int iptc_delete_entry(const xt_chainlabel chain,
const struct ipt_entry *origfw,
unsigned char *matchmask,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Delete the rule in position `rulenum' in `chain'. */
-int iptc_delete_num_entry(const ipt_chainlabel chain,
+int iptc_delete_num_entry(const xt_chainlabel chain,
unsigned int rulenum,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Check the packet `e' on chain `chain'. Returns the verdict, or
NULL and sets errno. */
-const char *iptc_check_packet(const ipt_chainlabel chain,
+const char *iptc_check_packet(const xt_chainlabel chain,
struct ipt_entry *entry,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Flushes the entries in the given chain (ie. empties chain). */
-int iptc_flush_entries(const ipt_chainlabel chain,
- struct iptc_handle *handle);
+int iptc_flush_entries(const xt_chainlabel chain,
+ struct xtc_handle *handle);
/* Zeroes the counters in a chain. */
-int iptc_zero_entries(const ipt_chainlabel chain,
- struct iptc_handle *handle);
+int iptc_zero_entries(const xt_chainlabel chain,
+ struct xtc_handle *handle);
/* Creates a new chain. */
-int iptc_create_chain(const ipt_chainlabel chain,
- struct iptc_handle *handle);
+int iptc_create_chain(const xt_chainlabel chain,
+ struct xtc_handle *handle);
/* Deletes a chain. */
-int iptc_delete_chain(const ipt_chainlabel chain,
- struct iptc_handle *handle);
+int iptc_delete_chain(const xt_chainlabel chain,
+ struct xtc_handle *handle);
/* Renames a chain. */
-int iptc_rename_chain(const ipt_chainlabel oldname,
- const ipt_chainlabel newname,
- struct iptc_handle *handle);
+int iptc_rename_chain(const xt_chainlabel oldname,
+ const xt_chainlabel newname,
+ struct xtc_handle *handle);
/* Sets the policy on a built-in chain. */
-int iptc_set_policy(const ipt_chainlabel chain,
- const ipt_chainlabel policy,
- struct ipt_counters *counters,
- struct iptc_handle *handle);
+int iptc_set_policy(const xt_chainlabel chain,
+ const xt_chainlabel policy,
+ struct xt_counters *counters,
+ struct xtc_handle *handle);
/* Get the number of references to this chain */
int iptc_get_references(unsigned int *ref,
- const ipt_chainlabel chain,
- struct iptc_handle *handle);
+ const xt_chainlabel chain,
+ struct xtc_handle *handle);
/* read packet and byte counters for a specific rule */
-struct ipt_counters *iptc_read_counter(const ipt_chainlabel chain,
+struct xt_counters *iptc_read_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* zero packet and byte counters for a specific rule */
-int iptc_zero_counter(const ipt_chainlabel chain,
+int iptc_zero_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* set packet and byte counters for a specific rule */
-int iptc_set_counter(const ipt_chainlabel chain,
+int iptc_set_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct ipt_counters *counters,
- struct iptc_handle *handle);
+ struct xt_counters *counters,
+ struct xtc_handle *handle);
/* Makes the actual changes. */
-int iptc_commit(struct iptc_handle *handle);
+int iptc_commit(struct xtc_handle *handle);
/* Get raw socket. */
int iptc_get_raw_socket(void);
@@ -163,7 +160,9 @@ int iptc_get_raw_socket(void);
/* Translates errno numbers into more human-readable form than strerror. */
const char *iptc_strerror(int err);
-extern void dump_entries(struct iptc_handle *const);
+extern void dump_entries(struct xtc_handle *const);
+
+extern const struct xtc_ops iptc_ops;
#ifdef __cplusplus
}
diff --git a/include/libiptc/xtcshared.h b/include/libiptc/xtcshared.h
new file mode 100644
index 0000000..773ebc4
--- /dev/null
+++ b/include/libiptc/xtcshared.h
@@ -0,0 +1,20 @@
+#ifndef _LIBXTC_SHARED_H
+#define _LIBXTC_SHARED_H 1
+
+typedef char xt_chainlabel[32];
+struct xtc_handle;
+struct xt_counters;
+
+struct xtc_ops {
+ int (*commit)(struct xtc_handle *);
+ void (*free)(struct xtc_handle *);
+ int (*builtin)(const char *, struct xtc_handle *const);
+ int (*is_chain)(const char *, struct xtc_handle *const);
+ int (*flush_entries)(const xt_chainlabel, struct xtc_handle *);
+ int (*create_chain)(const xt_chainlabel, struct xtc_handle *);
+ int (*set_policy)(const xt_chainlabel, const xt_chainlabel,
+ struct xt_counters *, struct xtc_handle *);
+ const char *(*strerror)(int);
+};
+
+#endif /* _LIBXTC_SHARED_H */
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index d1671a0..d4c59f6 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -8,7 +8,6 @@
#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask))
-
#define SI_LOAD_SHIFT 16
struct sysinfo {
long uptime; /* Seconds since boot */
@@ -27,36 +26,4 @@ struct sysinfo {
char _f[20-2*sizeof(long)-sizeof(int)]; /* Padding: libc5 uses this.. */
};
-/* Force a compilation error if condition is true */
-#define BUILD_BUG_ON(condition) ((void)BUILD_BUG_ON_ZERO(condition))
-
-/* Force a compilation error if condition is constant and true */
-#define MAYBE_BUILD_BUG_ON(cond) ((void)sizeof(char[1 - 2 * !!(cond)]))
-
-/* Force a compilation error if a constant expression is not a power of 2 */
-#define BUILD_BUG_ON_NOT_POWER_OF_2(n) \
- BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
-
-/* Force a compilation error if condition is true, but also produce a
- result (of value 0 and type size_t), so the expression can be used
- e.g. in a structure initializer (or where-ever else comma expressions
- aren't permitted). */
-#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
-#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
-
-/* Trap pasters of __FUNCTION__ at compile-time */
-#define __FUNCTION__ (__func__)
-
-/* This helps us to avoid #ifdef CONFIG_NUMA */
-#ifdef CONFIG_NUMA
-#define NUMA_BUILD 1
-#else
-#define NUMA_BUILD 0
-#endif
-
-/* Rebuild everything on CONFIG_FTRACE_MCOUNT_RECORD */
-#ifdef CONFIG_FTRACE_MCOUNT_RECORD
-# define REBUILD_DUE_TO_FTRACE_MCOUNT_RECORD
-#endif
-
#endif
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 2eb00b6..5477131 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -3,6 +3,7 @@
#include <linux/types.h>
+#include <linux/sysctl.h>
/* Responses from hook functions. */
#define NF_DROP 0
@@ -14,14 +15,20 @@
#define NF_MAX_VERDICT NF_STOP
/* we overload the higher bits for encoding auxiliary data such as the queue
- * number. Not nice, but better than additional function arguments. */
-#define NF_VERDICT_MASK 0x0000ffff
-#define NF_VERDICT_BITS 16
+ * number or errno values. Not nice, but better than additional function
+ * arguments. */
+#define NF_VERDICT_MASK 0x000000ff
+
+/* extra verdict flags have mask 0x0000ff00 */
+#define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000
+/* queue number (NF_QUEUE) or errno (NF_DROP) */
#define NF_VERDICT_QMASK 0xffff0000
#define NF_VERDICT_QBITS 16
-#define NF_QUEUE_NR(x) ((((x) << NF_VERDICT_BITS) & NF_VERDICT_QMASK) | NF_QUEUE)
+#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE)
+
+#define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP)
/* only for userspace compatibility */
/* Generic cache responses from hook functions.
@@ -29,6 +36,9 @@
#define NFC_UNKNOWN 0x4000
#define NFC_ALTERED 0x8000
+/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */
+#define NF_VERDICT_BITS 16
+
enum nf_inet_hooks {
NF_INET_PRE_ROUTING,
NF_INET_LOCAL_IN,
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
new file mode 100644
index 0000000..0dcf5dd
--- /dev/null
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -0,0 +1,268 @@
+/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
+ * Patrick Schaaf <bof@bof.de>
+ * Martin Josefsson <gandalf@wlug.westbo.se>
+ * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef _UAPI_IP_SET_H
+#define _UAPI_IP_SET_H
+
+
+#include <linux/types.h>
+
+/* The protocol version */
+#define IPSET_PROTOCOL 6
+
+/* The max length of strings including NUL: set and type identifiers */
+#define IPSET_MAXNAMELEN 32
+
+/* Message types and commands */
+enum ipset_cmd {
+ IPSET_CMD_NONE,
+ IPSET_CMD_PROTOCOL, /* 1: Return protocol version */
+ IPSET_CMD_CREATE, /* 2: Create a new (empty) set */
+ IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */
+ IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */
+ IPSET_CMD_RENAME, /* 5: Rename a set */
+ IPSET_CMD_SWAP, /* 6: Swap two sets */
+ IPSET_CMD_LIST, /* 7: List sets */
+ IPSET_CMD_SAVE, /* 8: Save sets */
+ IPSET_CMD_ADD, /* 9: Add an element to a set */
+ IPSET_CMD_DEL, /* 10: Delete an element from a set */
+ IPSET_CMD_TEST, /* 11: Test an element in a set */
+ IPSET_CMD_HEADER, /* 12: Get set header data only */
+ IPSET_CMD_TYPE, /* 13: Get set type */
+ IPSET_MSG_MAX, /* Netlink message commands */
+
+ /* Commands in userspace: */
+ IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
+ IPSET_CMD_HELP, /* 15: Get help */
+ IPSET_CMD_VERSION, /* 16: Get program version */
+ IPSET_CMD_QUIT, /* 17: Quit from interactive mode */
+
+ IPSET_CMD_MAX,
+
+ IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
+};
+
+/* Attributes at command level */
+enum {
+ IPSET_ATTR_UNSPEC,
+ IPSET_ATTR_PROTOCOL, /* 1: Protocol version */
+ IPSET_ATTR_SETNAME, /* 2: Name of the set */
+ IPSET_ATTR_TYPENAME, /* 3: Typename */
+ IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
+ IPSET_ATTR_REVISION, /* 4: Settype revision */
+ IPSET_ATTR_FAMILY, /* 5: Settype family */
+ IPSET_ATTR_FLAGS, /* 6: Flags at command level */
+ IPSET_ATTR_DATA, /* 7: Nested attributes */
+ IPSET_ATTR_ADT, /* 8: Multiple data containers */
+ IPSET_ATTR_LINENO, /* 9: Restore lineno */
+ IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
+ IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
+ __IPSET_ATTR_CMD_MAX,
+};
+#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1)
+
+/* CADT specific attributes */
+enum {
+ IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
+ IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
+ IPSET_ATTR_IP_TO, /* 2 */
+ IPSET_ATTR_CIDR, /* 3 */
+ IPSET_ATTR_PORT, /* 4 */
+ IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
+ IPSET_ATTR_PORT_TO, /* 5 */
+ IPSET_ATTR_TIMEOUT, /* 6 */
+ IPSET_ATTR_PROTO, /* 7 */
+ IPSET_ATTR_CADT_FLAGS, /* 8 */
+ IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
+ /* Reserve empty slots */
+ IPSET_ATTR_CADT_MAX = 16,
+ /* Create-only specific attributes */
+ IPSET_ATTR_GC,
+ IPSET_ATTR_HASHSIZE,
+ IPSET_ATTR_MAXELEM,
+ IPSET_ATTR_NETMASK,
+ IPSET_ATTR_PROBES,
+ IPSET_ATTR_RESIZE,
+ IPSET_ATTR_SIZE,
+ /* Kernel-only */
+ IPSET_ATTR_ELEMENTS,
+ IPSET_ATTR_REFERENCES,
+ IPSET_ATTR_MEMSIZE,
+
+ __IPSET_ATTR_CREATE_MAX,
+};
+#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1)
+
+/* ADT specific attributes */
+enum {
+ IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
+ IPSET_ATTR_NAME,
+ IPSET_ATTR_NAMEREF,
+ IPSET_ATTR_IP2,
+ IPSET_ATTR_CIDR2,
+ IPSET_ATTR_IP2_TO,
+ IPSET_ATTR_IFACE,
+ IPSET_ATTR_BYTES,
+ IPSET_ATTR_PACKETS,
+ __IPSET_ATTR_ADT_MAX,
+};
+#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
+
+/* IP specific attributes */
+enum {
+ IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
+ IPSET_ATTR_IPADDR_IPV6,
+ __IPSET_ATTR_IPADDR_MAX,
+};
+#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1)
+
+/* Error codes */
+enum ipset_errno {
+ IPSET_ERR_PRIVATE = 4096,
+ IPSET_ERR_PROTOCOL,
+ IPSET_ERR_FIND_TYPE,
+ IPSET_ERR_MAX_SETS,
+ IPSET_ERR_BUSY,
+ IPSET_ERR_EXIST_SETNAME2,
+ IPSET_ERR_TYPE_MISMATCH,
+ IPSET_ERR_EXIST,
+ IPSET_ERR_INVALID_CIDR,
+ IPSET_ERR_INVALID_NETMASK,
+ IPSET_ERR_INVALID_FAMILY,
+ IPSET_ERR_TIMEOUT,
+ IPSET_ERR_REFERENCED,
+ IPSET_ERR_IPADDR_IPV4,
+ IPSET_ERR_IPADDR_IPV6,
+ IPSET_ERR_COUNTER,
+
+ /* Type specific error codes */
+ IPSET_ERR_TYPE_SPECIFIC = 4352,
+};
+
+/* Flags at command level or match/target flags, lower half of cmdattrs */
+enum ipset_cmd_flags {
+ IPSET_FLAG_BIT_EXIST = 0,
+ IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
+ IPSET_FLAG_BIT_LIST_SETNAME = 1,
+ IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
+ IPSET_FLAG_BIT_LIST_HEADER = 2,
+ IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER),
+ IPSET_FLAG_BIT_SKIP_COUNTER_UPDATE = 3,
+ IPSET_FLAG_SKIP_COUNTER_UPDATE =
+ (1 << IPSET_FLAG_BIT_SKIP_COUNTER_UPDATE),
+ IPSET_FLAG_BIT_SKIP_SUBCOUNTER_UPDATE = 4,
+ IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE =
+ (1 << IPSET_FLAG_BIT_SKIP_SUBCOUNTER_UPDATE),
+ IPSET_FLAG_BIT_MATCH_COUNTERS = 5,
+ IPSET_FLAG_MATCH_COUNTERS = (1 << IPSET_FLAG_BIT_MATCH_COUNTERS),
+ IPSET_FLAG_BIT_RETURN_NOMATCH = 7,
+ IPSET_FLAG_RETURN_NOMATCH = (1 << IPSET_FLAG_BIT_RETURN_NOMATCH),
+ IPSET_FLAG_CMD_MAX = 15,
+};
+
+/* Flags at CADT attribute level, upper half of cmdattrs */
+enum ipset_cadt_flags {
+ IPSET_FLAG_BIT_BEFORE = 0,
+ IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
+ IPSET_FLAG_BIT_PHYSDEV = 1,
+ IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV),
+ IPSET_FLAG_BIT_NOMATCH = 2,
+ IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH),
+ IPSET_FLAG_BIT_WITH_COUNTERS = 3,
+ IPSET_FLAG_WITH_COUNTERS = (1 << IPSET_FLAG_BIT_WITH_COUNTERS),
+ IPSET_FLAG_CADT_MAX = 15,
+};
+
+/* Commands with settype-specific attributes */
+enum ipset_adt {
+ IPSET_ADD,
+ IPSET_DEL,
+ IPSET_TEST,
+ IPSET_ADT_MAX,
+ IPSET_CREATE = IPSET_ADT_MAX,
+ IPSET_CADT_MAX,
+};
+
+/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
+ * and IPSET_INVALID_ID if you want to increase the max number of sets.
+ */
+typedef __u16 ip_set_id_t;
+
+#define IPSET_INVALID_ID 65535
+
+enum ip_set_dim {
+ IPSET_DIM_ZERO = 0,
+ IPSET_DIM_ONE,
+ IPSET_DIM_TWO,
+ IPSET_DIM_THREE,
+ /* Max dimension in elements.
+ * If changed, new revision of iptables match/target is required.
+ */
+ IPSET_DIM_MAX = 6,
+ /* Backward compatibility: set match revision 2 */
+ IPSET_BIT_RETURN_NOMATCH = 7,
+};
+
+/* Option flags for kernel operations */
+enum ip_set_kopt {
+ IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
+ IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
+ IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
+ IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
+ IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
+};
+
+enum {
+ IPSET_COUNTER_NONE = 0,
+ IPSET_COUNTER_EQ,
+ IPSET_COUNTER_NE,
+ IPSET_COUNTER_LT,
+ IPSET_COUNTER_GT,
+};
+
+struct ip_set_counter_match {
+ __u8 op;
+ __u64 value;
+};
+
+/* Interface to iptables/ip6tables */
+
+#define SO_IP_SET 83
+
+union ip_set_name_index {
+ char name[IPSET_MAXNAMELEN];
+ ip_set_id_t index;
+};
+
+#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
+struct ip_set_req_get_set {
+ unsigned int op;
+ unsigned int version;
+ union ip_set_name_index set;
+};
+
+#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
+/* Uses ip_set_req_get_set */
+
+#define IP_SET_OP_GET_FNAME 0x00000008 /* Get set index and family */
+struct ip_set_req_get_set_family {
+ unsigned int op;
+ unsigned int version;
+ unsigned int family;
+ union ip_set_name_index set;
+};
+
+
+#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
+struct ip_set_req_version {
+ unsigned int op;
+ unsigned int version;
+};
+
+#endif /* _UAPI_IP_SET_H */
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index 34a7fc6..38aa52d 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -18,6 +18,9 @@ enum ip_conntrack_info {
/* >= this indicates reply direction */
IP_CT_IS_REPLY,
+ IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
+ IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
+ IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY,
/* Number of distinct IP_CT types (no NEW in reply dirn). */
IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
};
@@ -76,6 +79,10 @@ enum ip_conntrack_status {
/* Conntrack is a template */
IPS_TEMPLATE_BIT = 11,
IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
+
+ /* Conntrack is a fake untracked entry */
+ IPS_UNTRACKED_BIT = 12,
+ IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
};
/* Connection tracking event types */
@@ -94,6 +101,13 @@ enum ip_conntrack_events {
enum ip_conntrack_expect_events {
IPEXP_NEW, /* new expectation */
+ IPEXP_DESTROY, /* destroyed expectation */
};
+/* expectation flags */
+#define NF_CT_EXPECT_PERMANENT 0x1
+#define NF_CT_EXPECT_INACTIVE 0x2
+#define NF_CT_EXPECT_USERSPACE 0x4
+
+
#endif /* _NF_CONNTRACK_COMMON_H */
diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h
index 8e145f0..2f6bbc5 100644
--- a/include/linux/netfilter/nf_conntrack_tuple_common.h
+++ b/include/linux/netfilter/nf_conntrack_tuple_common.h
@@ -1,13 +1,39 @@
#ifndef _NF_CONNTRACK_TUPLE_COMMON_H
#define _NF_CONNTRACK_TUPLE_COMMON_H
-enum ip_conntrack_dir
-{
+enum ip_conntrack_dir {
IP_CT_DIR_ORIGINAL,
IP_CT_DIR_REPLY,
IP_CT_DIR_MAX
};
+/* The protocol-specific manipulable parts of the tuple: always in
+ * network order
+ */
+union nf_conntrack_man_proto {
+ /* Add other protocols here. */
+ __be16 all;
+
+ struct {
+ __be16 port;
+ } tcp;
+ struct {
+ __be16 port;
+ } udp;
+ struct {
+ __be16 id;
+ } icmp;
+ struct {
+ __be16 port;
+ } dccp;
+ struct {
+ __be16 port;
+ } sctp;
+ struct {
+ __be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
+ } gre;
+};
+
#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
#endif /* _NF_CONNTRACK_TUPLE_COMMON_H */
diff --git a/include/linux/netfilter/nf_nat.h b/include/linux/netfilter/nf_nat.h
new file mode 100644
index 0000000..bf0cc37
--- /dev/null
+++ b/include/linux/netfilter/nf_nat.h
@@ -0,0 +1,33 @@
+#ifndef _NETFILTER_NF_NAT_H
+#define _NETFILTER_NF_NAT_H
+
+#include <linux/netfilter.h>
+#include <linux/netfilter/nf_conntrack_tuple_common.h>
+
+#define NF_NAT_RANGE_MAP_IPS 1
+#define NF_NAT_RANGE_PROTO_SPECIFIED 2
+#define NF_NAT_RANGE_PROTO_RANDOM 4
+#define NF_NAT_RANGE_PERSISTENT 8
+
+struct nf_nat_ipv4_range {
+ unsigned int flags;
+ __be32 min_ip;
+ __be32 max_ip;
+ union nf_conntrack_man_proto min;
+ union nf_conntrack_man_proto max;
+};
+
+struct nf_nat_ipv4_multi_range_compat {
+ unsigned int rangesize;
+ struct nf_nat_ipv4_range range[1];
+};
+
+struct nf_nat_range {
+ unsigned int flags;
+ union nf_inet_addr min_addr;
+ union nf_inet_addr max_addr;
+ union nf_conntrack_man_proto min_proto;
+ union nf_conntrack_man_proto max_proto;
+};
+
+#endif /* _NETFILTER_NF_NAT_H */
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index fa2d957..4120970 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -66,6 +66,11 @@ struct xt_standard_target {
int verdict;
};
+struct xt_error_target {
+ struct xt_entry_target target;
+ char errorname[XT_FUNCTION_MAXNAMELEN];
+};
+
/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
struct xt_get_revision {
diff --git a/include/linux/netfilter/xt_AUDIT.h b/include/linux/netfilter/xt_AUDIT.h
new file mode 100644
index 0000000..38751d2
--- /dev/null
+++ b/include/linux/netfilter/xt_AUDIT.h
@@ -0,0 +1,30 @@
+/*
+ * Header file for iptables xt_AUDIT target
+ *
+ * (C) 2010-2011 Thomas Graf <tgraf@redhat.com>
+ * (C) 2010-2011 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef _XT_AUDIT_TARGET_H
+#define _XT_AUDIT_TARGET_H
+
+#include <linux/types.h>
+
+enum {
+ XT_AUDIT_TYPE_ACCEPT = 0,
+ XT_AUDIT_TYPE_DROP,
+ XT_AUDIT_TYPE_REJECT,
+ __XT_AUDIT_TYPE_MAX,
+};
+
+#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1)
+
+struct xt_audit_info {
+ __u8 type; /* XT_AUDIT_TYPE_* */
+};
+
+#endif /* _XT_AUDIT_TARGET_H */
diff --git a/include/linux/netfilter/xt_CHECKSUM.h b/include/linux/netfilter/xt_CHECKSUM.h
new file mode 100644
index 0000000..9a2e466
--- /dev/null
+++ b/include/linux/netfilter/xt_CHECKSUM.h
@@ -0,0 +1,20 @@
+/* Header file for iptables ipt_CHECKSUM target
+ *
+ * (C) 2002 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2010 Red Hat Inc
+ * Author: Michael S. Tsirkin <mst@redhat.com>
+ *
+ * This software is distributed under GNU GPL v2, 1991
+*/
+#ifndef _XT_CHECKSUM_TARGET_H
+#define _XT_CHECKSUM_TARGET_H
+
+#include <linux/types.h>
+
+#define XT_CHECKSUM_OP_FILL 0x01 /* fill in checksum in IP header */
+
+struct xt_CHECKSUM_info {
+ __u8 operation; /* bitset of operations */
+};
+
+#endif /* _XT_CHECKSUM_TARGET_H */
diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h
index 1b56410..54528fd 100644
--- a/include/linux/netfilter/xt_CT.h
+++ b/include/linux/netfilter/xt_CT.h
@@ -1,14 +1,31 @@
#ifndef _XT_CT_H
#define _XT_CT_H
-#define XT_CT_NOTRACK 0x1
+#include <linux/types.h>
+
+enum {
+ XT_CT_NOTRACK = 1 << 0,
+ XT_CT_NOTRACK_ALIAS = 1 << 1,
+};
struct xt_ct_target_info {
- u_int16_t flags;
- u_int16_t zone;
- u_int32_t ct_events;
- u_int32_t exp_events;
- char helper[16];
+ __u16 flags;
+ __u16 zone;
+ __u32 ct_events;
+ __u32 exp_events;
+ char helper[16];
+
+ /* Used internally by the kernel */
+ struct nf_conn *ct __attribute__((aligned(8)));
+};
+
+struct xt_ct_target_info_v1 {
+ __u16 flags;
+ __u16 zone;
+ __u32 ct_events;
+ __u32 exp_events;
+ char helper[16];
+ char timeout[32];
/* Used internally by the kernel */
struct nf_conn *ct __attribute__((aligned(8)));
diff --git a/include/linux/netfilter/xt_HMARK.h b/include/linux/netfilter/xt_HMARK.h
new file mode 100644
index 0000000..826fc58
--- /dev/null
+++ b/include/linux/netfilter/xt_HMARK.h
@@ -0,0 +1,50 @@
+#ifndef XT_HMARK_H_
+#define XT_HMARK_H_
+
+#include <linux/types.h>
+
+enum {
+ XT_HMARK_SADDR_MASK,
+ XT_HMARK_DADDR_MASK,
+ XT_HMARK_SPI,
+ XT_HMARK_SPI_MASK,
+ XT_HMARK_SPORT,
+ XT_HMARK_DPORT,
+ XT_HMARK_SPORT_MASK,
+ XT_HMARK_DPORT_MASK,
+ XT_HMARK_PROTO_MASK,
+ XT_HMARK_RND,
+ XT_HMARK_MODULUS,
+ XT_HMARK_OFFSET,
+ XT_HMARK_CT,
+ XT_HMARK_METHOD_L3,
+ XT_HMARK_METHOD_L3_4,
+};
+#define XT_HMARK_FLAG(flag) (1 << flag)
+
+union hmark_ports {
+ struct {
+ __u16 src;
+ __u16 dst;
+ } p16;
+ struct {
+ __be16 src;
+ __be16 dst;
+ } b16;
+ __u32 v32;
+ __be32 b32;
+};
+
+struct xt_hmark_info {
+ union nf_inet_addr src_mask;
+ union nf_inet_addr dst_mask;
+ union hmark_ports port_mask;
+ union hmark_ports port_set;
+ __u32 flags;
+ __u16 proto_mask;
+ __u32 hashrnd;
+ __u32 hmodulus;
+ __u32 hoffset; /* Mark offset to start from */
+};
+
+#endif /* XT_HMARK_H_ */
diff --git a/include/linux/netfilter/xt_IDLETIMER.h b/include/linux/netfilter/xt_IDLETIMER.h
new file mode 100644
index 0000000..208ae93
--- /dev/null
+++ b/include/linux/netfilter/xt_IDLETIMER.h
@@ -0,0 +1,45 @@
+/*
+ * linux/include/linux/netfilter/xt_IDLETIMER.h
+ *
+ * Header file for Xtables timer target module.
+ *
+ * Copyright (C) 2004, 2010 Nokia Corporation
+ * Written by Timo Teras <ext-timo.teras@nokia.com>
+ *
+ * Converted to x_tables and forward-ported to 2.6.34
+ * by Luciano Coelho <luciano.coelho@nokia.com>
+ *
+ * Contact: Luciano Coelho <luciano.coelho@nokia.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * version 2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#ifndef _XT_IDLETIMER_H
+#define _XT_IDLETIMER_H
+
+#include <linux/types.h>
+
+#define MAX_IDLETIMER_LABEL_SIZE 28
+
+struct idletimer_tg_info {
+ __u32 timeout;
+
+ char label[MAX_IDLETIMER_LABEL_SIZE];
+
+ /* for kernel module internal use only */
+ struct idletimer_tg *timer __attribute__((aligned(8)));
+};
+
+#endif
diff --git a/include/linux/netfilter/xt_NFQUEUE.h b/include/linux/netfilter/xt_NFQUEUE.h
index 2584f4a..8bb5fe6 100644
--- a/include/linux/netfilter/xt_NFQUEUE.h
+++ b/include/linux/netfilter/xt_NFQUEUE.h
@@ -20,4 +20,19 @@ struct xt_NFQ_info_v1 {
__u16 queues_total;
};
+struct xt_NFQ_info_v2 {
+ __u16 queuenum;
+ __u16 queues_total;
+ __u16 bypass;
+};
+
+struct xt_NFQ_info_v3 {
+ __u16 queuenum;
+ __u16 queues_total;
+ __u16 flags;
+#define NFQ_FLAG_BYPASS 0x01 /* for compatibility with v2 */
+#define NFQ_FLAG_CPU_FANOUT 0x02 /* use current CPU (no hashing) */
+#define NFQ_FLAG_MASK 0x03
+};
+
#endif /* _XT_NFQ_TARGET_H */
diff --git a/include/linux/netfilter/xt_SECMARK.h b/include/linux/netfilter/xt_SECMARK.h
index 6fcd344..989092b 100644
--- a/include/linux/netfilter/xt_SECMARK.h
+++ b/include/linux/netfilter/xt_SECMARK.h
@@ -11,18 +11,12 @@
* packets are being marked for.
*/
#define SECMARK_MODE_SEL 0x01 /* SELinux */
-#define SECMARK_SELCTX_MAX 256
-
-struct xt_secmark_target_selinux_info {
- __u32 selsid;
- char selctx[SECMARK_SELCTX_MAX];
-};
+#define SECMARK_SECCTX_MAX 256
struct xt_secmark_target_info {
__u8 mode;
- union {
- struct xt_secmark_target_selinux_info sel;
- } u;
+ __u32 secid;
+ char secctx[SECMARK_SECCTX_MAX];
};
#endif /*_XT_SECMARK_H_target */
diff --git a/include/linux/netfilter/xt_SYNPROXY.h b/include/linux/netfilter/xt_SYNPROXY.h
new file mode 100644
index 0000000..2d59fba
--- /dev/null
+++ b/include/linux/netfilter/xt_SYNPROXY.h
@@ -0,0 +1,16 @@
+#ifndef _XT_SYNPROXY_H
+#define _XT_SYNPROXY_H
+
+#define XT_SYNPROXY_OPT_MSS 0x01
+#define XT_SYNPROXY_OPT_WSCALE 0x02
+#define XT_SYNPROXY_OPT_SACK_PERM 0x04
+#define XT_SYNPROXY_OPT_TIMESTAMP 0x08
+#define XT_SYNPROXY_OPT_ECN 0x10
+
+struct xt_synproxy_info {
+ __u8 options;
+ __u8 wscale;
+ __u16 mss;
+};
+
+#endif /* _XT_SYNPROXY_H */
diff --git a/include/linux/netfilter/xt_TCPOPTSTRIP.h b/include/linux/netfilter/xt_TCPOPTSTRIP.h
index 2db5432..7157318 100644
--- a/include/linux/netfilter/xt_TCPOPTSTRIP.h
+++ b/include/linux/netfilter/xt_TCPOPTSTRIP.h
@@ -1,13 +1,15 @@
#ifndef _XT_TCPOPTSTRIP_H
#define _XT_TCPOPTSTRIP_H
+#include <linux/types.h>
+
#define tcpoptstrip_set_bit(bmap, idx) \
(bmap[(idx) >> 5] |= 1U << (idx & 31))
#define tcpoptstrip_test_bit(bmap, idx) \
(((1U << (idx & 31)) & bmap[(idx) >> 5]) != 0)
struct xt_tcpoptstrip_target_info {
- u_int32_t strip_bmap[8];
+ __u32 strip_bmap[8];
};
#endif /* _XT_TCPOPTSTRIP_H */
diff --git a/include/linux/netfilter/xt_TPROXY.h b/include/linux/netfilter/xt_TPROXY.h
index 152e8f9..902043c 100644
--- a/include/linux/netfilter/xt_TPROXY.h
+++ b/include/linux/netfilter/xt_TPROXY.h
@@ -1,14 +1,23 @@
-#ifndef _XT_TPROXY_H_target
-#define _XT_TPROXY_H_target
+#ifndef _XT_TPROXY_H
+#define _XT_TPROXY_H
+
+#include <linux/types.h>
/* TPROXY target is capable of marking the packet to perform
* redirection. We can get rid of that whenever we get support for
* mutliple targets in the same rule. */
struct xt_tproxy_target_info {
- u_int32_t mark_mask;
- u_int32_t mark_value;
+ __u32 mark_mask;
+ __u32 mark_value;
__be32 laddr;
__be16 lport;
};
-#endif /* _XT_TPROXY_H_target */
+struct xt_tproxy_target_info_v1 {
+ __u32 mark_mask;
+ __u32 mark_value;
+ union nf_inet_addr laddr;
+ __be16 lport;
+};
+
+#endif /* _XT_TPROXY_H */
diff --git a/include/linux/netfilter/xt_addrtype.h b/include/linux/netfilter/xt_addrtype.h
new file mode 100644
index 0000000..b156baa
--- /dev/null
+++ b/include/linux/netfilter/xt_addrtype.h
@@ -0,0 +1,44 @@
+#ifndef _XT_ADDRTYPE_H
+#define _XT_ADDRTYPE_H
+
+#include <linux/types.h>
+
+enum {
+ XT_ADDRTYPE_INVERT_SOURCE = 0x0001,
+ XT_ADDRTYPE_INVERT_DEST = 0x0002,
+ XT_ADDRTYPE_LIMIT_IFACE_IN = 0x0004,
+ XT_ADDRTYPE_LIMIT_IFACE_OUT = 0x0008,
+};
+
+
+/* rtn_type enum values from rtnetlink.h, but shifted */
+enum {
+ XT_ADDRTYPE_UNSPEC = 1 << 0,
+ XT_ADDRTYPE_UNICAST = 1 << 1, /* 1 << RTN_UNICAST */
+ XT_ADDRTYPE_LOCAL = 1 << 2, /* 1 << RTN_LOCAL, etc */
+ XT_ADDRTYPE_BROADCAST = 1 << 3,
+ XT_ADDRTYPE_ANYCAST = 1 << 4,
+ XT_ADDRTYPE_MULTICAST = 1 << 5,
+ XT_ADDRTYPE_BLACKHOLE = 1 << 6,
+ XT_ADDRTYPE_UNREACHABLE = 1 << 7,
+ XT_ADDRTYPE_PROHIBIT = 1 << 8,
+ XT_ADDRTYPE_THROW = 1 << 9,
+ XT_ADDRTYPE_NAT = 1 << 10,
+ XT_ADDRTYPE_XRESOLVE = 1 << 11,
+};
+
+struct xt_addrtype_info_v1 {
+ __u16 source; /* source-type mask */
+ __u16 dest; /* dest-type mask */
+ __u32 flags;
+};
+
+/* revision 0 */
+struct xt_addrtype_info {
+ __u16 source; /* source-type mask */
+ __u16 dest; /* dest-type mask */
+ __u32 invert_source;
+ __u32 invert_dest;
+};
+
+#endif
diff --git a/include/linux/netfilter/xt_bpf.h b/include/linux/netfilter/xt_bpf.h
new file mode 100644
index 0000000..5dda450
--- /dev/null
+++ b/include/linux/netfilter/xt_bpf.h
@@ -0,0 +1,17 @@
+#ifndef _XT_BPF_H
+#define _XT_BPF_H
+
+#include <linux/filter.h>
+#include <linux/types.h>
+
+#define XT_BPF_MAX_NUM_INSTR 64
+
+struct xt_bpf_info {
+ __u16 bpf_program_num_elem;
+ struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR];
+
+ /* only used in the kernel */
+ struct sk_filter *filter __attribute__((aligned(8)));
+};
+
+#endif /*_XT_BPF_H */
diff --git a/include/linux/netfilter/xt_cgroup.h b/include/linux/netfilter/xt_cgroup.h
new file mode 100644
index 0000000..943d3a0
--- /dev/null
+++ b/include/linux/netfilter/xt_cgroup.h
@@ -0,0 +1,11 @@
+#ifndef _XT_CGROUP_H
+#define _XT_CGROUP_H
+
+#include <linux/types.h>
+
+struct xt_cgroup_info {
+ __u32 id;
+ __u32 invert;
+};
+
+#endif /* _XT_CGROUP_H */
diff --git a/include/linux/netfilter/xt_cluster.h b/include/linux/netfilter/xt_cluster.h
index 8866826..9b883c8 100644
--- a/include/linux/netfilter/xt_cluster.h
+++ b/include/linux/netfilter/xt_cluster.h
@@ -1,15 +1,17 @@
#ifndef _XT_CLUSTER_MATCH_H
#define _XT_CLUSTER_MATCH_H
+#include <linux/types.h>
+
enum xt_cluster_flags {
XT_CLUSTER_F_INV = (1 << 0)
};
struct xt_cluster_match_info {
- u_int32_t total_nodes;
- u_int32_t node_mask;
- u_int32_t hash_seed;
- u_int32_t flags;
+ __u32 total_nodes;
+ __u32 node_mask;
+ __u32 hash_seed;
+ __u32 flags;
};
#define XT_CLUSTER_NODES_MAX 32
diff --git a/include/linux/netfilter/xt_comment.h b/include/linux/netfilter/xt_comment.h
index eacfedc..0ea5e79 100644
--- a/include/linux/netfilter/xt_comment.h
+++ b/include/linux/netfilter/xt_comment.h
@@ -4,7 +4,7 @@
#define XT_MAX_COMMENT_LEN 256
struct xt_comment_info {
- unsigned char comment[XT_MAX_COMMENT_LEN];
+ char comment[XT_MAX_COMMENT_LEN];
};
#endif /* XT_COMMENT_H */
diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h
index 92fcbb0..f1d6c15 100644
--- a/include/linux/netfilter/xt_connbytes.h
+++ b/include/linux/netfilter/xt_connbytes.h
@@ -17,8 +17,8 @@ enum xt_connbytes_direction {
struct xt_connbytes_info {
struct {
- aligned_u64 from; /* count to be matched */
- aligned_u64 to; /* count to be matched */
+ __aligned_u64 from; /* count to be matched */
+ __aligned_u64 to; /* count to be matched */
} count;
__u8 what; /* ipt_connbytes_what */
__u8 direction; /* ipt_connbytes_direction */
diff --git a/include/linux/netfilter/xt_connlabel.h b/include/linux/netfilter/xt_connlabel.h
new file mode 100644
index 0000000..c4bc9ee
--- /dev/null
+++ b/include/linux/netfilter/xt_connlabel.h
@@ -0,0 +1,12 @@
+#include <linux/types.h>
+
+#define XT_CONNLABEL_MAXBIT 127
+enum xt_connlabel_mtopts {
+ XT_CONNLABEL_OP_INVERT = 1 << 0,
+ XT_CONNLABEL_OP_SET = 1 << 1,
+};
+
+struct xt_connlabel_mtinfo {
+ __u16 bit;
+ __u16 options;
+};
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index 9ba54e4..f9e8c67 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -1,8 +1,15 @@
#ifndef _XT_CONNLIMIT_H
#define _XT_CONNLIMIT_H
+#include <linux/types.h>
+
struct xt_connlimit_data;
+enum {
+ XT_CONNLIMIT_INVERT = 1 << 0,
+ XT_CONNLIMIT_DADDR = 1 << 1,
+};
+
struct xt_connlimit_info {
union {
union nf_inet_addr mask;
@@ -11,7 +18,14 @@ struct xt_connlimit_info {
__be32 v6_mask[4];
};
};
- unsigned int limit, inverse;
+ unsigned int limit;
+ union {
+ /* revision 0 */
+ unsigned int inverse;
+
+ /* revision 1 */
+ __u32 flags;
+ };
/* Used internally by the kernel */
struct xt_connlimit_data *data __attribute__((aligned(8)));
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h
index 54f47a2..e971501 100644
--- a/include/linux/netfilter/xt_conntrack.h
+++ b/include/linux/netfilter/xt_conntrack.h
@@ -30,6 +30,7 @@ enum {
XT_CONNTRACK_REPLSRC_PORT = 1 << 10,
XT_CONNTRACK_REPLDST_PORT = 1 << 11,
XT_CONNTRACK_DIRECTION = 1 << 12,
+ XT_CONNTRACK_STATE_ALIAS = 1 << 13,
};
struct xt_conntrack_mtinfo1 {
@@ -58,4 +59,19 @@ struct xt_conntrack_mtinfo2 {
__u16 state_mask, status_mask;
};
+struct xt_conntrack_mtinfo3 {
+ union nf_inet_addr origsrc_addr, origsrc_mask;
+ union nf_inet_addr origdst_addr, origdst_mask;
+ union nf_inet_addr replsrc_addr, replsrc_mask;
+ union nf_inet_addr repldst_addr, repldst_mask;
+ __u32 expires_min, expires_max;
+ __u16 l4proto;
+ __u16 origsrc_port, origdst_port;
+ __u16 replsrc_port, repldst_port;
+ __u16 match_flags, invert_flags;
+ __u16 state_mask, status_mask;
+ __u16 origsrc_port_high, origdst_port_high;
+ __u16 replsrc_port_high, repldst_port_high;
+};
+
#endif /*_XT_CONNTRACK_H*/
diff --git a/include/linux/netfilter/xt_cpu.h b/include/linux/netfilter/xt_cpu.h
new file mode 100644
index 0000000..93c7f11
--- /dev/null
+++ b/include/linux/netfilter/xt_cpu.h
@@ -0,0 +1,11 @@
+#ifndef _XT_CPU_H
+#define _XT_CPU_H
+
+#include <linux/types.h>
+
+struct xt_cpu_info {
+ __u32 cpu;
+ __u32 invert;
+};
+
+#endif /*_XT_CPU_H*/
diff --git a/include/linux/netfilter/xt_devgroup.h b/include/linux/netfilter/xt_devgroup.h
new file mode 100644
index 0000000..1babde0
--- /dev/null
+++ b/include/linux/netfilter/xt_devgroup.h
@@ -0,0 +1,21 @@
+#ifndef _XT_DEVGROUP_H
+#define _XT_DEVGROUP_H
+
+#include <linux/types.h>
+
+enum xt_devgroup_flags {
+ XT_DEVGROUP_MATCH_SRC = 0x1,
+ XT_DEVGROUP_INVERT_SRC = 0x2,
+ XT_DEVGROUP_MATCH_DST = 0x4,
+ XT_DEVGROUP_INVERT_DST = 0x8,
+};
+
+struct xt_devgroup_info {
+ __u32 flags;
+ __u32 src_group;
+ __u32 src_mask;
+ __u32 dst_group;
+ __u32 dst_mask;
+};
+
+#endif /* _XT_DEVGROUP_H */
diff --git a/include/linux/netfilter/xt_ecn.h b/include/linux/netfilter/xt_ecn.h
new file mode 100644
index 0000000..c21cc28
--- /dev/null
+++ b/include/linux/netfilter/xt_ecn.h
@@ -0,0 +1,33 @@
+/* iptables module for matching the ECN header in IPv4 and TCP header
+ *
+ * (C) 2002 Harald Welte <laforge@netfilter.org>
+ *
+ * This software is distributed under GNU GPL v2, 1991
+*/
+#ifndef _XT_ECN_H
+#define _XT_ECN_H
+
+#include <linux/types.h>
+#include <linux/netfilter/xt_dscp.h>
+
+#define XT_ECN_IP_MASK (~XT_DSCP_MASK)
+
+#define XT_ECN_OP_MATCH_IP 0x01
+#define XT_ECN_OP_MATCH_ECE 0x10
+#define XT_ECN_OP_MATCH_CWR 0x20
+
+#define XT_ECN_OP_MATCH_MASK 0xce
+
+/* match info */
+struct xt_ecn_info {
+ __u8 operation;
+ __u8 invert;
+ __u8 ip_ect;
+ union {
+ struct {
+ __u8 ect;
+ } tcp;
+ } proto;
+};
+
+#endif /* _XT_ECN_H */
diff --git a/include/linux/netfilter/xt_hashlimit.h b/include/linux/netfilter/xt_hashlimit.h
index b1925b5..141efbd 100644
--- a/include/linux/netfilter/xt_hashlimit.h
+++ b/include/linux/netfilter/xt_hashlimit.h
@@ -6,7 +6,10 @@
/* timings are in milliseconds. */
#define XT_HASHLIMIT_SCALE 10000
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
- seconds, or one every 59 hours. */
+ seconds, or one packet every 59 hours. */
+
+/* packet length accounting is done in 16-byte steps */
+#define XT_HASHLIMIT_BYTE_SHIFT 4
/* details of this structure hidden by the implementation */
struct xt_hashlimit_htable;
@@ -17,6 +20,7 @@ enum {
XT_HASHLIMIT_HASH_SIP = 1 << 2,
XT_HASHLIMIT_HASH_SPT = 1 << 3,
XT_HASHLIMIT_INVERT = 1 << 4,
+ XT_HASHLIMIT_BYTES = 1 << 5,
};
struct hashlimit_cfg {
diff --git a/include/linux/netfilter/xt_ipvs.h b/include/linux/netfilter/xt_ipvs.h
new file mode 100644
index 0000000..eff34ac
--- /dev/null
+++ b/include/linux/netfilter/xt_ipvs.h
@@ -0,0 +1,29 @@
+#ifndef _XT_IPVS_H
+#define _XT_IPVS_H
+
+#include <linux/types.h>
+
+enum {
+ XT_IPVS_IPVS_PROPERTY = 1 << 0, /* all other options imply this one */
+ XT_IPVS_PROTO = 1 << 1,
+ XT_IPVS_VADDR = 1 << 2,
+ XT_IPVS_VPORT = 1 << 3,
+ XT_IPVS_DIR = 1 << 4,
+ XT_IPVS_METHOD = 1 << 5,
+ XT_IPVS_VPORTCTL = 1 << 6,
+ XT_IPVS_MASK = (1 << 7) - 1,
+ XT_IPVS_ONCE_MASK = XT_IPVS_MASK & ~XT_IPVS_IPVS_PROPERTY
+};
+
+struct xt_ipvs_mtinfo {
+ union nf_inet_addr vaddr, vmask;
+ __be16 vport;
+ __u8 l4proto;
+ __u8 fwd_method;
+ __be16 vportctl;
+
+ __u8 invert;
+ __u8 bitmask;
+};
+
+#endif /* _XT_IPVS_H */
diff --git a/include/linux/netfilter/xt_nfacct.h b/include/linux/netfilter/xt_nfacct.h
new file mode 100644
index 0000000..59ab00d
--- /dev/null
+++ b/include/linux/netfilter/xt_nfacct.h
@@ -0,0 +1,17 @@
+#ifndef _XT_NFACCT_MATCH_H
+#define _XT_NFACCT_MATCH_H
+
+#include <linux/types.h>
+
+#ifndef NFACCT_NAME_MAX
+#define NFACCT_NAME_MAX 32
+#endif
+
+struct nf_acct;
+
+struct xt_nfacct_match_info {
+ char name[NFACCT_NAME_MAX];
+ struct nf_acct *nfacct;
+};
+
+#endif /* _XT_NFACCT_MATCH_H */
diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h
index 8dc89df..9314723 100644
--- a/include/linux/netfilter/xt_quota.h
+++ b/include/linux/netfilter/xt_quota.h
@@ -1,6 +1,8 @@
#ifndef _XT_QUOTA_H
#define _XT_QUOTA_H
+#include <linux/types.h>
+
enum xt_quota_flags {
XT_QUOTA_INVERT = 0x1,
};
@@ -9,11 +11,11 @@ enum xt_quota_flags {
struct xt_quota_priv;
struct xt_quota_info {
- u_int32_t flags;
- u_int32_t pad;
+ __u32 flags;
+ __u32 pad;
+ __aligned_u64 quota;
/* Used internally by the kernel */
- aligned_u64 quota;
struct xt_quota_priv *master;
};
diff --git a/include/linux/netfilter/xt_recent.h b/include/linux/netfilter/xt_recent.h
index 83318e0..6ef36c1 100644
--- a/include/linux/netfilter/xt_recent.h
+++ b/include/linux/netfilter/xt_recent.h
@@ -32,4 +32,14 @@ struct xt_recent_mtinfo {
__u8 side;
};
+struct xt_recent_mtinfo_v1 {
+ __u32 seconds;
+ __u32 hit_count;
+ __u8 check_set;
+ __u8 invert;
+ char name[XT_RECENT_NAME_LEN];
+ __u8 side;
+ union nf_inet_addr mask;
+};
+
#endif /* _LINUX_NETFILTER_XT_RECENT_H */
diff --git a/include/linux/netfilter/xt_rpfilter.h b/include/linux/netfilter/xt_rpfilter.h
new file mode 100644
index 0000000..672b605
--- /dev/null
+++ b/include/linux/netfilter/xt_rpfilter.h
@@ -0,0 +1,17 @@
+#ifndef _XT_RPATH_H
+#define _XT_RPATH_H
+
+#include <linux/types.h>
+
+enum {
+ XT_RPFILTER_LOOSE = 1 << 0,
+ XT_RPFILTER_VALID_MARK = 1 << 1,
+ XT_RPFILTER_ACCEPT_LOCAL = 1 << 2,
+ XT_RPFILTER_INVERT = 1 << 3,
+};
+
+struct xt_rpfilter_info {
+ __u8 flags;
+};
+
+#endif
diff --git a/include/linux/netfilter/xt_set.h b/include/linux/netfilter/xt_set.h
index 3ad3137..964d3d4 100644
--- a/include/linux/netfilter/xt_set.h
+++ b/include/linux/netfilter/xt_set.h
@@ -1,62 +1,8 @@
#ifndef _XT_SET_H
#define _XT_SET_H
-/* The protocol version */
-#define IPSET_PROTOCOL 5
-
-/* The max length of strings including NUL: set and type identifiers */
-#define IPSET_MAXNAMELEN 32
-
-/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
- * and IPSET_INVALID_ID if you want to increase the max number of sets.
- */
-typedef uint16_t ip_set_id_t;
-
-#define IPSET_INVALID_ID 65535
-
-enum ip_set_dim {
- IPSET_DIM_ZERO = 0,
- IPSET_DIM_ONE,
- IPSET_DIM_TWO,
- IPSET_DIM_THREE,
- /* Max dimension in elements.
- * If changed, new revision of iptables match/target is required.
- */
- IPSET_DIM_MAX = 6,
-};
-
-/* Option flags for kernel operations */
-enum ip_set_kopt {
- IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
- IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
- IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
- IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
-};
-
-/* Interface to iptables/ip6tables */
-
-#define SO_IP_SET 83
-
-union ip_set_name_index {
- char name[IPSET_MAXNAMELEN];
- ip_set_id_t index;
-};
-
-#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
-struct ip_set_req_get_set {
- unsigned op;
- unsigned version;
- union ip_set_name_index set;
-};
-
-#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
-/* Uses ip_set_req_get_set */
-
-#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
-struct ip_set_req_version {
- unsigned op;
- unsigned version;
-};
+#include <linux/types.h>
+#include <linux/netfilter/ipset/ip_set.h>
/* Revision 0 interface: backward compatible with netfilter/iptables */
@@ -70,11 +16,11 @@ struct ip_set_req_version {
struct xt_set_info_v0 {
ip_set_id_t index;
union {
- u_int32_t flags[IPSET_DIM_MAX + 1];
+ __u32 flags[IPSET_DIM_MAX + 1];
struct {
- u_int32_t __flags[IPSET_DIM_MAX];
- u_int8_t dim;
- u_int8_t flags;
+ __u32 __flags[IPSET_DIM_MAX];
+ __u8 dim;
+ __u8 flags;
} compat;
} u;
};
@@ -89,22 +35,40 @@ struct xt_set_info_target_v0 {
struct xt_set_info_v0 del_set;
};
-/* Revision 1: current interface to netfilter/iptables */
+/* Revision 1 match and target */
struct xt_set_info {
ip_set_id_t index;
- u_int8_t dim;
- u_int8_t flags;
+ __u8 dim;
+ __u8 flags;
};
/* match and target infos */
-struct xt_set_info_match {
+struct xt_set_info_match_v1 {
struct xt_set_info match_set;
};
-struct xt_set_info_target {
+struct xt_set_info_target_v1 {
struct xt_set_info add_set;
struct xt_set_info del_set;
};
+/* Revision 2 target */
+
+struct xt_set_info_target_v2 {
+ struct xt_set_info add_set;
+ struct xt_set_info del_set;
+ __u32 flags;
+ __u32 timeout;
+};
+
+/* Revision 3 match */
+
+struct xt_set_info_match_v3 {
+ struct xt_set_info match_set;
+ struct ip_set_counter_match packets;
+ struct ip_set_counter_match bytes;
+ __u32 flags;
+};
+
#endif /*_XT_SET_H*/
diff --git a/include/linux/netfilter/xt_socket.h b/include/linux/netfilter/xt_socket.h
new file mode 100644
index 0000000..6315e2a
--- /dev/null
+++ b/include/linux/netfilter/xt_socket.h
@@ -0,0 +1,21 @@
+#ifndef _XT_SOCKET_H
+#define _XT_SOCKET_H
+
+#include <linux/types.h>
+
+enum {
+ XT_SOCKET_TRANSPARENT = 1 << 0,
+ XT_SOCKET_NOWILDCARD = 1 << 1,
+};
+
+struct xt_socket_mtinfo1 {
+ __u8 flags;
+};
+#define XT_SOCKET_FLAGS_V1 XT_SOCKET_TRANSPARENT
+
+struct xt_socket_mtinfo2 {
+ __u8 flags;
+};
+#define XT_SOCKET_FLAGS_V2 (XT_SOCKET_TRANSPARENT | XT_SOCKET_NOWILDCARD)
+
+#endif /* _XT_SOCKET_H */
diff --git a/include/linux/netfilter/xt_time.h b/include/linux/netfilter/xt_time.h
index 14b6df4..a21d5bf 100644
--- a/include/linux/netfilter/xt_time.h
+++ b/include/linux/netfilter/xt_time.h
@@ -1,19 +1,22 @@
#ifndef _XT_TIME_H
#define _XT_TIME_H 1
+#include <linux/types.h>
+
struct xt_time_info {
- u_int32_t date_start;
- u_int32_t date_stop;
- u_int32_t daytime_start;
- u_int32_t daytime_stop;
- u_int32_t monthdays_match;
- u_int8_t weekdays_match;
- u_int8_t flags;
+ __u32 date_start;
+ __u32 date_stop;
+ __u32 daytime_start;
+ __u32 daytime_stop;
+ __u32 monthdays_match;
+ __u8 weekdays_match;
+ __u8 flags;
};
enum {
/* Match against local time (instead of UTC) */
XT_TIME_LOCAL_TZ = 1 << 0,
+ XT_TIME_CONTIGUOUS = 1 << 1,
/* Shortcuts */
XT_TIME_ALL_MONTHDAYS = 0xFFFFFFFE,
diff --git a/include/linux/netfilter/xt_u32.h b/include/linux/netfilter/xt_u32.h
index 9947f56..04d1bfe 100644
--- a/include/linux/netfilter/xt_u32.h
+++ b/include/linux/netfilter/xt_u32.h
@@ -1,6 +1,8 @@
#ifndef _XT_U32_H
#define _XT_U32_H 1
+#include <linux/types.h>
+
enum xt_u32_ops {
XT_U32_AND,
XT_U32_LEFTSH,
@@ -9,13 +11,13 @@ enum xt_u32_ops {
};
struct xt_u32_location_element {
- u_int32_t number;
- u_int8_t nextop;
+ __u32 number;
+ __u8 nextop;
};
struct xt_u32_value_element {
- u_int32_t min;
- u_int32_t max;
+ __u32 min;
+ __u32 max;
};
/*
@@ -27,14 +29,14 @@ struct xt_u32_value_element {
struct xt_u32_test {
struct xt_u32_location_element location[XT_U32_MAXSIZE+1];
struct xt_u32_value_element value[XT_U32_MAXSIZE+1];
- u_int8_t nnums;
- u_int8_t nvalues;
+ __u8 nnums;
+ __u8 nvalues;
};
struct xt_u32 {
struct xt_u32_test tests[XT_U32_MAXSIZE+1];
- u_int8_t ntests;
- u_int8_t invert;
+ __u8 ntests;
+ __u8 invert;
};
#endif /* _XT_U32_H */
diff --git a/include/linux/netfilter_ipv4/ip_queue.h b/include/linux/netfilter_ipv4/ip_queue.h
new file mode 100644
index 0000000..a03507f
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_queue.h
@@ -0,0 +1,72 @@
+/*
+ * This is a module which is used for queueing IPv4 packets and
+ * communicating with userspace via netlink.
+ *
+ * (C) 2000 James Morris, this code is GPL.
+ */
+#ifndef _IP_QUEUE_H
+#define _IP_QUEUE_H
+
+#ifdef __KERNEL__
+#ifdef DEBUG_IPQ
+#define QDEBUG(x...) printk(KERN_DEBUG ## x)
+#else
+#define QDEBUG(x...)
+#endif /* DEBUG_IPQ */
+#else
+#include <net/if.h>
+#endif /* ! __KERNEL__ */
+
+/* Messages sent from kernel */
+typedef struct ipq_packet_msg {
+ unsigned long packet_id; /* ID of queued packet */
+ unsigned long mark; /* Netfilter mark value */
+ long timestamp_sec; /* Packet arrival time (seconds) */
+ long timestamp_usec; /* Packet arrvial time (+useconds) */
+ unsigned int hook; /* Netfilter hook we rode in on */
+ char indev_name[IFNAMSIZ]; /* Name of incoming interface */
+ char outdev_name[IFNAMSIZ]; /* Name of outgoing interface */
+ __be16 hw_protocol; /* Hardware protocol (network order) */
+ unsigned short hw_type; /* Hardware type */
+ unsigned char hw_addrlen; /* Hardware address length */
+ unsigned char hw_addr[8]; /* Hardware address */
+ size_t data_len; /* Length of packet data */
+ unsigned char payload[0]; /* Optional packet data */
+} ipq_packet_msg_t;
+
+/* Messages sent from userspace */
+typedef struct ipq_mode_msg {
+ unsigned char value; /* Requested mode */
+ size_t range; /* Optional range of packet requested */
+} ipq_mode_msg_t;
+
+typedef struct ipq_verdict_msg {
+ unsigned int value; /* Verdict to hand to netfilter */
+ unsigned long id; /* Packet ID for this verdict */
+ size_t data_len; /* Length of replacement data */
+ unsigned char payload[0]; /* Optional replacement packet */
+} ipq_verdict_msg_t;
+
+typedef struct ipq_peer_msg {
+ union {
+ ipq_verdict_msg_t verdict;
+ ipq_mode_msg_t mode;
+ } msg;
+} ipq_peer_msg_t;
+
+/* Packet delivery modes */
+enum {
+ IPQ_COPY_NONE, /* Initial mode, packets are dropped */
+ IPQ_COPY_META, /* Copy metadata */
+ IPQ_COPY_PACKET /* Copy metadata + packet (range) */
+};
+#define IPQ_COPY_MAX IPQ_COPY_PACKET
+
+/* Types of messages */
+#define IPQM_BASE 0x10 /* standard netlink messages below this */
+#define IPQM_MODE (IPQM_BASE + 1) /* Mode request from peer */
+#define IPQM_VERDICT (IPQM_BASE + 2) /* Verdict from peer */
+#define IPQM_PACKET (IPQM_BASE + 3) /* Packet from kernel */
+#define IPQM_MAX (IPQM_BASE + 4)
+
+#endif /*_IP_QUEUE_H*/
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index 735f4b1..57fd82a 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -27,6 +27,41 @@
#define ipt_target xt_target
#define ipt_table xt_table
#define ipt_get_revision xt_get_revision
+#define ipt_entry_match xt_entry_match
+#define ipt_entry_target xt_entry_target
+#define ipt_standard_target xt_standard_target
+#define ipt_error_target xt_error_target
+#define ipt_counters xt_counters
+#define IPT_CONTINUE XT_CONTINUE
+#define IPT_RETURN XT_RETURN
+
+/* This group is older than old (iptables < v1.4.0-rc1~89) */
+#include <linux/netfilter/xt_tcpudp.h>
+#define ipt_udp xt_udp
+#define ipt_tcp xt_tcp
+#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
+#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
+#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
+#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
+#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
+#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
+#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
+#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
+
+/* The argument to IPT_SO_ADD_COUNTERS. */
+#define ipt_counters_info xt_counters_info
+/* Standard return verdict, or do jump. */
+#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
+/* Error verdict. */
+#define IPT_ERROR_TARGET XT_ERROR_TARGET
+
+/* fn returns 0 to continue iteration */
+#define IPT_MATCH_ITERATE(e, fn, args...) \
+ XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
+
+/* fn returns 0 to continue iteration */
+#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
+ XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
/* Yes, Virginia, you have to zero the padding. */
struct ipt_ip {
@@ -46,12 +81,6 @@ struct ipt_ip {
u_int8_t invflags;
};
-#define ipt_entry_match xt_entry_match
-#define ipt_entry_target xt_entry_target
-#define ipt_standard_target xt_standard_target
-
-#define ipt_counters xt_counters
-
/* Values for "flag" field in struct ipt_ip (general ip structure). */
#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
@@ -110,23 +139,6 @@ struct ipt_entry {
#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
-#define IPT_CONTINUE XT_CONTINUE
-#define IPT_RETURN XT_RETURN
-
-#include <linux/netfilter/xt_tcpudp.h>
-#define ipt_udp xt_udp
-#define ipt_tcp xt_tcp
-
-#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
-#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
-#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
-#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
-#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
-
-#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
-#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
-#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
-
/* ICMP matching stuff */
struct ipt_icmp {
u_int8_t type; /* type to match */
@@ -140,7 +152,7 @@ struct ipt_icmp {
/* The argument to IPT_SO_GET_INFO */
struct ipt_getinfo {
/* Which table: caller fills this in. */
- char name[IPT_TABLE_MAXNAMELEN];
+ char name[XT_TABLE_MAXNAMELEN];
/* Kernel fills these in. */
/* Which hook entry points are valid: bitmask */
@@ -162,7 +174,7 @@ struct ipt_getinfo {
/* The argument to IPT_SO_SET_REPLACE. */
struct ipt_replace {
/* Which table. */
- char name[IPT_TABLE_MAXNAMELEN];
+ char name[XT_TABLE_MAXNAMELEN];
/* Which hook entry points are valid: bitmask. You can't
change this. */
@@ -190,13 +202,10 @@ struct ipt_replace {
struct ipt_entry entries[0];
};
-/* The argument to IPT_SO_ADD_COUNTERS. */
-#define ipt_counters_info xt_counters_info
-
/* The argument to IPT_SO_GET_ENTRIES. */
struct ipt_get_entries {
/* Which table: user fills this in. */
- char name[IPT_TABLE_MAXNAMELEN];
+ char name[XT_TABLE_MAXNAMELEN];
/* User fills this in: total entry size. */
unsigned int size;
@@ -205,26 +214,13 @@ struct ipt_get_entries {
struct ipt_entry entrytable[0];
};
-/* Standard return verdict, or do jump. */
-#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
-/* Error verdict. */
-#define IPT_ERROR_TARGET XT_ERROR_TARGET
-
/* Helper functions */
-static __inline__ struct ipt_entry_target *
+static __inline__ struct xt_entry_target *
ipt_get_target(struct ipt_entry *e)
{
return (void *)e + e->target_offset;
}
-/* fn returns 0 to continue iteration */
-#define IPT_MATCH_ITERATE(e, fn, args...) \
- XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
-
-/* fn returns 0 to continue iteration */
-#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
- XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
-
/*
* Main firewall chains definitions and global var's definitions.
*/
diff --git a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
index e5a3687..c6a204c 100644
--- a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
+++ b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
@@ -1,6 +1,8 @@
#ifndef _IPT_CLUSTERIP_H_target
#define _IPT_CLUSTERIP_H_target
+#include <linux/types.h>
+
enum clusterip_hashmode {
CLUSTERIP_HASHMODE_SIP = 0,
CLUSTERIP_HASHMODE_SIP_SPT,
@@ -17,15 +19,15 @@ struct clusterip_config;
struct ipt_clusterip_tgt_info {
- u_int32_t flags;
+ __u32 flags;
/* only relevant for new ones */
- u_int8_t clustermac[6];
- u_int16_t num_total_nodes;
- u_int16_t num_local_nodes;
- u_int16_t local_nodes[CLUSTERIP_MAX_NODES];
- u_int32_t hash_mode;
- u_int32_t hash_initval;
+ __u8 clustermac[6];
+ __u16 num_total_nodes;
+ __u16 num_local_nodes;
+ __u16 local_nodes[CLUSTERIP_MAX_NODES];
+ __u32 hash_mode;
+ __u32 hash_initval;
/* Used internally by the kernel */
struct clusterip_config *config;
diff --git a/include/linux/netfilter_ipv4/ipt_ECN.h b/include/linux/netfilter_ipv4/ipt_ECN.h
index 7ca4591..bb88d53 100644
--- a/include/linux/netfilter_ipv4/ipt_ECN.h
+++ b/include/linux/netfilter_ipv4/ipt_ECN.h
@@ -8,6 +8,8 @@
*/
#ifndef _IPT_ECN_TARGET_H
#define _IPT_ECN_TARGET_H
+
+#include <linux/types.h>
#include <linux/netfilter/xt_DSCP.h>
#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
@@ -19,11 +21,11 @@
#define IPT_ECN_OP_MASK 0xce
struct ipt_ECN_info {
- u_int8_t operation; /* bitset of operations */
- u_int8_t ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */
+ __u8 operation; /* bitset of operations */
+ __u8 ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */
union {
struct {
- u_int8_t ece:1, cwr:1; /* TCP ECT bits */
+ __u8 ece:1, cwr:1; /* TCP ECT bits */
} tcp;
} proto;
};
diff --git a/include/linux/netfilter_ipv4/ipt_LOG.h b/include/linux/netfilter_ipv4/ipt_LOG.h
index 90fa652..dcdbadf 100644
--- a/include/linux/netfilter_ipv4/ipt_LOG.h
+++ b/include/linux/netfilter_ipv4/ipt_LOG.h
@@ -7,7 +7,8 @@
#define IPT_LOG_IPOPT 0x04 /* Log IP options */
#define IPT_LOG_UID 0x08 /* Log UID owning local socket */
#define IPT_LOG_NFLOG 0x10 /* Unsupported, don't reuse */
-#define IPT_LOG_MASK 0x1f
+#define IPT_LOG_MACDECODE 0x20 /* Decode MAC header */
+#define IPT_LOG_MASK 0x2f
struct ipt_log_info {
unsigned char level;
diff --git a/include/linux/netfilter_ipv4/ipt_SAME.h b/include/linux/netfilter_ipv4/ipt_SAME.h
index 2529660..a855167 100644
--- a/include/linux/netfilter_ipv4/ipt_SAME.h
+++ b/include/linux/netfilter_ipv4/ipt_SAME.h
@@ -1,18 +1,20 @@
#ifndef _IPT_SAME_H
#define _IPT_SAME_H
+#include <linux/types.h>
+
#define IPT_SAME_MAX_RANGE 10
#define IPT_SAME_NODST 0x01
struct ipt_same_info {
unsigned char info;
- u_int32_t rangesize;
- u_int32_t ipnum;
- u_int32_t *iparray;
+ __u32 rangesize;
+ __u32 ipnum;
+ __u32 *iparray;
/* hangs off end. */
- struct nf_nat_range range[IPT_SAME_MAX_RANGE];
+ struct nf_nat_ipv4_range range[IPT_SAME_MAX_RANGE];
};
#endif /*_IPT_SAME_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/linux/netfilter_ipv4/ipt_TTL.h
index ee6611e..f6ac169 100644
--- a/include/linux/netfilter_ipv4/ipt_TTL.h
+++ b/include/linux/netfilter_ipv4/ipt_TTL.h
@@ -4,6 +4,8 @@
#ifndef _IPT_TTL_H
#define _IPT_TTL_H
+#include <linux/types.h>
+
enum {
IPT_TTL_SET = 0,
IPT_TTL_INC,
@@ -13,8 +15,8 @@ enum {
#define IPT_TTL_MAXMODE IPT_TTL_DEC
struct ipt_TTL_info {
- u_int8_t mode;
- u_int8_t ttl;
+ __u8 mode;
+ __u8 ttl;
};
diff --git a/include/linux/netfilter_ipv4/ipt_addrtype.h b/include/linux/netfilter_ipv4/ipt_addrtype.h
index 446de6a..0da4223 100644
--- a/include/linux/netfilter_ipv4/ipt_addrtype.h
+++ b/include/linux/netfilter_ipv4/ipt_addrtype.h
@@ -1,6 +1,8 @@
#ifndef _IPT_ADDRTYPE_H
#define _IPT_ADDRTYPE_H
+#include <linux/types.h>
+
enum {
IPT_ADDRTYPE_INVERT_SOURCE = 0x0001,
IPT_ADDRTYPE_INVERT_DEST = 0x0002,
@@ -9,17 +11,17 @@ enum {
};
struct ipt_addrtype_info_v1 {
- u_int16_t source; /* source-type mask */
- u_int16_t dest; /* dest-type mask */
- u_int32_t flags;
+ __u16 source; /* source-type mask */
+ __u16 dest; /* dest-type mask */
+ __u32 flags;
};
/* revision 0 */
struct ipt_addrtype_info {
- u_int16_t source; /* source-type mask */
- u_int16_t dest; /* dest-type mask */
- u_int32_t invert_source;
- u_int32_t invert_dest;
+ __u16 source; /* source-type mask */
+ __u16 dest; /* dest-type mask */
+ __u32 invert_source;
+ __u32 invert_dest;
};
#endif
diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/linux/netfilter_ipv4/ipt_ah.h
index 2e555b4..4e02bb0 100644
--- a/include/linux/netfilter_ipv4/ipt_ah.h
+++ b/include/linux/netfilter_ipv4/ipt_ah.h
@@ -1,9 +1,11 @@
#ifndef _IPT_AH_H
#define _IPT_AH_H
+#include <linux/types.h>
+
struct ipt_ah {
- u_int32_t spis[2]; /* Security Parameter Index */
- u_int8_t invflags; /* Inverse flags */
+ __u32 spis[2]; /* Security Parameter Index */
+ __u8 invflags; /* Inverse flags */
};
diff --git a/include/linux/netfilter_ipv4/ipt_ecn.h b/include/linux/netfilter_ipv4/ipt_ecn.h
deleted file mode 100644
index 9945baa..0000000
--- a/include/linux/netfilter_ipv4/ipt_ecn.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/* iptables module for matching the ECN header in IPv4 and TCP header
- *
- * (C) 2002 Harald Welte <laforge@gnumonks.org>
- *
- * This software is distributed under GNU GPL v2, 1991
- *
- * ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp
-*/
-#ifndef _IPT_ECN_H
-#define _IPT_ECN_H
-#include <linux/netfilter/xt_dscp.h>
-
-#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
-
-#define IPT_ECN_OP_MATCH_IP 0x01
-#define IPT_ECN_OP_MATCH_ECE 0x10
-#define IPT_ECN_OP_MATCH_CWR 0x20
-
-#define IPT_ECN_OP_MATCH_MASK 0xce
-
-/* match info */
-struct ipt_ecn_info {
- u_int8_t operation;
- u_int8_t invert;
- u_int8_t ip_ect;
- union {
- struct {
- u_int8_t ect;
- } tcp;
- } proto;
-};
-
-#endif /* _IPT_ECN_H */
diff --git a/include/linux/netfilter_ipv4/ipt_ttl.h b/include/linux/netfilter_ipv4/ipt_ttl.h
index ee24fd8..37bee44 100644
--- a/include/linux/netfilter_ipv4/ipt_ttl.h
+++ b/include/linux/netfilter_ipv4/ipt_ttl.h
@@ -4,6 +4,8 @@
#ifndef _IPT_TTL_H
#define _IPT_TTL_H
+#include <linux/types.h>
+
enum {
IPT_TTL_EQ = 0, /* equals */
IPT_TTL_NE, /* not equals */
@@ -13,8 +15,8 @@ enum {
struct ipt_ttl_info {
- u_int8_t mode;
- u_int8_t ttl;
+ __u8 mode;
+ __u8 ttl;
};
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index 6179032..3f19a97 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -23,11 +23,38 @@
#define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
-
#define ip6t_match xt_match
#define ip6t_target xt_target
#define ip6t_table xt_table
#define ip6t_get_revision xt_get_revision
+#define ip6t_entry_match xt_entry_match
+#define ip6t_entry_target xt_entry_target
+#define ip6t_standard_target xt_standard_target
+#define ip6t_error_target xt_error_target
+#define ip6t_counters xt_counters
+#define IP6T_CONTINUE XT_CONTINUE
+#define IP6T_RETURN XT_RETURN
+
+/* Pre-iptables-1.4.0 */
+#include <linux/netfilter/xt_tcpudp.h>
+#define ip6t_tcp xt_tcp
+#define ip6t_udp xt_udp
+#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
+#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
+#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
+#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
+#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
+#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
+#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
+#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
+
+#define ip6t_counters_info xt_counters_info
+#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
+#define IP6T_ERROR_TARGET XT_ERROR_TARGET
+#define IP6T_MATCH_ITERATE(e, fn, args...) \
+ XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
+#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
+ XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
/* Yes, Virginia, you have to zero the padding. */
struct ip6t_ip6 {
@@ -56,12 +83,6 @@ struct ip6t_ip6 {
u_int8_t invflags;
};
-#define ip6t_entry_match xt_entry_match
-#define ip6t_entry_target xt_entry_target
-#define ip6t_standard_target xt_standard_target
-
-#define ip6t_counters xt_counters
-
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
protocols */
@@ -106,17 +127,12 @@ struct ip6t_entry {
/* Standard entry */
struct ip6t_standard {
struct ip6t_entry entry;
- struct ip6t_standard_target target;
-};
-
-struct ip6t_error_target {
- struct ip6t_entry_target target;
- char errorname[IP6T_FUNCTION_MAXNAMELEN];
+ struct xt_standard_target target;
};
struct ip6t_error {
struct ip6t_entry entry;
- struct ip6t_error_target target;
+ struct xt_error_target target;
};
#define IP6T_ENTRY_INIT(__size) \
@@ -128,16 +144,16 @@ struct ip6t_error {
#define IP6T_STANDARD_INIT(__verdict) \
{ \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
- .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \
- sizeof(struct ip6t_standard_target)), \
+ .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
+ sizeof(struct xt_standard_target)), \
.target.verdict = -(__verdict) - 1, \
}
#define IP6T_ERROR_INIT \
{ \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
- .target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \
- sizeof(struct ip6t_error_target)), \
+ .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
+ sizeof(struct xt_error_target)), \
.target.errorname = "ERROR", \
}
@@ -160,30 +176,6 @@ struct ip6t_error {
#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
-/* CONTINUE verdict for targets */
-#define IP6T_CONTINUE XT_CONTINUE
-
-/* For standard target */
-#define IP6T_RETURN XT_RETURN
-
-/* TCP/UDP matching stuff */
-#include <linux/netfilter/xt_tcpudp.h>
-
-#define ip6t_tcp xt_tcp
-#define ip6t_udp xt_udp
-
-/* Values for "inv" field in struct ipt_tcp. */
-#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
-#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
-#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
-#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
-#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
-
-/* Values for "invflags" field in struct ipt_udp. */
-#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
-#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
-#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
-
/* ICMP matching stuff */
struct ip6t_icmp {
u_int8_t type; /* type to match */
@@ -197,7 +189,7 @@ struct ip6t_icmp {
/* The argument to IP6T_SO_GET_INFO */
struct ip6t_getinfo {
/* Which table: caller fills this in. */
- char name[IP6T_TABLE_MAXNAMELEN];
+ char name[XT_TABLE_MAXNAMELEN];
/* Kernel fills these in. */
/* Which hook entry points are valid: bitmask */
@@ -219,7 +211,7 @@ struct ip6t_getinfo {
/* The argument to IP6T_SO_SET_REPLACE. */
struct ip6t_replace {
/* Which table. */
- char name[IP6T_TABLE_MAXNAMELEN];
+ char name[XT_TABLE_MAXNAMELEN];
/* Which hook entry points are valid: bitmask. You can't
change this. */
@@ -247,13 +239,10 @@ struct ip6t_replace {
struct ip6t_entry entries[0];
};
-/* The argument to IP6T_SO_ADD_COUNTERS. */
-#define ip6t_counters_info xt_counters_info
-
/* The argument to IP6T_SO_GET_ENTRIES. */
struct ip6t_get_entries {
/* Which table: user fills this in. */
- char name[IP6T_TABLE_MAXNAMELEN];
+ char name[XT_TABLE_MAXNAMELEN];
/* User fills this in: total entry size. */
unsigned int size;
@@ -262,26 +251,13 @@ struct ip6t_get_entries {
struct ip6t_entry entrytable[0];
};
-/* Standard return verdict, or do jump. */
-#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
-/* Error verdict. */
-#define IP6T_ERROR_TARGET XT_ERROR_TARGET
-
/* Helper functions */
-static __inline__ struct ip6t_entry_target *
+static __inline__ struct xt_entry_target *
ip6t_get_target(struct ip6t_entry *e)
{
return (void *)e + e->target_offset;
}
-/* fn returns 0 to continue iteration */
-#define IP6T_MATCH_ITERATE(e, fn, args...) \
- XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
-
-/* fn returns 0 to continue iteration */
-#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
- XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
-
/*
* Main firewall chains definitions and global var's definitions.
*/
diff --git a/include/linux/netfilter_ipv6/ip6t_HL.h b/include/linux/netfilter_ipv6/ip6t_HL.h
index afb7813..ebd8ead 100644
--- a/include/linux/netfilter_ipv6/ip6t_HL.h
+++ b/include/linux/netfilter_ipv6/ip6t_HL.h
@@ -5,6 +5,8 @@
#ifndef _IP6T_HL_H
#define _IP6T_HL_H
+#include <linux/types.h>
+
enum {
IP6T_HL_SET = 0,
IP6T_HL_INC,
@@ -14,8 +16,8 @@ enum {
#define IP6T_HL_MAXMODE IP6T_HL_DEC
struct ip6t_HL_info {
- u_int8_t mode;
- u_int8_t hop_limit;
+ __u8 mode;
+ __u8 hop_limit;
};
diff --git a/include/linux/netfilter_ipv6/ip6t_LOG.h b/include/linux/netfilter_ipv6/ip6t_LOG.h
index 0d0119b..9dd5579 100644
--- a/include/linux/netfilter_ipv6/ip6t_LOG.h
+++ b/include/linux/netfilter_ipv6/ip6t_LOG.h
@@ -7,7 +7,8 @@
#define IP6T_LOG_IPOPT 0x04 /* Log IP options */
#define IP6T_LOG_UID 0x08 /* Log UID owning local socket */
#define IP6T_LOG_NFLOG 0x10 /* Unsupported, don't use */
-#define IP6T_LOG_MASK 0x1f
+#define IP6T_LOG_MACDECODE 0x20 /* Decode MAC header */
+#define IP6T_LOG_MASK 0x2f
struct ip6t_log_info {
unsigned char level;
diff --git a/include/linux/netfilter_ipv6/ip6t_NPT.h b/include/linux/netfilter_ipv6/ip6t_NPT.h
new file mode 100644
index 0000000..f763355
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_NPT.h
@@ -0,0 +1,16 @@
+#ifndef __NETFILTER_IP6T_NPT
+#define __NETFILTER_IP6T_NPT
+
+#include <linux/types.h>
+#include <linux/netfilter.h>
+
+struct ip6t_npt_tginfo {
+ union nf_inet_addr src_pfx;
+ union nf_inet_addr dst_pfx;
+ __u8 src_pfx_len;
+ __u8 dst_pfx_len;
+ /* Used internally by the kernel */
+ __sum16 adjustment;
+};
+
+#endif /* __NETFILTER_IP6T_NPT */
diff --git a/include/linux/netfilter_ipv6/ip6t_REJECT.h b/include/linux/netfilter_ipv6/ip6t_REJECT.h
index 6be6504..205ed62 100644
--- a/include/linux/netfilter_ipv6/ip6t_REJECT.h
+++ b/include/linux/netfilter_ipv6/ip6t_REJECT.h
@@ -1,6 +1,8 @@
#ifndef _IP6T_REJECT_H
#define _IP6T_REJECT_H
+#include <linux/types.h>
+
enum ip6t_reject_with {
IP6T_ICMP6_NO_ROUTE,
IP6T_ICMP6_ADM_PROHIBITED,
@@ -12,7 +14,7 @@ enum ip6t_reject_with {
};
struct ip6t_reject_info {
- u_int32_t with; /* reject type */
+ __u32 with; /* reject type */
};
#endif /*_IP6T_REJECT_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/linux/netfilter_ipv6/ip6t_ah.h
index 17a745c..5da2b65 100644
--- a/include/linux/netfilter_ipv6/ip6t_ah.h
+++ b/include/linux/netfilter_ipv6/ip6t_ah.h
@@ -1,11 +1,13 @@
#ifndef _IP6T_AH_H
#define _IP6T_AH_H
+#include <linux/types.h>
+
struct ip6t_ah {
- u_int32_t spis[2]; /* Security Parameter Index */
- u_int32_t hdrlen; /* Header Length */
- u_int8_t hdrres; /* Test of the Reserved Filed */
- u_int8_t invflags; /* Inverse flags */
+ __u32 spis[2]; /* Security Parameter Index */
+ __u32 hdrlen; /* Header Length */
+ __u8 hdrres; /* Test of the Reserved Filed */
+ __u8 invflags; /* Inverse flags */
};
#define IP6T_AH_SPI 0x01
diff --git a/include/linux/netfilter_ipv6/ip6t_frag.h b/include/linux/netfilter_ipv6/ip6t_frag.h
index 3724d08..b47f61b 100644
--- a/include/linux/netfilter_ipv6/ip6t_frag.h
+++ b/include/linux/netfilter_ipv6/ip6t_frag.h
@@ -1,11 +1,13 @@
#ifndef _IP6T_FRAG_H
#define _IP6T_FRAG_H
+#include <linux/types.h>
+
struct ip6t_frag {
- u_int32_t ids[2]; /* Security Parameter Index */
- u_int32_t hdrlen; /* Header Length */
- u_int8_t flags; /* */
- u_int8_t invflags; /* Inverse flags */
+ __u32 ids[2]; /* Security Parameter Index */
+ __u32 hdrlen; /* Header Length */
+ __u8 flags; /* */
+ __u8 invflags; /* Inverse flags */
};
#define IP6T_FRAG_IDS 0x01
diff --git a/include/linux/netfilter_ipv6/ip6t_hl.h b/include/linux/netfilter_ipv6/ip6t_hl.h
index 5ef91b8..6e76dbc 100644
--- a/include/linux/netfilter_ipv6/ip6t_hl.h
+++ b/include/linux/netfilter_ipv6/ip6t_hl.h
@@ -5,6 +5,8 @@
#ifndef _IP6T_HL_H
#define _IP6T_HL_H
+#include <linux/types.h>
+
enum {
IP6T_HL_EQ = 0, /* equals */
IP6T_HL_NE, /* not equals */
@@ -14,8 +16,8 @@ enum {
struct ip6t_hl_info {
- u_int8_t mode;
- u_int8_t hop_limit;
+ __u8 mode;
+ __u8 hop_limit;
};
diff --git a/include/linux/netfilter_ipv6/ip6t_ipv6header.h b/include/linux/netfilter_ipv6/ip6t_ipv6header.h
index 01dfd44..efae3a2 100644
--- a/include/linux/netfilter_ipv6/ip6t_ipv6header.h
+++ b/include/linux/netfilter_ipv6/ip6t_ipv6header.h
@@ -8,10 +8,12 @@ on whether they contain certain headers */
#ifndef __IPV6HEADER_H
#define __IPV6HEADER_H
+#include <linux/types.h>
+
struct ip6t_ipv6header_info {
- u_int8_t matchflags;
- u_int8_t invflags;
- u_int8_t modeflag;
+ __u8 matchflags;
+ __u8 invflags;
+ __u8 modeflag;
};
#define MASK_HOPOPTS 128
diff --git a/include/linux/netfilter_ipv6/ip6t_mh.h b/include/linux/netfilter_ipv6/ip6t_mh.h
index 18549bc..a7729a5 100644
--- a/include/linux/netfilter_ipv6/ip6t_mh.h
+++ b/include/linux/netfilter_ipv6/ip6t_mh.h
@@ -1,10 +1,12 @@
#ifndef _IP6T_MH_H
#define _IP6T_MH_H
+#include <linux/types.h>
+
/* MH matching stuff */
struct ip6t_mh {
- u_int8_t types[2]; /* MH type range */
- u_int8_t invflags; /* Inverse flags */
+ __u8 types[2]; /* MH type range */
+ __u8 invflags; /* Inverse flags */
};
/* Values for "invflags" field in struct ip6t_mh. */
diff --git a/include/linux/netfilter_ipv6/ip6t_opts.h b/include/linux/netfilter_ipv6/ip6t_opts.h
index 62d89bc..17d419a 100644
--- a/include/linux/netfilter_ipv6/ip6t_opts.h
+++ b/include/linux/netfilter_ipv6/ip6t_opts.h
@@ -1,14 +1,16 @@
#ifndef _IP6T_OPTS_H
#define _IP6T_OPTS_H
+#include <linux/types.h>
+
#define IP6T_OPTS_OPTSNR 16
struct ip6t_opts {
- u_int32_t hdrlen; /* Header Length */
- u_int8_t flags; /* */
- u_int8_t invflags; /* Inverse flags */
- u_int16_t opts[IP6T_OPTS_OPTSNR]; /* opts */
- u_int8_t optsnr; /* Nr of OPts */
+ __u32 hdrlen; /* Header Length */
+ __u8 flags; /* */
+ __u8 invflags; /* Inverse flags */
+ __u16 opts[IP6T_OPTS_OPTSNR]; /* opts */
+ __u8 optsnr; /* Nr of OPts */
};
#define IP6T_OPTS_LEN 0x01
diff --git a/include/linux/netfilter_ipv6/ip6t_rt.h b/include/linux/netfilter_ipv6/ip6t_rt.h
index ab91bfd..7605a5f 100644
--- a/include/linux/netfilter_ipv6/ip6t_rt.h
+++ b/include/linux/netfilter_ipv6/ip6t_rt.h
@@ -1,18 +1,19 @@
#ifndef _IP6T_RT_H
#define _IP6T_RT_H
+#include <linux/types.h>
/*#include <linux/in6.h>*/
#define IP6T_RT_HOPS 16
struct ip6t_rt {
- u_int32_t rt_type; /* Routing Type */
- u_int32_t segsleft[2]; /* Segments Left */
- u_int32_t hdrlen; /* Header Length */
- u_int8_t flags; /* */
- u_int8_t invflags; /* Inverse flags */
+ __u32 rt_type; /* Routing Type */
+ __u32 segsleft[2]; /* Segments Left */
+ __u32 hdrlen; /* Header Length */
+ __u8 flags; /* */
+ __u8 invflags; /* Inverse flags */
struct in6_addr addrs[IP6T_RT_HOPS]; /* Hops */
- u_int8_t addrnr; /* Nr of Addresses */
+ __u8 addrnr; /* Nr of Addresses */
};
#define IP6T_RT_TYP 0x01
diff --git a/include/linux/types.h b/include/linux/types.h
index 8b483c8..630cd3b 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
@@ -34,5 +34,18 @@ typedef __u64 __bitwise __be64;
typedef __u16 __bitwise __sum16;
typedef __u32 __bitwise __wsum;
+/*
+ * aligned_u64 should be used in defining kernel<->userspace ABIs to avoid
+ * common 32/64-bit compat problems.
+ * 64-bit values align to 4-byte boundaries on x86_32 (and possibly other
+ * architectures) and to 8-byte boundaries on 64-bit architetures. The new
+ * aligned_64 type enforces 8-byte alignment so that structs containing
+ * aligned_64 values have the same alignment on 32-bit and 64-bit architectures.
+ * No conversions are necessary between 32-bit user-space and a 64-bit kernel.
+ */
+#define __aligned_u64 __u64 __attribute__((aligned(8)))
+#define __aligned_be64 __be64 __attribute__((aligned(8)))
+#define __aligned_le64 __le64 __attribute__((aligned(8)))
+
#endif /* __ASSEMBLY__ */
#endif /* _LINUX_TYPES_H */
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
deleted file mode 100644
index c40e0b4..0000000
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/* This file was manually copied from the Linux kernel source
- * and manually stripped from __KERNEL__ sections and unused functions.
- */
-
-/*
- * Definitions and Declarations for tuple.
- *
- * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp>
- * - generalize L3 protocol dependent part.
- *
- * Derived from include/linux/netfiter_ipv4/ip_conntrack_tuple.h
- */
-
-#ifndef _NF_CONNTRACK_TUPLE_H
-#define _NF_CONNTRACK_TUPLE_H
-
-#include <linux/netfilter/x_tables.h>
-#include <linux/netfilter/nf_conntrack_tuple_common.h>
-
-/* A `tuple' is a structure containing the information to uniquely
- identify a connection. ie. if two packets have the same tuple, they
- are in the same connection; if not, they are not.
-
- We divide the structure along "manipulatable" and
- "non-manipulatable" lines, for the benefit of the NAT code.
-*/
-
-#define NF_CT_TUPLE_L3SIZE ARRAY_SIZE(((union nf_inet_addr *)NULL)->all)
-
-/* The protocol-specific manipulable parts of the tuple: always in
- network order! */
-union nf_conntrack_man_proto
-{
- /* Add other protocols here. */
- __be16 all;
-
- struct {
- __be16 port;
- } tcp;
- struct {
- __be16 port;
- } udp;
- struct {
- __be16 id;
- } icmp;
- struct {
- __be16 port;
- } dccp;
- struct {
- __be16 port;
- } sctp;
- struct {
- __be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
- } gre;
-};
-
-/* The manipulable part of the tuple. */
-struct nf_conntrack_man
-{
- union nf_inet_addr u3;
- union nf_conntrack_man_proto u;
- /* Layer 3 protocol */
- u_int16_t l3num;
-};
-
-/* This contains the information to distinguish a connection. */
-struct nf_conntrack_tuple
-{
- struct nf_conntrack_man src;
-
- /* These are the parts of the tuple which are fixed. */
- struct {
- union nf_inet_addr u3;
- union {
- /* Add other protocols here. */
- __be16 all;
-
- struct {
- __be16 port;
- } tcp;
- struct {
- __be16 port;
- } udp;
- struct {
- u_int8_t type, code;
- } icmp;
- struct {
- __be16 port;
- } dccp;
- struct {
- __be16 port;
- } sctp;
- struct {
- __be16 key;
- } gre;
- } u;
-
- /* The protocol. */
- u_int8_t protonum;
-
- /* The direction (for tuplehash) */
- u_int8_t dir;
- } dst;
-};
-
-struct nf_conntrack_tuple_mask
-{
- struct {
- union nf_inet_addr u3;
- union nf_conntrack_man_proto u;
- } src;
-};
-
-#endif /* _NF_CONNTRACK_TUPLE_H */
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
deleted file mode 100644
index c3e2060..0000000
--- a/include/net/netfilter/nf_nat.h
+++ /dev/null
@@ -1,55 +0,0 @@
-#ifndef _NF_NAT_H
-#define _NF_NAT_H
-#include <linux/netfilter_ipv4.h>
-#include <net/netfilter/nf_conntrack_tuple.h>
-
-#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
-
-enum nf_nat_manip_type
-{
- IP_NAT_MANIP_SRC,
- IP_NAT_MANIP_DST
-};
-
-/* SRC manip occurs POST_ROUTING or LOCAL_IN */
-#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
- (hooknum) != NF_INET_LOCAL_IN)
-
-#define IP_NAT_RANGE_MAP_IPS 1
-#define IP_NAT_RANGE_PROTO_SPECIFIED 2
-#define IP_NAT_RANGE_PROTO_RANDOM 4
-#define IP_NAT_RANGE_PERSISTENT 8
-
-/* NAT sequence number modifications */
-struct nf_nat_seq {
- /* position of the last TCP sequence number modification (if any) */
- u_int32_t correction_pos;
-
- /* sequence number offset before and after last modification */
- int16_t offset_before, offset_after;
-};
-
-/* Single range specification. */
-struct nf_nat_range
-{
- /* Set to OR of flags above. */
- unsigned int flags;
-
- /* Inclusive: network order. */
- __be32 min_ip, max_ip;
-
- /* Inclusive: network order */
- union nf_conntrack_man_proto min, max;
-};
-
-/* For backwards compat: don't use in modern code. */
-struct nf_nat_multi_range_compat
-{
- unsigned int rangesize; /* Must be 1. */
-
- /* hangs off end. */
- struct nf_nat_range range[1];
-};
-
-#define nf_nat_multi_range nf_nat_multi_range_compat
-#endif
diff --git a/include/xtables-version.h.in b/include/xtables-version.h.in
new file mode 100644
index 0000000..cb13827
--- /dev/null
+++ b/include/xtables-version.h.in
@@ -0,0 +1,2 @@
+#define XTABLES_VERSION "libxtables.so.@libxtables_vmajor@"
+#define XTABLES_VERSION_CODE @libxtables_vmajor@
diff --git a/include/xtables.h b/include/xtables.h
new file mode 100644
index 0000000..0217267
--- /dev/null
+++ b/include/xtables.h
@@ -0,0 +1,564 @@
+#ifndef _XTABLES_H
+#define _XTABLES_H
+
+/*
+ * Changing any structs/functions may incur a needed change
+ * in libxtables_vcurrent/vage too.
+ */
+
+#include <sys/socket.h> /* PF_* */
+#include <sys/types.h>
+#include <limits.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <netinet/in.h>
+#include <net/if.h>
+#include <linux/types.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter/x_tables.h>
+
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
+#ifndef IPPROTO_MH
+# define IPPROTO_MH 135
+#endif
+#ifndef IPPROTO_UDPLITE
+#define IPPROTO_UDPLITE 136
+#endif
+
+#include <xtables-version.h>
+
+struct in_addr;
+
+/*
+ * .size is here so that there is a somewhat reasonable check
+ * against the chosen .type.
+ */
+#define XTOPT_POINTER(stype, member) \
+ .ptroff = offsetof(stype, member), \
+ .size = sizeof(((stype *)NULL)->member)
+#define XTOPT_TABLEEND {.name = NULL}
+
+/**
+ * Select the format the input has to conform to, as well as the target type
+ * (area pointed to with XTOPT_POINTER). Note that the storing is not always
+ * uniform. @cb->val will be populated with as much as there is space, i.e.
+ * exactly 2 items for ranges, but the target area can receive more values
+ * (e.g. in case of ranges), or less values (e.g. %XTTYPE_HOSTMASK).
+ *
+ * %XTTYPE_NONE: option takes no argument
+ * %XTTYPE_UINT*: standard integer
+ * %XTTYPE_UINT*RC: colon-separated range of standard integers
+ * %XTTYPE_DOUBLE: double-precision floating point number
+ * %XTTYPE_STRING: arbitrary string
+ * %XTTYPE_TOSMASK: 8-bit TOS value with optional mask
+ * %XTTYPE_MARKMASK32: 32-bit mark with optional mask
+ * %XTTYPE_SYSLOGLEVEL: syslog level by name or number
+ * %XTTYPE_HOST: one host or address (ptr: union nf_inet_addr)
+ * %XTTYPE_HOSTMASK: one host or address, with an optional prefix length
+ * (ptr: union nf_inet_addr; only host portion is stored)
+ * %XTTYPE_PROTOCOL: protocol number/name from /etc/protocols (ptr: uint8_t)
+ * %XTTYPE_PORT: 16-bit port name or number (supports %XTOPT_NBO)
+ * %XTTYPE_PORTRC: colon-separated port range (names acceptable),
+ * (supports %XTOPT_NBO)
+ * %XTTYPE_PLEN: prefix length
+ * %XTTYPE_PLENMASK: prefix length (ptr: union nf_inet_addr)
+ * %XTTYPE_ETHERMAC: Ethernet MAC address in hex form
+ */
+enum xt_option_type {
+ XTTYPE_NONE,
+ XTTYPE_UINT8,
+ XTTYPE_UINT16,
+ XTTYPE_UINT32,
+ XTTYPE_UINT64,
+ XTTYPE_UINT8RC,
+ XTTYPE_UINT16RC,
+ XTTYPE_UINT32RC,
+ XTTYPE_UINT64RC,
+ XTTYPE_DOUBLE,
+ XTTYPE_STRING,
+ XTTYPE_TOSMASK,
+ XTTYPE_MARKMASK32,
+ XTTYPE_SYSLOGLEVEL,
+ XTTYPE_HOST,
+ XTTYPE_HOSTMASK,
+ XTTYPE_PROTOCOL,
+ XTTYPE_PORT,
+ XTTYPE_PORTRC,
+ XTTYPE_PLEN,
+ XTTYPE_PLENMASK,
+ XTTYPE_ETHERMAC,
+};
+
+/**
+ * %XTOPT_INVERT: option is invertible (usable with !)
+ * %XTOPT_MAND: option is mandatory
+ * %XTOPT_MULTI: option may be specified multiple times
+ * %XTOPT_PUT: store value into memory at @ptroff
+ * %XTOPT_NBO: store value in network-byte order
+ * (only certain XTTYPEs recognize this)
+ */
+enum xt_option_flags {
+ XTOPT_INVERT = 1 << 0,
+ XTOPT_MAND = 1 << 1,
+ XTOPT_MULTI = 1 << 2,
+ XTOPT_PUT = 1 << 3,
+ XTOPT_NBO = 1 << 4,
+};
+
+/**
+ * @name: name of option
+ * @type: type of input and validation method, see %XTTYPE_*
+ * @id: unique number (within extension) for option, 0-31
+ * @excl: bitmask of flags that cannot be used with this option
+ * @also: bitmask of flags that must be used with this option
+ * @flags: bitmask of option flags, see %XTOPT_*
+ * @ptroff: offset into private structure for member
+ * @size: size of the item pointed to by @ptroff; this is a safeguard
+ * @min: lowest allowed value (for singular integral types)
+ * @max: highest allowed value (for singular integral types)
+ */
+struct xt_option_entry {
+ const char *name;
+ enum xt_option_type type;
+ unsigned int id, excl, also, flags;
+ unsigned int ptroff;
+ size_t size;
+ unsigned int min, max;
+};
+
+/**
+ * @arg: input from command line
+ * @ext_name: name of extension currently being processed
+ * @entry: current option being processed
+ * @data: per-extension kernel data block
+ * @xflags: options of the extension that have been used
+ * @invert: whether option was used with !
+ * @nvals: number of results in uXX_multi
+ * @val: parsed result
+ * @udata: per-extension private scratch area
+ * (cf. xtables_{match,target}->udata_size)
+ */
+struct xt_option_call {
+ const char *arg, *ext_name;
+ const struct xt_option_entry *entry;
+ void *data;
+ unsigned int xflags;
+ bool invert;
+ uint8_t nvals;
+ union {
+ uint8_t u8, u8_range[2], syslog_level, protocol;
+ uint16_t u16, u16_range[2], port, port_range[2];
+ uint32_t u32, u32_range[2];
+ uint64_t u64, u64_range[2];
+ double dbl;
+ struct {
+ union nf_inet_addr haddr, hmask;
+ uint8_t hlen;
+ };
+ struct {
+ uint8_t tos_value, tos_mask;
+ };
+ struct {
+ uint32_t mark, mask;
+ };
+ uint8_t ethermac[6];
+ } val;
+ /* Wished for a world where the ones below were gone: */
+ union {
+ struct xt_entry_match **match;
+ struct xt_entry_target **target;
+ };
+ void *xt_entry;
+ void *udata;
+};
+
+/**
+ * @ext_name: name of extension currently being processed
+ * @data: per-extension (kernel) data block
+ * @udata: per-extension private scratch area
+ * (cf. xtables_{match,target}->udata_size)
+ * @xflags: options of the extension that have been used
+ */
+struct xt_fcheck_call {
+ const char *ext_name;
+ void *data, *udata;
+ unsigned int xflags;
+};
+
+/**
+ * A "linear"/linked-list based name<->id map, for files similar to
+ * /etc/iproute2/.
+ */
+struct xtables_lmap {
+ char *name;
+ int id;
+ struct xtables_lmap *next;
+};
+
+enum xtables_ext_flags {
+ XTABLES_EXT_ALIAS = 1 << 0,
+};
+
+/* Include file for additions: new matches and targets. */
+struct xtables_match
+{
+ /*
+ * ABI/API version this module requires. Must be first member,
+ * as the rest of this struct may be subject to ABI changes.
+ */
+ const char *version;
+
+ struct xtables_match *next;
+
+ const char *name;
+ const char *real_name;
+
+ /* Revision of match (0 by default). */
+ u_int8_t revision;
+
+ /* Extension flags */
+ u_int8_t ext_flags;
+
+ u_int16_t family;
+
+ /* Size of match data. */
+ size_t size;
+
+ /* Size of match data relevant for userspace comparison purposes */
+ size_t userspacesize;
+
+ /* Function which prints out usage message. */
+ void (*help)(void);
+
+ /* Initialize the match. */
+ void (*init)(struct xt_entry_match *m);
+
+ /* Function which parses command options; returns true if it
+ ate an option */
+ /* entry is struct ipt_entry for example */
+ int (*parse)(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry,
+ struct xt_entry_match **match);
+
+ /* Final check; exit if not ok. */
+ void (*final_check)(unsigned int flags);
+
+ /* Prints out the match iff non-NULL: put space at end */
+ /* ip is struct ipt_ip * for example */
+ void (*print)(const void *ip,
+ const struct xt_entry_match *match, int numeric);
+
+ /* Saves the match info in parsable form to stdout. */
+ /* ip is struct ipt_ip * for example */
+ void (*save)(const void *ip, const struct xt_entry_match *match);
+
+ /* Print match name or alias */
+ const char *(*alias)(const struct xt_entry_match *match);
+
+ /* Pointer to list of extra command-line options */
+ const struct option *extra_opts;
+
+ /* New parser */
+ void (*x6_parse)(struct xt_option_call *);
+ void (*x6_fcheck)(struct xt_fcheck_call *);
+ const struct xt_option_entry *x6_options;
+
+ /* Size of per-extension instance extra "global" scratch space */
+ size_t udata_size;
+
+ /* Ignore these men behind the curtain: */
+ void *udata;
+ unsigned int option_offset;
+ struct xt_entry_match *m;
+ unsigned int mflags;
+ unsigned int loaded; /* simulate loading so options are merged properly */
+};
+
+struct xtables_target
+{
+ /*
+ * ABI/API version this module requires. Must be first member,
+ * as the rest of this struct may be subject to ABI changes.
+ */
+ const char *version;
+
+ struct xtables_target *next;
+
+
+ const char *name;
+
+ /* Real target behind this, if any. */
+ const char *real_name;
+
+ /* Revision of target (0 by default). */
+ u_int8_t revision;
+
+ /* Extension flags */
+ u_int8_t ext_flags;
+
+ u_int16_t family;
+
+
+ /* Size of target data. */
+ size_t size;
+
+ /* Size of target data relevant for userspace comparison purposes */
+ size_t userspacesize;
+
+ /* Function which prints out usage message. */
+ void (*help)(void);
+
+ /* Initialize the target. */
+ void (*init)(struct xt_entry_target *t);
+
+ /* Function which parses command options; returns true if it
+ ate an option */
+ /* entry is struct ipt_entry for example */
+ int (*parse)(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry,
+ struct xt_entry_target **targetinfo);
+
+ /* Final check; exit if not ok. */
+ void (*final_check)(unsigned int flags);
+
+ /* Prints out the target iff non-NULL: put space at end */
+ void (*print)(const void *ip,
+ const struct xt_entry_target *target, int numeric);
+
+ /* Saves the targinfo in parsable form to stdout. */
+ void (*save)(const void *ip,
+ const struct xt_entry_target *target);
+
+ /* Print target name or alias */
+ const char *(*alias)(const struct xt_entry_target *target);
+
+ /* Pointer to list of extra command-line options */
+ const struct option *extra_opts;
+
+ /* New parser */
+ void (*x6_parse)(struct xt_option_call *);
+ void (*x6_fcheck)(struct xt_fcheck_call *);
+ const struct xt_option_entry *x6_options;
+
+ size_t udata_size;
+
+ /* Ignore these men behind the curtain: */
+ void *udata;
+ unsigned int option_offset;
+ struct xt_entry_target *t;
+ unsigned int tflags;
+ unsigned int used;
+ unsigned int loaded; /* simulate loading so options are merged properly */
+};
+
+struct xtables_rule_match {
+ struct xtables_rule_match *next;
+ struct xtables_match *match;
+ /* Multiple matches of the same type: the ones before
+ the current one are completed from parsing point of view */
+ bool completed;
+};
+
+/**
+ * struct xtables_pprot -
+ *
+ * A few hardcoded protocols for 'all' and in case the user has no
+ * /etc/protocols.
+ */
+struct xtables_pprot {
+ const char *name;
+ u_int8_t num;
+};
+
+enum xtables_tryload {
+ XTF_DONT_LOAD,
+ XTF_DURING_LOAD,
+ XTF_TRY_LOAD,
+ XTF_LOAD_MUST_SUCCEED,
+};
+
+enum xtables_exittype {
+ OTHER_PROBLEM = 1,
+ PARAMETER_PROBLEM,
+ VERSION_PROBLEM,
+ RESOURCE_PROBLEM,
+ XTF_ONLY_ONCE,
+ XTF_NO_INVERT,
+ XTF_BAD_VALUE,
+ XTF_ONE_ACTION,
+};
+
+struct xtables_globals
+{
+ unsigned int option_offset;
+ const char *program_name, *program_version;
+ struct option *orig_opts;
+ struct option *opts;
+ void (*exit_err)(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
+};
+
+#define XT_GETOPT_TABLEEND {.name = NULL, .has_arg = false}
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern const char *xtables_modprobe_program;
+extern struct xtables_match *xtables_matches;
+extern struct xtables_target *xtables_targets;
+
+extern void xtables_init(void);
+extern void xtables_set_nfproto(uint8_t);
+extern void *xtables_calloc(size_t, size_t);
+extern void *xtables_malloc(size_t);
+extern void *xtables_realloc(void *, size_t);
+
+extern int xtables_insmod(const char *, const char *, bool);
+extern int xtables_load_ko(const char *, bool);
+extern int xtables_set_params(struct xtables_globals *xtp);
+extern void xtables_free_opts(int reset_offset);
+extern struct option *xtables_merge_options(struct option *origopts,
+ struct option *oldopts, const struct option *newopts,
+ unsigned int *option_offset);
+
+extern int xtables_init_all(struct xtables_globals *xtp, uint8_t nfproto);
+extern struct xtables_match *xtables_find_match(const char *name,
+ enum xtables_tryload, struct xtables_rule_match **match);
+extern struct xtables_target *xtables_find_target(const char *name,
+ enum xtables_tryload);
+
+extern void xtables_rule_matches_free(struct xtables_rule_match **matches);
+
+/* Your shared library should call one of these. */
+extern void xtables_register_match(struct xtables_match *me);
+extern void xtables_register_matches(struct xtables_match *, unsigned int);
+extern void xtables_register_target(struct xtables_target *me);
+extern void xtables_register_targets(struct xtables_target *, unsigned int);
+
+extern bool xtables_strtoul(const char *, char **, uintmax_t *,
+ uintmax_t, uintmax_t);
+extern bool xtables_strtoui(const char *, char **, unsigned int *,
+ unsigned int, unsigned int);
+extern int xtables_service_to_port(const char *name, const char *proto);
+extern u_int16_t xtables_parse_port(const char *port, const char *proto);
+extern void
+xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask);
+
+/* this is a special 64bit data type that is 8-byte aligned */
+#define aligned_u64 u_int64_t __attribute__((aligned(8)))
+
+extern struct xtables_globals *xt_params;
+#define xtables_error (xt_params->exit_err)
+
+extern void xtables_param_act(unsigned int, const char *, ...);
+
+extern const char *xtables_ipaddr_to_numeric(const struct in_addr *);
+extern const char *xtables_ipaddr_to_anyname(const struct in_addr *);
+extern const char *xtables_ipmask_to_numeric(const struct in_addr *);
+extern struct in_addr *xtables_numeric_to_ipaddr(const char *);
+extern struct in_addr *xtables_numeric_to_ipmask(const char *);
+extern int xtables_ipmask_to_cidr(const struct in_addr *);
+extern void xtables_ipparse_any(const char *, struct in_addr **,
+ struct in_addr *, unsigned int *);
+extern void xtables_ipparse_multiple(const char *, struct in_addr **,
+ struct in_addr **, unsigned int *);
+
+extern struct in6_addr *xtables_numeric_to_ip6addr(const char *);
+extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *);
+extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *);
+extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *);
+extern int xtables_ip6mask_to_cidr(const struct in6_addr *);
+extern void xtables_ip6parse_any(const char *, struct in6_addr **,
+ struct in6_addr *, unsigned int *);
+extern void xtables_ip6parse_multiple(const char *, struct in6_addr **,
+ struct in6_addr **, unsigned int *);
+
+/**
+ * Print the specified value to standard output, quoting dangerous
+ * characters if required.
+ */
+extern void xtables_save_string(const char *value);
+
+#define FMT_NUMERIC 0x0001
+#define FMT_NOCOUNTS 0x0002
+#define FMT_KILOMEGAGIGA 0x0004
+#define FMT_OPTIONS 0x0008
+#define FMT_NOTABLE 0x0010
+#define FMT_NOTARGET 0x0020
+#define FMT_VIA 0x0040
+#define FMT_NONEWLINE 0x0080
+#define FMT_LINENUMBERS 0x0100
+
+#define FMT_PRINT_RULE (FMT_NOCOUNTS | FMT_OPTIONS | FMT_VIA \
+ | FMT_NUMERIC | FMT_NOTABLE)
+#define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab))
+
+extern void xtables_print_num(uint64_t number, unsigned int format);
+
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+# ifdef _INIT
+# undef _init
+# define _init _INIT
+# endif
+ extern void init_extensions(void);
+ extern void init_extensions4(void);
+ extern void init_extensions6(void);
+#else
+# define _init __attribute__((constructor)) _INIT
+#endif
+
+extern const struct xtables_pprot xtables_chain_protos[];
+extern u_int16_t xtables_parse_protocol(const char *s);
+
+/* kernel revision handling */
+extern int kernel_version;
+extern void get_kernel_version(void);
+#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z)
+#define LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF)
+#define LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF)
+#define LINUX_VERSION_PATCH(x) ( (x) & 0xFF)
+
+/* xtoptions.c */
+extern void xtables_option_metavalidate(const char *,
+ const struct xt_option_entry *);
+extern struct option *xtables_options_xfrm(struct option *, struct option *,
+ const struct xt_option_entry *,
+ unsigned int *);
+extern void xtables_option_parse(struct xt_option_call *);
+extern void xtables_option_tpcall(unsigned int, char **, bool,
+ struct xtables_target *, void *);
+extern void xtables_option_mpcall(unsigned int, char **, bool,
+ struct xtables_match *, void *);
+extern void xtables_option_tfcall(struct xtables_target *);
+extern void xtables_option_mfcall(struct xtables_match *);
+extern void xtables_options_fcheck(const char *, unsigned int,
+ const struct xt_option_entry *);
+
+extern struct xtables_lmap *xtables_lmap_init(const char *);
+extern void xtables_lmap_free(struct xtables_lmap *);
+extern int xtables_lmap_name2id(const struct xtables_lmap *, const char *);
+extern const char *xtables_lmap_id2name(const struct xtables_lmap *, int);
+
+#ifdef XTABLES_INTERNAL
+
+/* Shipped modules rely on this... */
+
+# ifndef ARRAY_SIZE
+# define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
+# endif
+
+extern void _init(void);
+
+#endif
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* _XTABLES_H */
diff --git a/include/xtables.h.in b/include/xtables.h.in
deleted file mode 100644
index 2d7df32..0000000
--- a/include/xtables.h.in
+++ /dev/null
@@ -1,308 +0,0 @@
-#ifndef _XTABLES_H
-#define _XTABLES_H
-
-/*
- * Changing any structs/functions may incur a needed change
- * in libxtables_vcurrent/vage too.
- */
-
-#include <sys/socket.h> /* PF_* */
-#include <sys/types.h>
-#include <limits.h>
-#include <stdbool.h>
-#include <netinet/in.h>
-#include <net/if.h>
-#include <linux/types.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter/x_tables.h>
-
-#ifndef IPPROTO_SCTP
-#define IPPROTO_SCTP 132
-#endif
-#ifndef IPPROTO_DCCP
-#define IPPROTO_DCCP 33
-#endif
-#ifndef IPPROTO_MH
-# define IPPROTO_MH 135
-#endif
-#ifndef IPPROTO_UDPLITE
-#define IPPROTO_UDPLITE 136
-#endif
-
-#define XTABLES_VERSION "libxtables.so.@libxtables_vmajor@"
-#define XTABLES_VERSION_CODE @libxtables_vmajor@
-
-struct in_addr;
-
-/* Include file for additions: new matches and targets. */
-struct xtables_match
-{
- /*
- * ABI/API version this module requires. Must be first member,
- * as the rest of this struct may be subject to ABI changes.
- */
- const char *version;
-
- struct xtables_match *next;
-
- const char *name;
-
- /* Revision of match (0 by default). */
- u_int8_t revision;
-
- u_int16_t family;
-
- /* Size of match data. */
- size_t size;
-
- /* Size of match data relevent for userspace comparison purposes */
- size_t userspacesize;
-
- /* Function which prints out usage message. */
- void (*help)(void);
-
- /* Initialize the match. */
- void (*init)(struct xt_entry_match *m);
-
- /* Function which parses command options; returns true if it
- ate an option */
- /* entry is struct ipt_entry for example */
- int (*parse)(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- struct xt_entry_match **match);
-
- /* Final check; exit if not ok. */
- void (*final_check)(unsigned int flags);
-
- /* Prints out the match iff non-NULL: put space at end */
- /* ip is struct ipt_ip * for example */
- void (*print)(const void *ip,
- const struct xt_entry_match *match, int numeric);
-
- /* Saves the match info in parsable form to stdout. */
- /* ip is struct ipt_ip * for example */
- void (*save)(const void *ip, const struct xt_entry_match *match);
-
- /* Pointer to list of extra command-line options */
- const struct option *extra_opts;
-
- /* Ignore these men behind the curtain: */
- unsigned int option_offset;
- struct xt_entry_match *m;
- unsigned int mflags;
- unsigned int loaded; /* simulate loading so options are merged properly */
-};
-
-struct xtables_target
-{
- /*
- * ABI/API version this module requires. Must be first member,
- * as the rest of this struct may be subject to ABI changes.
- */
- const char *version;
-
- struct xtables_target *next;
-
-
- const char *name;
-
- /* Revision of target (0 by default). */
- u_int8_t revision;
-
- u_int16_t family;
-
-
- /* Size of target data. */
- size_t size;
-
- /* Size of target data relevent for userspace comparison purposes */
- size_t userspacesize;
-
- /* Function which prints out usage message. */
- void (*help)(void);
-
- /* Initialize the target. */
- void (*init)(struct xt_entry_target *t);
-
- /* Function which parses command options; returns true if it
- ate an option */
- /* entry is struct ipt_entry for example */
- int (*parse)(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- struct xt_entry_target **targetinfo);
-
- /* Final check; exit if not ok. */
- void (*final_check)(unsigned int flags);
-
- /* Prints out the target iff non-NULL: put space at end */
- void (*print)(const void *ip,
- const struct xt_entry_target *target, int numeric);
-
- /* Saves the targinfo in parsable form to stdout. */
- void (*save)(const void *ip,
- const struct xt_entry_target *target);
-
- /* Pointer to list of extra command-line options */
- const struct option *extra_opts;
-
- /* Ignore these men behind the curtain: */
- unsigned int option_offset;
- struct xt_entry_target *t;
- unsigned int tflags;
- unsigned int used;
- unsigned int loaded; /* simulate loading so options are merged properly */
-};
-
-struct xtables_rule_match {
- struct xtables_rule_match *next;
- struct xtables_match *match;
- /* Multiple matches of the same type: the ones before
- the current one are completed from parsing point of view */
- bool completed;
-};
-
-/**
- * struct xtables_pprot -
- *
- * A few hardcoded protocols for 'all' and in case the user has no
- * /etc/protocols.
- */
-struct xtables_pprot {
- const char *name;
- u_int8_t num;
-};
-
-enum xtables_tryload {
- XTF_DONT_LOAD,
- XTF_DURING_LOAD,
- XTF_TRY_LOAD,
- XTF_LOAD_MUST_SUCCEED,
-};
-
-enum xtables_exittype {
- OTHER_PROBLEM = 1,
- PARAMETER_PROBLEM,
- VERSION_PROBLEM,
- RESOURCE_PROBLEM,
- XTF_ONLY_ONCE,
- XTF_NO_INVERT,
- XTF_BAD_VALUE,
- XTF_ONE_ACTION,
-};
-
-struct xtables_globals
-{
- unsigned int option_offset;
- const char *program_name, *program_version;
- struct option *orig_opts;
- struct option *opts;
- void (*exit_err)(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
-};
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern const char *xtables_modprobe_program;
-extern struct xtables_match *xtables_matches;
-extern struct xtables_target *xtables_targets;
-
-extern void xtables_init(void);
-extern void xtables_set_nfproto(uint8_t);
-extern void *xtables_calloc(size_t, size_t);
-extern void *xtables_malloc(size_t);
-extern void *xtables_realloc(void *, size_t);
-
-extern int xtables_insmod(const char *, const char *, bool);
-extern int xtables_load_ko(const char *, bool);
-extern int xtables_set_params(struct xtables_globals *xtp);
-extern void xtables_free_opts(int reset_offset);
-extern struct option *xtables_merge_options(struct option *oldopts,
- const struct option *newopts, unsigned int *option_offset);
-
-extern int xtables_init_all(struct xtables_globals *xtp, uint8_t nfproto);
-extern struct xtables_match *xtables_find_match(const char *name,
- enum xtables_tryload, struct xtables_rule_match **match);
-extern struct xtables_target *xtables_find_target(const char *name,
- enum xtables_tryload);
-
-/* Your shared library should call one of these. */
-extern void xtables_register_match(struct xtables_match *me);
-extern void xtables_register_matches(struct xtables_match *, unsigned int);
-extern void xtables_register_target(struct xtables_target *me);
-extern void xtables_register_targets(struct xtables_target *, unsigned int);
-
-extern bool xtables_strtoul(const char *, char **, unsigned long *,
- unsigned long, unsigned long);
-extern bool xtables_strtoui(const char *, char **, unsigned int *,
- unsigned int, unsigned int);
-extern int xtables_service_to_port(const char *name, const char *proto);
-extern u_int16_t xtables_parse_port(const char *port, const char *proto);
-extern void
-xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask);
-
-/* this is a special 64bit data type that is 8-byte aligned */
-#define aligned_u64 u_int64_t __attribute__((aligned(8)))
-
-int xtables_check_inverse(const char option[], int *invert,
- int *my_optind, int argc, char **argv);
-extern struct xtables_globals *xt_params;
-#define xtables_error (xt_params->exit_err)
-
-extern void xtables_param_act(unsigned int, const char *, ...);
-
-extern const char *xtables_ipaddr_to_numeric(const struct in_addr *);
-extern const char *xtables_ipaddr_to_anyname(const struct in_addr *);
-extern const char *xtables_ipmask_to_numeric(const struct in_addr *);
-extern struct in_addr *xtables_numeric_to_ipaddr(const char *);
-extern struct in_addr *xtables_numeric_to_ipmask(const char *);
-extern void xtables_ipparse_any(const char *, struct in_addr **,
- struct in_addr *, unsigned int *);
-extern void xtables_ipparse_multiple(const char *, struct in_addr **,
- struct in_addr **, unsigned int *);
-
-extern struct in6_addr *xtables_numeric_to_ip6addr(const char *);
-extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *);
-extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *);
-extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *);
-extern void xtables_ip6parse_any(const char *, struct in6_addr **,
- struct in6_addr *, unsigned int *);
-extern void xtables_ip6parse_multiple(const char *, struct in6_addr **,
- struct in6_addr **, unsigned int *);
-
-/**
- * Print the specified value to standard output, quoting dangerous
- * characters if required.
- */
-extern void xtables_save_string(const char *value);
-
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
-# ifdef _INIT
-# undef _init
-# define _init _INIT
-# endif
- extern void init_extensions(void);
-#else
-# define _init __attribute__((constructor)) _INIT
-#endif
-
-extern const struct xtables_pprot xtables_chain_protos[];
-extern u_int16_t xtables_parse_protocol(const char *s);
-
-#ifdef XTABLES_INTERNAL
-
-/* Shipped modules rely on this... */
-
-# ifndef ARRAY_SIZE
-# define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
-# endif
-
-extern void _init(void);
-
-#endif
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* _XTABLES_H */
diff --git a/ip6tables-multi.c b/ip6tables-multi.c
deleted file mode 100644
index 671558c..0000000
--- a/ip6tables-multi.c
+++ /dev/null
@@ -1,45 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <libgen.h>
-
-int ip6tables_main(int argc, char **argv);
-int ip6tables_save_main(int argc, char **argv);
-int ip6tables_restore_main(int argc, char **argv);
-
-int main(int argc, char **argv)
-{
- char *progname;
-
- if (argc < 1) {
- fprintf(stderr, "ERROR: This should not happen.\n");
- exit(EXIT_FAILURE);
- }
-
- progname = basename(argv[0]);
- if (strcmp(progname, "ip6tables") == 0)
- return ip6tables_main(argc, argv);
- if (strcmp(progname, "ip6tables-save") == 0)
- return ip6tables_save_main(argc, argv);
- if (strcmp(progname, "ip6tables-restore") == 0)
- return ip6tables_restore_main(argc, argv);
-
- ++argv;
- --argc;
- if (argc < 1) {
- fprintf(stderr, "ERROR: No subcommand given.\n");
- exit(EXIT_FAILURE);
- }
-
- progname = basename(argv[0]);
- if (strcmp(progname, "main") == 0)
- return ip6tables_main(argc, argv);
- if (strcmp(progname, "save") == 0)
- return ip6tables_save_main(argc, argv);
- if (strcmp(progname, "restore") == 0)
- return ip6tables_restore_main(argc, argv);
-
- fprintf(stderr, "ip6tables multi-purpose version: "
- "unknown subcommand \"%s\"\n", progname);
- exit(EXIT_FAILURE);
-}
diff --git a/ip6tables-restore.8 b/ip6tables-restore.8
deleted file mode 100644
index 0264807..0000000
--- a/ip6tables-restore.8
+++ /dev/null
@@ -1,50 +0,0 @@
-.TH IP6TABLES-RESTORE 8 "Jan 30, 2002" "" ""
-.\"
-.\" Man page written by Harald Welte <laforge@gnumonks.org>
-.\" It is based on the iptables man page.
-.\"
-.\" This program is free software; you can redistribute it and/or modify
-.\" it under the terms of the GNU General Public License as published by
-.\" the Free Software Foundation; either version 2 of the License, or
-.\" (at your option) any later version.
-.\"
-.\" This program is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public License
-.\" along with this program; if not, write to the Free Software
-.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-.\"
-.\"
-.SH NAME
-ip6tables-restore \(em Restore IPv6 Tables
-.SH SYNOPSIS
-\fBip6tables\-restore\fP [\fB\-c\fP] [\fB\-n\fP]
-.SH DESCRIPTION
-.PP
-.B ip6tables-restore
-is used to restore IPv6 Tables from data specified on STDIN. Use
-I/O redirection provided by your shell to read from a file
-.TP
-\fB\-c\fR, \fB\-\-counters\fR
-restore the values of all packet and byte counters
-.TP
-\fB\-n\fR, \fB\-\-noflush\fR
-.TP
-don't flush the previous contents of the table. If not specified,
-.B ip6tables-restore
-flushes (deletes) all previous contents of the respective IPv6 Table.
-.SH BUGS
-None known as of iptables-1.2.1 release
-.SH AUTHORS
-Harald Welte <laforge@gnumonks.org>
-.br
-Andras Kis-Szabo <kisza@sch.bme.hu>
-.SH SEE ALSO
-\fBip6tables\-save\fP(8), \fBip6tables\fP(8)
-.PP
-The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO,
-which details NAT, and the netfilter-hacking-HOWTO which details the
-internals.
diff --git a/ip6tables-save.8 b/ip6tables-save.8
deleted file mode 100644
index 457be82..0000000
--- a/ip6tables-save.8
+++ /dev/null
@@ -1,53 +0,0 @@
-.TH IP6TABLES-SAVE 8 "Jan 30, 2002" "" ""
-.\"
-.\" Man page written by Harald Welte <laforge@gnumonks.org>
-.\" It is based on the iptables man page.
-.\"
-.\" This program is free software; you can redistribute it and/or modify
-.\" it under the terms of the GNU General Public License as published by
-.\" the Free Software Foundation; either version 2 of the License, or
-.\" (at your option) any later version.
-.\"
-.\" This program is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public License
-.\" along with this program; if not, write to the Free Software
-.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-.\"
-.\"
-.SH NAME
-ip6tables-save \(em dump iptables rules to stdout
-.SH SYNOPSIS
-\fBip6tables\-save\fP [\fB\-M\fP \fImodprobe\fP] [\fB\-c\fP]
-[\fB\-t\fP \fItable\fP
-.SH DESCRIPTION
-.PP
-.B ip6tables-save
-is used to dump the contents of an IPv6 Table in easily parseable format
-to STDOUT. Use I/O-redirection provided by your shell to write to a file.
-.TP
-\fB\-M\fP \fImodprobe_program\fP
-Specify the path to the modprobe program. By default, iptables-save will
-inspect /proc/sys/kernel/modprobe to determine the executable's path.
-.TP
-\fB\-c\fR, \fB\-\-counters\fR
-include the current values of all packet and byte counters in the output
-.TP
-\fB\-t\fR, \fB\-\-table\fR \fItablename\fP
-restrict output to only one table. If not specified, output includes all
-available tables.
-.SH BUGS
-None known as of iptables-1.2.1 release
-.SH AUTHORS
-Harald Welte <laforge@gnumonks.org>
-.br
-Andras Kis-Szabo <kisza@sch.bme.hu>
-.SH SEE ALSO
-\fBip6tables\-restore\fP(8), \fBip6tables\fP(8)
-.PP
-The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO,
-which details NAT, and the netfilter-hacking-HOWTO which details the
-internals.
diff --git a/ip6tables.8.in b/ip6tables.8.in
deleted file mode 100644
index 5688133..0000000
--- a/ip6tables.8.in
+++ /dev/null
@@ -1,421 +0,0 @@
-.TH IP6TABLES 8 "" "iptables 1.4.4" "iptables 1.4.4"
-.\"
-.\" Man page written by Andras Kis-Szabo <kisza@sch.bme.hu>
-.\" It is based on iptables man page.
-.\"
-.\" iptables page by Herve Eychenne <rv@wallfire.org>
-.\" It is based on ipchains man page.
-.\"
-.\" ipchains page by Paul ``Rusty'' Russell March 1997
-.\" Based on the original ipfwadm man page by Jos Vos <jos@xos.nl>
-.\"
-.\" This program is free software; you can redistribute it and/or modify
-.\" it under the terms of the GNU General Public License as published by
-.\" the Free Software Foundation; either version 2 of the License, or
-.\" (at your option) any later version.
-.\"
-.\" This program is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public License
-.\" along with this program; if not, write to the Free Software
-.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-.\"
-.\"
-.SH NAME
-ip6tables \(em IPv6 packet filter administration
-.SH SYNOPSIS
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-D\fP} \fIchain
-rule-specification\fP [\fIoptions...\fP]
-.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP \fIchain\fP [\fIrulenum\fP]
-\fIrule-specification\fP [\fIoptions...\fP]
-.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-R\fP \fIchain rulenum
-rule-specification\fP [\fIoptions...\fP]
-.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-D\fP \fIchain rulenum\fP
-[\fIoptions...\fP]
-.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP [\fIrulenum\fP]]
-.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-F\fP|\fB\-L\fP|\fB\-Z\fP}
-[\fIchain\fP [\fIrulenum\fP]] [\fIoptions...\fP]
-.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-N\fP \fIchain\fP
-.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-X\fP [\fIchain\fP]
-.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-P\fP \fIchain target\fP
-[\fIoptions...\fP]
-.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-E\fP \fIold-chain-name new-chain-name\fP
-.SH DESCRIPTION
-\fBIp6tables\fP is used to set up, maintain, and inspect the
-tables of IPv6 packet
-filter rules in the Linux kernel. Several different tables
-may be defined. Each table contains a number of built-in
-chains and may also contain user-defined chains.
-.PP
-Each chain is a list of rules which can match a set of packets. Each
-rule specifies what to do with a packet that matches. This is called
-a `target', which may be a jump to a user-defined chain in the same
-table.
-.SH TARGETS
-A firewall rule specifies criteria for a packet and a target. If the
-packet does not match, the next rule in the chain is the examined; if
-it does match, then the next rule is specified by the value of the
-target, which can be the name of a user-defined chain or one of the
-special values \fBACCEPT\fP, \fBDROP\fP, \fBQUEUE\fP or \fBRETURN\fP.
-.PP
-\fBACCEPT\fP means to let the packet through.
-\fBDROP\fP means to drop the packet on the floor.
-\fBQUEUE\fP means to pass the packet to userspace.
-(How the packet can be received
-by a userspace process differs by the particular queue handler. 2.4.x
-and 2.6.x kernels up to 2.6.13 include the \fBip_queue\fP
-queue handler. Kernels 2.6.14 and later additionally include the
-\fBnfnetlink_queue\fP queue handler. Packets with a target of QUEUE will be
-sent to queue number '0' in this case. Please also see the \fBNFQUEUE\fP
-target as described later in this man page.)
-\fBRETURN\fP means stop traversing this chain and resume at the next
-rule in the
-previous (calling) chain. If the end of a built-in chain is reached
-or a rule in a built-in chain with target \fBRETURN\fP
-is matched, the target specified by the chain policy determines the
-fate of the packet.
-.SH TABLES
-There are currently three independent tables (which tables are present
-at any time depends on the kernel configuration options and which
-modules are present).
-.TP
-\fB\-t\fP, \fB\-\-table\fP \fItable\fP
-This option specifies the packet matching table which the command
-should operate on. If the kernel is configured with automatic module
-loading, an attempt will be made to load the appropriate module for
-that table if it is not already there.
-
-The tables are as follows:
-.RS
-.TP .4i
-\fBfilter\fP:
-This is the default table (if no \-t option is passed). It contains
-the built-in chains \fBINPUT\fP (for packets destined to local sockets),
-\fBFORWARD\fP (for packets being routed through the box), and
-\fBOUTPUT\fP (for locally-generated packets).
-.TP
-\fBmangle\fP:
-This table is used for specialized packet alteration. Until kernel
-2.4.17 it had two built-in chains: \fBPREROUTING\fP
-(for altering incoming packets before routing) and \fBOUTPUT\fP
-(for altering locally-generated packets before routing).
-Since kernel 2.4.18, three other built-in chains are also supported:
-\fBINPUT\fP (for packets coming into the box itself), \fBFORWARD\fP
-(for altering packets being routed through the box), and \fBPOSTROUTING\fP
-(for altering packets as they are about to go out).
-.TP
-\fBraw\fP:
-This table is used mainly for configuring exemptions from connection
-tracking in combination with the NOTRACK target. It registers at the netfilter
-hooks with higher priority and is thus called before ip_conntrack, or any other
-IP tables. It provides the following built-in chains: \fBPREROUTING\fP
-(for packets arriving via any network interface) \fBOUTPUT\fP
-(for packets generated by local processes)
-.RE
-.SH OPTIONS
-The options that are recognized by
-\fBip6tables\fP can be divided into several different groups.
-.SS COMMANDS
-These options specify the specific action to perform. Only one of them
-can be specified on the command line unless otherwise specified
-below. For all the long versions of the command and option names, you
-need to use only enough letters to ensure that
-\fBip6tables\fP can differentiate it from all other options.
-.TP
-\fB\-A\fP, \fB\-\-append\fP \fIchain rule-specification\fP
-Append one or more rules to the end of the selected chain.
-When the source and/or destination names resolve to more than one
-address, a rule will be added for each possible address combination.
-.TP
-\fB\-D\fP, \fB\-\-delete\fP \fIchain rule-specification\fP
-.ns
-.TP
-\fB\-D\fP, \fB\-\-delete\fP \fIchain rulenum\fP
-Delete one or more rules from the selected chain. There are two
-versions of this command: the rule can be specified as a number in the
-chain (starting at 1 for the first rule) or a rule to match.
-.TP
-\fB\-I\fP, \fB\-\-insert\fP \fIchain\fP [\fIrulenum\fP] \fIrule-specification\fP
-Insert one or more rules in the selected chain as the given rule
-number. So, if the rule number is 1, the rule or rules are inserted
-at the head of the chain. This is also the default if no rule number
-is specified.
-.TP
-\fB\-R\fP, \fB\-\-replace\fP \fIchain rulenum rule-specification\fP
-Replace a rule in the selected chain. If the source and/or
-destination names resolve to multiple addresses, the command will
-fail. Rules are numbered starting at 1.
-.TP
-\fB\-L\fP, \fB\-\-list\fP [\fIchain\fP]
-List all rules in the selected chain. If no chain is selected, all
-chains are listed. Like every other ip6tables command, it applies to the
-specified table (filter is the default).
-.IP ""
-Please note that it is often used with the \fB\-n\fP
-option, in order to avoid long reverse DNS lookups.
-It is legal to specify the \fB\-Z\fP
-(zero) option as well, in which case the chain(s) will be atomically
-listed and zeroed. The exact output is affected by the other
-arguments given. The exact rules are suppressed until you use
-.nf
- ip6tables \-L \-v
-.fi
-.TP
-\fB\-S\fP, \fB\-\-list\-rules\fP [\fIchain\fP]
-Print all rules in the selected chain. If no chain is selected, all
-chains are printed like ip6tables-save. Like every other ip6tables command,
-it applies to the specified table (filter is the default).
-.TP
-\fB\-F\fP, \fB\-\-flush\fP [\fIchain\fP]
-Flush the selected chain (all the chains in the table if none is given).
-This is equivalent to deleting all the rules one by one.
-.TP
-\fB\-Z\fP, \fB\-\-zero\fP [\fIchain\fP [\fIrulenum\fP]]
-Zero the packet and byte counters in all chains, or only the given chain,
-or only the given rule in a chain. It is legal to
-specify the
-\fB\-L\fP, \fB\-\-list\fP
-(list) option as well, to see the counters immediately before they are
-cleared. (See above.)
-.TP
-\fB\-N\fP, \fB\-\-new\-chain\fP \fIchain\fP
-Create a new user-defined chain by the given name. There must be no
-target of that name already.
-.TP
-\fB\-X\fP, \fB\-\-delete\-chain\fP [\fIchain\fP]
-Delete the optional user-defined chain specified. There must be no references
-to the chain. If there are, you must delete or replace the referring rules
-before the chain can be deleted. The chain must be empty, i.e. not contain
-any rules. If no argument is given, it will attempt to delete every
-non-builtin chain in the table.
-.TP
-\fB\-P\fP, \fB\-\-policy\fP \fIchain target\fP
-Set the policy for the chain to the given target. See the section \fBTARGETS\fP
-for the legal targets. Only built-in (non-user-defined) chains can have
-policies, and neither built-in nor user-defined chains can be policy
-targets.
-.TP
-\fB\-E\fP, \fB\-\-rename\-chain\fP \fIold\-chain new\-chain\fP
-Rename the user specified chain to the user supplied name. This is
-cosmetic, and has no effect on the structure of the table.
-.TP
-\fB\-A\fP, \fB\-\-append\fP \fIchain rule-specification\fP
-Append one or more rules to the end of the selected chain.
-When the source and/or destination names resolve to more than one
-address, a rule will be added for each possible address combination.
-.TP
-\fB\-h\fP
-Help.
-Give a (currently very brief) description of the command syntax.
-.SS PARAMETERS
-The following parameters make up a rule specification (as used in the
-add, delete, insert, replace and append commands).
-.TP
-[\fB!\fP] \fB\-p\fP, \fB\-\-protocol\fP \fIprotocol\fP
-The protocol of the rule or of the packet to check.
-The specified protocol can be one of \fBtcp\fP, \fBudp\fP, \fBudplite\fP,
-\fBicmpv6\fP, \fBesp\fP, \fBmh\fP or \fBall\fP,
-or it can be a numeric value, representing one of these protocols or a
-different one. A protocol name from /etc/protocols is also allowed.
-But IPv6 extension headers except \fBesp\fP are not allowed.
-\fBesp\fP and \fBipv6\-nonext\fP
-can be used with Kernel version 2.6.11 or later.
-A "!" argument before the protocol inverts the
-test. The number zero is equivalent to \fBall\fP.
-Protocol \fBall\fP
-will match with all protocols and is taken as default when this
-option is omitted.
-.TP
-[\fB!\fP] \fB\-s\fP, \fB\-\-source\fP \fIaddress\fP[\fB/\fP\fImask\fP]
-Source specification.
-\fIAddress\fP can be either be a hostname,
-a network IP address (with \fB/\fP\fImask\fP), or a plain IP address.
-Names will be resolved once only, before the rule is submitted to the kernel.
-Please note that specifying any name to be resolved with a remote query such as
-DNS is a really bad idea.
-(Resolving network names is not supported at this time.)
-The \fImask\fP is a plain number,
-specifying the number of 1's at the left side of the network mask.
-A "!" argument before the address specification inverts the sense of
-the address. The flag \fB\-\-src\fP
-is an alias for this option.
-Multiple addresses can be specified, but this will \fBexpand to multiple
-rules\fP (when adding with \-A), or will cause multiple rules to be
-deleted (with \-D).
-.TP
-[\fB!\fP] \fB\-d\fP, \fB\-\-destination\fP \fIaddress\fP[\fB/\fP\fImask\fP]
-Destination specification.
-See the description of the \fB\-s\fP
-(source) flag for a detailed description of the syntax. The flag
-\fB\-\-dst\fP is an alias for this option.
-.TP
-\fB\-j\fP, \fB\-\-jump\fP \fItarget\fP
-This specifies the target of the rule; i.e., what to do if the packet
-matches it. The target can be a user-defined chain (other than the
-one this rule is in), one of the special builtin targets which decide
-the fate of the packet immediately, or an extension (see \fBEXTENSIONS\fP
-below). If this
-option is omitted in a rule (and \fB\-g\fP
-is not used), then matching the rule will have no
-effect on the packet's fate, but the counters on the rule will be
-incremented.
-.TP
-\fB\-g\fP, \fB\-\-goto\fP \fIchain\fP
-This specifies that the processing should continue in a user
-specified chain. Unlike the \-\-jump option return will not continue
-processing in this chain but instead in the chain that called us via
-\-\-jump.
-.TP
-[\fB!\fP] \fB\-i\fP, \fB\-\-in\-interface\fP \fIname\fP
-Name of an interface via which a packet was received (only for
-packets entering the \fBINPUT\fP, \fBFORWARD\fP and \fBPREROUTING\fP
-chains). When the "!" argument is used before the interface name, the
-sense is inverted. If the interface name ends in a "+", then any
-interface which begins with this name will match. If this option is
-omitted, any interface name will match.
-.TP
-[\fB!\fP] \fB\-o\fP, \fB\-\-out\-interface\fP \fIname\fP
-Name of an interface via which a packet is going to be sent (for packets
-entering the \fBFORWARD\fP, \fBOUTPUT\fP and \fBPOSTROUTING\fP
-chains). When the "!" argument is used before the interface name, the
-sense is inverted. If the interface name ends in a "+", then any
-interface which begins with this name will match. If this option is
-omitted, any interface name will match.
-.\" Currently not supported (header-based)
-.\" .TP
-.\" [\fB!\fP] \fB\-f\fP, \fB\-\-fragment\fP
-.\" This means that the rule only refers to second and further fragments
-.\" of fragmented packets. Since there is no way to tell the source or
-.\" destination ports of such a packet (or ICMP type), such a packet will
-.\" not match any rules which specify them. When the "!" argument
-.\" precedes the "\-f" flag, the rule will only match head fragments, or
-.\" unfragmented packets.
-.TP
-\fB\-c\fP, \fB\-\-set\-counters\fP \fIpackets bytes\fP
-This enables the administrator to initialize the packet and byte
-counters of a rule (during \fBINSERT\fP, \fBAPPEND\fP, \fBREPLACE\fP
-operations).
-.SS "OTHER OPTIONS"
-The following additional options can be specified:
-.TP
-\fB\-v\fP, \fB\-\-verbose\fP
-Verbose output. This option makes the list command show the interface
-name, the rule options (if any), and the TOS masks. The packet and
-byte counters are also listed, with the suffix 'K', 'M' or 'G' for
-1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see
-the \fB\-x\fP flag to change this).
-For appending, insertion, deletion and replacement, this causes
-detailed information on the rule or rules to be printed.
-.TP
-\fB\-n\fP, \fB\-\-numeric\fP
-Numeric output.
-IP addresses and port numbers will be printed in numeric format.
-By default, the program will try to display them as host names,
-network names, or services (whenever applicable).
-.TP
-\fB\-x\fP, \fB\-\-exact\fP
-Expand numbers.
-Display the exact value of the packet and byte counters,
-instead of only the rounded number in K's (multiples of 1000)
-M's (multiples of 1000K) or G's (multiples of 1000M). This option is
-only relevant for the \fB\-L\fP command.
-.TP
-\fB\-\-line\-numbers\fP
-When listing rules, add line numbers to the beginning of each rule,
-corresponding to that rule's position in the chain.
-.TP
-\fB\-\-modprobe=\fP\fIcommand\fP
-When adding or inserting rules into a chain, use \fIcommand\fP
-to load any necessary modules (targets, match extensions, etc).
-.SH MATCH EXTENSIONS
-ip6tables can use extended packet matching modules. These are loaded
-in two ways: implicitly, when \fB\-p\fP or \fB\-\-protocol\fP
-is specified, or with the \fB\-m\fP or \fB\-\-match\fP
-options, followed by the matching module name; after these, various
-extra command line options become available, depending on the specific
-module. You can specify multiple extended match modules in one line,
-and you can use the \fB\-h\fP or \fB\-\-help\fP
-options after the module has been specified to receive help specific
-to that module.
-.PP
-The following are included in the base package, and most of these can
-be preceded by a "\fB!\fP" to invert the sense of the match.
-.\" @MATCH@
-.SH TARGET EXTENSIONS
-ip6tables can use extended target modules: the following are included
-in the standard distribution.
-.\" @TARGET@
-.SH DIAGNOSTICS
-Various error messages are printed to standard error. The exit code
-is 0 for correct functioning. Errors which appear to be caused by
-invalid or abused command line parameters cause an exit code of 2, and
-other errors cause an exit code of 1.
-.SH BUGS
-Bugs? What's this? ;-)
-Well... the counters are not reliable on sparc64.
-.SH COMPATIBILITY WITH IPCHAINS
-This \fBip6tables\fP
-is very similar to ipchains by Rusty Russell. The main difference is
-that the chains \fBINPUT\fP and \fBOUTPUT\fP
-are only traversed for packets coming into the local host and
-originating from the local host respectively. Hence every packet only
-passes through one of the three chains (except loopback traffic, which
-involves both INPUT and OUTPUT chains); previously a forwarded packet
-would pass through all three.
-.PP
-The other main difference is that \fB\-i\fP refers to the input interface;
-\fB\-o\fP refers to the output interface, and both are available for packets
-entering the \fBFORWARD\fP chain.
-There are several other changes in ip6tables.
-.SH SEE ALSO
-\fBip6tables\-save\fP(8),
-\fBip6tables\-restore\fP(8),
-\fBiptables\fP(8),
-\fBiptables\-save\fP(8),
-\fBiptables\-restore\fP(8),
-\fBlibipq\fP(3).
-.PP
-The packet-filtering-HOWTO details iptables usage for
-packet filtering,
-the netfilter-extensions-HOWTO details the extensions that are
-not in the standard distribution,
-and the netfilter-hacking-HOWTO details the netfilter internals.
-.br
-See
-.BR "http://www.netfilter.org/" .
-.SH AUTHORS
-Rusty Russell wrote iptables, in early consultation with Michael
-Neuling.
-.PP
-Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet
-selection framework in iptables, then wrote the mangle table, the owner match,
-the mark stuff, and ran around doing cool stuff everywhere.
-.PP
-James Morris wrote the TOS target, and tos match.
-.PP
-Jozsef Kadlecsik wrote the REJECT target.
-.PP
-Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as TTL match+target and libipulog.
-.PP
-The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Yasuyuki Kozakai,
-Jozsef Kadlecsik, Patrick McHardy, James Morris, Pablo Neira Ayuso,
-Harald Welte and Rusty Russell.
-.PP
-ip6tables man page created by Andras Kis-Szabo, based on
-iptables man page written by Herve Eychenne <rv@wallfire.org>.
-.\" .. and did I mention that we are incredibly cool people?
-.\" .. sexy, too ..
-.\" .. witty, charming, powerful ..
-.\" .. and most of all, modest ..
diff --git a/iptables-multi.c b/iptables-multi.c
deleted file mode 100644
index 4dcc26d..0000000
--- a/iptables-multi.c
+++ /dev/null
@@ -1,50 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <libgen.h>
-
-int iptables_main(int argc, char **argv);
-int iptables_save_main(int argc, char **argv);
-int iptables_restore_main(int argc, char **argv);
-int iptables_xml_main(int argc, char **argv);
-
-int main(int argc, char **argv)
-{
- char *progname;
-
- if (argc < 1) {
- fprintf(stderr, "ERROR: This should not happen.\n");
- exit(EXIT_FAILURE);
- }
-
- progname = basename(argv[0]);
- if (strcmp(progname, "iptables") == 0)
- return iptables_main(argc, argv);
- if (strcmp(progname, "iptables-save") == 0)
- return iptables_save_main(argc, argv);
- if (strcmp(progname, "iptables-restore") == 0)
- return iptables_restore_main(argc, argv);
- if (strcmp(progname, "iptables-xml") == 0)
- return iptables_xml_main(argc, argv);
-
- ++argv;
- --argc;
- if (argc < 1) {
- fprintf(stderr, "ERROR: No subcommand given.\n");
- exit(EXIT_FAILURE);
- }
-
- progname = basename(argv[0]);
- if (strcmp(progname, "main") == 0)
- return iptables_main(argc, argv);
- if (strcmp(progname, "save") == 0)
- return iptables_save_main(argc, argv);
- if (strcmp(progname, "restore") == 0)
- return iptables_restore_main(argc, argv);
- if (strcmp(progname, "xml") == 0)
- return iptables_xml_main(argc, argv);
-
- fprintf(stderr, "iptables multi-purpose version: "
- "unknown subcommand \"%s\"\n", progname);
- exit(EXIT_FAILURE);
-}
diff --git a/iptables.manifest b/iptables.manifest
new file mode 100644
index 0000000..fe788fb
--- /dev/null
+++ b/iptables.manifest
@@ -0,0 +1,9 @@
+<manifest>
+ <request>
+ <domain name="_"/>
+ </request>
+ <assign>
+ <filesystem path="/usr/sbin/xtables-multi" label="_" exec_label="none"/>
+ <filesystem path="/usr/share/license/iptables" label="_"/>
+ </assign>
+</manifest>
diff --git a/iptables/.gitignore b/iptables/.gitignore
new file mode 100644
index 0000000..31baf7d
--- /dev/null
+++ b/iptables/.gitignore
@@ -0,0 +1,15 @@
+/ip6tables
+/ip6tables-save
+/ip6tables-restore
+/ip6tables-static
+/iptables
+/iptables.8
+/iptables-extensions.8
+/iptables-extensions.8.tmpl
+/iptables-save
+/iptables-restore
+/iptables-static
+/iptables-xml
+/xtables-multi
+
+/xtables.pc
diff --git a/iptables/Makefile.am b/iptables/Makefile.am
new file mode 100644
index 0000000..a4246eb
--- /dev/null
+++ b/iptables/Makefile.am
@@ -0,0 +1,54 @@
+# -*- Makefile -*-
+
+AM_CFLAGS = ${regular_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include ${kinclude_CPPFLAGS}
+
+xtables_multi_SOURCES = xtables-multi.c iptables-xml.c
+xtables_multi_CFLAGS = ${AM_CFLAGS}
+xtables_multi_LDADD = ../extensions/libext.a
+if ENABLE_STATIC
+xtables_multi_CFLAGS += -DALL_INCLUSIVE
+endif
+if ENABLE_IPV4
+xtables_multi_SOURCES += iptables-save.c iptables-restore.c \
+ iptables-standalone.c iptables.c
+xtables_multi_CFLAGS += -DENABLE_IPV4
+xtables_multi_LDADD += ../libiptc/libip4tc.la ../extensions/libext4.a
+endif
+if ENABLE_IPV6
+xtables_multi_SOURCES += ip6tables-save.c ip6tables-restore.c \
+ ip6tables-standalone.c ip6tables.c
+xtables_multi_CFLAGS += -DENABLE_IPV6
+xtables_multi_LDADD += ../libiptc/libip6tc.la ../extensions/libext6.a
+endif
+xtables_multi_SOURCES += xshared.c
+xtables_multi_LDADD += ../libxtables/libxtables.la -lm
+
+sbin_PROGRAMS = xtables-multi
+man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \
+ iptables-xml.1 ip6tables.8 ip6tables-restore.8 \
+ ip6tables-save.8 iptables-extensions.8
+CLEANFILES = iptables.8
+
+vx_bin_links = iptables-xml
+if ENABLE_IPV4
+v4_sbin_links = iptables iptables-restore iptables-save
+endif
+if ENABLE_IPV6
+v6_sbin_links = ip6tables ip6tables-restore ip6tables-save
+endif
+
+iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../extensions/targets.man
+ ${AM_VERBOSE_GEN} sed \
+ -e '/@MATCH@/ r ../extensions/matches.man' \
+ -e '/@TARGET@/ r ../extensions/targets.man' $< >$@;
+
+pkgconfig_DATA = xtables.pc
+
+# Using if..fi avoids an ugly "error (ignored)" message :)
+install-exec-hook:
+ -if test -z "${DESTDIR}"; then /sbin/ldconfig; fi;
+ ${INSTALL} -dm0755 "${DESTDIR}${bindir}";
+ for i in ${vx_bin_links}; do ${LN_S} -f "${sbindir}/xtables-multi" "${DESTDIR}${bindir}/$$i"; done;
+ for i in ${v4_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
+ for i in ${v6_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
diff --git a/iptables/Makefile.in b/iptables/Makefile.in
new file mode 100644
index 0000000..46c007c
--- /dev/null
+++ b/iptables/Makefile.in
@@ -0,0 +1,968 @@
+# Makefile.in generated by automake 1.11.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# -*- Makefile -*-
+
+
+VPATH = @srcdir@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@ENABLE_STATIC_TRUE@am__append_1 = -DALL_INCLUSIVE
+@ENABLE_IPV4_TRUE@am__append_2 = iptables-save.c iptables-restore.c \
+@ENABLE_IPV4_TRUE@ iptables-standalone.c iptables.c
+
+@ENABLE_IPV4_TRUE@am__append_3 = -DENABLE_IPV4
+@ENABLE_IPV4_TRUE@am__append_4 = ../libiptc/libip4tc.la ../extensions/libext4.a
+@ENABLE_IPV6_TRUE@am__append_5 = ip6tables-save.c ip6tables-restore.c \
+@ENABLE_IPV6_TRUE@ ip6tables-standalone.c ip6tables.c
+
+@ENABLE_IPV6_TRUE@am__append_6 = -DENABLE_IPV6
+@ENABLE_IPV6_TRUE@am__append_7 = ../libiptc/libip6tc.la ../extensions/libext6.a
+sbin_PROGRAMS = xtables-multi$(EXEEXT)
+subdir = iptables
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(srcdir)/iptables-apply.8.in \
+ $(srcdir)/iptables-extensions.8.tmpl.in \
+ $(srcdir)/iptables-restore.8.in $(srcdir)/iptables-save.8.in \
+ $(srcdir)/iptables-xml.1.in $(srcdir)/iptables.8.in \
+ $(srcdir)/xtables.pc.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_linker_flags.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = xtables.pc iptables.8 iptables-extensions.8.tmpl \
+ iptables-save.8 iptables-restore.8 iptables-apply.8 \
+ iptables-xml.1
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" \
+ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgconfigdir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am__xtables_multi_SOURCES_DIST = xtables-multi.c iptables-xml.c \
+ iptables-save.c iptables-restore.c iptables-standalone.c \
+ iptables.c ip6tables-save.c ip6tables-restore.c \
+ ip6tables-standalone.c ip6tables.c xshared.c
+@ENABLE_IPV4_TRUE@am__objects_1 = \
+@ENABLE_IPV4_TRUE@ xtables_multi-iptables-save.$(OBJEXT) \
+@ENABLE_IPV4_TRUE@ xtables_multi-iptables-restore.$(OBJEXT) \
+@ENABLE_IPV4_TRUE@ xtables_multi-iptables-standalone.$(OBJEXT) \
+@ENABLE_IPV4_TRUE@ xtables_multi-iptables.$(OBJEXT)
+@ENABLE_IPV6_TRUE@am__objects_2 = \
+@ENABLE_IPV6_TRUE@ xtables_multi-ip6tables-save.$(OBJEXT) \
+@ENABLE_IPV6_TRUE@ xtables_multi-ip6tables-restore.$(OBJEXT) \
+@ENABLE_IPV6_TRUE@ xtables_multi-ip6tables-standalone.$(OBJEXT) \
+@ENABLE_IPV6_TRUE@ xtables_multi-ip6tables.$(OBJEXT)
+am_xtables_multi_OBJECTS = xtables_multi-xtables-multi.$(OBJEXT) \
+ xtables_multi-iptables-xml.$(OBJEXT) $(am__objects_1) \
+ $(am__objects_2) xtables_multi-xshared.$(OBJEXT)
+xtables_multi_OBJECTS = $(am_xtables_multi_OBJECTS)
+xtables_multi_DEPENDENCIES = ../extensions/libext.a $(am__append_4) \
+ $(am__append_7) ../libxtables/libxtables.la
+xtables_multi_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(xtables_multi_CFLAGS) \
+ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(xtables_multi_SOURCES)
+DIST_SOURCES = $(am__xtables_multi_SOURCES_DIST)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+man1dir = $(mandir)/man1
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(pkgconfig_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+pkgdatadir = @pkgdatadir@
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CFLAGS += -fPIE
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LDFLAGS += -pie
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+blacklist_modules = @blacklist_modules@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+kbuilddir = @kbuilddir@
+kinclude_CPPFLAGS = @kinclude_CPPFLAGS@
+ksourcedir = @ksourcedir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libiptc_LDFLAGS2 = @libiptc_LDFLAGS2@
+libnetfilter_conntrack_CFLAGS = @libnetfilter_conntrack_CFLAGS@
+libnetfilter_conntrack_LIBS = @libnetfilter_conntrack_LIBS@
+libnfnetlink_CFLAGS = @libnfnetlink_CFLAGS@
+libnfnetlink_LIBS = @libnfnetlink_LIBS@
+libxtables_vage = @libxtables_vage@
+libxtables_vcurrent = @libxtables_vcurrent@
+libxtables_vmajor = @libxtables_vmajor@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+noundef_LDFLAGS = @noundef_LDFLAGS@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+pkgconfigdir = @pkgconfigdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+regular_CFLAGS = @regular_CFLAGS@
+regular_CPPFLAGS = @regular_CPPFLAGS@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+xtlibdir = @xtlibdir@
+AM_CFLAGS = ${regular_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include ${kinclude_CPPFLAGS}
+xtables_multi_SOURCES = xtables-multi.c iptables-xml.c $(am__append_2) \
+ $(am__append_5) xshared.c
+xtables_multi_CFLAGS = ${AM_CFLAGS} $(am__append_1) $(am__append_3) \
+ $(am__append_6)
+xtables_multi_LDADD = ../extensions/libext.a $(am__append_4) \
+ $(am__append_7) ../libxtables/libxtables.la -lm
+man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \
+ iptables-xml.1 ip6tables.8 ip6tables-restore.8 \
+ ip6tables-save.8 iptables-extensions.8
+
+CLEANFILES = iptables.8
+vx_bin_links = iptables-xml
+@ENABLE_IPV4_TRUE@v4_sbin_links = iptables iptables-restore iptables-save
+@ENABLE_IPV6_TRUE@v6_sbin_links = ip6tables ip6tables-restore ip6tables-save
+pkgconfig_DATA = xtables.pc
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu iptables/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu iptables/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+xtables.pc: $(top_builddir)/config.status $(srcdir)/xtables.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+iptables.8: $(top_builddir)/config.status $(srcdir)/iptables.8.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+iptables-extensions.8.tmpl: $(top_builddir)/config.status $(srcdir)/iptables-extensions.8.tmpl.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+iptables-save.8: $(top_builddir)/config.status $(srcdir)/iptables-save.8.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+iptables-restore.8: $(top_builddir)/config.status $(srcdir)/iptables-restore.8.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+iptables-apply.8: $(top_builddir)/config.status $(srcdir)/iptables-apply.8.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+iptables-xml.1: $(top_builddir)/config.status $(srcdir)/iptables-xml.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+xtables-multi$(EXEEXT): $(xtables_multi_OBJECTS) $(xtables_multi_DEPENDENCIES) $(EXTRA_xtables_multi_DEPENDENCIES)
+ @rm -f xtables-multi$(EXEEXT)
+ $(xtables_multi_LINK) $(xtables_multi_OBJECTS) $(xtables_multi_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_multi-ip6tables-restore.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_multi-ip6tables-save.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_multi-ip6tables-standalone.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_multi-ip6tables.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_multi-iptables-restore.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_multi-iptables-save.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_multi-iptables-standalone.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_multi-iptables-xml.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_multi-iptables.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_multi-xshared.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_multi-xtables-multi.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+xtables_multi-xtables-multi.o: xtables-multi.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-xtables-multi.o -MD -MP -MF $(DEPDIR)/xtables_multi-xtables-multi.Tpo -c -o xtables_multi-xtables-multi.o `test -f 'xtables-multi.c' || echo '$(srcdir)/'`xtables-multi.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-xtables-multi.Tpo $(DEPDIR)/xtables_multi-xtables-multi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xtables-multi.c' object='xtables_multi-xtables-multi.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-xtables-multi.o `test -f 'xtables-multi.c' || echo '$(srcdir)/'`xtables-multi.c
+
+xtables_multi-xtables-multi.obj: xtables-multi.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-xtables-multi.obj -MD -MP -MF $(DEPDIR)/xtables_multi-xtables-multi.Tpo -c -o xtables_multi-xtables-multi.obj `if test -f 'xtables-multi.c'; then $(CYGPATH_W) 'xtables-multi.c'; else $(CYGPATH_W) '$(srcdir)/xtables-multi.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-xtables-multi.Tpo $(DEPDIR)/xtables_multi-xtables-multi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xtables-multi.c' object='xtables_multi-xtables-multi.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-xtables-multi.obj `if test -f 'xtables-multi.c'; then $(CYGPATH_W) 'xtables-multi.c'; else $(CYGPATH_W) '$(srcdir)/xtables-multi.c'; fi`
+
+xtables_multi-iptables-xml.o: iptables-xml.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-iptables-xml.o -MD -MP -MF $(DEPDIR)/xtables_multi-iptables-xml.Tpo -c -o xtables_multi-iptables-xml.o `test -f 'iptables-xml.c' || echo '$(srcdir)/'`iptables-xml.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-iptables-xml.Tpo $(DEPDIR)/xtables_multi-iptables-xml.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-xml.c' object='xtables_multi-iptables-xml.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-iptables-xml.o `test -f 'iptables-xml.c' || echo '$(srcdir)/'`iptables-xml.c
+
+xtables_multi-iptables-xml.obj: iptables-xml.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-iptables-xml.obj -MD -MP -MF $(DEPDIR)/xtables_multi-iptables-xml.Tpo -c -o xtables_multi-iptables-xml.obj `if test -f 'iptables-xml.c'; then $(CYGPATH_W) 'iptables-xml.c'; else $(CYGPATH_W) '$(srcdir)/iptables-xml.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-iptables-xml.Tpo $(DEPDIR)/xtables_multi-iptables-xml.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-xml.c' object='xtables_multi-iptables-xml.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-iptables-xml.obj `if test -f 'iptables-xml.c'; then $(CYGPATH_W) 'iptables-xml.c'; else $(CYGPATH_W) '$(srcdir)/iptables-xml.c'; fi`
+
+xtables_multi-iptables-save.o: iptables-save.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-iptables-save.o -MD -MP -MF $(DEPDIR)/xtables_multi-iptables-save.Tpo -c -o xtables_multi-iptables-save.o `test -f 'iptables-save.c' || echo '$(srcdir)/'`iptables-save.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-iptables-save.Tpo $(DEPDIR)/xtables_multi-iptables-save.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-save.c' object='xtables_multi-iptables-save.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-iptables-save.o `test -f 'iptables-save.c' || echo '$(srcdir)/'`iptables-save.c
+
+xtables_multi-iptables-save.obj: iptables-save.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-iptables-save.obj -MD -MP -MF $(DEPDIR)/xtables_multi-iptables-save.Tpo -c -o xtables_multi-iptables-save.obj `if test -f 'iptables-save.c'; then $(CYGPATH_W) 'iptables-save.c'; else $(CYGPATH_W) '$(srcdir)/iptables-save.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-iptables-save.Tpo $(DEPDIR)/xtables_multi-iptables-save.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-save.c' object='xtables_multi-iptables-save.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-iptables-save.obj `if test -f 'iptables-save.c'; then $(CYGPATH_W) 'iptables-save.c'; else $(CYGPATH_W) '$(srcdir)/iptables-save.c'; fi`
+
+xtables_multi-iptables-restore.o: iptables-restore.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-iptables-restore.o -MD -MP -MF $(DEPDIR)/xtables_multi-iptables-restore.Tpo -c -o xtables_multi-iptables-restore.o `test -f 'iptables-restore.c' || echo '$(srcdir)/'`iptables-restore.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-iptables-restore.Tpo $(DEPDIR)/xtables_multi-iptables-restore.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-restore.c' object='xtables_multi-iptables-restore.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-iptables-restore.o `test -f 'iptables-restore.c' || echo '$(srcdir)/'`iptables-restore.c
+
+xtables_multi-iptables-restore.obj: iptables-restore.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-iptables-restore.obj -MD -MP -MF $(DEPDIR)/xtables_multi-iptables-restore.Tpo -c -o xtables_multi-iptables-restore.obj `if test -f 'iptables-restore.c'; then $(CYGPATH_W) 'iptables-restore.c'; else $(CYGPATH_W) '$(srcdir)/iptables-restore.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-iptables-restore.Tpo $(DEPDIR)/xtables_multi-iptables-restore.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-restore.c' object='xtables_multi-iptables-restore.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-iptables-restore.obj `if test -f 'iptables-restore.c'; then $(CYGPATH_W) 'iptables-restore.c'; else $(CYGPATH_W) '$(srcdir)/iptables-restore.c'; fi`
+
+xtables_multi-iptables-standalone.o: iptables-standalone.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-iptables-standalone.o -MD -MP -MF $(DEPDIR)/xtables_multi-iptables-standalone.Tpo -c -o xtables_multi-iptables-standalone.o `test -f 'iptables-standalone.c' || echo '$(srcdir)/'`iptables-standalone.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-iptables-standalone.Tpo $(DEPDIR)/xtables_multi-iptables-standalone.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-standalone.c' object='xtables_multi-iptables-standalone.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-iptables-standalone.o `test -f 'iptables-standalone.c' || echo '$(srcdir)/'`iptables-standalone.c
+
+xtables_multi-iptables-standalone.obj: iptables-standalone.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-iptables-standalone.obj -MD -MP -MF $(DEPDIR)/xtables_multi-iptables-standalone.Tpo -c -o xtables_multi-iptables-standalone.obj `if test -f 'iptables-standalone.c'; then $(CYGPATH_W) 'iptables-standalone.c'; else $(CYGPATH_W) '$(srcdir)/iptables-standalone.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-iptables-standalone.Tpo $(DEPDIR)/xtables_multi-iptables-standalone.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables-standalone.c' object='xtables_multi-iptables-standalone.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-iptables-standalone.obj `if test -f 'iptables-standalone.c'; then $(CYGPATH_W) 'iptables-standalone.c'; else $(CYGPATH_W) '$(srcdir)/iptables-standalone.c'; fi`
+
+xtables_multi-iptables.o: iptables.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-iptables.o -MD -MP -MF $(DEPDIR)/xtables_multi-iptables.Tpo -c -o xtables_multi-iptables.o `test -f 'iptables.c' || echo '$(srcdir)/'`iptables.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-iptables.Tpo $(DEPDIR)/xtables_multi-iptables.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables.c' object='xtables_multi-iptables.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-iptables.o `test -f 'iptables.c' || echo '$(srcdir)/'`iptables.c
+
+xtables_multi-iptables.obj: iptables.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-iptables.obj -MD -MP -MF $(DEPDIR)/xtables_multi-iptables.Tpo -c -o xtables_multi-iptables.obj `if test -f 'iptables.c'; then $(CYGPATH_W) 'iptables.c'; else $(CYGPATH_W) '$(srcdir)/iptables.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-iptables.Tpo $(DEPDIR)/xtables_multi-iptables.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iptables.c' object='xtables_multi-iptables.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-iptables.obj `if test -f 'iptables.c'; then $(CYGPATH_W) 'iptables.c'; else $(CYGPATH_W) '$(srcdir)/iptables.c'; fi`
+
+xtables_multi-ip6tables-save.o: ip6tables-save.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-ip6tables-save.o -MD -MP -MF $(DEPDIR)/xtables_multi-ip6tables-save.Tpo -c -o xtables_multi-ip6tables-save.o `test -f 'ip6tables-save.c' || echo '$(srcdir)/'`ip6tables-save.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-ip6tables-save.Tpo $(DEPDIR)/xtables_multi-ip6tables-save.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-save.c' object='xtables_multi-ip6tables-save.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-ip6tables-save.o `test -f 'ip6tables-save.c' || echo '$(srcdir)/'`ip6tables-save.c
+
+xtables_multi-ip6tables-save.obj: ip6tables-save.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-ip6tables-save.obj -MD -MP -MF $(DEPDIR)/xtables_multi-ip6tables-save.Tpo -c -o xtables_multi-ip6tables-save.obj `if test -f 'ip6tables-save.c'; then $(CYGPATH_W) 'ip6tables-save.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-save.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-ip6tables-save.Tpo $(DEPDIR)/xtables_multi-ip6tables-save.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-save.c' object='xtables_multi-ip6tables-save.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-ip6tables-save.obj `if test -f 'ip6tables-save.c'; then $(CYGPATH_W) 'ip6tables-save.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-save.c'; fi`
+
+xtables_multi-ip6tables-restore.o: ip6tables-restore.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-ip6tables-restore.o -MD -MP -MF $(DEPDIR)/xtables_multi-ip6tables-restore.Tpo -c -o xtables_multi-ip6tables-restore.o `test -f 'ip6tables-restore.c' || echo '$(srcdir)/'`ip6tables-restore.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-ip6tables-restore.Tpo $(DEPDIR)/xtables_multi-ip6tables-restore.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-restore.c' object='xtables_multi-ip6tables-restore.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-ip6tables-restore.o `test -f 'ip6tables-restore.c' || echo '$(srcdir)/'`ip6tables-restore.c
+
+xtables_multi-ip6tables-restore.obj: ip6tables-restore.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-ip6tables-restore.obj -MD -MP -MF $(DEPDIR)/xtables_multi-ip6tables-restore.Tpo -c -o xtables_multi-ip6tables-restore.obj `if test -f 'ip6tables-restore.c'; then $(CYGPATH_W) 'ip6tables-restore.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-restore.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-ip6tables-restore.Tpo $(DEPDIR)/xtables_multi-ip6tables-restore.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-restore.c' object='xtables_multi-ip6tables-restore.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-ip6tables-restore.obj `if test -f 'ip6tables-restore.c'; then $(CYGPATH_W) 'ip6tables-restore.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-restore.c'; fi`
+
+xtables_multi-ip6tables-standalone.o: ip6tables-standalone.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-ip6tables-standalone.o -MD -MP -MF $(DEPDIR)/xtables_multi-ip6tables-standalone.Tpo -c -o xtables_multi-ip6tables-standalone.o `test -f 'ip6tables-standalone.c' || echo '$(srcdir)/'`ip6tables-standalone.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-ip6tables-standalone.Tpo $(DEPDIR)/xtables_multi-ip6tables-standalone.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-standalone.c' object='xtables_multi-ip6tables-standalone.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-ip6tables-standalone.o `test -f 'ip6tables-standalone.c' || echo '$(srcdir)/'`ip6tables-standalone.c
+
+xtables_multi-ip6tables-standalone.obj: ip6tables-standalone.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-ip6tables-standalone.obj -MD -MP -MF $(DEPDIR)/xtables_multi-ip6tables-standalone.Tpo -c -o xtables_multi-ip6tables-standalone.obj `if test -f 'ip6tables-standalone.c'; then $(CYGPATH_W) 'ip6tables-standalone.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-standalone.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-ip6tables-standalone.Tpo $(DEPDIR)/xtables_multi-ip6tables-standalone.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables-standalone.c' object='xtables_multi-ip6tables-standalone.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-ip6tables-standalone.obj `if test -f 'ip6tables-standalone.c'; then $(CYGPATH_W) 'ip6tables-standalone.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables-standalone.c'; fi`
+
+xtables_multi-ip6tables.o: ip6tables.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-ip6tables.o -MD -MP -MF $(DEPDIR)/xtables_multi-ip6tables.Tpo -c -o xtables_multi-ip6tables.o `test -f 'ip6tables.c' || echo '$(srcdir)/'`ip6tables.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-ip6tables.Tpo $(DEPDIR)/xtables_multi-ip6tables.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables.c' object='xtables_multi-ip6tables.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-ip6tables.o `test -f 'ip6tables.c' || echo '$(srcdir)/'`ip6tables.c
+
+xtables_multi-ip6tables.obj: ip6tables.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-ip6tables.obj -MD -MP -MF $(DEPDIR)/xtables_multi-ip6tables.Tpo -c -o xtables_multi-ip6tables.obj `if test -f 'ip6tables.c'; then $(CYGPATH_W) 'ip6tables.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-ip6tables.Tpo $(DEPDIR)/xtables_multi-ip6tables.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ip6tables.c' object='xtables_multi-ip6tables.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-ip6tables.obj `if test -f 'ip6tables.c'; then $(CYGPATH_W) 'ip6tables.c'; else $(CYGPATH_W) '$(srcdir)/ip6tables.c'; fi`
+
+xtables_multi-xshared.o: xshared.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-xshared.o -MD -MP -MF $(DEPDIR)/xtables_multi-xshared.Tpo -c -o xtables_multi-xshared.o `test -f 'xshared.c' || echo '$(srcdir)/'`xshared.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-xshared.Tpo $(DEPDIR)/xtables_multi-xshared.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xshared.c' object='xtables_multi-xshared.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-xshared.o `test -f 'xshared.c' || echo '$(srcdir)/'`xshared.c
+
+xtables_multi-xshared.obj: xshared.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -MT xtables_multi-xshared.obj -MD -MP -MF $(DEPDIR)/xtables_multi-xshared.Tpo -c -o xtables_multi-xshared.obj `if test -f 'xshared.c'; then $(CYGPATH_W) 'xshared.c'; else $(CYGPATH_W) '$(srcdir)/xshared.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/xtables_multi-xshared.Tpo $(DEPDIR)/xtables_multi-xshared.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xshared.c' object='xtables_multi-xshared.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_multi_CFLAGS) $(CFLAGS) -c -o xtables_multi-xshared.obj `if test -f 'xshared.c'; then $(CYGPATH_W) 'xshared.c'; else $(CYGPATH_W) '$(srcdir)/xshared.c'; fi`
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man1dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.1[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man1dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.1[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir)
+install-man8: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man8dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.8[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man8dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.8[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
+install-pkgconfigDATA: $(pkgconfig_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \
+ done
+
+uninstall-pkgconfigDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir)
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @list='$(MANS)'; if test -n "$$list"; then \
+ list=`for p in $$list; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+ if test -n "$$list" && \
+ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
+ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+ echo " typically \`make maintainer-clean' will remove them" >&2; \
+ exit 1; \
+ else :; fi; \
+ else :; fi
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgconfigdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-pkgconfigDATA
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man1 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-pkgconfigDATA \
+ uninstall-sbinPROGRAMS
+
+uninstall-man: uninstall-man1 uninstall-man8
+
+.MAKE: install-am install-exec-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-sbinPROGRAMS ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-man install-man1 install-man8 install-pdf \
+ install-pdf-am install-pkgconfigDATA install-ps install-ps-am \
+ install-sbinPROGRAMS install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-man uninstall-man1 \
+ uninstall-man8 uninstall-pkgconfigDATA uninstall-sbinPROGRAMS
+
+
+iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../extensions/targets.man
+ ${AM_VERBOSE_GEN} sed \
+ -e '/@MATCH@/ r ../extensions/matches.man' \
+ -e '/@TARGET@/ r ../extensions/targets.man' $< >$@;
+
+# Using if..fi avoids an ugly "error (ignored)" message :)
+install-exec-hook:
+ -if test -z "${DESTDIR}"; then /sbin/ldconfig; fi;
+ ${INSTALL} -dm0755 "${DESTDIR}${bindir}";
+ for i in ${vx_bin_links}; do ${LN_S} -f "${sbindir}/xtables-multi" "${DESTDIR}${bindir}/$$i"; done;
+ for i in ${v4_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
+ for i in ${v6_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/ip6tables-multi.h b/iptables/ip6tables-multi.h
index 551029a..551029a 100644
--- a/ip6tables-multi.h
+++ b/iptables/ip6tables-multi.h
diff --git a/iptables/ip6tables-restore.8 b/iptables/ip6tables-restore.8
new file mode 100644
index 0000000..cf4ea3e
--- /dev/null
+++ b/iptables/ip6tables-restore.8
@@ -0,0 +1 @@
+.so man8/iptables-restore.8
diff --git a/ip6tables-restore.c b/iptables/ip6tables-restore.c
index 008566c..b8b9e0d 100644
--- a/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -6,8 +6,6 @@
* Harald Welte <laforge@gnumonks.org>
* Rusty Russell <rusty@linuxcare.com.au>
* This code is distributed under the terms of GNU GPL v2
- *
- * $Id$
*/
#include <getopt.h>
@@ -38,6 +36,7 @@ static const struct option options[] = {
{.name = "help", .has_arg = false, .val = 'h'},
{.name = "noflush", .has_arg = false, .val = 'n'},
{.name = "modprobe", .has_arg = true, .val = 'M'},
+ {.name = "table", .has_arg = true, .val = 'T'},
{NULL},
};
@@ -57,9 +56,9 @@ static void print_usage(const char *name, const char *version)
exit(1);
}
-static struct ip6tc_handle *create_handle(const char *tablename)
+static struct xtc_handle *create_handle(const char *tablename)
{
- struct ip6tc_handle *handle;
+ struct xtc_handle *handle;
handle = ip6tc_init(tablename);
@@ -78,14 +77,12 @@ static struct ip6tc_handle *create_handle(const char *tablename)
return handle;
}
-static int parse_counters(char *string, struct ip6t_counters *ctr)
+static int parse_counters(char *string, struct xt_counters *ctr)
{
unsigned long long pcnt, bcnt;
int ret;
- ret = sscanf(string, "[%llu:%llu]",
- (unsigned long long *)&pcnt,
- (unsigned long long *)&bcnt);
+ ret = sscanf(string, "[%llu:%llu]", &pcnt, &bcnt);
ctr->pcnt = pcnt;
ctr->bcnt = bcnt;
return ret == 2;
@@ -101,10 +98,13 @@ static int add_argv(char *what) {
DEBUGP("add_argv: %s\n", what);
if (what && newargc + 1 < ARRAY_SIZE(newargv)) {
newargv[newargc] = strdup(what);
- newargc++;
+ newargv[++newargc] = NULL;
return 1;
- } else
+ } else {
+ xtables_error(PARAMETER_PROBLEM,
+ "Parser cannot handle more arguments\n");
return 0;
+ }
}
static void free_argv(void) {
@@ -114,18 +114,80 @@ static void free_argv(void) {
free(newargv[i]);
}
-#ifdef IPTABLES_MULTI
+static void add_param_to_argv(char *parsestart)
+{
+ int quote_open = 0, escaped = 0, param_len = 0;
+ char param_buffer[1024], *curchar;
+
+ /* After fighting with strtok enough, here's now
+ * a 'real' parser. According to Rusty I'm now no
+ * longer a real hacker, but I can live with that */
+
+ for (curchar = parsestart; *curchar; curchar++) {
+ if (quote_open) {
+ if (escaped) {
+ param_buffer[param_len++] = *curchar;
+ escaped = 0;
+ continue;
+ } else if (*curchar == '\\') {
+ escaped = 1;
+ continue;
+ } else if (*curchar == '"') {
+ quote_open = 0;
+ *curchar = ' ';
+ } else {
+ param_buffer[param_len++] = *curchar;
+ continue;
+ }
+ } else {
+ if (*curchar == '"') {
+ quote_open = 1;
+ continue;
+ }
+ }
+
+ if (*curchar == ' '
+ || *curchar == '\t'
+ || * curchar == '\n') {
+ if (!param_len) {
+ /* two spaces? */
+ continue;
+ }
+
+ param_buffer[param_len] = '\0';
+
+ /* check if table name specified */
+ if (!strncmp(param_buffer, "-t", 2)
+ || !strncmp(param_buffer, "--table", 8)) {
+ xtables_error(PARAMETER_PROBLEM,
+ "The -t option (seen in line %u) cannot be "
+ "used in ip6tables-restore.\n", line);
+ exit(1);
+ }
+
+ add_argv(param_buffer);
+ param_len = 0;
+ } else {
+ /* regular character, copy to buffer */
+ param_buffer[param_len++] = *curchar;
+
+ if (param_len >= sizeof(param_buffer))
+ xtables_error(PARAMETER_PROBLEM,
+ "Parameter too long!");
+ }
+ }
+}
+
int ip6tables_restore_main(int argc, char *argv[])
-#else
-int main(int argc, char *argv[])
-#endif
{
- struct ip6tc_handle *handle = NULL;
+ struct xtc_handle *handle = NULL;
char buffer[10240];
int c;
- char curtable[IP6T_TABLE_MAXNAMELEN + 1];
+ char curtable[XT_TABLE_MAXNAMELEN + 1];
FILE *in;
int in_table = 0, testing = 0;
+ const char *tablename = NULL;
+ const struct xtc_ops *ops = &ip6tc_ops;
line = 0;
@@ -139,9 +201,10 @@ int main(int argc, char *argv[])
}
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
+ init_extensions6();
#endif
- while ((c = getopt_long(argc, argv, "bcvthnM:", options, NULL)) != -1) {
+ while ((c = getopt_long(argc, argv, "bcvthnM:T:", options, NULL)) != -1) {
switch (c) {
case 'b':
binary = 1;
@@ -165,11 +228,14 @@ int main(int argc, char *argv[])
case 'M':
xtables_modprobe_program = optarg;
break;
+ case 'T':
+ tablename = optarg;
+ break;
}
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
@@ -196,8 +262,8 @@ int main(int argc, char *argv[])
} else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) {
if (!testing) {
DEBUGP("Calling commit\n");
- ret = ip6tc_commit(handle);
- ip6tc_free(handle);
+ ret = ops->commit(handle);
+ ops->free(handle);
handle = NULL;
} else {
DEBUGP("Not calling commit, testing\n");
@@ -213,26 +279,27 @@ int main(int argc, char *argv[])
if (!table) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n",
- ip6tables_globals.program_name,
- line);
+ xt_params->program_name, line);
exit(1);
}
- strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
- curtable[IP6T_TABLE_MAXNAMELEN] = '\0';
+ strncpy(curtable, table, XT_TABLE_MAXNAMELEN);
+ curtable[XT_TABLE_MAXNAMELEN] = '\0';
+ if (tablename != NULL && strcmp(tablename, table) != 0)
+ continue;
if (handle)
- ip6tc_free(handle);
+ ops->free(handle);
handle = create_handle(table);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
table);
- for_each_chain(flush_entries, verbose, 1,
+ for_each_chain6(flush_entries6, verbose, 1,
handle);
DEBUGP("Deleting all user-defined chains "
"of table '%s'\n", table);
- for_each_chain(delete_chain, verbose, 0,
+ for_each_chain6(delete_chain6, verbose, 0,
handle);
}
@@ -248,8 +315,7 @@ int main(int argc, char *argv[])
if (!chain) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
- ip6tables_globals.program_name,
- line);
+ xt_params->program_name, line);
exit(1);
}
@@ -259,17 +325,17 @@ int main(int argc, char *argv[])
"(%u chars max)",
chain, XT_EXTENSION_MAXNAMELEN - 1);
- if (ip6tc_builtin(chain, handle) <= 0) {
- if (noflush && ip6tc_is_chain(chain, handle)) {
+ if (ops->builtin(chain, handle) <= 0) {
+ if (noflush && ops->is_chain(chain, handle)) {
DEBUGP("Flushing existing user defined chain '%s'\n", chain);
- if (!ip6tc_flush_entries(chain, handle))
+ if (!ops->flush_entries(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error flushing chain "
"'%s':%s\n", chain,
strerror(errno));
} else {
DEBUGP("Creating new chain '%s'\n", chain);
- if (!ip6tc_create_chain(chain, handle))
+ if (!ops->create_chain(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error creating chain "
"'%s':%s\n", chain,
@@ -282,13 +348,12 @@ int main(int argc, char *argv[])
if (!policy) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n",
- ip6tables_globals.program_name,
- line);
+ xt_params->program_name, line);
exit(1);
}
if (strcmp(policy, "-") != 0) {
- struct ip6t_counters count;
+ struct xt_counters count;
if (counters) {
char *ctrs;
@@ -300,20 +365,19 @@ int main(int argc, char *argv[])
"for chain '%s'\n", chain);
} else {
- memset(&count, 0,
- sizeof(struct ip6t_counters));
+ memset(&count, 0, sizeof(count));
}
DEBUGP("Setting policy of chain %s to %s\n",
chain, policy);
- if (!ip6tc_set_policy(chain, policy, &count,
+ if (!ops->set_policy(chain, policy, &count,
handle))
xtables_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
- chain, policy, line,
- ip6tc_strerror(errno));
+ policy, chain, line,
+ ops->strerror(errno));
}
ret = 1;
@@ -325,11 +389,6 @@ int main(int argc, char *argv[])
char *bcnt = NULL;
char *parsestart;
- /* the parser */
- char *curchar;
- int quote_open, escaped;
- size_t param_len;
-
/* reset the newargv */
newargc = 0;
@@ -362,7 +421,7 @@ int main(int argc, char *argv[])
add_argv(argv[0]);
add_argv("-t");
- add_argv((char *) &curtable);
+ add_argv(curtable);
if (counters && pcnt && bcnt) {
add_argv("--set-counters");
@@ -370,69 +429,7 @@ int main(int argc, char *argv[])
add_argv((char *) bcnt);
}
- /* After fighting with strtok enough, here's now
- * a 'real' parser. According to Rusty I'm now no
- * longer a real hacker, but I can live with that */
-
- quote_open = 0;
- escaped = 0;
- param_len = 0;
-
- for (curchar = parsestart; *curchar; curchar++) {
- char param_buffer[1024];
-
- if (quote_open) {
- if (escaped) {
- param_buffer[param_len++] = *curchar;
- escaped = 0;
- continue;
- } else if (*curchar == '\\') {
- escaped = 1;
- continue;
- } else if (*curchar == '"') {
- quote_open = 0;
- *curchar = ' ';
- } else {
- param_buffer[param_len++] = *curchar;
- continue;
- }
- } else {
- if (*curchar == '"') {
- quote_open = 1;
- continue;
- }
- }
-
- if (*curchar == ' '
- || *curchar == '\t'
- || * curchar == '\n') {
- if (!param_len) {
- /* two spaces? */
- continue;
- }
-
- param_buffer[param_len] = '\0';
-
- /* check if table name specified */
- if (!strncmp(param_buffer, "-t", 2)
- || !strncmp(param_buffer, "--table", 8)) {
- xtables_error(PARAMETER_PROBLEM,
- "Line %u seems to have a "
- "-t table option.\n", line);
- exit(1);
- }
-
- add_argv(param_buffer);
- param_len = 0;
- } else {
- /* regular character, copy to buffer */
- param_buffer[param_len++] = *curchar;
-
- if (param_len >= sizeof(param_buffer))
- xtables_error(PARAMETER_PROBLEM,
- "Parameter too long!");
- }
- }
+ add_param_to_argv(parsestart);
DEBUGP("calling do_command6(%u, argv, &%s, handle):\n",
newargc, curtable);
@@ -441,26 +438,25 @@ int main(int argc, char *argv[])
DEBUGP("argv[%u]: %s\n", a, newargv[a]);
ret = do_command6(newargc, newargv,
- &newargv[2], &handle);
+ &newargv[2], &handle, true);
free_argv();
fflush(stdout);
}
+ if (tablename != NULL && strcmp(tablename, curtable) != 0)
+ continue;
if (!ret) {
fprintf(stderr, "%s: line %u failed\n",
- ip6tables_globals.program_name,
- line);
+ xt_params->program_name, line);
exit(1);
}
}
if (in_table) {
fprintf(stderr, "%s: COMMIT expected at line %u\n",
- ip6tables_globals.program_name,
- line + 1);
+ xt_params->program_name, line + 1);
exit(1);
}
- if (in != NULL)
- fclose(in);
+ fclose(in);
return 0;
}
diff --git a/iptables/ip6tables-save.8 b/iptables/ip6tables-save.8
new file mode 100644
index 0000000..182f55c
--- /dev/null
+++ b/iptables/ip6tables-save.8
@@ -0,0 +1 @@
+.so man8/iptables-save.8
diff --git a/ip6tables-save.c b/iptables/ip6tables-save.c
index dc189e9..d819b30 100644
--- a/ip6tables-save.c
+++ b/iptables/ip6tables-save.c
@@ -22,10 +22,9 @@
#include <dlfcn.h>
#endif
-static int show_binary = 0, show_counters = 0;
+static int show_counters = 0;
static const struct option options[] = {
- {.name = "binary", .has_arg = false, .val = 'b'},
{.name = "counters", .has_arg = false, .val = 'c'},
{.name = "dump", .has_arg = false, .val = 'd'},
{.name = "table", .has_arg = true, .val = 't'},
@@ -39,9 +38,9 @@ static int for_each_table(int (*func)(const char *tablename))
{
int ret = 1;
FILE *procfile = NULL;
- char tablename[IP6T_TABLE_MAXNAMELEN+1];
+ char tablename[XT_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip6_tables_names", "r");
+ procfile = fopen("/proc/net/ip6_tables_names", "re");
if (!procfile)
return ret;
@@ -61,7 +60,7 @@ static int for_each_table(int (*func)(const char *tablename))
static int do_output(const char *tablename)
{
- struct ip6tc_handle *h;
+ struct xtc_handle *h;
const char *chain = NULL;
if (!tablename)
@@ -76,52 +75,45 @@ static int do_output(const char *tablename)
xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
ip6tc_strerror(errno));
- if (!show_binary) {
- time_t now = time(NULL);
-
- printf("# Generated by ip6tables-save v%s on %s",
- IPTABLES_VERSION, ctime(&now));
- printf("*%s\n", tablename);
-
- /* Dump out chain names first,
- * thereby preventing dependency conflicts */
- for (chain = ip6tc_first_chain(h);
- chain;
- chain = ip6tc_next_chain(h)) {
-
- printf(":%s ", chain);
- if (ip6tc_builtin(chain, h)) {
- struct ip6t_counters count;
- printf("%s ",
- ip6tc_get_policy(chain, &count, h));
- printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
- } else {
- printf("- [0:0]\n");
- }
+ time_t now = time(NULL);
+
+ printf("# Generated by ip6tables-save v%s on %s",
+ IPTABLES_VERSION, ctime(&now));
+ printf("*%s\n", tablename);
+
+ /* Dump out chain names first,
+ * thereby preventing dependency conflicts */
+ for (chain = ip6tc_first_chain(h);
+ chain;
+ chain = ip6tc_next_chain(h)) {
+
+ printf(":%s ", chain);
+ if (ip6tc_builtin(chain, h)) {
+ struct xt_counters count;
+ printf("%s ",
+ ip6tc_get_policy(chain, &count, h));
+ printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
+ } else {
+ printf("- [0:0]\n");
}
+ }
+ for (chain = ip6tc_first_chain(h);
+ chain;
+ chain = ip6tc_next_chain(h)) {
+ const struct ip6t_entry *e;
- for (chain = ip6tc_first_chain(h);
- chain;
- chain = ip6tc_next_chain(h)) {
- const struct ip6t_entry *e;
-
- /* Dump out rules */
- e = ip6tc_first_rule(chain, h);
- while(e) {
- print_rule(e, h, chain, show_counters);
- e = ip6tc_next_rule(e, h);
- }
+ /* Dump out rules */
+ e = ip6tc_first_rule(chain, h);
+ while(e) {
+ print_rule6(e, h, chain, show_counters);
+ e = ip6tc_next_rule(e, h);
}
-
- now = time(NULL);
- printf("COMMIT\n");
- printf("# Completed on %s", ctime(&now));
- } else {
- /* Binary, huh? OK. */
- xtables_error(OTHER_PROBLEM, "Binary NYI\n");
}
+ now = time(NULL);
+ printf("COMMIT\n");
+ printf("# Completed on %s", ctime(&now));
ip6tc_free(h);
return 1;
@@ -131,11 +123,7 @@ static int do_output(const char *tablename)
* :Chain name POLICY packets bytes
* rule
*/
-#ifdef IPTABLES_MULTI
int ip6tables_save_main(int argc, char *argv[])
-#else
-int main(int argc, char *argv[])
-#endif
{
const char *tablename = NULL;
int c;
@@ -150,14 +138,11 @@ int main(int argc, char *argv[])
}
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
+ init_extensions6();
#endif
while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
switch (c) {
- case 'b':
- show_binary = 1;
- break;
-
case 'c':
show_counters = 1;
break;
diff --git a/ip6tables-standalone.c b/iptables/ip6tables-standalone.c
index 8661bd9..35d2d9a 100644
--- a/ip6tables-standalone.c
+++ b/iptables/ip6tables-standalone.c
@@ -37,17 +37,12 @@
#include <ip6tables.h>
#include "ip6tables-multi.h"
-#ifdef IPTABLES_MULTI
int
ip6tables_main(int argc, char *argv[])
-#else
-int
-main(int argc, char *argv[])
-#endif
{
int ret;
char *table = "filter";
- struct ip6tc_handle *handle = NULL;
+ struct xtc_handle *handle = NULL;
ip6tables_globals.program_name = "ip6tables";
ret = xtables_init_all(&ip6tables_globals, NFPROTO_IPV6);
@@ -60,9 +55,10 @@ main(int argc, char *argv[])
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
+ init_extensions6();
#endif
- ret = do_command6(argc, argv, &table, &handle);
+ ret = do_command6(argc, argv, &table, &handle, false);
if (ret) {
ret = ip6tc_commit(handle);
ip6tc_free(handle);
@@ -77,6 +73,8 @@ main(int argc, char *argv[])
fprintf(stderr, "ip6tables: %s.\n",
ip6tc_strerror(errno));
}
+ if (errno == EAGAIN)
+ exit(RESOURCE_PROBLEM);
}
exit(!ret);
diff --git a/iptables/ip6tables.8 b/iptables/ip6tables.8
new file mode 100644
index 0000000..0dee41a
--- /dev/null
+++ b/iptables/ip6tables.8
@@ -0,0 +1 @@
+.so man8/iptables.8
diff --git a/ip6tables.c b/iptables/ip6tables.c
index 6c5d124..a5199d5 100644
--- a/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -52,21 +52,6 @@
#define FALSE 0
#endif
-#define FMT_NUMERIC 0x0001
-#define FMT_NOCOUNTS 0x0002
-#define FMT_KILOMEGAGIGA 0x0004
-#define FMT_OPTIONS 0x0008
-#define FMT_NOTABLE 0x0010
-#define FMT_NOTARGET 0x0020
-#define FMT_VIA 0x0040
-#define FMT_NONEWLINE 0x0080
-#define FMT_LINENUMBERS 0x0100
-
-#define FMT_PRINT_RULE (FMT_NOCOUNTS | FMT_OPTIONS | FMT_VIA \
- | FMT_NUMERIC | FMT_NOTABLE)
-#define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab))
-
-
#define CMD_NONE 0x0000U
#define CMD_INSERT 0x0001U
#define CMD_DELETE 0x0002U
@@ -82,29 +67,19 @@
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
#define CMD_ZERO_NUM 0x2000U
-#define NUMBER_OF_CMD 15
+#define CMD_CHECK 0x4000U
+#define NUMBER_OF_CMD 16
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'Z', 'N', 'X', 'P', 'E', 'S' };
-
-#define OPT_NONE 0x00000U
-#define OPT_NUMERIC 0x00001U
-#define OPT_SOURCE 0x00002U
-#define OPT_DESTINATION 0x00004U
-#define OPT_PROTOCOL 0x00008U
-#define OPT_JUMP 0x00010U
-#define OPT_VERBOSE 0x00020U
-#define OPT_EXPANDED 0x00040U
-#define OPT_VIANAMEIN 0x00080U
-#define OPT_VIANAMEOUT 0x00100U
-#define OPT_LINENUMBERS 0x00200U
-#define OPT_COUNTERS 0x00400U
-#define NUMBER_OF_OPT 11
-static const char optflags[NUMBER_OF_OPT]
+ 'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
+
+#define NUMBER_OF_OPT ARRAY_SIZE(optflags)
+static const char optflags[]
= { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', '0', 'c'};
static struct option original_opts[] = {
{.name = "append", .has_arg = 1, .val = 'A'},
{.name = "delete", .has_arg = 1, .val = 'D'},
+ {.name = "check" , .has_arg = 1, .val = 'C'},
{.name = "insert", .has_arg = 1, .val = 'I'},
{.name = "replace", .has_arg = 1, .val = 'R'},
{.name = "list", .has_arg = 2, .val = 'L'},
@@ -127,6 +102,7 @@ static struct option original_opts[] = {
{.name = "numeric", .has_arg = 0, .val = 'n'},
{.name = "out-interface", .has_arg = 1, .val = 'o'},
{.name = "verbose", .has_arg = 0, .val = 'v'},
+ {.name = "wait", .has_arg = 0, .val = 'w'},
{.name = "exact", .has_arg = 0, .val = 'x'},
{.name = "version", .has_arg = 0, .val = 'V'},
{.name = "help", .has_arg = 2, .val = 'h'},
@@ -134,20 +110,15 @@ static struct option original_opts[] = {
{.name = "modprobe", .has_arg = 1, .val = 'M'},
{.name = "set-counters", .has_arg = 1, .val = 'c'},
{.name = "goto", .has_arg = 1, .val = 'g'},
+ {.name = "ipv4", .has_arg = 0, .val = '4'},
+ {.name = "ipv6", .has_arg = 0, .val = '6'},
{NULL},
};
-/* we need this for ip6tables-restore. ip6tables-restore.c sets line to the
- * current line of the input file, in order to give a more precise error
- * message. ip6tables itself doesn't need this, so it is initialized to the
- * magic number of -1 */
-int line = -1;
-
void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals ip6tables_globals = {
.option_offset = 0,
.program_version = IPTABLES_VERSION,
- .opts = original_opts,
.orig_opts = original_opts,
.exit_err = ip6tables_exit_error,
};
@@ -161,7 +132,7 @@ struct xtables_globals ip6tables_globals = {
* optional
*/
-static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
+static const char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/* Well, it's better than "Re: Linux vs FreeBSD" */
{
/* -n -s -d -p -j -v -x -i -o --line -c */
@@ -173,20 +144,21 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x'},
/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
-/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' '},
/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
-/*LIST_RULES*/{'x','x','x','x','x',' ','x','x','x','x','x'}
+/*LIST_RULES*/{'x','x','x','x','x',' ','x','x','x','x','x'},
+/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
+/*CHECK*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x','x'},
};
-static int inverse_for_options[NUMBER_OF_OPT] =
+static const unsigned int inverse_for_options[NUMBER_OF_OPT] =
{
/* -n */ 0,
/* -s */ IP6T_INV_SRCIP,
/* -d */ IP6T_INV_DSTIP,
-/* -p */ IP6T_INV_PROTO,
+/* -p */ XT_INV_PROTO,
/* -j */ 0,
/* -v */ 0,
/* -x */ 0,
@@ -202,28 +174,10 @@ static int inverse_for_options[NUMBER_OF_OPT] =
/* A few hardcoded protocols for 'all' and in case the user has no
/etc/protocols */
struct pprot {
- char *name;
- u_int8_t num;
+ const char *name;
+ uint8_t num;
};
-static const char *
-proto_to_name(u_int8_t proto, int nolookup)
-{
- unsigned int i;
-
- if (proto && !nolookup) {
- struct protoent *pent = getprotobynumber(proto);
- if (pent)
- return pent->p_name;
- }
-
- for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
- if (xtables_chain_protos[i].num == proto)
- return xtables_chain_protos[i].name;
-
- return NULL;
-}
-
static void __attribute__((noreturn))
exit_tryhelp(int status)
{
@@ -236,10 +190,10 @@ exit_tryhelp(int status)
}
static void
-exit_printhelp(struct xtables_rule_match *matches)
+exit_printhelp(const struct xtables_rule_match *matches)
{
printf("%s v%s\n\n"
-"Usage: %s -[AD] chain rule-specification [options]\n"
+"Usage: %s -[ACD] chain rule-specification [options]\n"
" %s -I chain [rulenum] rule-specification [options]\n"
" %s -R chain rulenum rule-specification [options]\n"
" %s -D chain rulenum [options]\n"
@@ -257,6 +211,7 @@ exit_printhelp(struct xtables_rule_match *matches)
"Commands:\n"
"Either long or short options are allowed.\n"
" --append -A chain Append to chain\n"
+" --check -C chain Check for the existence of a rule\n"
" --delete -D chain Delete matching rule from chain\n"
" --delete -D chain rulenum\n"
" Delete rule rulenum (1 = first) from chain\n"
@@ -281,7 +236,9 @@ exit_printhelp(struct xtables_rule_match *matches)
" Change chain name, (moving any references)\n"
"Options:\n"
-"[!] --proto -p proto protocol: by number or name, eg. `tcp'\n"
+" --ipv4 -4 Error (line is ignored by ip6tables-restore)\n"
+" --ipv6 -6 Nothing (line is ignored by iptables-restore)\n"
+"[!] --protocol -p proto protocol: by number or name, eg. `tcp'\n"
"[!] --source -s address[/mask][,...]\n"
" source specification\n"
"[!] --destination -d address[/mask][,...]\n"
@@ -301,6 +258,7 @@ exit_printhelp(struct xtables_rule_match *matches)
" network interface name ([+] for wildcard)\n"
" --table -t table table to manipulate (default: `filter')\n"
" --verbose -v verbose mode\n"
+" --wait -w wait for the xtables lock\n"
" --line-numbers print line numbers when listing\n"
" --exact -x expand numbers (display exact values)\n"
/*"[!] --fragment -f match second or further fragments only\n"*/
@@ -407,26 +365,8 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds,
* return global static data.
*/
-/* Christophe Burki wants `-p 6' to imply `-m tcp'. */
-static struct xtables_match *
-find_proto(const char *pname, enum xtables_tryload tryload,
- int nolookup, struct xtables_rule_match **matches)
-{
- unsigned int proto;
-
- if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) {
- const char *protoname = proto_to_name(proto, nolookup);
-
- if (protoname)
- return xtables_find_match(protoname, tryload, matches);
- } else
- return xtables_find_match(pname, tryload, matches);
-
- return NULL;
-}
-
/* These are invalid numbers as upper layer protocol */
-static int is_exthdr(u_int16_t proto)
+static int is_exthdr(uint16_t proto)
{
return (proto == IPPROTO_ROUTING ||
proto == IPPROTO_FRAGMENT ||
@@ -447,6 +387,32 @@ parse_rulenumber(const char *rule)
return rulenum;
}
+static void
+parse_chain(const char *chainname)
+{
+ const char *ptr;
+
+ if (strlen(chainname) >= XT_EXTENSION_MAXNAMELEN)
+ xtables_error(PARAMETER_PROBLEM,
+ "chain name `%s' too long (must be under %u chars)",
+ chainname, XT_EXTENSION_MAXNAMELEN);
+
+ if (*chainname == '-' || *chainname == '!')
+ xtables_error(PARAMETER_PROBLEM,
+ "chain name not allowed to start "
+ "with `%c'\n", *chainname);
+
+ if (xtables_find_target(chainname, XTF_TRY_LOAD))
+ xtables_error(PARAMETER_PROBLEM,
+ "chain name may not clash "
+ "with target name\n");
+
+ for (ptr = chainname; *ptr; ptr++)
+ if (isspace(*ptr))
+ xtables_error(PARAMETER_PROBLEM,
+ "Invalid chain name `%s'", chainname);
+}
+
static const char *
parse_target(const char *targetname)
{
@@ -469,7 +435,7 @@ parse_target(const char *targetname)
}
static void
-set_option(unsigned int *options, unsigned int option, u_int8_t *invflg,
+set_option(unsigned int *options, unsigned int option, uint8_t *invflg,
int invert)
{
if (*options & option)
@@ -489,45 +455,20 @@ set_option(unsigned int *options, unsigned int option, u_int8_t *invflg,
}
}
-static void
-print_num(u_int64_t number, unsigned int format)
-{
- if (format & FMT_KILOMEGAGIGA) {
- if (number > 99999) {
- number = (number + 500) / 1000;
- if (number > 9999) {
- number = (number + 500) / 1000;
- if (number > 9999) {
- number = (number + 500) / 1000;
- if (number > 9999) {
- number = (number + 500) / 1000;
- printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
- }
- else printf(FMT("%4lluG ","%lluG "), (unsigned long long)number);
- }
- else printf(FMT("%4lluM ","%lluM "), (unsigned long long)number);
- } else
- printf(FMT("%4lluK ","%lluK "), (unsigned long long)number);
- } else
- printf(FMT("%5llu ","%llu "), (unsigned long long)number);
- } else
- printf(FMT("%8llu ","%llu "), (unsigned long long)number);
-}
-
static void
-print_header(unsigned int format, const char *chain, struct ip6tc_handle *handle)
+print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
{
- struct ip6t_counters counters;
+ struct xt_counters counters;
const char *pol = ip6tc_get_policy(chain, &counters, handle);
printf("Chain %s", chain);
if (pol) {
printf(" (policy %s", pol);
if (!(format & FMT_NOCOUNTS)) {
fputc(' ', stdout);
- print_num(counters.pcnt, (format|FMT_NOTABLE));
+ xtables_print_num(counters.pcnt, (format|FMT_NOTABLE));
fputs("packets, ", stdout);
- print_num(counters.bcnt, (format|FMT_NOTABLE));
+ xtables_print_num(counters.bcnt, (format|FMT_NOTABLE));
fputs("bytes", stdout);
}
printf(")\n");
@@ -566,11 +507,11 @@ print_header(unsigned int format, const char *chain, struct ip6tc_handle *handle
static int
-print_match(const struct ip6t_entry_match *m,
+print_match(const struct xt_entry_match *m,
const struct ip6t_ip6 *ip,
int numeric)
{
- struct xtables_match *match =
+ const struct xtables_match *match =
xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
@@ -592,34 +533,32 @@ print_firewall(const struct ip6t_entry *fw,
const char *targname,
unsigned int num,
unsigned int format,
- struct ip6tc_handle *const handle)
+ struct xtc_handle *const handle)
{
- struct xtables_target *target = NULL;
- const struct ip6t_entry_target *t;
- u_int8_t flags;
+ const struct xtables_target *target = NULL;
+ const struct xt_entry_target *t;
char buf[BUFSIZ];
if (!ip6tc_is_chain(targname, handle))
target = xtables_find_target(targname, XTF_TRY_LOAD);
else
- target = xtables_find_target(IP6T_STANDARD_TARGET,
+ target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
t = ip6t_get_target((struct ip6t_entry *)fw);
- flags = fw->ipv6.flags;
if (format & FMT_LINENUMBERS)
printf(FMT("%-4u ", "%u "), num);
if (!(format & FMT_NOCOUNTS)) {
- print_num(fw->counters.pcnt, format);
- print_num(fw->counters.bcnt, format);
+ xtables_print_num(fw->counters.pcnt, format);
+ xtables_print_num(fw->counters.bcnt, format);
}
if (!(format & FMT_NOTARGET))
printf(FMT("%-9s ", "%s "), targname);
- fputc(fw->ipv6.invflags & IP6T_INV_PROTO ? '!' : ' ', stdout);
+ fputc(fw->ipv6.invflags & XT_INV_PROTO ? '!' : ' ', stdout);
{
const char *pname = proto_to_name(fw->ipv6.proto, format&FMT_NUMERIC);
if (pname)
@@ -716,16 +655,16 @@ print_firewall(const struct ip6t_entry *fw,
static void
print_firewall_line(const struct ip6t_entry *fw,
- struct ip6tc_handle *const h)
+ struct xtc_handle *const h)
{
- struct ip6t_entry_target *t;
+ struct xt_entry_target *t;
t = ip6t_get_target((struct ip6t_entry *)fw);
print_firewall(fw, t->u.user.name, 0, FMT_PRINT_RULE, h);
}
static int
-append_entry(const ip6t_chainlabel chain,
+append_entry(const xt_chainlabel chain,
struct ip6t_entry *fw,
unsigned int nsaddrs,
const struct in6_addr saddrs[],
@@ -734,7 +673,7 @@ append_entry(const ip6t_chainlabel chain,
const struct in6_addr daddrs[],
const struct in6_addr dmasks[],
int verbose,
- struct ip6tc_handle *handle)
+ struct xtc_handle *handle)
{
unsigned int i, j;
int ret = 1;
@@ -755,13 +694,13 @@ append_entry(const ip6t_chainlabel chain,
}
static int
-replace_entry(const ip6t_chainlabel chain,
+replace_entry(const xt_chainlabel chain,
struct ip6t_entry *fw,
unsigned int rulenum,
const struct in6_addr *saddr, const struct in6_addr *smask,
const struct in6_addr *daddr, const struct in6_addr *dmask,
int verbose,
- struct ip6tc_handle *handle)
+ struct xtc_handle *handle)
{
fw->ipv6.src = *saddr;
fw->ipv6.dst = *daddr;
@@ -774,7 +713,7 @@ replace_entry(const ip6t_chainlabel chain,
}
static int
-insert_entry(const ip6t_chainlabel chain,
+insert_entry(const xt_chainlabel chain,
struct ip6t_entry *fw,
unsigned int rulenum,
unsigned int nsaddrs,
@@ -784,7 +723,7 @@ insert_entry(const ip6t_chainlabel chain,
const struct in6_addr daddrs[],
const struct in6_addr dmasks[],
int verbose,
- struct ip6tc_handle *handle)
+ struct xtc_handle *handle)
{
unsigned int i, j;
int ret = 1;
@@ -805,20 +744,20 @@ insert_entry(const ip6t_chainlabel chain,
}
static unsigned char *
-make_delete_mask(struct xtables_rule_match *matches,
+make_delete_mask(const struct xtables_rule_match *matches,
const struct xtables_target *target)
{
/* Establish mask for comparison */
unsigned int size;
- struct xtables_rule_match *matchp;
+ const struct xtables_rule_match *matchp;
unsigned char *mask, *mptr;
size = sizeof(struct ip6t_entry);
for (matchp = matches; matchp; matchp = matchp->next)
- size += IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + matchp->match->size;
+ size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
mask = xtables_calloc(1, size
- + IP6T_ALIGN(sizeof(struct ip6t_entry_target))
+ + XT_ALIGN(sizeof(struct xt_entry_target))
+ target->size);
memset(mask, 0xFF, sizeof(struct ip6t_entry));
@@ -826,20 +765,20 @@ make_delete_mask(struct xtables_rule_match *matches,
for (matchp = matches; matchp; matchp = matchp->next) {
memset(mptr, 0xFF,
- IP6T_ALIGN(sizeof(struct ip6t_entry_match))
+ XT_ALIGN(sizeof(struct xt_entry_match))
+ matchp->match->userspacesize);
- mptr += IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + matchp->match->size;
+ mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
}
memset(mptr, 0xFF,
- IP6T_ALIGN(sizeof(struct ip6t_entry_target))
+ XT_ALIGN(sizeof(struct xt_entry_target))
+ target->userspacesize);
return mask;
}
static int
-delete_entry(const ip6t_chainlabel chain,
+delete_entry(const xt_chainlabel chain,
struct ip6t_entry *fw,
unsigned int nsaddrs,
const struct in6_addr saddrs[],
@@ -848,7 +787,7 @@ delete_entry(const ip6t_chainlabel chain,
const struct in6_addr daddrs[],
const struct in6_addr dmasks[],
int verbose,
- struct ip6tc_handle *handle,
+ struct xtc_handle *handle,
struct xtables_rule_match *matches,
const struct xtables_target *target)
{
@@ -873,9 +812,39 @@ delete_entry(const ip6t_chainlabel chain,
return ret;
}
+static int
+check_entry(const xt_chainlabel chain, struct ip6t_entry *fw,
+ unsigned int nsaddrs, const struct in6_addr *saddrs,
+ const struct in6_addr *smasks, unsigned int ndaddrs,
+ const struct in6_addr *daddrs, const struct in6_addr *dmasks,
+ bool verbose, struct xtc_handle *handle,
+ struct xtables_rule_match *matches,
+ const struct xtables_target *target)
+{
+ unsigned int i, j;
+ int ret = 1;
+ unsigned char *mask;
+
+ mask = make_delete_mask(matches, target);
+ for (i = 0; i < nsaddrs; i++) {
+ fw->ipv6.src = saddrs[i];
+ fw->ipv6.smsk = smasks[i];
+ for (j = 0; j < ndaddrs; j++) {
+ fw->ipv6.dst = daddrs[j];
+ fw->ipv6.dmsk = dmasks[j];
+ if (verbose)
+ print_firewall_line(fw, handle);
+ ret &= ip6tc_check_entry(chain, fw, mask, handle);
+ }
+ }
+
+ free(mask);
+ return ret;
+}
+
int
-for_each_chain(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *),
- int verbose, int builtinstoo, struct ip6tc_handle *handle)
+for_each_chain6(int (*fn)(const xt_chainlabel, int, struct xtc_handle *),
+ int verbose, int builtinstoo, struct xtc_handle *handle)
{
int ret = 1;
const char *chain;
@@ -888,21 +857,21 @@ for_each_chain(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *),
chain = ip6tc_next_chain(handle);
}
- chains = xtables_malloc(sizeof(ip6t_chainlabel) * chaincount);
+ chains = xtables_malloc(sizeof(xt_chainlabel) * chaincount);
i = 0;
chain = ip6tc_first_chain(handle);
while (chain) {
- strcpy(chains + i*sizeof(ip6t_chainlabel), chain);
+ strcpy(chains + i*sizeof(xt_chainlabel), chain);
i++;
chain = ip6tc_next_chain(handle);
}
for (i = 0; i < chaincount; i++) {
if (!builtinstoo
- && ip6tc_builtin(chains + i*sizeof(ip6t_chainlabel),
+ && ip6tc_builtin(chains + i*sizeof(xt_chainlabel),
handle) == 1)
continue;
- ret &= fn(chains + i*sizeof(ip6t_chainlabel), verbose, handle);
+ ret &= fn(chains + i*sizeof(xt_chainlabel), verbose, handle);
}
free(chains);
@@ -910,11 +879,11 @@ for_each_chain(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *),
}
int
-flush_entries(const ip6t_chainlabel chain, int verbose,
- struct ip6tc_handle *handle)
+flush_entries6(const xt_chainlabel chain, int verbose,
+ struct xtc_handle *handle)
{
if (!chain)
- return for_each_chain(flush_entries, verbose, 1, handle);
+ return for_each_chain6(flush_entries6, verbose, 1, handle);
if (verbose)
fprintf(stdout, "Flushing chain `%s'\n", chain);
@@ -922,11 +891,11 @@ flush_entries(const ip6t_chainlabel chain, int verbose,
}
static int
-zero_entries(const ip6t_chainlabel chain, int verbose,
- struct ip6tc_handle *handle)
+zero_entries(const xt_chainlabel chain, int verbose,
+ struct xtc_handle *handle)
{
if (!chain)
- return for_each_chain(zero_entries, verbose, 1, handle);
+ return for_each_chain6(zero_entries, verbose, 1, handle);
if (verbose)
fprintf(stdout, "Zeroing chain `%s'\n", chain);
@@ -934,11 +903,11 @@ zero_entries(const ip6t_chainlabel chain, int verbose,
}
int
-delete_chain(const ip6t_chainlabel chain, int verbose,
- struct ip6tc_handle *handle)
+delete_chain6(const xt_chainlabel chain, int verbose,
+ struct xtc_handle *handle)
{
if (!chain)
- return for_each_chain(delete_chain, verbose, 0, handle);
+ return for_each_chain6(delete_chain6, verbose, 0, handle);
if (verbose)
fprintf(stdout, "Deleting chain `%s'\n", chain);
@@ -946,8 +915,8 @@ delete_chain(const ip6t_chainlabel chain, int verbose,
}
static int
-list_entries(const ip6t_chainlabel chain, int rulenum, int verbose, int numeric,
- int expanded, int linenumbers, struct ip6tc_handle *handle)
+list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
+ int expanded, int linenumbers, struct xtc_handle *handle)
{
int found = 0;
unsigned int format;
@@ -1011,7 +980,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
if (mask[0] == 0)
return;
- printf("%s-%c ", invert ? "! " : "", letter);
+ printf("%s -%c ", invert ? " !" : "", letter);
for (i = 0; i < IFNAMSIZ; i++) {
if (mask[i] != 0) {
@@ -1025,43 +994,42 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
break;
}
}
-
- printf(" ");
}
/* The ip6tables looks up the /etc/protocols. */
-static void print_proto(u_int16_t proto, int invert)
+static void print_proto(uint16_t proto, int invert)
{
if (proto) {
unsigned int i;
- const char *invertstr = invert ? "! " : "";
+ const char *invertstr = invert ? " !" : "";
- struct protoent *pent = getprotobynumber(proto);
+ const struct protoent *pent = getprotobynumber(proto);
if (pent) {
- printf("%s-p %s ",
+ printf("%s -p %s",
invertstr, pent->p_name);
return;
}
for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
if (xtables_chain_protos[i].num == proto) {
- printf("%s-p %s ",
+ printf("%s -p %s",
invertstr, xtables_chain_protos[i].name);
return;
}
- printf("%s-p %u ", invertstr, proto);
+ printf("%s -p %u", invertstr, proto);
}
}
-static int print_match_save(const struct ip6t_entry_match *e,
+static int print_match_save(const struct xt_entry_match *e,
const struct ip6t_ip6 *ip)
{
- struct xtables_match *match =
+ const struct xtables_match *match =
xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
- printf("-m %s ", e->u.user.name);
+ printf(" -m %s",
+ match->alias ? match->alias(e) : e->u.user.name);
/* some matches don't provide a save function */
if (match->save)
@@ -1078,31 +1046,32 @@ static int print_match_save(const struct ip6t_entry_match *e,
}
/* print a given ip including mask if neccessary */
-static void print_ip(char *prefix, const struct in6_addr *ip, const struct in6_addr *mask, int invert)
+static void print_ip(const char *prefix, const struct in6_addr *ip,
+ const struct in6_addr *mask, int invert)
{
char buf[51];
- int l = ipv6_prefix_length(mask);
+ int l = xtables_ip6mask_to_cidr(mask);
if (l == 0 && !invert)
return;
- printf("%s%s %s",
- invert ? "! " : "",
+ printf("%s %s %s",
+ invert ? " !" : "",
prefix,
inet_ntop(AF_INET6, ip, buf, sizeof buf));
if (l == -1)
- printf("/%s ", inet_ntop(AF_INET6, mask, buf, sizeof buf));
+ printf("/%s", inet_ntop(AF_INET6, mask, buf, sizeof buf));
else
- printf("/%d ", l);
+ printf("/%d", l);
}
/* We want this to be readable, so only print out neccessary fields.
* Because that's the kind of world I want to live in. */
-void print_rule(const struct ip6t_entry *e,
- struct ip6tc_handle *h, const char *chain, int counters)
+void print_rule6(const struct ip6t_entry *e,
+ struct xtc_handle *h, const char *chain, int counters)
{
- struct ip6t_entry_target *t;
+ const struct xt_entry_target *t;
const char *target_name;
/* print counters for iptables-save */
@@ -1110,7 +1079,7 @@ void print_rule(const struct ip6t_entry *e,
printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
/* print chain name */
- printf("-A %s ", chain);
+ printf("-A %s", chain);
/* Print IP part. */
print_ip("-s", &(e->ipv6.src), &(e->ipv6.smsk),
@@ -1125,19 +1094,19 @@ void print_rule(const struct ip6t_entry *e,
print_iface('o', e->ipv6.outiface, e->ipv6.outiface_mask,
e->ipv6.invflags & IP6T_INV_VIA_OUT);
- print_proto(e->ipv6.proto, e->ipv6.invflags & IP6T_INV_PROTO);
+ print_proto(e->ipv6.proto, e->ipv6.invflags & XT_INV_PROTO);
#if 0
/* not definied in ipv6
* FIXME: linux/netfilter_ipv6/ip6_tables: IP6T_INV_FRAG why definied? */
if (e->ipv6.flags & IPT_F_FRAG)
- printf("%s-f ",
- e->ipv6.invflags & IP6T_INV_FRAG ? "! " : "");
+ printf("%s -f",
+ e->ipv6.invflags & IP6T_INV_FRAG ? " !" : "");
#endif
if (e->ipv6.flags & IP6T_F_TOS)
- printf("%s-? %d ",
- e->ipv6.invflags & IP6T_INV_TOS ? "! " : "",
+ printf("%s -? %d",
+ e->ipv6.invflags & IP6T_INV_TOS ? " !" : "",
e->ipv6.tos);
/* Print matchinfo part */
@@ -1147,18 +1116,10 @@ void print_rule(const struct ip6t_entry *e,
/* print counters for iptables -R */
if (counters < 0)
- printf("-c %llu %llu ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
+ printf(" -c %llu %llu", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
- /* Print target name */
+ /* Print target name and targinfo part */
target_name = ip6tc_get_target(e, h);
- if (target_name && (*target_name != '\0'))
-#ifdef IP6T_F_GOTO
- printf("-%c %s ", e->ipv6.flags & IP6T_F_GOTO ? 'g' : 'j', target_name);
-#else
- printf("-j %s ", target_name);
-#endif
-
- /* Print targinfo part */
t = ip6t_get_target((struct ip6t_entry *)e);
if (t->u.user.name[0]) {
struct xtables_target *target =
@@ -1170,27 +1131,34 @@ void print_rule(const struct ip6t_entry *e,
exit(1);
}
+ printf(" -j %s", target->alias ? target->alias(t) : target_name);
if (target->save)
target->save(&e->ipv6, t);
else {
- /* If the target size is greater than ip6t_entry_target
+ /* If the target size is greater than xt_entry_target
* there is something to be saved, we just don't know
* how to print it */
if (t->u.target_size !=
- sizeof(struct ip6t_entry_target)) {
+ sizeof(struct xt_entry_target)) {
fprintf(stderr, "Target `%s' is missing "
"save function\n",
t->u.user.name);
exit(1);
}
}
- }
+ } else if (target_name && (*target_name != '\0'))
+#ifdef IP6T_F_GOTO
+ printf(" -%c %s", e->ipv6.flags & IP6T_F_GOTO ? 'g' : 'j', target_name);
+#else
+ printf(" -j %s", target_name);
+#endif
+
printf("\n");
}
static int
-list_rules(const ip6t_chainlabel chain, int rulenum, int counters,
- struct ip6tc_handle *handle)
+list_rules(const xt_chainlabel chain, int rulenum, int counters,
+ struct xtc_handle *handle)
{
const char *this = NULL;
int found = 0;
@@ -1207,7 +1175,7 @@ list_rules(const ip6t_chainlabel chain, int rulenum, int counters,
continue;
if (ip6tc_builtin(this, handle)) {
- struct ip6t_counters count;
+ struct xt_counters count;
printf("-P %s %s", this, ip6tc_get_policy(this, &count, handle));
if (counters)
printf(" -c %llu %llu", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
@@ -1231,7 +1199,7 @@ list_rules(const ip6t_chainlabel chain, int rulenum, int counters,
while(e) {
num++;
if (!rulenum || num == rulenum)
- print_rule(e, handle, this, counters);
+ print_rule6(e, handle, this, counters);
e = ip6tc_next_rule(e, handle);
}
found = 1;
@@ -1244,7 +1212,7 @@ list_rules(const ip6t_chainlabel chain, int rulenum, int counters,
static struct ip6t_entry *
generate_entry(const struct ip6t_entry *fw,
struct xtables_rule_match *matches,
- struct ip6t_entry_target *target)
+ struct xt_entry_target *target)
{
unsigned int size;
struct xtables_rule_match *matchp;
@@ -1269,59 +1237,112 @@ generate_entry(const struct ip6t_entry *fw,
return e;
}
-static void clear_rule_matches(struct xtables_rule_match **matches)
+static void command_jump(struct iptables_command_state *cs)
{
- struct xtables_rule_match *matchp, *tmp;
+ size_t size;
- for (matchp = *matches; matchp;) {
- tmp = matchp->next;
- if (matchp->match->m) {
- free(matchp->match->m);
- matchp->match->m = NULL;
- }
- if (matchp->match == matchp->match->next) {
- free(matchp->match);
- matchp->match = NULL;
- }
- free(matchp);
- matchp = tmp;
+ set_option(&cs->options, OPT_JUMP, &cs->fw6.ipv6.invflags, cs->invert);
+ cs->jumpto = parse_target(optarg);
+ /* TRY_LOAD (may be chain name) */
+ cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD);
+
+ if (cs->target == NULL)
+ return;
+
+ size = XT_ALIGN(sizeof(struct xt_entry_target)) + cs->target->size;
+
+ cs->target->t = xtables_calloc(1, size);
+ cs->target->t->u.target_size = size;
+ if (cs->target->real_name == NULL) {
+ strcpy(cs->target->t->u.user.name, cs->jumpto);
+ } else {
+ strcpy(cs->target->t->u.user.name, cs->target->real_name);
+ if (!(cs->target->ext_flags & XTABLES_EXT_ALIAS))
+ fprintf(stderr, "Notice: The %s target is converted into %s target "
+ "in rule listing and saving.\n",
+ cs->jumpto, cs->target->real_name);
}
+ cs->target->t->u.user.revision = cs->target->revision;
- *matches = NULL;
+ xs_init_target(cs->target);
+ if (cs->target->x6_options != NULL)
+ opts = xtables_options_xfrm(ip6tables_globals.orig_opts, opts,
+ cs->target->x6_options,
+ &cs->target->option_offset);
+ else
+ opts = xtables_merge_options(ip6tables_globals.orig_opts, opts,
+ cs->target->extra_opts,
+ &cs->target->option_offset);
+ if (opts == NULL)
+ xtables_error(OTHER_PROBLEM, "can't alloc memory!");
}
-int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **handle)
+static void command_match(struct iptables_command_state *cs)
{
- struct ip6t_entry fw, *e = NULL;
- int invert = 0;
+ struct xtables_match *m;
+ size_t size;
+
+ if (cs->invert)
+ xtables_error(PARAMETER_PROBLEM,
+ "unexpected ! flag before --match");
+
+ m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, &cs->matches);
+ size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
+ m->m = xtables_calloc(1, size);
+ m->m->u.match_size = size;
+ if (m->real_name == NULL) {
+ strcpy(m->m->u.user.name, m->name);
+ } else {
+ strcpy(m->m->u.user.name, m->real_name);
+ if (!(m->ext_flags & XTABLES_EXT_ALIAS))
+ fprintf(stderr, "Notice: The %s match is converted into %s match "
+ "in rule listing and saving.\n", m->name, m->real_name);
+ }
+ m->m->u.user.revision = m->revision;
+
+ xs_init_match(m);
+ if (m == m->next)
+ return;
+ /* Merge options for non-cloned matches */
+ if (m->x6_options != NULL)
+ opts = xtables_options_xfrm(ip6tables_globals.orig_opts, opts,
+ m->x6_options, &m->option_offset);
+ else if (m->extra_opts != NULL)
+ opts = xtables_merge_options(ip6tables_globals.orig_opts, opts,
+ m->extra_opts, &m->option_offset);
+}
+
+int do_command6(int argc, char *argv[], char **table,
+ struct xtc_handle **handle, bool restore)
+{
+ struct iptables_command_state cs;
+ struct ip6t_entry *e = NULL;
unsigned int nsaddrs = 0, ndaddrs = 0;
struct in6_addr *saddrs = NULL, *daddrs = NULL;
struct in6_addr *smasks = NULL, *dmasks = NULL;
- int c, verbose = 0;
+ int verbose = 0;
+ bool wait = false;
const char *chain = NULL;
const char *shostnetworkmask = NULL, *dhostnetworkmask = NULL;
const char *policy = NULL, *newname = NULL;
- unsigned int rulenum = 0, options = 0, command = 0;
+ unsigned int rulenum = 0, command = 0;
const char *pcnt = NULL, *bcnt = NULL;
int ret = 1;
struct xtables_match *m;
- struct xtables_rule_match *matches = NULL;
struct xtables_rule_match *matchp;
- struct xtables_target *target = NULL;
struct xtables_target *t;
- const char *jumpto = "";
- char *protocol = NULL;
- int proto_used = 0;
unsigned long long cnt;
- memset(&fw, 0, sizeof(fw));
+ memset(&cs, 0, sizeof(cs));
+ cs.jumpto = "";
+ cs.argv = argv;
- /* re-set optind to 0 in case do_command gets called
+ /* re-set optind to 0 in case do_command6 gets called
* a second time */
optind = 0;
- /* clear mflags in case do_command gets called a second time
+ /* clear mflags in case do_command6 gets called a second time
* (we clear the global list of all matches for security)*/
for (m = xtables_matches; m; m = m->next)
m->mflags = 0;
@@ -1335,22 +1356,29 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
demand-load a protocol. */
opterr = 0;
- while ((c = getopt_long(argc, argv,
- "-A:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:g:",
+ opts = xt_params->orig_opts;
+ while ((cs.c = getopt_long(argc, argv,
+ "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvwnt:m:xc:g:46",
opts, NULL)) != -1) {
- switch (c) {
+ switch (cs.c) {
/*
* Command selection
*/
case 'A':
add_command(&command, CMD_APPEND, CMD_NONE,
- invert);
+ cs.invert);
+ chain = optarg;
+ break;
+
+ case 'C':
+ add_command(&command, CMD_CHECK, CMD_NONE,
+ cs.invert);
chain = optarg;
break;
case 'D':
add_command(&command, CMD_DELETE, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!') {
@@ -1361,7 +1389,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case 'R':
add_command(&command, CMD_REPLACE, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1374,7 +1402,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case 'I':
add_command(&command, CMD_INSERT, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1384,7 +1412,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case 'L':
add_command(&command, CMD_LIST,
- CMD_ZERO | CMD_ZERO_NUM, invert);
+ CMD_ZERO | CMD_ZERO_NUM, cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1396,7 +1424,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case 'S':
add_command(&command, CMD_LIST_RULES,
- CMD_ZERO | CMD_ZERO_NUM, invert);
+ CMD_ZERO | CMD_ZERO_NUM, cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1408,7 +1436,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case 'F':
add_command(&command, CMD_FLUSH, CMD_NONE,
- invert);
+ cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1417,7 +1445,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case 'Z':
add_command(&command, CMD_ZERO, CMD_LIST|CMD_LIST_RULES,
- invert);
+ cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1430,22 +1458,15 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
break;
case 'N':
- if (optarg && (*optarg == '-' || *optarg == '!'))
- xtables_error(PARAMETER_PROBLEM,
- "chain name not allowed to start "
- "with `%c'\n", *optarg);
- if (xtables_find_target(optarg, XTF_TRY_LOAD))
- xtables_error(PARAMETER_PROBLEM,
- "chain name may not clash "
- "with target name\n");
+ parse_chain(optarg);
add_command(&command, CMD_NEW_CHAIN, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
break;
case 'X':
add_command(&command, CMD_DELETE_CHAIN, CMD_NONE,
- invert);
+ cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1454,7 +1475,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case 'E':
add_command(&command, CMD_RENAME_CHAIN, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1468,7 +1489,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case 'P':
add_command(&command, CMD_SET_POLICY, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1484,160 +1505,129 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
optarg = argv[optind];
/* ip6tables -p icmp -h */
- if (!matches && protocol)
- xtables_find_match(protocol, XTF_TRY_LOAD,
- &matches);
+ if (!cs.matches && cs.protocol)
+ xtables_find_match(cs.protocol, XTF_TRY_LOAD,
+ &cs.matches);
- exit_printhelp(matches);
+ exit_printhelp(cs.matches);
/*
* Option selection
*/
case 'p':
- xtables_check_inverse(optarg, &invert, &optind, argc, argv);
- set_option(&options, OPT_PROTOCOL, &fw.ipv6.invflags,
- invert);
+ set_option(&cs.options, OPT_PROTOCOL, &cs.fw6.ipv6.invflags,
+ cs.invert);
/* Canonicalize into lower case */
- for (protocol = optarg; *protocol; protocol++)
- *protocol = tolower(*protocol);
+ for (cs.protocol = optarg; *cs.protocol; cs.protocol++)
+ *cs.protocol = tolower(*cs.protocol);
- protocol = optarg;
- fw.ipv6.proto = xtables_parse_protocol(protocol);
- fw.ipv6.flags |= IP6T_F_PROTO;
+ cs.protocol = optarg;
+ cs.fw6.ipv6.proto = xtables_parse_protocol(cs.protocol);
+ cs.fw6.ipv6.flags |= IP6T_F_PROTO;
- if (fw.ipv6.proto == 0
- && (fw.ipv6.invflags & IP6T_INV_PROTO))
+ if (cs.fw6.ipv6.proto == 0
+ && (cs.fw6.ipv6.invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
- if (is_exthdr(fw.ipv6.proto)
- && (fw.ipv6.invflags & IP6T_INV_PROTO) == 0)
+ if (is_exthdr(cs.fw6.ipv6.proto)
+ && (cs.fw6.ipv6.invflags & XT_INV_PROTO) == 0)
fprintf(stderr,
"Warning: never matched protocol: %s. "
"use extension match instead.\n",
- protocol);
+ cs.protocol);
break;
case 's':
- xtables_check_inverse(optarg, &invert, &optind, argc, argv);
- set_option(&options, OPT_SOURCE, &fw.ipv6.invflags,
- invert);
+ set_option(&cs.options, OPT_SOURCE, &cs.fw6.ipv6.invflags,
+ cs.invert);
shostnetworkmask = optarg;
break;
case 'd':
- xtables_check_inverse(optarg, &invert, &optind, argc, argv);
- set_option(&options, OPT_DESTINATION, &fw.ipv6.invflags,
- invert);
+ set_option(&cs.options, OPT_DESTINATION, &cs.fw6.ipv6.invflags,
+ cs.invert);
dhostnetworkmask = optarg;
break;
#ifdef IP6T_F_GOTO
case 'g':
- set_option(&options, OPT_JUMP, &fw.ipv6.invflags,
- invert);
- fw.ipv6.flags |= IP6T_F_GOTO;
- jumpto = parse_target(optarg);
+ set_option(&cs.options, OPT_JUMP, &cs.fw6.ipv6.invflags,
+ cs.invert);
+ cs.fw6.ipv6.flags |= IP6T_F_GOTO;
+ cs.jumpto = parse_target(optarg);
break;
#endif
case 'j':
- set_option(&options, OPT_JUMP, &fw.ipv6.invflags,
- invert);
- jumpto = parse_target(optarg);
- /* TRY_LOAD (may be chain name) */
- target = xtables_find_target(jumpto, XTF_TRY_LOAD);
-
- if (target) {
- size_t size;
-
- size = IP6T_ALIGN(sizeof(struct ip6t_entry_target))
- + target->size;
-
- target->t = xtables_calloc(1, size);
- target->t->u.target_size = size;
- strcpy(target->t->u.user.name, jumpto);
- target->t->u.user.revision = target->revision;
- if (target->init != NULL)
- target->init(target->t);
- opts = xtables_merge_options(opts,
- target->extra_opts,
- &target->option_offset);
- if (opts == NULL)
- xtables_error(OTHER_PROBLEM,
- "can't alloc memory!");
- }
+ command_jump(&cs);
break;
case 'i':
- xtables_check_inverse(optarg, &invert, &optind, argc, argv);
- set_option(&options, OPT_VIANAMEIN, &fw.ipv6.invflags,
- invert);
+ if (*optarg == '\0')
+ xtables_error(PARAMETER_PROBLEM,
+ "Empty interface is likely to be "
+ "undesired");
+ set_option(&cs.options, OPT_VIANAMEIN, &cs.fw6.ipv6.invflags,
+ cs.invert);
xtables_parse_interface(optarg,
- fw.ipv6.iniface,
- fw.ipv6.iniface_mask);
+ cs.fw6.ipv6.iniface,
+ cs.fw6.ipv6.iniface_mask);
break;
case 'o':
- xtables_check_inverse(optarg, &invert, &optind, argc, argv);
- set_option(&options, OPT_VIANAMEOUT, &fw.ipv6.invflags,
- invert);
+ if (*optarg == '\0')
+ xtables_error(PARAMETER_PROBLEM,
+ "Empty interface is likely to be "
+ "undesired");
+ set_option(&cs.options, OPT_VIANAMEOUT, &cs.fw6.ipv6.invflags,
+ cs.invert);
xtables_parse_interface(optarg,
- fw.ipv6.outiface,
- fw.ipv6.outiface_mask);
+ cs.fw6.ipv6.outiface,
+ cs.fw6.ipv6.outiface_mask);
break;
case 'v':
if (!verbose)
- set_option(&options, OPT_VERBOSE,
- &fw.ipv6.invflags, invert);
+ set_option(&cs.options, OPT_VERBOSE,
+ &cs.fw6.ipv6.invflags, cs.invert);
verbose++;
break;
- case 'm': {
- size_t size;
-
- if (invert)
+ case 'w':
+ if (restore) {
xtables_error(PARAMETER_PROBLEM,
- "unexpected ! flag before --match");
-
- m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED,
- &matches);
- size = IP6T_ALIGN(sizeof(struct ip6t_entry_match))
- + m->size;
- m->m = xtables_calloc(1, size);
- m->m->u.match_size = size;
- strcpy(m->m->u.user.name, m->name);
- m->m->u.user.revision = m->revision;
- if (m->init != NULL)
- m->init(m->m);
- if (m != m->next)
- /* Merge options for non-cloned matches */
- opts = xtables_merge_options(opts, m->extra_opts, &m->option_offset);
- }
- break;
+ "You cannot use `-w' from "
+ "ip6tables-restore");
+ }
+ wait = true;
+ break;
+
+ case 'm':
+ command_match(&cs);
+ break;
case 'n':
- set_option(&options, OPT_NUMERIC, &fw.ipv6.invflags,
- invert);
+ set_option(&cs.options, OPT_NUMERIC, &cs.fw6.ipv6.invflags,
+ cs.invert);
break;
case 't':
- if (invert)
+ if (cs.invert)
xtables_error(PARAMETER_PROBLEM,
"unexpected ! flag before --table");
*table = optarg;
break;
case 'x':
- set_option(&options, OPT_EXPANDED, &fw.ipv6.invflags,
- invert);
+ set_option(&cs.options, OPT_EXPANDED, &cs.fw6.ipv6.invflags,
+ cs.invert);
break;
case 'V':
- if (invert)
+ if (cs.invert)
printf("Not %s ;-)\n", prog_vers);
else
printf("%s v%s\n",
@@ -1645,8 +1635,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
exit(0);
case '0':
- set_option(&options, OPT_LINENUMBERS, &fw.ipv6.invflags,
- invert);
+ set_option(&cs.options, OPT_LINENUMBERS, &cs.fw6.ipv6.invflags,
+ cs.invert);
break;
case 'M':
@@ -1655,8 +1645,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case 'c':
- set_option(&options, OPT_COUNTERS, &fw.ipv6.invflags,
- invert);
+ set_option(&cs.options, OPT_COUNTERS, &cs.fw6.ipv6.invflags,
+ cs.invert);
pcnt = optarg;
bcnt = strchr(pcnt + 1, ',');
if (bcnt)
@@ -1673,22 +1663,33 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
xtables_error(PARAMETER_PROBLEM,
"-%c packet counter not numeric",
opt2char(OPT_COUNTERS));
- fw.counters.pcnt = cnt;
+ cs.fw6.counters.pcnt = cnt;
if (sscanf(bcnt, "%llu", &cnt) != 1)
xtables_error(PARAMETER_PROBLEM,
"-%c byte counter not numeric",
opt2char(OPT_COUNTERS));
- fw.counters.bcnt = cnt;
+ cs.fw6.counters.bcnt = cnt;
+ break;
+
+ case '4':
+ /* This is not the IPv4 iptables */
+ if (line != -1)
+ return 1; /* success: line ignored */
+ fprintf(stderr, "This is the IPv6 version of ip6tables.\n");
+ exit_tryhelp(2);
+
+ case '6':
+ /* This is indeed the IPv6 ip6tables */
break;
case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') {
- if (invert)
+ if (cs.invert)
xtables_error(PARAMETER_PROBLEM,
"multiple consecutive ! not"
" allowed");
- invert = TRUE;
+ cs.invert = TRUE;
optarg[0] = '\0';
continue;
}
@@ -1696,110 +1697,22 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
exit_tryhelp(2);
default:
- if (target == NULL || target->parse == NULL ||
- !target->parse(c - target->option_offset,
- argv, invert,
- &target->tflags,
- &fw, &target->t)) {
- for (matchp = matches; matchp; matchp = matchp->next) {
- if (matchp->completed ||
- matchp->match->parse == NULL)
- continue;
- if (matchp->match->parse(c - matchp->match->option_offset,
- argv, invert,
- &matchp->match->mflags,
- &fw,
- &matchp->match->m))
- break;
- }
- m = matchp ? matchp->match : NULL;
-
- /* If you listen carefully, you can
- actually hear this code suck. */
-
- /* some explanations (after four different bugs
- * in 3 different releases): If we encounter a
- * parameter, that has not been parsed yet,
- * it's not an option of an explicitly loaded
- * match or a target. However, we support
- * implicit loading of the protocol match
- * extension. '-p tcp' means 'l4 proto 6' and
- * at the same time 'load tcp protocol match on
- * demand if we specify --dport'.
- *
- * To make this work, we need to make sure:
- * - the parameter has not been parsed by
- * a match (m above)
- * - a protocol has been specified
- * - the protocol extension has not been
- * loaded yet, or is loaded and unused
- * [think of ip6tables-restore!]
- * - the protocol extension can be successively
- * loaded
+ if (command_default(&cs, &ip6tables_globals) == 1)
+ /*
+ * If new options were loaded, we must retry
+ * getopt immediately and not allow
+ * cs.invert=FALSE to be executed.
*/
- if (m == NULL
- && protocol
- && (!find_proto(protocol, XTF_DONT_LOAD,
- options&OPT_NUMERIC, NULL)
- || (find_proto(protocol, XTF_DONT_LOAD,
- options&OPT_NUMERIC, NULL)
- && (proto_used == 0))
- )
- && (m = find_proto(protocol, XTF_TRY_LOAD,
- options&OPT_NUMERIC, &matches))) {
- /* Try loading protocol */
- size_t size;
-
- proto_used = 1;
-
- size = IP6T_ALIGN(sizeof(struct ip6t_entry_match))
- + m->size;
-
- m->m = xtables_calloc(1, size);
- m->m->u.match_size = size;
- strcpy(m->m->u.user.name, m->name);
- m->m->u.user.revision = m->revision;
- if (m->init != NULL)
- m->init(m->m);
-
- opts = xtables_merge_options(opts,
- m->extra_opts, &m->option_offset);
-
- optind--;
- continue;
- }
-
- if (!m) {
- if (c == '?') {
- if (optopt) {
- xtables_error(
- PARAMETER_PROBLEM,
- "option `%s' "
- "requires an "
- "argument",
- argv[optind-1]);
- } else {
- xtables_error(
- PARAMETER_PROBLEM,
- "unknown option "
- "`%s'",
- argv[optind-1]);
- }
- }
- xtables_error(PARAMETER_PROBLEM,
- "Unknown arg `%s'", optarg);
- }
- }
+ continue;
+ break;
}
- invert = FALSE;
+ cs.invert = FALSE;
}
- for (matchp = matches; matchp; matchp = matchp->next)
- if (matchp->match->final_check != NULL)
- matchp->match->final_check(matchp->match->mflags);
-
- if (target != NULL && target->final_check != NULL)
- target->final_check(target->tflags);
+ for (matchp = cs.matches; matchp; matchp = matchp->next)
+ xtables_option_mfcall(matchp->match);
+ if (cs.target != NULL)
+ xtables_option_tfcall(cs.target);
/* Fix me: must put inverse options checking here --MN */
@@ -1808,14 +1721,14 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
"unknown arguments found on commandline");
if (!command)
xtables_error(PARAMETER_PROBLEM, "no command specified");
- if (invert)
+ if (cs.invert)
xtables_error(PARAMETER_PROBLEM,
"nothing appropriate following !");
- if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND)) {
- if (!(options & OPT_DESTINATION))
+ if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND | CMD_CHECK)) {
+ if (!(cs.options & OPT_DESTINATION))
dhostnetworkmask = "::0/0";
- if (!(options & OPT_SOURCE))
+ if (!(cs.options & OPT_SOURCE))
shostnetworkmask = "::0/0";
}
@@ -1828,7 +1741,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
&dmasks, &ndaddrs);
if ((nsaddrs > 1 || ndaddrs > 1) &&
- (fw.ipv6.invflags & (IP6T_INV_SRCIP | IP6T_INV_DSTIP)))
+ (cs.fw6.ipv6.invflags & (IP6T_INV_SRCIP | IP6T_INV_DSTIP)))
xtables_error(PARAMETER_PROBLEM, "! not allowed with multiple"
" source or destination IP addresses");
@@ -1836,12 +1749,15 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
xtables_error(PARAMETER_PROBLEM, "Replacement rule does not "
"specify a unique address");
- generic_opt_check(command, options);
+ generic_opt_check(command, cs.options);
- if (chain && strlen(chain) > IP6T_FUNCTION_MAXNAMELEN)
- xtables_error(PARAMETER_PROBLEM,
- "chain name `%s' too long (must be under %i chars)",
- chain, IP6T_FUNCTION_MAXNAMELEN);
+ /* Attempt to acquire the xtables lock */
+ if (!restore && !xtables_lock(wait)) {
+ fprintf(stderr, "Another app is currently holding the xtables lock. "
+ "Perhaps you want to use the -w option?\n");
+ xtables_free_opts(1);
+ exit(RESOURCE_PROBLEM);
+ }
/* only allocate handle if we weren't called with a handle */
if (!*handle)
@@ -1858,12 +1774,13 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
if (command == CMD_APPEND
|| command == CMD_DELETE
+ || command == CMD_CHECK
|| command == CMD_INSERT
|| command == CMD_REPLACE) {
if (strcmp(chain, "PREROUTING") == 0
|| strcmp(chain, "INPUT") == 0) {
/* -o not valid with incoming packets. */
- if (options & OPT_VIANAMEOUT)
+ if (cs.options & OPT_VIANAMEOUT)
xtables_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEOUT),
@@ -1873,57 +1790,57 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
if (strcmp(chain, "POSTROUTING") == 0
|| strcmp(chain, "OUTPUT") == 0) {
/* -i not valid with outgoing packets */
- if (options & OPT_VIANAMEIN)
+ if (cs.options & OPT_VIANAMEIN)
xtables_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEIN),
chain);
}
- if (target && ip6tc_is_chain(jumpto, *handle)) {
+ if (cs.target && ip6tc_is_chain(cs.jumpto, *handle)) {
fprintf(stderr,
"Warning: using chain %s, not extension\n",
- jumpto);
+ cs.jumpto);
- if (target->t)
- free(target->t);
+ if (cs.target->t)
+ free(cs.target->t);
- target = NULL;
+ cs.target = NULL;
}
/* If they didn't specify a target, or it's a chain
name, use standard. */
- if (!target
- && (strlen(jumpto) == 0
- || ip6tc_is_chain(jumpto, *handle))) {
+ if (!cs.target
+ && (strlen(cs.jumpto) == 0
+ || ip6tc_is_chain(cs.jumpto, *handle))) {
size_t size;
- target = xtables_find_target(IP6T_STANDARD_TARGET,
+ cs.target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
- size = sizeof(struct ip6t_entry_target)
- + target->size;
- target->t = xtables_calloc(1, size);
- target->t->u.target_size = size;
- strcpy(target->t->u.user.name, jumpto);
- if (target->init != NULL)
- target->init(target->t);
+ size = sizeof(struct xt_entry_target)
+ + cs.target->size;
+ cs.target->t = xtables_calloc(1, size);
+ cs.target->t->u.target_size = size;
+ strcpy(cs.target->t->u.user.name, cs.jumpto);
+ xs_init_target(cs.target);
}
- if (!target) {
+ if (!cs.target) {
/* it is no chain, and we can't load a plugin.
* We cannot know if the plugin is corrupt, non
* existant OR if the user just misspelled a
* chain. */
#ifdef IP6T_F_GOTO
- if (fw.ipv6.flags & IP6T_F_GOTO)
+ if (cs.fw6.ipv6.flags & IP6T_F_GOTO)
xtables_error(PARAMETER_PROBLEM,
- "goto '%s' is not a chain\n", jumpto);
+ "goto '%s' is not a chain\n",
+ cs.jumpto);
#endif
- xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED);
+ xtables_find_target(cs.jumpto, XTF_LOAD_MUST_SUCCEED);
} else {
- e = generate_entry(&fw, matches, target->t);
- free(target->t);
+ e = generate_entry(&cs.fw6, cs.matches, cs.target->t);
+ free(cs.target->t);
}
}
@@ -1932,36 +1849,43 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
ret = append_entry(chain, e,
nsaddrs, saddrs, smasks,
ndaddrs, daddrs, dmasks,
- options&OPT_VERBOSE,
+ cs.options&OPT_VERBOSE,
*handle);
break;
case CMD_DELETE:
ret = delete_entry(chain, e,
nsaddrs, saddrs, smasks,
ndaddrs, daddrs, dmasks,
- options&OPT_VERBOSE,
- *handle, matches, target);
+ cs.options&OPT_VERBOSE,
+ *handle, cs.matches, cs.target);
break;
case CMD_DELETE_NUM:
ret = ip6tc_delete_num_entry(chain, rulenum - 1, *handle);
break;
+ case CMD_CHECK:
+ ret = check_entry(chain, e,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
+ cs.options&OPT_VERBOSE,
+ *handle, cs.matches, cs.target);
+ break;
case CMD_REPLACE:
ret = replace_entry(chain, e, rulenum - 1,
saddrs, smasks, daddrs, dmasks,
- options&OPT_VERBOSE, *handle);
+ cs.options&OPT_VERBOSE, *handle);
break;
case CMD_INSERT:
ret = insert_entry(chain, e, rulenum - 1,
nsaddrs, saddrs, smasks,
ndaddrs, daddrs, dmasks,
- options&OPT_VERBOSE,
+ cs.options&OPT_VERBOSE,
*handle);
break;
case CMD_FLUSH:
- ret = flush_entries(chain, options&OPT_VERBOSE, *handle);
+ ret = flush_entries6(chain, cs.options&OPT_VERBOSE, *handle);
break;
case CMD_ZERO:
- ret = zero_entries(chain, options&OPT_VERBOSE, *handle);
+ ret = zero_entries(chain, cs.options&OPT_VERBOSE, *handle);
break;
case CMD_ZERO_NUM:
ret = ip6tc_zero_counter(chain, rulenum, *handle);
@@ -1971,14 +1895,14 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case CMD_LIST|CMD_ZERO_NUM:
ret = list_entries(chain,
rulenum,
- options&OPT_VERBOSE,
- options&OPT_NUMERIC,
- options&OPT_EXPANDED,
- options&OPT_LINENUMBERS,
+ cs.options&OPT_VERBOSE,
+ cs.options&OPT_NUMERIC,
+ cs.options&OPT_EXPANDED,
+ cs.options&OPT_LINENUMBERS,
*handle);
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
- options&OPT_VERBOSE, *handle);
+ cs.options&OPT_VERBOSE, *handle);
if (ret && (command & CMD_ZERO_NUM))
ret = ip6tc_zero_counter(chain, rulenum, *handle);
break;
@@ -1987,11 +1911,11 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case CMD_LIST_RULES|CMD_ZERO_NUM:
ret = list_rules(chain,
rulenum,
- options&OPT_VERBOSE,
+ cs.options&OPT_VERBOSE,
*handle);
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
- options&OPT_VERBOSE, *handle);
+ cs.options&OPT_VERBOSE, *handle);
if (ret && (command & CMD_ZERO_NUM))
ret = ip6tc_zero_counter(chain, rulenum, *handle);
break;
@@ -1999,13 +1923,13 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
ret = ip6tc_create_chain(chain, *handle);
break;
case CMD_DELETE_CHAIN:
- ret = delete_chain(chain, options&OPT_VERBOSE, *handle);
+ ret = delete_chain6(chain, cs.options&OPT_VERBOSE, *handle);
break;
case CMD_RENAME_CHAIN:
ret = ip6tc_rename_chain(chain, newname, *handle);
break;
case CMD_SET_POLICY:
- ret = ip6tc_set_policy(chain, policy, options&OPT_COUNTERS ? &fw.counters : NULL, *handle);
+ ret = ip6tc_set_policy(chain, policy, cs.options&OPT_COUNTERS ? &cs.fw6.counters : NULL, *handle);
break;
default:
/* We should never reach this... */
@@ -2015,7 +1939,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
if (verbose > 1)
dump_entries6(*handle);
- clear_rule_matches(&matches);
+ xtables_rule_matches_free(&cs.matches);
if (e != NULL) {
free(e);
diff --git a/iptables-apply b/iptables/iptables-apply
index 5fec76b..86b8d5a 100755
--- a/iptables-apply
+++ b/iptables/iptables-apply
@@ -11,7 +11,6 @@ PROGNAME="${0##*/}";
VERSION=1.0
TIMEOUT=10
-DEFAULT_FILE=/etc/network/iptables
function blurb()
{
@@ -87,6 +86,19 @@ for opt in $OPTS; do
shift
done
+case "$PROGNAME" in
+ (*6*)
+ SAVE=ip6tables-save
+ RESTORE=ip6tables-restore
+ DEFAULT_FILE=/etc/network/ip6tables
+ ;;
+ (*)
+ SAVE=iptables-save
+ RESTORE=iptables-restore
+ DEFAULT_FILE=/etc/network/iptables
+ ;;
+esac
+
FILE="${1:-$DEFAULT_FILE}";
if [[ -z "$FILE" ]]; then
@@ -99,17 +111,6 @@ if [[ ! -r "$FILE" ]]; then
exit 2
fi
-case "${0##*/}" in
- (*6*)
- SAVE=ip6tables-save
- RESTORE=ip6tables-restore
- ;;
- (*)
- SAVE=iptables-save
- RESTORE=iptables-restore
- ;;
-esac
-
COMMANDS=(tempfile "$SAVE" "$RESTORE")
for cmd in "${COMMANDS[@]}"; do
diff --git a/iptables-apply.8 b/iptables/iptables-apply.8.in
index 8208fd0..cdc9c44 100644
--- a/iptables-apply.8
+++ b/iptables/iptables-apply.8.in
@@ -2,7 +2,7 @@
.\" Author: Martin F. Krafft
.\" Date: Jun 04, 2006
.\"
-.TH iptables\-apply 8 2006-06-04
+.TH IPTABLES\-APPLY 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
.\" disable hyphenation
.nh
.SH NAME
@@ -18,7 +18,7 @@ connection, the user will not be able to answer affirmatively. In this
case, the script rolls back to the previous ruleset after the timeout
expired. The timeout can be set with \fB\-t\fP.
.PP
-When called as ip6tables\-apply, the script will use
+When called as \fBip6tables\-apply\fP, the script will use
ip6tables\-save/\-restore instead.
.SH OPTIONS
.TP
diff --git a/iptables/iptables-extensions.8.tmpl.in b/iptables/iptables-extensions.8.tmpl.in
new file mode 100644
index 0000000..99d89a1
--- /dev/null
+++ b/iptables/iptables-extensions.8.tmpl.in
@@ -0,0 +1,28 @@
+.TH iptables-extensions 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
+.SH NAME
+iptables-extensions \(em list of extensions in the standard iptables distribution
+.SH SYNOPSIS
+\fBip6tables\fP [\fB\-m\fP \fIname\fP [\fImodule-options\fP...]]
+[\fB\-j\fP \fItarget-name\fP [\fItarget-options\fP...]
+.PP
+\fBiptables\fP [\fB\-m\fP \fIname\fP [\fImodule-options\fP...]]
+[\fB\-j\fP \fItarget-name\fP [\fItarget-options\fP...]
+.SH MATCH EXTENSIONS
+iptables can use extended packet matching modules
+with the \fB\-m\fP or \fB\-\-match\fP
+options, followed by the matching module name; after these, various
+extra command line options become available, depending on the specific
+module. You can specify multiple extended match modules in one line,
+and you can use the \fB\-h\fP or \fB\-\-help\fP
+options after the module has been specified to receive help specific
+to that module. The extended match modules are evaluated in the order
+they are specified in the rule.
+.PP
+If the \fB\-p\fP or \fB\-\-protocol\fP was specified and if and only if an
+unknown option is encountered, iptables will try load a match module of the
+same name as the protocol, to try making the option available.
+.\" @MATCH@
+.SH TARGET EXTENSIONS
+iptables can use extended target modules: the following are included
+in the standard distribution.
+.\" @TARGET@
diff --git a/iptables-multi.h b/iptables/iptables-multi.h
index a9912b0..a2bb878 100644
--- a/iptables-multi.h
+++ b/iptables/iptables-multi.h
@@ -4,6 +4,5 @@
extern int iptables_main(int, char **);
extern int iptables_save_main(int, char **);
extern int iptables_restore_main(int, char **);
-extern int iptables_xml_main(int, char **);
#endif /* _IPTABLES_MULTI_H */
diff --git a/iptables-restore.8 b/iptables/iptables-restore.8.in
index a52bceb..feb57ef 100644
--- a/iptables-restore.8
+++ b/iptables/iptables-restore.8.in
@@ -1,4 +1,4 @@
-.TH IPTABLES-RESTORE 8 "Jan 04, 2001" "" ""
+.TH IPTABLES-RESTORE 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
.\"
.\" Man page written by Harald Welte <laforge@gnumonks.org>
.\" It is based on the iptables man page.
@@ -20,25 +20,50 @@
.\"
.SH NAME
iptables-restore \(em Restore IP Tables
+.P
+ip6tables-restore \(em Restore IPv6 Tables
.SH SYNOPSIS
-\fBiptables\-restore\fP [\fB\-c\fP] [\fB\-n\fP]
+\fBiptables\-restore\fP [\fB\-chntv\fP] [\fB\-M\fP \fImodprobe\fP]
+.P
+\fBip6tables\-restore\fP [\fB\-chntv\fP] [\fB\-M\fP \fImodprobe\fP]
+[\fB\-T\fP \fIname\fP]
.SH DESCRIPTION
.PP
.B iptables-restore
-is used to restore IP Tables from data specified on STDIN. Use
+and
+.B ip6tables-restore
+are used to restore IP and IPv6 Tables from data specified on STDIN. Use
I/O redirection provided by your shell to read from a file
.TP
\fB\-c\fR, \fB\-\-counters\fR
restore the values of all packet and byte counters
.TP
-\fB\-n\fR, \fB\-\-noflush\fR
-don't flush the previous contents of the table. If not specified,
-.B iptables-restore
-flushes (deletes) all previous contents of the respective IP Table.
+\fB\-h\fP, \fB\-\-help\fP
+Print a short option summary.
+.TP
+\fB\-n\fR, \fB\-\-noflush\fR
+don't flush the previous contents of the table. If not specified,
+both commands flush (delete) all previous contents of the respective table.
+.TP
+\fB\-t\fP, \fB\-\-test\fP
+Only parse and construct the ruleset, but do not commit it.
+.TP
+\fB\-v\fP, \fB\-\-verbose\fP
+Print additional debug info during ruleset processing.
+.TP
+\fB\-M\fP, \fB\-\-modprobe\fP \fImodprobe_program\fP
+Specify the path to the modprobe program. By default, iptables-restore will
+inspect /proc/sys/kernel/modprobe to determine the executable's path.
+.TP
+\fB\-T\fP, \fB\-\-table\fP \fIname\fP
+Restore only the named table even if the input stream contains other ones.
.SH BUGS
None known as of iptables-1.2.1 release
-.SH AUTHOR
-Harald Welte <laforge@gnumonks.org>
+.SH AUTHORS
+Harald Welte <laforge@gnumonks.org> wrote iptables-restore based on code
+from Rusty Russell.
+.br
+Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-restore.
.SH SEE ALSO
\fBiptables\-save\fP(8), \fBiptables\fP(8)
.PP
diff --git a/iptables-restore.c b/iptables/iptables-restore.c
index 8c6648e..8c942ff 100644
--- a/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -3,8 +3,6 @@
* based on previous code from Rusty Russell <rusty@linuxcare.com.au>
*
* This code is distributed under the terms of GNU GPL v2
- *
- * $Id$
*/
#include <getopt.h>
@@ -58,9 +56,9 @@ static void print_usage(const char *name, const char *version)
exit(1);
}
-static struct iptc_handle *create_handle(const char *tablename)
+static struct xtc_handle *create_handle(const char *tablename)
{
- struct iptc_handle *handle;
+ struct xtc_handle *handle;
handle = iptc_init(tablename);
@@ -78,14 +76,12 @@ static struct iptc_handle *create_handle(const char *tablename)
return handle;
}
-static int parse_counters(char *string, struct ipt_counters *ctr)
+static int parse_counters(char *string, struct xt_counters *ctr)
{
unsigned long long pcnt, bcnt;
int ret;
- ret = sscanf(string, "[%llu:%llu]",
- (unsigned long long *)&pcnt,
- (unsigned long long *)&bcnt);
+ ret = sscanf(string, "[%llu:%llu]", &pcnt, &bcnt);
ctr->pcnt = pcnt;
ctr->bcnt = bcnt;
return ret == 2;
@@ -101,10 +97,13 @@ static int add_argv(char *what) {
DEBUGP("add_argv: %s\n", what);
if (what && newargc + 1 < ARRAY_SIZE(newargv)) {
newargv[newargc] = strdup(what);
- newargc++;
+ newargv[++newargc] = NULL;
return 1;
- } else
+ } else {
+ xtables_error(PARAMETER_PROBLEM,
+ "Parser cannot handle more arguments\n");
return 0;
+ }
}
static void free_argv(void) {
@@ -114,21 +113,81 @@ static void free_argv(void) {
free(newargv[i]);
}
-#ifdef IPTABLES_MULTI
+static void add_param_to_argv(char *parsestart)
+{
+ int quote_open = 0, escaped = 0, param_len = 0;
+ char param_buffer[1024], *curchar;
+
+ /* After fighting with strtok enough, here's now
+ * a 'real' parser. According to Rusty I'm now no
+ * longer a real hacker, but I can live with that */
+
+ for (curchar = parsestart; *curchar; curchar++) {
+ if (quote_open) {
+ if (escaped) {
+ param_buffer[param_len++] = *curchar;
+ escaped = 0;
+ continue;
+ } else if (*curchar == '\\') {
+ escaped = 1;
+ continue;
+ } else if (*curchar == '"') {
+ quote_open = 0;
+ *curchar = ' ';
+ } else {
+ param_buffer[param_len++] = *curchar;
+ continue;
+ }
+ } else {
+ if (*curchar == '"') {
+ quote_open = 1;
+ continue;
+ }
+ }
+
+ if (*curchar == ' '
+ || *curchar == '\t'
+ || * curchar == '\n') {
+ if (!param_len) {
+ /* two spaces? */
+ continue;
+ }
+
+ param_buffer[param_len] = '\0';
+
+ /* check if table name specified */
+ if (!strncmp(param_buffer, "-t", 2)
+ || !strncmp(param_buffer, "--table", 8)) {
+ xtables_error(PARAMETER_PROBLEM,
+ "The -t option (seen in line %u) cannot be "
+ "used in iptables-restore.\n", line);
+ exit(1);
+ }
+
+ add_argv(param_buffer);
+ param_len = 0;
+ } else {
+ /* regular character, copy to buffer */
+ param_buffer[param_len++] = *curchar;
+
+ if (param_len >= sizeof(param_buffer))
+ xtables_error(PARAMETER_PROBLEM,
+ "Parameter too long!");
+ }
+ }
+}
+
int
iptables_restore_main(int argc, char *argv[])
-#else
-int
-main(int argc, char *argv[])
-#endif
{
- struct iptc_handle *handle = NULL;
+ struct xtc_handle *handle = NULL;
char buffer[10240];
int c;
- char curtable[IPT_TABLE_MAXNAMELEN + 1];
+ char curtable[XT_TABLE_MAXNAMELEN + 1];
FILE *in;
int in_table = 0, testing = 0;
const char *tablename = NULL;
+ const struct xtc_ops *ops = &iptc_ops;
line = 0;
@@ -142,6 +201,7 @@ main(int argc, char *argv[])
}
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
+ init_extensions4();
#endif
while ((c = getopt_long(argc, argv, "bcvthnM:T:", options, NULL)) != -1) {
@@ -175,7 +235,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
@@ -202,8 +262,8 @@ main(int argc, char *argv[])
} else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) {
if (!testing) {
DEBUGP("Calling commit\n");
- ret = iptc_commit(handle);
- iptc_free(handle);
+ ret = ops->commit(handle);
+ ops->free(handle);
handle = NULL;
} else {
DEBUGP("Not calling commit, testing\n");
@@ -219,27 +279,27 @@ main(int argc, char *argv[])
if (!table) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n",
- prog_name, line);
+ xt_params->program_name, line);
exit(1);
}
- strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
- curtable[IPT_TABLE_MAXNAMELEN] = '\0';
+ strncpy(curtable, table, XT_TABLE_MAXNAMELEN);
+ curtable[XT_TABLE_MAXNAMELEN] = '\0';
if (tablename && (strcmp(tablename, table) != 0))
continue;
if (handle)
- iptc_free(handle);
+ ops->free(handle);
handle = create_handle(table);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
table);
- for_each_chain(flush_entries, verbose, 1,
+ for_each_chain4(flush_entries4, verbose, 1,
handle);
DEBUGP("Deleting all user-defined chains "
"of table '%s'\n", table);
- for_each_chain(delete_chain, verbose, 0,
+ for_each_chain4(delete_chain4, verbose, 0,
handle);
}
@@ -255,7 +315,7 @@ main(int argc, char *argv[])
if (!chain) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
- prog_name, line);
+ xt_params->program_name, line);
exit(1);
}
@@ -265,17 +325,17 @@ main(int argc, char *argv[])
"(%u chars max)",
chain, XT_EXTENSION_MAXNAMELEN - 1);
- if (iptc_builtin(chain, handle) <= 0) {
- if (noflush && iptc_is_chain(chain, handle)) {
+ if (ops->builtin(chain, handle) <= 0) {
+ if (noflush && ops->is_chain(chain, handle)) {
DEBUGP("Flushing existing user defined chain '%s'\n", chain);
- if (!iptc_flush_entries(chain, handle))
+ if (!ops->flush_entries(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error flushing chain "
"'%s':%s\n", chain,
strerror(errno));
} else {
DEBUGP("Creating new chain '%s'\n", chain);
- if (!iptc_create_chain(chain, handle))
+ if (!ops->create_chain(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error creating chain "
"'%s':%s\n", chain,
@@ -288,12 +348,12 @@ main(int argc, char *argv[])
if (!policy) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n",
- prog_name, line);
+ xt_params->program_name, line);
exit(1);
}
if (strcmp(policy, "-") != 0) {
- struct ipt_counters count;
+ struct xt_counters count;
if (counters) {
char *ctrs;
@@ -305,20 +365,19 @@ main(int argc, char *argv[])
"for chain '%s'\n", chain);
} else {
- memset(&count, 0,
- sizeof(struct ipt_counters));
+ memset(&count, 0, sizeof(count));
}
DEBUGP("Setting policy of chain %s to %s\n",
chain, policy);
- if (!iptc_set_policy(chain, policy, &count,
+ if (!ops->set_policy(chain, policy, &count,
handle))
xtables_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
- chain, policy, line,
- iptc_strerror(errno));
+ policy, chain, line,
+ ops->strerror(errno));
}
ret = 1;
@@ -330,11 +389,6 @@ main(int argc, char *argv[])
char *bcnt = NULL;
char *parsestart;
- /* the parser */
- char *curchar;
- int quote_open, escaped;
- size_t param_len;
-
/* reset the newargv */
newargc = 0;
@@ -367,7 +421,7 @@ main(int argc, char *argv[])
add_argv(argv[0]);
add_argv("-t");
- add_argv((char *) &curtable);
+ add_argv(curtable);
if (counters && pcnt && bcnt) {
add_argv("--set-counters");
@@ -375,78 +429,16 @@ main(int argc, char *argv[])
add_argv((char *) bcnt);
}
- /* After fighting with strtok enough, here's now
- * a 'real' parser. According to Rusty I'm now no
- * longer a real hacker, but I can live with that */
-
- quote_open = 0;
- escaped = 0;
- param_len = 0;
-
- for (curchar = parsestart; *curchar; curchar++) {
- char param_buffer[1024];
-
- if (quote_open) {
- if (escaped) {
- param_buffer[param_len++] = *curchar;
- escaped = 0;
- continue;
- } else if (*curchar == '\\') {
- escaped = 1;
- continue;
- } else if (*curchar == '"') {
- quote_open = 0;
- *curchar = ' ';
- } else {
- param_buffer[param_len++] = *curchar;
- continue;
- }
- } else {
- if (*curchar == '"') {
- quote_open = 1;
- continue;
- }
- }
-
- if (*curchar == ' '
- || *curchar == '\t'
- || * curchar == '\n') {
- if (!param_len) {
- /* two spaces? */
- continue;
- }
-
- param_buffer[param_len] = '\0';
-
- /* check if table name specified */
- if (!strncmp(param_buffer, "-t", 2)
- || !strncmp(param_buffer, "--table", 8)) {
- xtables_error(PARAMETER_PROBLEM,
- "Line %u seems to have a "
- "-t table option.\n", line);
- exit(1);
- }
-
- add_argv(param_buffer);
- param_len = 0;
- } else {
- /* regular character, copy to buffer */
- param_buffer[param_len++] = *curchar;
-
- if (param_len >= sizeof(param_buffer))
- xtables_error(PARAMETER_PROBLEM,
- "Parameter too long!");
- }
- }
+ add_param_to_argv(parsestart);
- DEBUGP("calling do_command(%u, argv, &%s, handle):\n",
+ DEBUGP("calling do_command4(%u, argv, &%s, handle):\n",
newargc, curtable);
for (a = 0; a < newargc; a++)
DEBUGP("argv[%u]: %s\n", a, newargv[a]);
- ret = do_command(newargc, newargv,
- &newargv[2], &handle);
+ ret = do_command4(newargc, newargv,
+ &newargv[2], &handle, true);
free_argv();
fflush(stdout);
@@ -455,17 +447,16 @@ main(int argc, char *argv[])
continue;
if (!ret) {
fprintf(stderr, "%s: line %u failed\n",
- prog_name, line);
+ xt_params->program_name, line);
exit(1);
}
}
if (in_table) {
fprintf(stderr, "%s: COMMIT expected at line %u\n",
- prog_name, line + 1);
+ xt_params->program_name, line + 1);
exit(1);
}
- if (in != NULL)
- fclose(in);
+ fclose(in);
return 0;
}
diff --git a/iptables-save.8 b/iptables/iptables-save.8.in
index c2e0a94..5e939b1 100644
--- a/iptables-save.8
+++ b/iptables/iptables-save.8.in
@@ -1,4 +1,4 @@
-.TH IPTABLES-SAVE 8 "Jan 04, 2001" "" ""
+.TH IPTABLES-SAVE 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
.\"
.\" Man page written by Harald Welte <laforge@gnumonks.org>
.\" It is based on the iptables man page.
@@ -20,13 +20,20 @@
.\"
.SH NAME
iptables-save \(em dump iptables rules to stdout
+.P
+ip6tables-save \(em dump iptables rules to stdout
.SH SYNOPSIS
\fBiptables\-save\fP [\fB\-M\fP \fImodprobe\fP] [\fB\-c\fP]
[\fB\-t\fP \fItable\fP]
+.P
+\fBip6tables\-save\fP [\fB\-M\fP \fImodprobe\fP] [\fB\-c\fP]
+[\fB\-t\fP \fItable\fP
.SH DESCRIPTION
.PP
.B iptables-save
-is used to dump the contents of an IP Table in easily parseable format
+and
+.B ip6tables-save
+are used to dump the contents of IP or IPv6 Table in easily parseable format
to STDOUT. Use I/O-redirection provided by your shell to write to a file.
.TP
\fB\-M\fP \fImodprobe_program\fP
@@ -41,8 +48,12 @@ restrict output to only one table. If not specified, output includes all
available tables.
.SH BUGS
None known as of iptables-1.2.1 release
-.SH AUTHOR
+.SH AUTHORS
Harald Welte <laforge@gnumonks.org>
+.br
+Rusty Russell <rusty@rustcorp.com.au>
+.br
+Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-save.
.SH SEE ALSO
\fBiptables\-restore\fP(8), \fBiptables\fP(8)
.PP
diff --git a/iptables-save.c b/iptables/iptables-save.c
index 3bcf422..e599fce 100644
--- a/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -21,10 +21,9 @@
#include <dlfcn.h>
#endif
-static int show_binary = 0, show_counters = 0;
+static int show_counters = 0;
static const struct option options[] = {
- {.name = "binary", .has_arg = false, .val = 'b'},
{.name = "counters", .has_arg = false, .val = 'c'},
{.name = "dump", .has_arg = false, .val = 'd'},
{.name = "table", .has_arg = true, .val = 't'},
@@ -37,9 +36,9 @@ static int for_each_table(int (*func)(const char *tablename))
{
int ret = 1;
FILE *procfile = NULL;
- char tablename[IPT_TABLE_MAXNAMELEN+1];
+ char tablename[XT_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip_tables_names", "r");
+ procfile = fopen("/proc/net/ip_tables_names", "re");
if (!procfile)
return ret;
@@ -59,7 +58,7 @@ static int for_each_table(int (*func)(const char *tablename))
static int do_output(const char *tablename)
{
- struct iptc_handle *h;
+ struct xtc_handle *h;
const char *chain = NULL;
if (!tablename)
@@ -74,52 +73,45 @@ static int do_output(const char *tablename)
xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
iptc_strerror(errno));
- if (!show_binary) {
- time_t now = time(NULL);
-
- printf("# Generated by iptables-save v%s on %s",
- IPTABLES_VERSION, ctime(&now));
- printf("*%s\n", tablename);
-
- /* Dump out chain names first,
- * thereby preventing dependency conflicts */
- for (chain = iptc_first_chain(h);
- chain;
- chain = iptc_next_chain(h)) {
-
- printf(":%s ", chain);
- if (iptc_builtin(chain, h)) {
- struct ipt_counters count;
- printf("%s ",
- iptc_get_policy(chain, &count, h));
- printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
- } else {
- printf("- [0:0]\n");
- }
+ time_t now = time(NULL);
+
+ printf("# Generated by iptables-save v%s on %s",
+ IPTABLES_VERSION, ctime(&now));
+ printf("*%s\n", tablename);
+
+ /* Dump out chain names first,
+ * thereby preventing dependency conflicts */
+ for (chain = iptc_first_chain(h);
+ chain;
+ chain = iptc_next_chain(h)) {
+
+ printf(":%s ", chain);
+ if (iptc_builtin(chain, h)) {
+ struct xt_counters count;
+ printf("%s ",
+ iptc_get_policy(chain, &count, h));
+ printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
+ } else {
+ printf("- [0:0]\n");
}
+ }
+ for (chain = iptc_first_chain(h);
+ chain;
+ chain = iptc_next_chain(h)) {
+ const struct ipt_entry *e;
- for (chain = iptc_first_chain(h);
- chain;
- chain = iptc_next_chain(h)) {
- const struct ipt_entry *e;
-
- /* Dump out rules */
- e = iptc_first_rule(chain, h);
- while(e) {
- print_rule(e, h, chain, show_counters);
- e = iptc_next_rule(e, h);
- }
+ /* Dump out rules */
+ e = iptc_first_rule(chain, h);
+ while(e) {
+ print_rule4(e, h, chain, show_counters);
+ e = iptc_next_rule(e, h);
}
-
- now = time(NULL);
- printf("COMMIT\n");
- printf("# Completed on %s", ctime(&now));
- } else {
- /* Binary, huh? OK. */
- xtables_error(OTHER_PROBLEM, "Binary NYI\n");
}
+ now = time(NULL);
+ printf("COMMIT\n");
+ printf("# Completed on %s", ctime(&now));
iptc_free(h);
return 1;
@@ -129,13 +121,8 @@ static int do_output(const char *tablename)
* :Chain name POLICY packets bytes
* rule
*/
-#ifdef IPTABLES_MULTI
int
iptables_save_main(int argc, char *argv[])
-#else
-int
-main(int argc, char *argv[])
-#endif
{
const char *tablename = NULL;
int c;
@@ -150,14 +137,11 @@ main(int argc, char *argv[])
}
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
+ init_extensions4();
#endif
while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
switch (c) {
- case 'b':
- show_binary = 1;
- break;
-
case 'c':
show_counters = 1;
break;
diff --git a/iptables-standalone.c b/iptables/iptables-standalone.c
index 1f60e31..4da1d7f 100644
--- a/iptables-standalone.c
+++ b/iptables/iptables-standalone.c
@@ -38,17 +38,12 @@
#include <iptables.h>
#include "iptables-multi.h"
-#ifdef IPTABLES_MULTI
int
iptables_main(int argc, char *argv[])
-#else
-int
-main(int argc, char *argv[])
-#endif
{
int ret;
char *table = "filter";
- struct iptc_handle *handle = NULL;
+ struct xtc_handle *handle = NULL;
iptables_globals.program_name = "iptables";
ret = xtables_init_all(&iptables_globals, NFPROTO_IPV4);
@@ -60,9 +55,10 @@ main(int argc, char *argv[])
}
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
+ init_extensions4();
#endif
- ret = do_command(argc, argv, &table, &handle);
+ ret = do_command4(argc, argv, &table, &handle, false);
if (ret) {
ret = iptc_commit(handle);
iptc_free(handle);
diff --git a/iptables-xml.8 b/iptables/iptables-xml.1.in
index 048c2cb..7b7878f 100644
--- a/iptables-xml.8
+++ b/iptables/iptables-xml.1.in
@@ -1,4 +1,4 @@
-.TH IPTABLES-XML 8 "Jul 16, 2007" "" ""
+.TH IPTABLES-XML 1 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
.\"
.\" Man page written by Sam Liddicott <azez@ufomechanic.net>
.\" It is based on the iptables-save man page.
diff --git a/iptables-xml.c b/iptables/iptables-xml.c
index daf4208..9628447 100644
--- a/iptables-xml.c
+++ b/iptables/iptables-xml.c
@@ -1,11 +1,9 @@
/* Code to convert iptables-save format to xml format,
* (C) 2006 Ufo Mechanic <azez@ufomechanic.net>
- * based on iptables-restor (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
+ * based on iptables-restore (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
* based on previous code from Rusty Russell <rusty@linuxcare.com.au>
*
* This code is distributed under the terms of GNU GPL v2
- *
- * $Id: iptables-xml.c,v 1.4 2006/11/09 12:02:17 azez Exp $
*/
#include <getopt.h>
@@ -16,7 +14,7 @@
#include <stdarg.h>
#include "iptables.h"
#include "libiptc/libiptc.h"
-#include "iptables-multi.h"
+#include "xtables-multi.h"
#include <xtables.h>
#ifdef DEBUG
@@ -25,10 +23,6 @@
#define DEBUGP(x, args...)
#endif
-#ifndef IPTABLES_MULTI
-int line = 0;
-#endif
-
struct xtables_globals iptables_xml_globals = {
.option_offset = 0,
.program_version = IPTABLES_VERSION,
@@ -62,9 +56,9 @@ print_usage(const char *name, const char *version)
}
static int
-parse_counters(char *string, struct ipt_counters *ctr)
+parse_counters(char *string, struct xt_counters *ctr)
{
- u_int64_t *pcnt, *bcnt;
+ __u64 *pcnt, *bcnt;
if (string != NULL) {
pcnt = &ctr->pcnt;
@@ -87,16 +81,16 @@ static unsigned int oldargc = 0;
/* arg meta data, were they quoted, frinstance */
static int newargvattr[255];
-#define IPT_CHAIN_MAXNAMELEN IPT_TABLE_MAXNAMELEN
-static char closeActionTag[IPT_TABLE_MAXNAMELEN + 1];
-static char closeRuleTag[IPT_TABLE_MAXNAMELEN + 1];
-static char curTable[IPT_TABLE_MAXNAMELEN + 1];
-static char curChain[IPT_CHAIN_MAXNAMELEN + 1];
+#define XT_CHAIN_MAXNAMELEN XT_TABLE_MAXNAMELEN
+static char closeActionTag[XT_TABLE_MAXNAMELEN + 1];
+static char closeRuleTag[XT_TABLE_MAXNAMELEN + 1];
+static char curTable[XT_TABLE_MAXNAMELEN + 1];
+static char curChain[XT_CHAIN_MAXNAMELEN + 1];
struct chain {
char *chain;
char *policy;
- struct ipt_counters count;
+ struct xt_counters count;
int created;
};
@@ -239,12 +233,12 @@ closeChain(void)
}
static void
-openChain(char *chain, char *policy, struct ipt_counters *ctr, char close)
+openChain(char *chain, char *policy, struct xt_counters *ctr, char close)
{
closeChain();
- strncpy(curChain, chain, IPT_CHAIN_MAXNAMELEN);
- curChain[IPT_CHAIN_MAXNAMELEN] = '\0';
+ strncpy(curChain, chain, XT_CHAIN_MAXNAMELEN);
+ curChain[XT_CHAIN_MAXNAMELEN] = '\0';
printf(" <chain ");
xmlAttrS("name", curChain);
@@ -293,7 +287,7 @@ needChain(char *chain)
}
static void
-saveChain(char *chain, char *policy, struct ipt_counters *ctr)
+saveChain(char *chain, char *policy, struct xt_counters *ctr)
{
if (nextChain >= maxChains) {
xtables_error(PARAMETER_PROBLEM,
@@ -338,8 +332,8 @@ openTable(char *table)
{
closeTable();
- strncpy(curTable, table, IPT_TABLE_MAXNAMELEN);
- curTable[IPT_TABLE_MAXNAMELEN] = '\0';
+ strncpy(curTable, table, XT_TABLE_MAXNAMELEN);
+ curTable[XT_TABLE_MAXNAMELEN] = '\0';
printf(" <table ");
xmlAttrS("name", curTable);
@@ -373,9 +367,9 @@ static void
do_rule_part(char *leveltag1, char *leveltag2, int part, int argc,
char *argv[], int argvattr[])
{
- int arg = 1; // ignore leading -A
+ int i;
+ int arg = 2; // ignore leading -A <chain>
char invert_next = 0;
- char *thisChain = NULL;
char *spacer = ""; // space when needed to assemble arguments
char *level1 = NULL;
char *level2 = NULL;
@@ -399,8 +393,6 @@ do_rule_part(char *leveltag1, char *leveltag2, int part, int argc,
} else printf("%s<%s ", (leveli ## LEVEL), (level ## LEVEL)); \
} while(0)
- thisChain = argv[arg++];
-
if (part == 1) { /* skip */
/* use argvattr to tell which arguments were quoted
to avoid comparing quoted arguments, like comments, to -j, */
@@ -408,11 +400,17 @@ do_rule_part(char *leveltag1, char *leveltag2, int part, int argc,
arg++;
}
- /* Before we start, if the first arg is -[^-] and not -m or -j or -g
- then start a dummy <match> tag for old style built-in matches.
- We would do this in any case, but no need if it would be empty */
- if (arg < argc && argv[arg][0] == '-' && !isTarget(argv[arg])
- && strcmp(argv[arg], "-m") != 0) {
+ /* Before we start, if the first arg is -[^-] and not -m or -j or -g
+ * then start a dummy <match> tag for old style built-in matches.
+ * We would do this in any case, but no need if it would be empty.
+ * In the case of negation, we need to look at arg+1
+ */
+ if (arg < argc && strcmp(argv[arg], "!") == 0)
+ i = arg + 1;
+ else
+ i = arg;
+ if (i < argc && argv[i][0] == '-' && !isTarget(argv[i])
+ && strcmp(argv[i], "-m") != 0) {
OPEN_LEVEL(1, "match");
printf(">\n");
}
@@ -601,8 +599,8 @@ do_rule(char *pcnt, char *bcnt, int argc, char *argv[], int argvattr[])
xmlAttrS("byte-count", bcnt);
printf(">\n");
- strncpy(closeRuleTag, " </rule>\n", IPT_TABLE_MAXNAMELEN);
- closeRuleTag[IPT_TABLE_MAXNAMELEN] = '\0';
+ strncpy(closeRuleTag, " </rule>\n", XT_TABLE_MAXNAMELEN);
+ closeRuleTag[XT_TABLE_MAXNAMELEN] = '\0';
/* no point in writing out condition if there isn't one */
if (argc >= 3 && !isTarget(argv[2])) {
@@ -616,19 +614,14 @@ do_rule(char *pcnt, char *bcnt, int argc, char *argv[], int argvattr[])
if (!closeActionTag[0]) {
printf(" <actions>\n");
strncpy(closeActionTag, " </actions>\n",
- IPT_TABLE_MAXNAMELEN);
- closeActionTag[IPT_TABLE_MAXNAMELEN] = '\0';
+ XT_TABLE_MAXNAMELEN);
+ closeActionTag[XT_TABLE_MAXNAMELEN] = '\0';
}
do_rule_part(NULL, NULL, 1, argc, argv, argvattr);
}
-#ifdef IPTABLES_MULTI
int
iptables_xml_main(int argc, char *argv[])
-#else
-int
-main(int argc, char *argv[])
-#endif
{
char buffer[10240];
int c;
@@ -653,7 +646,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s", argv[optind],
strerror(errno));
@@ -708,7 +701,7 @@ main(int argc, char *argv[])
} else if ((buffer[0] == ':') && (curTable[0])) {
/* New chain. */
char *policy, *chain;
- struct ipt_counters count;
+ struct xt_counters count;
char *ctrs;
chain = strtok(buffer + 1, " \t\n");
@@ -747,6 +740,7 @@ main(int argc, char *argv[])
/* the parser */
char *param_start, *curchar;
int quote_open, quoted;
+ char param_buffer[1024];
/* reset the newargv */
newargc = 0;
@@ -806,7 +800,6 @@ main(int argc, char *argv[])
}
if (*curchar == ' '
|| *curchar == '\t' || *curchar == '\n') {
- char param_buffer[1024];
int param_len = curchar - param_start;
if (quote_open)
@@ -846,7 +839,7 @@ main(int argc, char *argv[])
}
}
- DEBUGP("calling do_command(%u, argv, &%s, handle):\n",
+ DEBUGP("calling do_command4(%u, argv, &%s, handle):\n",
newargc, curTable);
for (a = 0; a < newargc; a++)
@@ -870,8 +863,7 @@ main(int argc, char *argv[])
exit(1);
}
- if (in != NULL)
- fclose(in);
+ fclose(in);
printf("</iptables-rules>\n");
free_argv();
diff --git a/iptables.8.in b/iptables/iptables.8.in
index d29deb2..155c97e 100644
--- a/iptables.8.in
+++ b/iptables/iptables.8.in
@@ -1,4 +1,4 @@
-.TH IPTABLES 8 "" "@PACKAGE_AND_VERSION@" "@PACKAGE_AND_VERSION@"
+.TH IPTABLES 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
.\"
.\" Man page written by Herve Eychenne <rv@wallfire.org> (May 1999)
.\" It is based on ipchains page.
@@ -23,9 +23,13 @@
.\"
.\"
.SH NAME
-iptables \(em administration tool for IPv4 packet filtering and NAT
+iptables/ip6tables \(em administration tool for IPv4/IPv6 packet filtering and NAT
.SH SYNOPSIS
-\fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-D\fP} \fIchain\fP \fIrule-specification\fP
+\fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-C\fP|\fB\-D\fP}
+\fIchain\fP \fIrule-specification\fP
+.P
+\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-C\fP|\fB\-D\fP}
+\fIchain rule-specification\fP
.PP
\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP \fIchain\fP [\fIrulenum\fP] \fIrule-specification\fP
.PP
@@ -51,8 +55,8 @@ match = \fB\-m\fP \fImatchname\fP [\fIper-match-options\fP]
.PP
target = \fB\-j\fP \fItargetname\fP [\fIper\-target\-options\fP]
.SH DESCRIPTION
-\fBIptables\fP is used to set up, maintain, and inspect the
-tables of IPv4 packet
+\fBIptables\fP and \fBip6tables\fP are used to set up, maintain, and inspect the
+tables of IPv4 and IPv6 packet
filter rules in the Linux kernel. Several different tables
may be defined. Each table contains a number of built-in
chains and may also contain user-defined chains.
@@ -63,21 +67,14 @@ a `target', which may be a jump to a user-defined chain in the same
table.
.SH TARGETS
A firewall rule specifies criteria for a packet and a target. If the
-packet does not match, the next rule in the chain is the examined; if
+packet does not match, the next rule in the chain is examined; if
it does match, then the next rule is specified by the value of the
-target, which can be the name of a user-defined chain or one of the
-special values \fBACCEPT\fP, \fBDROP\fP, \fBQUEUE\fP or \fBRETURN\fP.
+target, which can be the name of a user-defined chain, one of the targets
+described in \fBiptables\-extensions\fP(8), or one of the
+special values \fBACCEPT\fP, \fBDROP\fP or \fBRETURN\fP.
.PP
\fBACCEPT\fP means to let the packet through.
\fBDROP\fP means to drop the packet on the floor.
-\fBQUEUE\fP means to pass the packet to userspace.
-(How the packet can be received
-by a userspace process differs by the particular queue handler. 2.4.x
-and 2.6.x kernels up to 2.6.13 include the \fBip_queue\fP
-queue handler. Kernels 2.6.14 and later additionally include the
-\fBnfnetlink_queue\fP queue handler. Packets with a target of QUEUE will be
-sent to queue number '0' in this case. Please also see the \fBNFQUEUE\fP
-target as described later in this man page.)
\fBRETURN\fP means stop traversing this chain and resume at the next
rule in the
previous (calling) chain. If the end of a built-in chain is reached
@@ -85,7 +82,7 @@ or a rule in a built-in chain with target \fBRETURN\fP
is matched, the target specified by the chain policy determines the
fate of the packet.
.SH TABLES
-There are currently three independent tables (which tables are present
+There are currently five independent tables (which tables are present
at any time depends on the kernel configuration options and which
modules are present).
.TP
@@ -110,6 +107,7 @@ connection is encountered. It consists of three built-ins: \fBPREROUTING\fP
(for altering packets as soon as they come in), \fBOUTPUT\fP
(for altering locally-generated packets before routing), and \fBPOSTROUTING\fP
(for altering packets as they are about to go out).
+IPv6 NAT support is available since kernel 3.7.
.TP
\fBmangle\fP:
This table is used for specialized packet alteration. Until kernel
@@ -128,10 +126,21 @@ hooks with higher priority and is thus called before ip_conntrack, or any other
IP tables. It provides the following built-in chains: \fBPREROUTING\fP
(for packets arriving via any network interface) \fBOUTPUT\fP
(for packets generated by local processes)
+.TP
+\fBsecurity\fP:
+This table is used for Mandatory Access Control (MAC) networking rules, such
+as those enabled by the \fBSECMARK\fP and \fBCONNSECMARK\fP targets.
+Mandatory Access Control is implemented by Linux Security Modules such as
+SELinux. The security table is called after the filter table, allowing any
+Discretionary Access Control (DAC) rules in the filter table to take effect
+before MAC rules. This table provides the following built-in chains:
+\fBINPUT\fP (for packets coming into the box itself),
+\fBOUTPUT\fP (for altering locally-generated packets before routing), and
+\fBFORWARD\fP (for altering packets being routed through the box).
.RE
.SH OPTIONS
The options that are recognized by
-\fBiptables\fP can be divided into several different groups.
+\fBiptables\fP and \fBip6tables\fP can be divided into several different groups.
.SS COMMANDS
These options specify the desired action to perform. Only one of them
can be specified on the command line unless otherwise stated
@@ -144,6 +153,12 @@ Append one or more rules to the end of the selected chain.
When the source and/or destination names resolve to more than one
address, a rule will be added for each possible address combination.
.TP
+\fB\-C\fP, \fB\-\-check\fP \fIchain rule-specification\fP
+Check whether a rule matching the specification does exist in the
+selected chain. This command uses the same logic as \fB\-D\fP to
+find a matching entry, but does not alter the existing iptables
+configuration and uses its exit code to indicate success or failure.
+.TP
\fB\-D\fP, \fB\-\-delete\fP \fIchain rule-specification\fP
.ns
.TP
@@ -225,17 +240,37 @@ Give a (currently very brief) description of the command syntax.
The following parameters make up a rule specification (as used in the
add, delete, insert, replace and append commands).
.TP
+\fB\-4\fP, \fB\-\-ipv4\fP
+This option has no effect in iptables and iptables-restore.
+If a rule using the \fB\-4\fP option is inserted with (and only with)
+ip6tables-restore, it will be silently ignored. Any other uses will throw an
+error. This option allows to put both IPv4 and IPv6 rules in a single rule file
+for use with both iptables-restore and ip6tables-restore.
+.TP
+\fB\-6\fP, \fB\-\-ipv6\fP
+If a rule using the \fB\-6\fP option is inserted with (and only with)
+iptables-restore, it will be silently ignored. Any other uses will throw an
+error. This option allows to put both IPv4 and IPv6 rules in a single rule file
+for use with both iptables-restore and ip6tables-restore.
+This option has no effect in ip6tables and ip6tables-restore.
+.TP
[\fB!\fP] \fB\-p\fP, \fB\-\-protocol\fP \fIprotocol\fP
The protocol of the rule or of the packet to check.
The specified protocol can be one of \fBtcp\fP, \fBudp\fP, \fBudplite\fP,
-\fBicmp\fP, \fBesp\fP, \fBah\fP, \fBsctp\fP or \fBall\fP,
+\fBicmp\fP, \fBicmpv6\fP,\fBesp\fP, \fBah\fP, \fBsctp\fP, \fBmh\fP or the special keyword "\fBall\fP",
or it can be a numeric value, representing one of these protocols or a
different one. A protocol name from /etc/protocols is also allowed.
A "!" argument before the protocol inverts the
-test. The number zero is equivalent to \fBall\fP.
-Protocol \fBall\fP
+test. The number zero is equivalent to \fBall\fP. "\fBall\fP"
will match with all protocols and is taken as default when this
option is omitted.
+Note that, in ip6tables, IPv6 extension headers except \fBesp\fP are not allowed.
+\fBesp\fP and \fBipv6\-nonext\fP
+can be used with Kernel version 2.6.11 or later.
+The number zero is equivalent to \fBall\fP, which means that you cannot
+test the protocol field for the value 0 directly. To match on a HBH header,
+even if it were the last, you cannot use \fB\-p 0\fP, but always need
+\fB\-m hbh\fP.
.TP
[\fB!\fP] \fB\-s\fP, \fB\-\-source\fP \fIaddress\fP[\fB/\fP\fImask\fP][\fB,\fP\fI...\fP]
Source specification. \fIAddress\fP
@@ -245,9 +280,9 @@ be resolved once only, before the rule is submitted to the kernel.
Please note that specifying any name to be resolved with a remote query such as
DNS is a really bad idea.
The \fImask\fP
-can be either a network mask or a plain number,
+can be either an ipv4 network mask (for iptables) or a plain number,
specifying the number of 1's at the left side of the network mask.
-Thus, a mask of \fI24\fP is equivalent to \fI255.255.255.0\fP.
+Thus, an iptables mask of \fI24\fP is equivalent to \fI255.255.255.0\fP.
A "!" argument before the address specification inverts the sense of
the address. The flag \fB\-\-src\fP is an alias for this option.
Multiple addresses can be specified, but this will \fBexpand to multiple
@@ -260,6 +295,13 @@ See the description of the \fB\-s\fP
(source) flag for a detailed description of the syntax. The flag
\fB\-\-dst\fP is an alias for this option.
.TP
+\fB\-m\fP, \fB\-\-match\fP \fImatch\fP
+Specifies a match to use, that is, an extension module that tests for a
+specific property. The set of matches make up the condition under which a
+target is invoked. Matches are evaluated first to last as specified on the
+command line and work in short-circuit fashion, i.e. if one extension yields
+false, evaluation will stop.
+.TP
\fB\-j\fP, \fB\-\-jump\fP \fItarget\fP
This specifies the target of the rule; i.e., what to do if the packet
matches it. The target can be a user-defined chain (other than the
@@ -294,12 +336,13 @@ interface which begins with this name will match. If this option is
omitted, any interface name will match.
.TP
[\fB!\fP] \fB\-f\fP, \fB\-\-fragment\fP
-This means that the rule only refers to second and further fragments
+This means that the rule only refers to second and further IPv4 fragments
of fragmented packets. Since there is no way to tell the source or
destination ports of such a packet (or ICMP type), such a packet will
not match any rules which specify them. When the "!" argument
precedes the "\-f" flag, the rule will only match head fragments, or
-unfragmented packets.
+unfragmented packets. This option is IPv4 specific, it is not available
+in ip6tables.
.TP
\fB\-c\fP, \fB\-\-set\-counters\fP \fIpackets bytes\fP
This enables the administrator to initialize the packet and byte
@@ -315,7 +358,15 @@ byte counters are also listed, with the suffix 'K', 'M' or 'G' for
1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see
the \fB\-x\fP flag to change this).
For appending, insertion, deletion and replacement, this causes
-detailed information on the rule or rules to be printed.
+detailed information on the rule or rules to be printed. \fB\-v\fP may be
+specified multiple times to possibly emit more detailed debug statements.
+.TP
+\fB\-w\fP, \fB\-\-wait\fP
+Wait for the xtables lock.
+To prevent multiple instances of the program from running concurrently,
+an attempt will be made to obtain an exclusive lock at launch. By default,
+the program will exit if the lock cannot be obtained. This option will
+make the program wait until the exclusive lock can be obtained.
.TP
\fB\-n\fP, \fB\-\-numeric\fP
Numeric output.
@@ -337,24 +388,10 @@ corresponding to that rule's position in the chain.
\fB\-\-modprobe=\fP\fIcommand\fP
When adding or inserting rules into a chain, use \fIcommand\fP
to load any necessary modules (targets, match extensions, etc).
-.SH MATCH EXTENSIONS
-iptables can use extended packet matching modules. These are loaded
-in two ways: implicitly, when \fB\-p\fP or \fB\-\-protocol\fP
-is specified, or with the \fB\-m\fP or \fB\-\-match\fP
-options, followed by the matching module name; after these, various
-extra command line options become available, depending on the specific
-module. You can specify multiple extended match modules in one line,
-and you can use the \fB\-h\fP or \fB\-\-help\fP
-options after the module has been specified to receive help specific
-to that module.
+.SH MATCH AND TARGET EXTENSIONS
.PP
-The following are included in the base package, and most of these can
-be preceded by a "\fB!\fP" to invert the sense of the match.
-.\" @MATCH@
-.SH TARGET EXTENSIONS
-iptables can use extended target modules: the following are included
-in the standard distribution.
-.\" @TARGET@
+iptables can use extended packet matching and target modules.
+A list of these is available in the \fBiptables\-extensions\fP(8) manpage.
.SH DIAGNOSTICS
Various error messages are printed to standard error. The exit code
is 0 for correct functioning. Errors which appear to be caused by
@@ -389,12 +426,10 @@ seen previously. So the following options are handled differently:
.fi
There are several other changes in iptables.
.SH SEE ALSO
+\fBiptables\-apply\fP(8),
\fBiptables\-save\fP(8),
\fBiptables\-restore\fP(8),
-\fBip6tables\fP(8),
-\fBip6tables\-save\fP(8),
-\fBip6tables\-restore\fP(8),
-\fBlibipq\fP(3).
+\fBiptables\-extensions\fP(8),
.PP
The packet-filtering-HOWTO details iptables usage for
packet filtering, the NAT-HOWTO details NAT,
@@ -427,3 +462,6 @@ Man page originally written by Herve Eychenne <rv@wallfire.org>.
.\" .. sexy, too ..
.\" .. witty, charming, powerful ..
.\" .. and most of all, modest ..
+.SH VERSION
+.PP
+This manual page applies to iptables/ip6tables @PACKAGE_AND_VERSION@.
diff --git a/iptables.c b/iptables/iptables.c
index 19f6d4f..5cd2596 100644
--- a/iptables.c
+++ b/iptables/iptables.c
@@ -39,7 +39,6 @@
#include <iptables.h>
#include <xtables.h>
#include <fcntl.h>
-#include <sys/utsname.h>
#include "xshared.h"
#ifndef TRUE
@@ -49,21 +48,6 @@
#define FALSE 0
#endif
-#define FMT_NUMERIC 0x0001
-#define FMT_NOCOUNTS 0x0002
-#define FMT_KILOMEGAGIGA 0x0004
-#define FMT_OPTIONS 0x0008
-#define FMT_NOTABLE 0x0010
-#define FMT_NOTARGET 0x0020
-#define FMT_VIA 0x0040
-#define FMT_NONEWLINE 0x0080
-#define FMT_LINENUMBERS 0x0100
-
-#define FMT_PRINT_RULE (FMT_NOCOUNTS | FMT_OPTIONS | FMT_VIA \
- | FMT_NUMERIC | FMT_NOTABLE)
-#define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab))
-
-
#define CMD_NONE 0x0000U
#define CMD_INSERT 0x0001U
#define CMD_DELETE 0x0002U
@@ -79,30 +63,20 @@
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
#define CMD_ZERO_NUM 0x2000U
-#define NUMBER_OF_CMD 15
+#define CMD_CHECK 0x4000U
+#define NUMBER_OF_CMD 16
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'Z', 'N', 'X', 'P', 'E', 'S' };
-
-#define OPT_NONE 0x00000U
-#define OPT_NUMERIC 0x00001U
-#define OPT_SOURCE 0x00002U
-#define OPT_DESTINATION 0x00004U
-#define OPT_PROTOCOL 0x00008U
-#define OPT_JUMP 0x00010U
-#define OPT_VERBOSE 0x00020U
-#define OPT_EXPANDED 0x00040U
-#define OPT_VIANAMEIN 0x00080U
-#define OPT_VIANAMEOUT 0x00100U
-#define OPT_FRAGMENT 0x00200U
-#define OPT_LINENUMBERS 0x00400U
-#define OPT_COUNTERS 0x00800U
-#define NUMBER_OF_OPT 12
-static const char optflags[NUMBER_OF_OPT]
-= { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', 'f', '0', 'c'};
+ 'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
+
+#define OPT_FRAGMENT 0x00800U
+#define NUMBER_OF_OPT ARRAY_SIZE(optflags)
+static const char optflags[]
+= { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', '0', 'c', 'f'};
static struct option original_opts[] = {
{.name = "append", .has_arg = 1, .val = 'A'},
{.name = "delete", .has_arg = 1, .val = 'D'},
+ {.name = "check", .has_arg = 1, .val = 'C'},
{.name = "insert", .has_arg = 1, .val = 'I'},
{.name = "replace", .has_arg = 1, .val = 'R'},
{.name = "list", .has_arg = 2, .val = 'L'},
@@ -125,6 +99,7 @@ static struct option original_opts[] = {
{.name = "numeric", .has_arg = 0, .val = 'n'},
{.name = "out-interface", .has_arg = 1, .val = 'o'},
{.name = "verbose", .has_arg = 0, .val = 'v'},
+ {.name = "wait", .has_arg = 0, .val = 'w'},
{.name = "exact", .has_arg = 0, .val = 'x'},
{.name = "fragments", .has_arg = 0, .val = 'f'},
{.name = "version", .has_arg = 0, .val = 'V'},
@@ -133,21 +108,16 @@ static struct option original_opts[] = {
{.name = "modprobe", .has_arg = 1, .val = 'M'},
{.name = "set-counters", .has_arg = 1, .val = 'c'},
{.name = "goto", .has_arg = 1, .val = 'g'},
+ {.name = "ipv4", .has_arg = 0, .val = '4'},
+ {.name = "ipv6", .has_arg = 0, .val = '6'},
{NULL},
};
-/* we need this for iptables-restore. iptables-restore.c sets line to the
- * current line of the input file, in order to give a more precise error
- * message. iptables itself doesn't need this, so it is initialized to the
- * magic number of -1 */
-int line = -1;
-
void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals iptables_globals = {
.option_offset = 0,
.program_version = IPTABLES_VERSION,
- .opts = original_opts,
.orig_opts = original_opts,
.exit_err = iptables_exit_error,
};
@@ -161,82 +131,47 @@ struct xtables_globals iptables_globals = {
* optional
*/
-static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
+static const char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/* Well, it's better than "Re: Linux vs FreeBSD" */
{
- /* -n -s -d -p -j -v -x -i -o -f --line -c */
-/*INSERT*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x',' '},
-/*DELETE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x','x'},
+ /* -n -s -d -p -j -v -x -i -o --line -c -f */
+/*INSERT*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x',' ',' '},
+/*DELETE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x','x',' '},
/*DELETE_NUM*/{'x','x','x','x','x',' ','x','x','x','x','x','x'},
-/*REPLACE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x',' '},
-/*APPEND*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x',' '},
-/*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' ','x'},
+/*REPLACE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x',' ',' '},
+/*APPEND*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x',' ',' '},
+/*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x','x'},
/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
-/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
-/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x',' '},
+/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' ','x'},
/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
-/*LIST_RULES*/{'x','x','x','x','x',' ','x','x','x','x','x','x'}
+/*LIST_RULES*/{'x','x','x','x','x',' ','x','x','x','x','x','x'},
+/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
+/*CHECK*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x','x',' '},
};
-static int inverse_for_options[NUMBER_OF_OPT] =
+static const int inverse_for_options[NUMBER_OF_OPT] =
{
/* -n */ 0,
/* -s */ IPT_INV_SRCIP,
/* -d */ IPT_INV_DSTIP,
-/* -p */ IPT_INV_PROTO,
+/* -p */ XT_INV_PROTO,
/* -j */ 0,
/* -v */ 0,
/* -x */ 0,
/* -i */ IPT_INV_VIA_IN,
/* -o */ IPT_INV_VIA_OUT,
-/* -f */ IPT_INV_FRAG,
/*--line*/ 0,
/* -c */ 0,
+/* -f */ IPT_INV_FRAG,
};
#define opts iptables_globals.opts
#define prog_name iptables_globals.program_name
#define prog_vers iptables_globals.program_version
-int kernel_version;
-
-/* Primitive headers... */
-/* defined in netinet/in.h */
-#if 0
-#ifndef IPPROTO_ESP
-#define IPPROTO_ESP 50
-#endif
-#ifndef IPPROTO_AH
-#define IPPROTO_AH 51
-#endif
-#endif
-
-static const char *
-proto_to_name(u_int8_t proto, int nolookup)
-{
- unsigned int i;
-
- if (proto && !nolookup) {
- struct protoent *pent = getprotobynumber(proto);
- if (pent)
- return pent->p_name;
- }
-
- for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
- if (xtables_chain_protos[i].num == proto)
- return xtables_chain_protos[i].name;
-
- return NULL;
-}
-
-enum {
- IPT_DOTTED_ADDR = 0,
- IPT_DOTTED_MASK
-};
-
static void __attribute__((noreturn))
exit_tryhelp(int status)
{
@@ -249,10 +184,10 @@ exit_tryhelp(int status)
}
static void
-exit_printhelp(struct xtables_rule_match *matches)
+exit_printhelp(const struct xtables_rule_match *matches)
{
printf("%s v%s\n\n"
-"Usage: %s -[AD] chain rule-specification [options]\n"
+"Usage: %s -[ACD] chain rule-specification [options]\n"
" %s -I chain [rulenum] rule-specification [options]\n"
" %s -R chain rulenum rule-specification [options]\n"
" %s -D chain rulenum [options]\n"
@@ -270,6 +205,7 @@ exit_printhelp(struct xtables_rule_match *matches)
"Commands:\n"
"Either long or short options are allowed.\n"
" --append -A chain Append to chain\n"
+" --check -C chain Check for the existence of a rule\n"
" --delete -D chain Delete matching rule from chain\n"
" --delete -D chain rulenum\n"
" Delete rule rulenum (1 = first) from chain\n"
@@ -294,7 +230,9 @@ exit_printhelp(struct xtables_rule_match *matches)
" Change chain name, (moving any references)\n"
"Options:\n"
-"[!] --proto -p proto protocol: by number or name, eg. `tcp'\n"
+" --ipv4 -4 Nothing (line is ignored by ip6tables-restore)\n"
+" --ipv6 -6 Error (line is ignored by iptables-restore)\n"
+"[!] --protocol -p proto protocol: by number or name, eg. `tcp'\n"
"[!] --source -s address[/mask][...]\n"
" source specification\n"
"[!] --destination -d address[/mask][...]\n"
@@ -314,6 +252,7 @@ exit_printhelp(struct xtables_rule_match *matches)
" network interface name ([+] for wildcard)\n"
" --table -t table table to manipulate (default: `filter')\n"
" --verbose -v verbose mode\n"
+" --wait -w wait for the xtables lock\n"
" --line-numbers print line numbers when listing\n"
" --exact -x expand numbers (display exact values)\n"
"[!] --fragment -f match second or further fragments only\n"
@@ -421,23 +360,6 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds,
*/
/* Christophe Burki wants `-p 6' to imply `-m tcp'. */
-static struct xtables_match *
-find_proto(const char *pname, enum xtables_tryload tryload,
- int nolookup, struct xtables_rule_match **matches)
-{
- unsigned int proto;
-
- if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) {
- const char *protoname = proto_to_name(proto, nolookup);
-
- if (protoname)
- return xtables_find_match(protoname, tryload, matches);
- } else
- return xtables_find_match(pname, tryload, matches);
-
- return NULL;
-}
-
/* Can't be zero. */
static int
parse_rulenumber(const char *rule)
@@ -451,6 +373,32 @@ parse_rulenumber(const char *rule)
return rulenum;
}
+static void
+parse_chain(const char *chainname)
+{
+ const char *ptr;
+
+ if (strlen(chainname) >= XT_EXTENSION_MAXNAMELEN)
+ xtables_error(PARAMETER_PROBLEM,
+ "chain name `%s' too long (must be under %u chars)",
+ chainname, XT_EXTENSION_MAXNAMELEN);
+
+ if (*chainname == '-' || *chainname == '!')
+ xtables_error(PARAMETER_PROBLEM,
+ "chain name not allowed to start "
+ "with `%c'\n", *chainname);
+
+ if (xtables_find_target(chainname, XTF_TRY_LOAD))
+ xtables_error(PARAMETER_PROBLEM,
+ "chain name may not clash "
+ "with target name\n");
+
+ for (ptr = chainname; *ptr; ptr++)
+ if (isspace(*ptr))
+ xtables_error(PARAMETER_PROBLEM,
+ "Invalid chain name `%s'", chainname);
+}
+
static const char *
parse_target(const char *targetname)
{
@@ -473,7 +421,7 @@ parse_target(const char *targetname)
}
static void
-set_option(unsigned int *options, unsigned int option, u_int8_t *invflg,
+set_option(unsigned int *options, unsigned int option, uint8_t *invflg,
int invert)
{
if (*options & option)
@@ -494,44 +442,18 @@ set_option(unsigned int *options, unsigned int option, u_int8_t *invflg,
}
static void
-print_num(u_int64_t number, unsigned int format)
-{
- if (format & FMT_KILOMEGAGIGA) {
- if (number > 99999) {
- number = (number + 500) / 1000;
- if (number > 9999) {
- number = (number + 500) / 1000;
- if (number > 9999) {
- number = (number + 500) / 1000;
- if (number > 9999) {
- number = (number + 500) / 1000;
- printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
- }
- else printf(FMT("%4lluG ","%lluG "), (unsigned long long)number);
- }
- else printf(FMT("%4lluM ","%lluM "), (unsigned long long)number);
- } else
- printf(FMT("%4lluK ","%lluK "), (unsigned long long)number);
- } else
- printf(FMT("%5llu ","%llu "), (unsigned long long)number);
- } else
- printf(FMT("%8llu ","%llu "), (unsigned long long)number);
-}
-
-
-static void
-print_header(unsigned int format, const char *chain, struct iptc_handle *handle)
+print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
{
- struct ipt_counters counters;
+ struct xt_counters counters;
const char *pol = iptc_get_policy(chain, &counters, handle);
printf("Chain %s", chain);
if (pol) {
printf(" (policy %s", pol);
if (!(format & FMT_NOCOUNTS)) {
fputc(' ', stdout);
- print_num(counters.pcnt, (format|FMT_NOTABLE));
+ xtables_print_num(counters.pcnt, (format|FMT_NOTABLE));
fputs("packets, ", stdout);
- print_num(counters.bcnt, (format|FMT_NOTABLE));
+ xtables_print_num(counters.bcnt, (format|FMT_NOTABLE));
fputs("bytes", stdout);
}
printf(")\n");
@@ -570,11 +492,11 @@ print_header(unsigned int format, const char *chain, struct iptc_handle *handle)
static int
-print_match(const struct ipt_entry_match *m,
+print_match(const struct xt_entry_match *m,
const struct ipt_ip *ip,
int numeric)
{
- struct xtables_match *match =
+ const struct xtables_match *match =
xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
@@ -596,17 +518,17 @@ print_firewall(const struct ipt_entry *fw,
const char *targname,
unsigned int num,
unsigned int format,
- struct iptc_handle *const handle)
+ struct xtc_handle *const handle)
{
- struct xtables_target *target = NULL;
- const struct ipt_entry_target *t;
- u_int8_t flags;
+ const struct xtables_target *target = NULL;
+ const struct xt_entry_target *t;
+ uint8_t flags;
char buf[BUFSIZ];
if (!iptc_is_chain(targname, handle))
target = xtables_find_target(targname, XTF_TRY_LOAD);
else
- target = xtables_find_target(IPT_STANDARD_TARGET,
+ target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
t = ipt_get_target((struct ipt_entry *)fw);
@@ -616,14 +538,14 @@ print_firewall(const struct ipt_entry *fw,
printf(FMT("%-4u ", "%u "), num);
if (!(format & FMT_NOCOUNTS)) {
- print_num(fw->counters.pcnt, format);
- print_num(fw->counters.bcnt, format);
+ xtables_print_num(fw->counters.pcnt, format);
+ xtables_print_num(fw->counters.bcnt, format);
}
if (!(format & FMT_NOTARGET))
printf(FMT("%-9s ", "%s "), targname);
- fputc(fw->ip.invflags & IPT_INV_PROTO ? '!' : ' ', stdout);
+ fputc(fw->ip.invflags & XT_INV_PROTO ? '!' : ' ', stdout);
{
const char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC);
if (pname)
@@ -718,16 +640,16 @@ print_firewall(const struct ipt_entry *fw,
static void
print_firewall_line(const struct ipt_entry *fw,
- struct iptc_handle *const h)
+ struct xtc_handle *const h)
{
- struct ipt_entry_target *t;
+ struct xt_entry_target *t;
t = ipt_get_target((struct ipt_entry *)fw);
print_firewall(fw, t->u.user.name, 0, FMT_PRINT_RULE, h);
}
static int
-append_entry(const ipt_chainlabel chain,
+append_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int nsaddrs,
const struct in_addr saddrs[],
@@ -736,7 +658,7 @@ append_entry(const ipt_chainlabel chain,
const struct in_addr daddrs[],
const struct in_addr dmasks[],
int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
unsigned int i, j;
int ret = 1;
@@ -757,13 +679,13 @@ append_entry(const ipt_chainlabel chain,
}
static int
-replace_entry(const ipt_chainlabel chain,
+replace_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int rulenum,
const struct in_addr *saddr, const struct in_addr *smask,
const struct in_addr *daddr, const struct in_addr *dmask,
int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
fw->ip.src.s_addr = saddr->s_addr;
fw->ip.dst.s_addr = daddr->s_addr;
@@ -776,7 +698,7 @@ replace_entry(const ipt_chainlabel chain,
}
static int
-insert_entry(const ipt_chainlabel chain,
+insert_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int rulenum,
unsigned int nsaddrs,
@@ -786,7 +708,7 @@ insert_entry(const ipt_chainlabel chain,
const struct in_addr daddrs[],
const struct in_addr dmasks[],
int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
unsigned int i, j;
int ret = 1;
@@ -807,20 +729,20 @@ insert_entry(const ipt_chainlabel chain,
}
static unsigned char *
-make_delete_mask(struct xtables_rule_match *matches,
+make_delete_mask(const struct xtables_rule_match *matches,
const struct xtables_target *target)
{
/* Establish mask for comparison */
unsigned int size;
- struct xtables_rule_match *matchp;
+ const struct xtables_rule_match *matchp;
unsigned char *mask, *mptr;
size = sizeof(struct ipt_entry);
for (matchp = matches; matchp; matchp = matchp->next)
- size += IPT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size;
+ size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
mask = xtables_calloc(1, size
- + IPT_ALIGN(sizeof(struct ipt_entry_target))
+ + XT_ALIGN(sizeof(struct xt_entry_target))
+ target->size);
memset(mask, 0xFF, sizeof(struct ipt_entry));
@@ -828,20 +750,20 @@ make_delete_mask(struct xtables_rule_match *matches,
for (matchp = matches; matchp; matchp = matchp->next) {
memset(mptr, 0xFF,
- IPT_ALIGN(sizeof(struct ipt_entry_match))
+ XT_ALIGN(sizeof(struct xt_entry_match))
+ matchp->match->userspacesize);
- mptr += IPT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size;
+ mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
}
memset(mptr, 0xFF,
- IPT_ALIGN(sizeof(struct ipt_entry_target))
+ XT_ALIGN(sizeof(struct xt_entry_target))
+ target->userspacesize);
return mask;
}
static int
-delete_entry(const ipt_chainlabel chain,
+delete_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int nsaddrs,
const struct in_addr saddrs[],
@@ -850,7 +772,7 @@ delete_entry(const ipt_chainlabel chain,
const struct in_addr daddrs[],
const struct in_addr dmasks[],
int verbose,
- struct iptc_handle *handle,
+ struct xtc_handle *handle,
struct xtables_rule_match *matches,
const struct xtables_target *target)
{
@@ -875,9 +797,39 @@ delete_entry(const ipt_chainlabel chain,
return ret;
}
+static int
+check_entry(const xt_chainlabel chain, struct ipt_entry *fw,
+ unsigned int nsaddrs, const struct in_addr *saddrs,
+ const struct in_addr *smasks, unsigned int ndaddrs,
+ const struct in_addr *daddrs, const struct in_addr *dmasks,
+ bool verbose, struct xtc_handle *handle,
+ struct xtables_rule_match *matches,
+ const struct xtables_target *target)
+{
+ unsigned int i, j;
+ int ret = 1;
+ unsigned char *mask;
+
+ mask = make_delete_mask(matches, target);
+ for (i = 0; i < nsaddrs; i++) {
+ fw->ip.src.s_addr = saddrs[i].s_addr;
+ fw->ip.smsk.s_addr = smasks[i].s_addr;
+ for (j = 0; j < ndaddrs; j++) {
+ fw->ip.dst.s_addr = daddrs[j].s_addr;
+ fw->ip.dmsk.s_addr = dmasks[j].s_addr;
+ if (verbose)
+ print_firewall_line(fw, handle);
+ ret &= iptc_check_entry(chain, fw, mask, handle);
+ }
+ }
+
+ free(mask);
+ return ret;
+}
+
int
-for_each_chain(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
- int verbose, int builtinstoo, struct iptc_handle *handle)
+for_each_chain4(int (*fn)(const xt_chainlabel, int, struct xtc_handle *),
+ int verbose, int builtinstoo, struct xtc_handle *handle)
{
int ret = 1;
const char *chain;
@@ -890,21 +842,21 @@ for_each_chain(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
chain = iptc_next_chain(handle);
}
- chains = xtables_malloc(sizeof(ipt_chainlabel) * chaincount);
+ chains = xtables_malloc(sizeof(xt_chainlabel) * chaincount);
i = 0;
chain = iptc_first_chain(handle);
while (chain) {
- strcpy(chains + i*sizeof(ipt_chainlabel), chain);
+ strcpy(chains + i*sizeof(xt_chainlabel), chain);
i++;
chain = iptc_next_chain(handle);
}
for (i = 0; i < chaincount; i++) {
if (!builtinstoo
- && iptc_builtin(chains + i*sizeof(ipt_chainlabel),
+ && iptc_builtin(chains + i*sizeof(xt_chainlabel),
handle) == 1)
continue;
- ret &= fn(chains + i*sizeof(ipt_chainlabel), verbose, handle);
+ ret &= fn(chains + i*sizeof(xt_chainlabel), verbose, handle);
}
free(chains);
@@ -912,11 +864,11 @@ for_each_chain(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
}
int
-flush_entries(const ipt_chainlabel chain, int verbose,
- struct iptc_handle *handle)
+flush_entries4(const xt_chainlabel chain, int verbose,
+ struct xtc_handle *handle)
{
if (!chain)
- return for_each_chain(flush_entries, verbose, 1, handle);
+ return for_each_chain4(flush_entries4, verbose, 1, handle);
if (verbose)
fprintf(stdout, "Flushing chain `%s'\n", chain);
@@ -924,11 +876,11 @@ flush_entries(const ipt_chainlabel chain, int verbose,
}
static int
-zero_entries(const ipt_chainlabel chain, int verbose,
- struct iptc_handle *handle)
+zero_entries(const xt_chainlabel chain, int verbose,
+ struct xtc_handle *handle)
{
if (!chain)
- return for_each_chain(zero_entries, verbose, 1, handle);
+ return for_each_chain4(zero_entries, verbose, 1, handle);
if (verbose)
fprintf(stdout, "Zeroing chain `%s'\n", chain);
@@ -936,11 +888,11 @@ zero_entries(const ipt_chainlabel chain, int verbose,
}
int
-delete_chain(const ipt_chainlabel chain, int verbose,
- struct iptc_handle *handle)
+delete_chain4(const xt_chainlabel chain, int verbose,
+ struct xtc_handle *handle)
{
if (!chain)
- return for_each_chain(delete_chain, verbose, 0, handle);
+ return for_each_chain4(delete_chain4, verbose, 0, handle);
if (verbose)
fprintf(stdout, "Deleting chain `%s'\n", chain);
@@ -948,8 +900,8 @@ delete_chain(const ipt_chainlabel chain, int verbose,
}
static int
-list_entries(const ipt_chainlabel chain, int rulenum, int verbose, int numeric,
- int expanded, int linenumbers, struct iptc_handle *handle)
+list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
+ int expanded, int linenumbers, struct xtc_handle *handle)
{
int found = 0;
unsigned int format;
@@ -1003,26 +955,26 @@ list_entries(const ipt_chainlabel chain, int rulenum, int verbose, int numeric,
return found;
}
-static void print_proto(u_int16_t proto, int invert)
+static void print_proto(uint16_t proto, int invert)
{
if (proto) {
unsigned int i;
- const char *invertstr = invert ? "! " : "";
+ const char *invertstr = invert ? " !" : "";
- struct protoent *pent = getprotobynumber(proto);
+ const struct protoent *pent = getprotobynumber(proto);
if (pent) {
- printf("%s-p %s ", invertstr, pent->p_name);
+ printf("%s -p %s", invertstr, pent->p_name);
return;
}
for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
if (xtables_chain_protos[i].num == proto) {
- printf("%s-p %s ",
+ printf("%s -p %s",
invertstr, xtables_chain_protos[i].name);
return;
}
- printf("%s-p %u ", invertstr, proto);
+ printf("%s -p %u", invertstr, proto);
}
}
@@ -1044,7 +996,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
if (mask[0] == 0)
return;
- printf("%s-%c ", invert ? "! " : "", letter);
+ printf("%s -%c ", invert ? " !" : "", letter);
for (i = 0; i < IFNAMSIZ; i++) {
if (mask[i] != 0) {
@@ -1058,18 +1010,17 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
break;
}
}
-
- printf(" ");
}
-static int print_match_save(const struct ipt_entry_match *e,
+static int print_match_save(const struct xt_entry_match *e,
const struct ipt_ip *ip)
{
- struct xtables_match *match =
+ const struct xtables_match *match =
xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
- printf("-m %s ", e->u.user.name);
+ printf(" -m %s",
+ match->alias ? match->alias(e) : e->u.user.name);
/* some matches don't provide a save function */
if (match->save)
@@ -1086,21 +1037,22 @@ static int print_match_save(const struct ipt_entry_match *e,
}
/* print a given ip including mask if neccessary */
-static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert)
+static void print_ip(const char *prefix, uint32_t ip,
+ uint32_t mask, int invert)
{
- u_int32_t bits, hmask = ntohl(mask);
+ uint32_t bits, hmask = ntohl(mask);
int i;
if (!mask && !ip && !invert)
return;
- printf("%s%s %u.%u.%u.%u",
- invert ? "! " : "",
+ printf("%s %s %u.%u.%u.%u",
+ invert ? " !" : "",
prefix,
IP_PARTS(ip));
if (mask == 0xFFFFFFFFU) {
- printf("/32 ");
+ printf("/32");
return;
}
@@ -1109,17 +1061,17 @@ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert)
while (--i >= 0 && hmask != bits)
bits <<= 1;
if (i >= 0)
- printf("/%u ", i);
+ printf("/%u", i);
else
- printf("/%u.%u.%u.%u ", IP_PARTS(mask));
+ printf("/%u.%u.%u.%u", IP_PARTS(mask));
}
/* We want this to be readable, so only print out neccessary fields.
* Because that's the kind of world I want to live in. */
-void print_rule(const struct ipt_entry *e,
- struct iptc_handle *h, const char *chain, int counters)
+void print_rule4(const struct ipt_entry *e,
+ struct xtc_handle *h, const char *chain, int counters)
{
- struct ipt_entry_target *t;
+ const struct xt_entry_target *t;
const char *target_name;
/* print counters for iptables-save */
@@ -1127,7 +1079,7 @@ void print_rule(const struct ipt_entry *e,
printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
/* print chain name */
- printf("-A %s ", chain);
+ printf("-A %s", chain);
/* Print IP part. */
print_ip("-s", e->ip.src.s_addr,e->ip.smsk.s_addr,
@@ -1142,11 +1094,11 @@ void print_rule(const struct ipt_entry *e,
print_iface('o', e->ip.outiface, e->ip.outiface_mask,
e->ip.invflags & IPT_INV_VIA_OUT);
- print_proto(e->ip.proto, e->ip.invflags & IPT_INV_PROTO);
+ print_proto(e->ip.proto, e->ip.invflags & XT_INV_PROTO);
if (e->ip.flags & IPT_F_FRAG)
- printf("%s-f ",
- e->ip.invflags & IPT_INV_FRAG ? "! " : "");
+ printf("%s -f",
+ e->ip.invflags & IPT_INV_FRAG ? " !" : "");
/* Print matchinfo part */
if (e->target_offset) {
@@ -1155,21 +1107,13 @@ void print_rule(const struct ipt_entry *e,
/* print counters for iptables -R */
if (counters < 0)
- printf("-c %llu %llu ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
+ printf(" -c %llu %llu", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
- /* Print target name */
+ /* Print target name and targinfo part */
target_name = iptc_get_target(e, h);
- if (target_name && (*target_name != '\0'))
-#ifdef IPT_F_GOTO
- printf("-%c %s ", e->ip.flags & IPT_F_GOTO ? 'g' : 'j', target_name);
-#else
- printf("-j %s ", target_name);
-#endif
-
- /* Print targinfo part */
t = ipt_get_target((struct ipt_entry *)e);
if (t->u.user.name[0]) {
- struct xtables_target *target =
+ const struct xtables_target *target =
xtables_find_target(t->u.user.name, XTF_TRY_LOAD);
if (!target) {
@@ -1178,27 +1122,34 @@ void print_rule(const struct ipt_entry *e,
exit(1);
}
+ printf(" -j %s", target->alias ? target->alias(t) : target_name);
if (target->save)
target->save(&e->ip, t);
else {
- /* If the target size is greater than ipt_entry_target
+ /* If the target size is greater than xt_entry_target
* there is something to be saved, we just don't know
* how to print it */
if (t->u.target_size !=
- sizeof(struct ipt_entry_target)) {
+ sizeof(struct xt_entry_target)) {
fprintf(stderr, "Target `%s' is missing "
"save function\n",
t->u.user.name);
exit(1);
}
}
- }
+ } else if (target_name && (*target_name != '\0'))
+#ifdef IPT_F_GOTO
+ printf(" -%c %s", e->ip.flags & IPT_F_GOTO ? 'g' : 'j', target_name);
+#else
+ printf(" -j %s", target_name);
+#endif
+
printf("\n");
}
static int
-list_rules(const ipt_chainlabel chain, int rulenum, int counters,
- struct iptc_handle *handle)
+list_rules(const xt_chainlabel chain, int rulenum, int counters,
+ struct xtc_handle *handle)
{
const char *this = NULL;
int found = 0;
@@ -1215,7 +1166,7 @@ list_rules(const ipt_chainlabel chain, int rulenum, int counters,
continue;
if (iptc_builtin(this, handle)) {
- struct ipt_counters count;
+ struct xt_counters count;
printf("-P %s %s", this, iptc_get_policy(this, &count, handle));
if (counters)
printf(" -c %llu %llu", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
@@ -1239,7 +1190,7 @@ list_rules(const ipt_chainlabel chain, int rulenum, int counters,
while(e) {
num++;
if (!rulenum || num == rulenum)
- print_rule(e, handle, this, counters);
+ print_rule4(e, handle, this, counters);
e = iptc_next_rule(e, handle);
}
found = 1;
@@ -1252,7 +1203,7 @@ list_rules(const ipt_chainlabel chain, int rulenum, int counters,
static struct ipt_entry *
generate_entry(const struct ipt_entry *fw,
struct xtables_rule_match *matches,
- struct ipt_entry_target *target)
+ struct xt_entry_target *target)
{
unsigned int size;
struct xtables_rule_match *matchp;
@@ -1277,74 +1228,117 @@ generate_entry(const struct ipt_entry *fw,
return e;
}
-static void clear_rule_matches(struct xtables_rule_match **matches)
+static void command_jump(struct iptables_command_state *cs)
{
- struct xtables_rule_match *matchp, *tmp;
+ size_t size;
- for (matchp = *matches; matchp;) {
- tmp = matchp->next;
- if (matchp->match->m) {
- free(matchp->match->m);
- matchp->match->m = NULL;
- }
- if (matchp->match == matchp->match->next) {
- free(matchp->match);
- matchp->match = NULL;
- }
- free(matchp);
- matchp = tmp;
+ set_option(&cs->options, OPT_JUMP, &cs->fw.ip.invflags, cs->invert);
+ cs->jumpto = parse_target(optarg);
+ /* TRY_LOAD (may be chain name) */
+ cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD);
+
+ if (cs->target == NULL)
+ return;
+
+ size = XT_ALIGN(sizeof(struct xt_entry_target))
+ + cs->target->size;
+
+ cs->target->t = xtables_calloc(1, size);
+ cs->target->t->u.target_size = size;
+ if (cs->target->real_name == NULL) {
+ strcpy(cs->target->t->u.user.name, cs->jumpto);
+ } else {
+ /* Alias support for userspace side */
+ strcpy(cs->target->t->u.user.name, cs->target->real_name);
+ if (!(cs->target->ext_flags & XTABLES_EXT_ALIAS))
+ fprintf(stderr, "Notice: The %s target is converted into %s target "
+ "in rule listing and saving.\n",
+ cs->jumpto, cs->target->real_name);
}
+ cs->target->t->u.user.revision = cs->target->revision;
+
+ xs_init_target(cs->target);
- *matches = NULL;
+ if (cs->target->x6_options != NULL)
+ opts = xtables_options_xfrm(iptables_globals.orig_opts, opts,
+ cs->target->x6_options,
+ &cs->target->option_offset);
+ else
+ opts = xtables_merge_options(iptables_globals.orig_opts, opts,
+ cs->target->extra_opts,
+ &cs->target->option_offset);
+ if (opts == NULL)
+ xtables_error(OTHER_PROBLEM, "can't alloc memory!");
}
-void
-get_kernel_version(void) {
- static struct utsname uts;
- int x = 0, y = 0, z = 0;
+static void command_match(struct iptables_command_state *cs)
+{
+ struct xtables_match *m;
+ size_t size;
- if (uname(&uts) == -1) {
- fprintf(stderr, "Unable to retrieve kernel version.\n");
- xtables_free_opts(1);
- exit(1);
+ if (cs->invert)
+ xtables_error(PARAMETER_PROBLEM,
+ "unexpected ! flag before --match");
+
+ m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, &cs->matches);
+ size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
+ m->m = xtables_calloc(1, size);
+ m->m->u.match_size = size;
+ if (m->real_name == NULL) {
+ strcpy(m->m->u.user.name, m->name);
+ } else {
+ strcpy(m->m->u.user.name, m->real_name);
+ if (!(m->ext_flags & XTABLES_EXT_ALIAS))
+ fprintf(stderr, "Notice: the %s match is converted into %s match "
+ "in rule listing and saving.\n", m->name, m->real_name);
}
+ m->m->u.user.revision = m->revision;
- sscanf(uts.release, "%d.%d.%d", &x, &y, &z);
- kernel_version = LINUX_VERSION(x, y, z);
+ xs_init_match(m);
+ if (m == m->next)
+ return;
+ /* Merge options for non-cloned matches */
+ if (m->x6_options != NULL)
+ opts = xtables_options_xfrm(iptables_globals.orig_opts, opts,
+ m->x6_options, &m->option_offset);
+ else if (m->extra_opts != NULL)
+ opts = xtables_merge_options(iptables_globals.orig_opts, opts,
+ m->extra_opts, &m->option_offset);
+ if (opts == NULL)
+ xtables_error(OTHER_PROBLEM, "can't alloc memory!");
}
-int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle)
+int do_command4(int argc, char *argv[], char **table,
+ struct xtc_handle **handle, bool restore)
{
- struct ipt_entry fw, *e = NULL;
- int invert = 0;
+ struct iptables_command_state cs;
+ struct ipt_entry *e = NULL;
unsigned int nsaddrs = 0, ndaddrs = 0;
struct in_addr *saddrs = NULL, *smasks = NULL;
struct in_addr *daddrs = NULL, *dmasks = NULL;
- int c, verbose = 0;
+ int verbose = 0;
+ bool wait = false;
const char *chain = NULL;
const char *shostnetworkmask = NULL, *dhostnetworkmask = NULL;
const char *policy = NULL, *newname = NULL;
- unsigned int rulenum = 0, options = 0, command = 0;
+ unsigned int rulenum = 0, command = 0;
const char *pcnt = NULL, *bcnt = NULL;
int ret = 1;
struct xtables_match *m;
- struct xtables_rule_match *matches = NULL;
struct xtables_rule_match *matchp;
- struct xtables_target *target = NULL;
struct xtables_target *t;
- const char *jumpto = "";
- char *protocol = NULL;
- int proto_used = 0;
unsigned long long cnt;
- memset(&fw, 0, sizeof(fw));
+ memset(&cs, 0, sizeof(cs));
+ cs.jumpto = "";
+ cs.argv = argv;
- /* re-set optind to 0 in case do_command gets called
+ /* re-set optind to 0 in case do_command4 gets called
* a second time */
optind = 0;
- /* clear mflags in case do_command gets called a second time
+ /* clear mflags in case do_command4 gets called a second time
* (we clear the global list of all matches for security)*/
for (m = xtables_matches; m; m = m->next)
m->mflags = 0;
@@ -1358,22 +1352,29 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
demand-load a protocol. */
opterr = 0;
- while ((c = getopt_long(argc, argv,
- "-A:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:",
+ opts = xt_params->orig_opts;
+ while ((cs.c = getopt_long(argc, argv,
+ "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvwnt:m:xc:g:46",
opts, NULL)) != -1) {
- switch (c) {
+ switch (cs.c) {
/*
* Command selection
*/
case 'A':
add_command(&command, CMD_APPEND, CMD_NONE,
- invert);
+ cs.invert);
+ chain = optarg;
+ break;
+
+ case 'C':
+ add_command(&command, CMD_CHECK, CMD_NONE,
+ cs.invert);
chain = optarg;
break;
case 'D':
add_command(&command, CMD_DELETE, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!') {
@@ -1384,7 +1385,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case 'R':
add_command(&command, CMD_REPLACE, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1397,7 +1398,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case 'I':
add_command(&command, CMD_INSERT, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1407,7 +1408,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case 'L':
add_command(&command, CMD_LIST,
- CMD_ZERO | CMD_ZERO_NUM, invert);
+ CMD_ZERO | CMD_ZERO_NUM, cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1419,7 +1420,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case 'S':
add_command(&command, CMD_LIST_RULES,
- CMD_ZERO|CMD_ZERO_NUM, invert);
+ CMD_ZERO|CMD_ZERO_NUM, cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1431,7 +1432,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case 'F':
add_command(&command, CMD_FLUSH, CMD_NONE,
- invert);
+ cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1440,7 +1441,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case 'Z':
add_command(&command, CMD_ZERO, CMD_LIST|CMD_LIST_RULES,
- invert);
+ cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1453,22 +1454,15 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
break;
case 'N':
- if (optarg && (*optarg == '-' || *optarg == '!'))
- xtables_error(PARAMETER_PROBLEM,
- "chain name not allowed to start "
- "with `%c'\n", *optarg);
- if (xtables_find_target(optarg, XTF_TRY_LOAD))
- xtables_error(PARAMETER_PROBLEM,
- "chain name may not clash "
- "with target name\n");
+ parse_chain(optarg);
add_command(&command, CMD_NEW_CHAIN, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
break;
case 'X':
add_command(&command, CMD_DELETE_CHAIN, CMD_NONE,
- invert);
+ cs.invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1477,7 +1471,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case 'E':
add_command(&command, CMD_RENAME_CHAIN, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1491,7 +1485,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case 'P':
add_command(&command, CMD_SET_POLICY, CMD_NONE,
- invert);
+ cs.invert);
chain = optarg;
if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1507,164 +1501,127 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
optarg = argv[optind];
/* iptables -p icmp -h */
- if (!matches && protocol)
- xtables_find_match(protocol,
- XTF_TRY_LOAD, &matches);
+ if (!cs.matches && cs.protocol)
+ xtables_find_match(cs.protocol,
+ XTF_TRY_LOAD, &cs.matches);
- exit_printhelp(matches);
+ exit_printhelp(cs.matches);
/*
* Option selection
*/
case 'p':
- xtables_check_inverse(optarg, &invert, &optind, argc, argv);
- set_option(&options, OPT_PROTOCOL, &fw.ip.invflags,
- invert);
+ set_option(&cs.options, OPT_PROTOCOL, &cs.fw.ip.invflags,
+ cs.invert);
/* Canonicalize into lower case */
- for (protocol = optarg; *protocol; protocol++)
- *protocol = tolower(*protocol);
+ for (cs.protocol = optarg; *cs.protocol; cs.protocol++)
+ *cs.protocol = tolower(*cs.protocol);
- protocol = optarg;
- fw.ip.proto = xtables_parse_protocol(protocol);
+ cs.protocol = optarg;
+ cs.fw.ip.proto = xtables_parse_protocol(cs.protocol);
- if (fw.ip.proto == 0
- && (fw.ip.invflags & IPT_INV_PROTO))
+ if (cs.fw.ip.proto == 0
+ && (cs.fw.ip.invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
break;
case 's':
- xtables_check_inverse(optarg, &invert, &optind, argc, argv);
- set_option(&options, OPT_SOURCE, &fw.ip.invflags,
- invert);
+ set_option(&cs.options, OPT_SOURCE, &cs.fw.ip.invflags,
+ cs.invert);
shostnetworkmask = optarg;
break;
case 'd':
- xtables_check_inverse(optarg, &invert, &optind, argc, argv);
- set_option(&options, OPT_DESTINATION, &fw.ip.invflags,
- invert);
+ set_option(&cs.options, OPT_DESTINATION, &cs.fw.ip.invflags,
+ cs.invert);
dhostnetworkmask = optarg;
break;
#ifdef IPT_F_GOTO
case 'g':
- set_option(&options, OPT_JUMP, &fw.ip.invflags,
- invert);
- fw.ip.flags |= IPT_F_GOTO;
- jumpto = parse_target(optarg);
+ set_option(&cs.options, OPT_JUMP, &cs.fw.ip.invflags,
+ cs.invert);
+ cs.fw.ip.flags |= IPT_F_GOTO;
+ cs.jumpto = parse_target(optarg);
break;
#endif
case 'j':
- set_option(&options, OPT_JUMP, &fw.ip.invflags,
- invert);
- jumpto = parse_target(optarg);
- /* TRY_LOAD (may be chain name) */
- target = xtables_find_target(jumpto, XTF_TRY_LOAD);
-
- if (target) {
- size_t size;
-
- size = IPT_ALIGN(sizeof(struct ipt_entry_target))
- + target->size;
-
- target->t = xtables_calloc(1, size);
- target->t->u.target_size = size;
- strcpy(target->t->u.user.name, jumpto);
- target->t->u.user.revision = target->revision;
- if (target->init != NULL)
- target->init(target->t);
- opts = xtables_merge_options(opts,
- target->extra_opts,
- &target->option_offset);
- if (opts == NULL)
- xtables_error(OTHER_PROBLEM,
- "can't alloc memory!");
- }
+ command_jump(&cs);
break;
case 'i':
- xtables_check_inverse(optarg, &invert, &optind, argc, argv);
- set_option(&options, OPT_VIANAMEIN, &fw.ip.invflags,
- invert);
+ if (*optarg == '\0')
+ xtables_error(PARAMETER_PROBLEM,
+ "Empty interface is likely to be "
+ "undesired");
+ set_option(&cs.options, OPT_VIANAMEIN, &cs.fw.ip.invflags,
+ cs.invert);
xtables_parse_interface(optarg,
- fw.ip.iniface,
- fw.ip.iniface_mask);
+ cs.fw.ip.iniface,
+ cs.fw.ip.iniface_mask);
break;
case 'o':
- xtables_check_inverse(optarg, &invert, &optind, argc, argv);
- set_option(&options, OPT_VIANAMEOUT, &fw.ip.invflags,
- invert);
+ if (*optarg == '\0')
+ xtables_error(PARAMETER_PROBLEM,
+ "Empty interface is likely to be "
+ "undesired");
+ set_option(&cs.options, OPT_VIANAMEOUT, &cs.fw.ip.invflags,
+ cs.invert);
xtables_parse_interface(optarg,
- fw.ip.outiface,
- fw.ip.outiface_mask);
+ cs.fw.ip.outiface,
+ cs.fw.ip.outiface_mask);
break;
case 'f':
- set_option(&options, OPT_FRAGMENT, &fw.ip.invflags,
- invert);
- fw.ip.flags |= IPT_F_FRAG;
+ set_option(&cs.options, OPT_FRAGMENT, &cs.fw.ip.invflags,
+ cs.invert);
+ cs.fw.ip.flags |= IPT_F_FRAG;
break;
case 'v':
if (!verbose)
- set_option(&options, OPT_VERBOSE,
- &fw.ip.invflags, invert);
+ set_option(&cs.options, OPT_VERBOSE,
+ &cs.fw.ip.invflags, cs.invert);
verbose++;
break;
- case 'm': {
- size_t size;
-
- if (invert)
+ case 'w':
+ if (restore) {
xtables_error(PARAMETER_PROBLEM,
- "unexpected ! flag before --match");
-
- m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED,
- &matches);
- size = IPT_ALIGN(sizeof(struct ipt_entry_match))
- + m->size;
- m->m = xtables_calloc(1, size);
- m->m->u.match_size = size;
- strcpy(m->m->u.user.name, m->name);
- m->m->u.user.revision = m->revision;
- if (m->init != NULL)
- m->init(m->m);
- if (m != m->next) {
- /* Merge options for non-cloned matches */
- opts = xtables_merge_options(opts,
- m->extra_opts,
- &m->option_offset);
- if (opts == NULL)
- xtables_error(OTHER_PROBLEM,
- "can't alloc memory!");
+ "You cannot use `-w' from "
+ "iptables-restore");
}
- }
- break;
+ wait = true;
+ break;
+
+ case 'm':
+ command_match(&cs);
+ break;
case 'n':
- set_option(&options, OPT_NUMERIC, &fw.ip.invflags,
- invert);
+ set_option(&cs.options, OPT_NUMERIC, &cs.fw.ip.invflags,
+ cs.invert);
break;
case 't':
- if (invert)
+ if (cs.invert)
xtables_error(PARAMETER_PROBLEM,
"unexpected ! flag before --table");
*table = optarg;
break;
case 'x':
- set_option(&options, OPT_EXPANDED, &fw.ip.invflags,
- invert);
+ set_option(&cs.options, OPT_EXPANDED, &cs.fw.ip.invflags,
+ cs.invert);
break;
case 'V':
- if (invert)
+ if (cs.invert)
printf("Not %s ;-)\n", prog_vers);
else
printf("%s v%s\n",
@@ -1672,8 +1629,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
exit(0);
case '0':
- set_option(&options, OPT_LINENUMBERS, &fw.ip.invflags,
- invert);
+ set_option(&cs.options, OPT_LINENUMBERS, &cs.fw.ip.invflags,
+ cs.invert);
break;
case 'M':
@@ -1682,8 +1639,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case 'c':
- set_option(&options, OPT_COUNTERS, &fw.ip.invflags,
- invert);
+ set_option(&cs.options, OPT_COUNTERS, &cs.fw.ip.invflags,
+ cs.invert);
pcnt = optarg;
bcnt = strchr(pcnt + 1, ',');
if (bcnt)
@@ -1700,23 +1657,33 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
xtables_error(PARAMETER_PROBLEM,
"-%c packet counter not numeric",
opt2char(OPT_COUNTERS));
- fw.counters.pcnt = cnt;
+ cs.fw.counters.pcnt = cnt;
if (sscanf(bcnt, "%llu", &cnt) != 1)
xtables_error(PARAMETER_PROBLEM,
"-%c byte counter not numeric",
opt2char(OPT_COUNTERS));
- fw.counters.bcnt = cnt;
+ cs.fw.counters.bcnt = cnt;
+ break;
+
+ case '4':
+ /* This is indeed the IPv4 iptables */
break;
+ case '6':
+ /* This is not the IPv6 ip6tables */
+ if (line != -1)
+ return 1; /* success: line ignored */
+ fprintf(stderr, "This is the IPv4 version of iptables.\n");
+ exit_tryhelp(2);
case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') {
- if (invert)
+ if (cs.invert)
xtables_error(PARAMETER_PROBLEM,
"multiple consecutive ! not"
" allowed");
- invert = TRUE;
+ cs.invert = TRUE;
optarg[0] = '\0';
continue;
}
@@ -1724,120 +1691,25 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
exit_tryhelp(2);
default:
- if (target == NULL || target->parse == NULL ||
- !target->parse(c - target->option_offset,
- argv, invert,
- &target->tflags,
- &fw, &target->t)) {
- for (matchp = matches; matchp; matchp = matchp->next) {
- if (matchp->completed ||
- matchp->match->parse == NULL)
- continue;
- if (matchp->match->parse(c - matchp->match->option_offset,
- argv, invert,
- &matchp->match->mflags,
- &fw,
- &matchp->match->m))
- break;
- }
- m = matchp ? matchp->match : NULL;
-
- /* If you listen carefully, you can
- actually hear this code suck. */
-
- /* some explanations (after four different bugs
- * in 3 different releases): If we encounter a
- * parameter, that has not been parsed yet,
- * it's not an option of an explicitly loaded
- * match or a target. However, we support
- * implicit loading of the protocol match
- * extension. '-p tcp' means 'l4 proto 6' and
- * at the same time 'load tcp protocol match on
- * demand if we specify --dport'.
- *
- * To make this work, we need to make sure:
- * - the parameter has not been parsed by
- * a match (m above)
- * - a protocol has been specified
- * - the protocol extension has not been
- * loaded yet, or is loaded and unused
- * [think of iptables-restore!]
- * - the protocol extension can be successively
- * loaded
- */
- if (m == NULL
- && protocol
- && (!find_proto(protocol, XTF_DONT_LOAD,
- options&OPT_NUMERIC, NULL)
- || (find_proto(protocol, XTF_DONT_LOAD,
- options&OPT_NUMERIC, NULL)
- && (proto_used == 0))
- )
- && (m = find_proto(protocol, XTF_TRY_LOAD,
- options&OPT_NUMERIC, &matches))) {
- /* Try loading protocol */
- size_t size;
-
- proto_used = 1;
-
- size = IPT_ALIGN(sizeof(struct ipt_entry_match))
- + m->size;
-
- m->m = xtables_calloc(1, size);
- m->m->u.match_size = size;
- strcpy(m->m->u.user.name, m->name);
- m->m->u.user.revision = m->revision;
- if (m->init != NULL)
- m->init(m->m);
-
- opts = xtables_merge_options(opts,
- m->extra_opts,
- &m->option_offset);
- if (opts == NULL)
- xtables_error(OTHER_PROBLEM,
- "can't alloc memory!");
-
- optind--;
- continue;
- }
- if (!m) {
- if (c == '?') {
- if (optopt) {
- xtables_error(
- PARAMETER_PROBLEM,
- "option `%s' "
- "requires an "
- "argument",
- argv[optind-1]);
- } else {
- xtables_error(
- PARAMETER_PROBLEM,
- "unknown option "
- "`%s'",
- argv[optind-1]);
- }
- }
- xtables_error(PARAMETER_PROBLEM,
- "Unknown arg `%s'", optarg);
- }
- }
+ if (command_default(&cs, &iptables_globals) == 1)
+ /* cf. ip6tables.c */
+ continue;
+ break;
}
- invert = FALSE;
+ cs.invert = FALSE;
}
if (strcmp(*table, "nat") == 0 &&
((policy != NULL && strcmp(policy, "DROP") == 0) ||
- (jumpto != NULL && strcmp(jumpto, "DROP") == 0)))
+ (cs.jumpto != NULL && strcmp(cs.jumpto, "DROP") == 0)))
xtables_error(PARAMETER_PROBLEM,
"\nThe \"nat\" table is not intended for filtering, "
"the use of DROP is therefore inhibited.\n\n");
- for (matchp = matches; matchp; matchp = matchp->next)
- if (matchp->match->final_check != NULL)
- matchp->match->final_check(matchp->match->mflags);
-
- if (target != NULL && target->final_check != NULL)
- target->final_check(target->tflags);
+ for (matchp = cs.matches; matchp; matchp = matchp->next)
+ xtables_option_mfcall(matchp->match);
+ if (cs.target != NULL)
+ xtables_option_tfcall(cs.target);
/* Fix me: must put inverse options checking here --MN */
@@ -1846,14 +1718,14 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
"unknown arguments found on commandline");
if (!command)
xtables_error(PARAMETER_PROBLEM, "no command specified");
- if (invert)
+ if (cs.invert)
xtables_error(PARAMETER_PROBLEM,
"nothing appropriate following !");
- if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND)) {
- if (!(options & OPT_DESTINATION))
+ if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND | CMD_CHECK)) {
+ if (!(cs.options & OPT_DESTINATION))
dhostnetworkmask = "0.0.0.0/0";
- if (!(options & OPT_SOURCE))
+ if (!(cs.options & OPT_SOURCE))
shostnetworkmask = "0.0.0.0/0";
}
@@ -1866,7 +1738,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
&dmasks, &ndaddrs);
if ((nsaddrs > 1 || ndaddrs > 1) &&
- (fw.ip.invflags & (IPT_INV_SRCIP | IPT_INV_DSTIP)))
+ (cs.fw.ip.invflags & (IPT_INV_SRCIP | IPT_INV_DSTIP)))
xtables_error(PARAMETER_PROBLEM, "! not allowed with multiple"
" source or destination IP addresses");
@@ -1874,12 +1746,15 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
xtables_error(PARAMETER_PROBLEM, "Replacement rule does not "
"specify a unique address");
- generic_opt_check(command, options);
+ generic_opt_check(command, cs.options);
- if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN)
- xtables_error(PARAMETER_PROBLEM,
- "chain name `%s' too long (must be under %i chars)",
- chain, IPT_FUNCTION_MAXNAMELEN);
+ /* Attempt to acquire the xtables lock */
+ if (!restore && !xtables_lock(wait)) {
+ fprintf(stderr, "Another app is currently holding the xtables lock. "
+ "Perhaps you want to use the -w option?\n");
+ xtables_free_opts(1);
+ exit(RESOURCE_PROBLEM);
+ }
/* only allocate handle if we weren't called with a handle */
if (!*handle)
@@ -1896,12 +1771,13 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
if (command == CMD_APPEND
|| command == CMD_DELETE
+ || command == CMD_CHECK
|| command == CMD_INSERT
|| command == CMD_REPLACE) {
if (strcmp(chain, "PREROUTING") == 0
|| strcmp(chain, "INPUT") == 0) {
/* -o not valid with incoming packets. */
- if (options & OPT_VIANAMEOUT)
+ if (cs.options & OPT_VIANAMEOUT)
xtables_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEOUT),
@@ -1911,59 +1787,59 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
if (strcmp(chain, "POSTROUTING") == 0
|| strcmp(chain, "OUTPUT") == 0) {
/* -i not valid with outgoing packets */
- if (options & OPT_VIANAMEIN)
+ if (cs.options & OPT_VIANAMEIN)
xtables_error(PARAMETER_PROBLEM,
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEIN),
chain);
}
- if (target && iptc_is_chain(jumpto, *handle)) {
+ if (cs.target && iptc_is_chain(cs.jumpto, *handle)) {
fprintf(stderr,
"Warning: using chain %s, not extension\n",
- jumpto);
+ cs.jumpto);
- if (target->t)
- free(target->t);
+ if (cs.target->t)
+ free(cs.target->t);
- target = NULL;
+ cs.target = NULL;
}
/* If they didn't specify a target, or it's a chain
name, use standard. */
- if (!target
- && (strlen(jumpto) == 0
- || iptc_is_chain(jumpto, *handle))) {
+ if (!cs.target
+ && (strlen(cs.jumpto) == 0
+ || iptc_is_chain(cs.jumpto, *handle))) {
size_t size;
- target = xtables_find_target(IPT_STANDARD_TARGET,
+ cs.target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
- size = sizeof(struct ipt_entry_target)
- + target->size;
- target->t = xtables_calloc(1, size);
- target->t->u.target_size = size;
- strcpy(target->t->u.user.name, jumpto);
- if (!iptc_is_chain(jumpto, *handle))
- target->t->u.user.revision = target->revision;
- if (target->init != NULL)
- target->init(target->t);
+ size = sizeof(struct xt_entry_target)
+ + cs.target->size;
+ cs.target->t = xtables_calloc(1, size);
+ cs.target->t->u.target_size = size;
+ strcpy(cs.target->t->u.user.name, cs.jumpto);
+ if (!iptc_is_chain(cs.jumpto, *handle))
+ cs.target->t->u.user.revision = cs.target->revision;
+ xs_init_target(cs.target);
}
- if (!target) {
+ if (!cs.target) {
/* it is no chain, and we can't load a plugin.
* We cannot know if the plugin is corrupt, non
* existant OR if the user just misspelled a
* chain. */
#ifdef IPT_F_GOTO
- if (fw.ip.flags & IPT_F_GOTO)
+ if (cs.fw.ip.flags & IPT_F_GOTO)
xtables_error(PARAMETER_PROBLEM,
- "goto '%s' is not a chain\n", jumpto);
+ "goto '%s' is not a chain\n",
+ cs.jumpto);
#endif
- xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED);
+ xtables_find_target(cs.jumpto, XTF_LOAD_MUST_SUCCEED);
} else {
- e = generate_entry(&fw, matches, target->t);
- free(target->t);
+ e = generate_entry(&cs.fw, cs.matches, cs.target->t);
+ free(cs.target->t);
}
}
@@ -1972,36 +1848,43 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
ret = append_entry(chain, e,
nsaddrs, saddrs, smasks,
ndaddrs, daddrs, dmasks,
- options&OPT_VERBOSE,
+ cs.options&OPT_VERBOSE,
*handle);
break;
case CMD_DELETE:
ret = delete_entry(chain, e,
nsaddrs, saddrs, smasks,
ndaddrs, daddrs, dmasks,
- options&OPT_VERBOSE,
- *handle, matches, target);
+ cs.options&OPT_VERBOSE,
+ *handle, cs.matches, cs.target);
break;
case CMD_DELETE_NUM:
ret = iptc_delete_num_entry(chain, rulenum - 1, *handle);
break;
+ case CMD_CHECK:
+ ret = check_entry(chain, e,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
+ cs.options&OPT_VERBOSE,
+ *handle, cs.matches, cs.target);
+ break;
case CMD_REPLACE:
ret = replace_entry(chain, e, rulenum - 1,
saddrs, smasks, daddrs, dmasks,
- options&OPT_VERBOSE, *handle);
+ cs.options&OPT_VERBOSE, *handle);
break;
case CMD_INSERT:
ret = insert_entry(chain, e, rulenum - 1,
nsaddrs, saddrs, smasks,
ndaddrs, daddrs, dmasks,
- options&OPT_VERBOSE,
+ cs.options&OPT_VERBOSE,
*handle);
break;
case CMD_FLUSH:
- ret = flush_entries(chain, options&OPT_VERBOSE, *handle);
+ ret = flush_entries4(chain, cs.options&OPT_VERBOSE, *handle);
break;
case CMD_ZERO:
- ret = zero_entries(chain, options&OPT_VERBOSE, *handle);
+ ret = zero_entries(chain, cs.options&OPT_VERBOSE, *handle);
break;
case CMD_ZERO_NUM:
ret = iptc_zero_counter(chain, rulenum, *handle);
@@ -2011,14 +1894,14 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case CMD_LIST|CMD_ZERO_NUM:
ret = list_entries(chain,
rulenum,
- options&OPT_VERBOSE,
- options&OPT_NUMERIC,
- options&OPT_EXPANDED,
- options&OPT_LINENUMBERS,
+ cs.options&OPT_VERBOSE,
+ cs.options&OPT_NUMERIC,
+ cs.options&OPT_EXPANDED,
+ cs.options&OPT_LINENUMBERS,
*handle);
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
- options&OPT_VERBOSE, *handle);
+ cs.options&OPT_VERBOSE, *handle);
if (ret && (command & CMD_ZERO_NUM))
ret = iptc_zero_counter(chain, rulenum, *handle);
break;
@@ -2027,11 +1910,11 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case CMD_LIST_RULES|CMD_ZERO_NUM:
ret = list_rules(chain,
rulenum,
- options&OPT_VERBOSE,
+ cs.options&OPT_VERBOSE,
*handle);
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
- options&OPT_VERBOSE, *handle);
+ cs.options&OPT_VERBOSE, *handle);
if (ret && (command & CMD_ZERO_NUM))
ret = iptc_zero_counter(chain, rulenum, *handle);
break;
@@ -2039,13 +1922,13 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
ret = iptc_create_chain(chain, *handle);
break;
case CMD_DELETE_CHAIN:
- ret = delete_chain(chain, options&OPT_VERBOSE, *handle);
+ ret = delete_chain4(chain, cs.options&OPT_VERBOSE, *handle);
break;
case CMD_RENAME_CHAIN:
ret = iptc_rename_chain(chain, newname, *handle);
break;
case CMD_SET_POLICY:
- ret = iptc_set_policy(chain, policy, options&OPT_COUNTERS ? &fw.counters : NULL, *handle);
+ ret = iptc_set_policy(chain, policy, cs.options&OPT_COUNTERS ? &cs.fw.counters : NULL, *handle);
break;
default:
/* We should never reach this... */
@@ -2055,7 +1938,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
if (verbose > 1)
dump_entries(*handle);
- clear_rule_matches(&matches);
+ xtables_rule_matches_free(&cs.matches);
if (e != NULL) {
free(e);
diff --git a/iptables.xslt b/iptables/iptables.xslt
index d6a432c..d6a432c 100644
--- a/iptables.xslt
+++ b/iptables/iptables.xslt
diff --git a/iptables/xshared.c b/iptables/xshared.c
new file mode 100644
index 0000000..6c9992e
--- /dev/null
+++ b/iptables/xshared.c
@@ -0,0 +1,271 @@
+#include <getopt.h>
+#include <libgen.h>
+#include <netdb.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <xtables.h>
+#include "xshared.h"
+
+#define XT_SOCKET_NAME "xtables"
+#define XT_SOCKET_LEN 8
+
+/*
+ * Print out any special helps. A user might like to be able to add a --help
+ * to the commandline, and see expected results. So we call help for all
+ * specified matches and targets.
+ */
+void print_extension_helps(const struct xtables_target *t,
+ const struct xtables_rule_match *m)
+{
+ for (; t != NULL; t = t->next) {
+ if (t->used) {
+ printf("\n");
+ if (t->help == NULL)
+ printf("%s does not take any options\n",
+ t->name);
+ else
+ t->help();
+ }
+ }
+ for (; m != NULL; m = m->next) {
+ printf("\n");
+ if (m->match->help == NULL)
+ printf("%s does not take any options\n",
+ m->match->name);
+ else
+ m->match->help();
+ }
+}
+
+const char *
+proto_to_name(uint8_t proto, int nolookup)
+{
+ unsigned int i;
+
+ if (proto && !nolookup) {
+ struct protoent *pent = getprotobynumber(proto);
+ if (pent)
+ return pent->p_name;
+ }
+
+ for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
+ if (xtables_chain_protos[i].num == proto)
+ return xtables_chain_protos[i].name;
+
+ return NULL;
+}
+
+static struct xtables_match *
+find_proto(const char *pname, enum xtables_tryload tryload,
+ int nolookup, struct xtables_rule_match **matches)
+{
+ unsigned int proto;
+
+ if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) {
+ const char *protoname = proto_to_name(proto, nolookup);
+
+ if (protoname)
+ return xtables_find_match(protoname, tryload, matches);
+ } else
+ return xtables_find_match(pname, tryload, matches);
+
+ return NULL;
+}
+
+/*
+ * Some explanations (after four different bugs in 3 different releases): If
+ * we encounter a parameter, that has not been parsed yet, it's not an option
+ * of an explicitly loaded match or a target. However, we support implicit
+ * loading of the protocol match extension. '-p tcp' means 'l4 proto 6' and at
+ * the same time 'load tcp protocol match on demand if we specify --dport'.
+ *
+ * To make this work, we need to make sure:
+ * - the parameter has not been parsed by a match (m above)
+ * - a protocol has been specified
+ * - the protocol extension has not been loaded yet, or is loaded and unused
+ * [think of ip6tables-restore!]
+ * - the protocol extension can be successively loaded
+ */
+static bool should_load_proto(struct iptables_command_state *cs)
+{
+ if (cs->protocol == NULL)
+ return false;
+ if (find_proto(cs->protocol, XTF_DONT_LOAD,
+ cs->options & OPT_NUMERIC, NULL) == NULL)
+ return true;
+ return !cs->proto_used;
+}
+
+struct xtables_match *load_proto(struct iptables_command_state *cs)
+{
+ if (!should_load_proto(cs))
+ return NULL;
+ return find_proto(cs->protocol, XTF_TRY_LOAD,
+ cs->options & OPT_NUMERIC, &cs->matches);
+}
+
+int command_default(struct iptables_command_state *cs,
+ struct xtables_globals *gl)
+{
+ struct xtables_rule_match *matchp;
+ struct xtables_match *m;
+
+ if (cs->target != NULL &&
+ (cs->target->parse != NULL || cs->target->x6_parse != NULL) &&
+ cs->c >= cs->target->option_offset &&
+ cs->c < cs->target->option_offset + XT_OPTION_OFFSET_SCALE) {
+ xtables_option_tpcall(cs->c, cs->argv, cs->invert,
+ cs->target, &cs->fw);
+ return 0;
+ }
+
+ for (matchp = cs->matches; matchp; matchp = matchp->next) {
+ m = matchp->match;
+
+ if (matchp->completed ||
+ (m->x6_parse == NULL && m->parse == NULL))
+ continue;
+ if (cs->c < matchp->match->option_offset ||
+ cs->c >= matchp->match->option_offset + XT_OPTION_OFFSET_SCALE)
+ continue;
+ xtables_option_mpcall(cs->c, cs->argv, cs->invert, m, &cs->fw);
+ return 0;
+ }
+
+ /* Try loading protocol */
+ m = load_proto(cs);
+ if (m != NULL) {
+ size_t size;
+
+ cs->proto_used = 1;
+
+ size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
+
+ m->m = xtables_calloc(1, size);
+ m->m->u.match_size = size;
+ strcpy(m->m->u.user.name, m->name);
+ m->m->u.user.revision = m->revision;
+ xs_init_match(m);
+
+ if (m->x6_options != NULL)
+ gl->opts = xtables_options_xfrm(gl->orig_opts,
+ gl->opts,
+ m->x6_options,
+ &m->option_offset);
+ else
+ gl->opts = xtables_merge_options(gl->orig_opts,
+ gl->opts,
+ m->extra_opts,
+ &m->option_offset);
+ if (gl->opts == NULL)
+ xtables_error(OTHER_PROBLEM, "can't alloc memory!");
+ optind--;
+ /* Indicate to rerun getopt *immediately* */
+ return 1;
+ }
+
+ if (cs->c == ':')
+ xtables_error(PARAMETER_PROBLEM, "option \"%s\" "
+ "requires an argument", cs->argv[optind-1]);
+ if (cs->c == '?')
+ xtables_error(PARAMETER_PROBLEM, "unknown option "
+ "\"%s\"", cs->argv[optind-1]);
+ xtables_error(PARAMETER_PROBLEM, "Unknown arg \"%s\"", optarg);
+ return 0;
+}
+
+static mainfunc_t subcmd_get(const char *cmd, const struct subcommand *cb)
+{
+ for (; cb->name != NULL; ++cb)
+ if (strcmp(cb->name, cmd) == 0)
+ return cb->main;
+ return NULL;
+}
+
+int subcmd_main(int argc, char **argv, const struct subcommand *cb)
+{
+ const char *cmd = basename(*argv);
+ mainfunc_t f = subcmd_get(cmd, cb);
+
+ if (f == NULL && argc > 1) {
+ /*
+ * Unable to find a main method for our command name?
+ * Let's try again with the first argument!
+ */
+ ++argv;
+ --argc;
+ f = subcmd_get(*argv, cb);
+ }
+
+ /* now we should have a valid function pointer */
+ if (f != NULL)
+ return f(argc, argv);
+
+ fprintf(stderr, "ERROR: No valid subcommand given.\nValid subcommands:\n");
+ for (; cb->name != NULL; ++cb)
+ fprintf(stderr, " * %s\n", cb->name);
+ exit(EXIT_FAILURE);
+}
+
+void xs_init_target(struct xtables_target *target)
+{
+ if (target->udata_size != 0) {
+ free(target->udata);
+ target->udata = calloc(1, target->udata_size);
+ if (target->udata == NULL)
+ xtables_error(RESOURCE_PROBLEM, "malloc");
+ }
+ if (target->init != NULL)
+ target->init(target->t);
+}
+
+void xs_init_match(struct xtables_match *match)
+{
+ if (match->udata_size != 0) {
+ /*
+ * As soon as a subsequent instance of the same match
+ * is used, e.g. "-m time -m time", the first instance
+ * is no longer reachable anyway, so we can free udata.
+ * Same goes for target.
+ */
+ free(match->udata);
+ match->udata = calloc(1, match->udata_size);
+ if (match->udata == NULL)
+ xtables_error(RESOURCE_PROBLEM, "malloc");
+ }
+ if (match->init != NULL)
+ match->init(match->m);
+}
+
+bool xtables_lock(bool wait)
+{
+ int i = 0, ret, xt_socket;
+ struct sockaddr_un xt_addr;
+
+ memset(&xt_addr, 0, sizeof(xt_addr));
+ xt_addr.sun_family = AF_UNIX;
+ strcpy(xt_addr.sun_path+1, XT_SOCKET_NAME);
+ xt_socket = socket(AF_UNIX, SOCK_STREAM, 0);
+ /* If we can't even create a socket, fall back to prior (lockless) behavior */
+ if (xt_socket < 0)
+ return true;
+
+ while (1) {
+ ret = bind(xt_socket, (struct sockaddr*)&xt_addr,
+ offsetof(struct sockaddr_un, sun_path)+XT_SOCKET_LEN);
+ if (ret == 0)
+ return true;
+ else if (wait == false)
+ return false;
+ if (++i % 2 == 0)
+ fprintf(stderr, "Another app is currently holding the xtables lock; "
+ "waiting for it to exit...\n");
+ sleep(1);
+ }
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
new file mode 100644
index 0000000..1e2b9b8
--- /dev/null
+++ b/iptables/xshared.h
@@ -0,0 +1,91 @@
+#ifndef IPTABLES_XSHARED_H
+#define IPTABLES_XSHARED_H 1
+
+#include <limits.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <netinet/in.h>
+#include <net/if.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+
+enum {
+ OPT_NONE = 0,
+ OPT_NUMERIC = 1 << 0,
+ OPT_SOURCE = 1 << 1,
+ OPT_DESTINATION = 1 << 2,
+ OPT_PROTOCOL = 1 << 3,
+ OPT_JUMP = 1 << 4,
+ OPT_VERBOSE = 1 << 5,
+ OPT_EXPANDED = 1 << 6,
+ OPT_VIANAMEIN = 1 << 7,
+ OPT_VIANAMEOUT = 1 << 8,
+ OPT_LINENUMBERS = 1 << 9,
+ OPT_COUNTERS = 1 << 10,
+};
+
+struct xtables_globals;
+struct xtables_rule_match;
+struct xtables_target;
+
+/**
+ * xtables_afinfo - protocol family dependent information
+ * @kmod: kernel module basename (e.g. "ip_tables")
+ * @proc_exists: file which exists in procfs when module already loaded
+ * @libprefix: prefix of .so library name (e.g. "libipt_")
+ * @family: nfproto family
+ * @ipproto: used by setsockopt (e.g. IPPROTO_IP)
+ * @so_rev_match: optname to check revision support of match
+ * @so_rev_target: optname to check revision support of target
+ */
+struct xtables_afinfo {
+ const char *kmod;
+ const char *proc_exists;
+ const char *libprefix;
+ uint8_t family;
+ uint8_t ipproto;
+ int so_rev_match;
+ int so_rev_target;
+};
+
+struct iptables_command_state {
+ union {
+ struct ipt_entry fw;
+ struct ip6t_entry fw6;
+ };
+ int invert;
+ int c;
+ unsigned int options;
+ struct xtables_rule_match *matches;
+ struct xtables_target *target;
+ char *protocol;
+ int proto_used;
+ const char *jumpto;
+ char **argv;
+};
+
+typedef int (*mainfunc_t)(int, char **);
+
+struct subcommand {
+ const char *name;
+ mainfunc_t main;
+};
+
+enum {
+ XT_OPTION_OFFSET_SCALE = 256,
+};
+
+extern void print_extension_helps(const struct xtables_target *,
+ const struct xtables_rule_match *);
+extern const char *proto_to_name(uint8_t, int);
+extern int command_default(struct iptables_command_state *,
+ struct xtables_globals *);
+extern struct xtables_match *load_proto(struct iptables_command_state *);
+extern int subcmd_main(int, char **, const struct subcommand *);
+extern void xs_init_target(struct xtables_target *);
+extern void xs_init_match(struct xtables_match *);
+extern bool xtables_lock(bool wait);
+
+extern const struct xtables_afinfo *afinfo;
+
+#endif /* IPTABLES_XSHARED_H */
diff --git a/iptables/xtables-multi.c b/iptables/xtables-multi.c
new file mode 100644
index 0000000..8014d5f
--- /dev/null
+++ b/iptables/xtables-multi.c
@@ -0,0 +1,41 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "xshared.h"
+
+#include "xtables-multi.h"
+
+#ifdef ENABLE_IPV4
+#include "iptables-multi.h"
+#endif
+
+#ifdef ENABLE_IPV6
+#include "ip6tables-multi.h"
+#endif
+
+static const struct subcommand multi_subcommands[] = {
+#ifdef ENABLE_IPV4
+ {"iptables", iptables_main},
+ {"main4", iptables_main},
+ {"iptables-save", iptables_save_main},
+ {"save4", iptables_save_main},
+ {"iptables-restore", iptables_restore_main},
+ {"restore4", iptables_restore_main},
+#endif
+ {"iptables-xml", iptables_xml_main},
+ {"xml", iptables_xml_main},
+#ifdef ENABLE_IPV6
+ {"ip6tables", ip6tables_main},
+ {"main6", ip6tables_main},
+ {"ip6tables-save", ip6tables_save_main},
+ {"save6", ip6tables_save_main},
+ {"ip6tables-restore", ip6tables_restore_main},
+ {"restore6", ip6tables_restore_main},
+#endif
+ {NULL},
+};
+
+int main(int argc, char **argv)
+{
+ return subcmd_main(argc, argv, multi_subcommands);
+}
diff --git a/iptables/xtables-multi.h b/iptables/xtables-multi.h
new file mode 100644
index 0000000..615724b
--- /dev/null
+++ b/iptables/xtables-multi.h
@@ -0,0 +1,6 @@
+#ifndef _XTABLES_MULTI_H
+#define _XTABLES_MULTI_H 1
+
+extern int iptables_xml_main(int, char **);
+
+#endif /* _XTABLES_MULTI_H */
diff --git a/xtables.pc.in b/iptables/xtables.pc.in
index fa6f33b..43f35d5 100644
--- a/xtables.pc.in
+++ b/iptables/xtables.pc.in
@@ -10,3 +10,4 @@ Description: Shared Xtables code for extensions and iproute2
Version: @PACKAGE_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lxtables
+Libs.private: -ldl
diff --git a/libipq/.gitignore b/libipq/.gitignore
new file mode 100644
index 0000000..6cb21a3
--- /dev/null
+++ b/libipq/.gitignore
@@ -0,0 +1 @@
+/libipq.pc
diff --git a/libipq/Makefile.am b/libipq/Makefile.am
index 556a17b..9e3a2ca 100644
--- a/libipq/Makefile.am
+++ b/libipq/Makefile.am
@@ -1,6 +1,7 @@
# -*- Makefile -*-
-AM_CFLAGS = ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include
+AM_CFLAGS = ${regular_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include
libipq_la_SOURCES = libipq.c
lib_LTLIBRARIES = libipq.la
@@ -8,3 +9,5 @@ man_MANS = ipq_create_handle.3 ipq_destroy_handle.3 ipq_errstr.3 \
ipq_get_msgerr.3 ipq_get_packet.3 ipq_message_type.3 \
ipq_perror.3 ipq_read.3 ipq_set_mode.3 ipq_set_verdict.3 \
libipq.3
+
+pkgconfig_DATA = libipq.pc
diff --git a/libipq/Makefile.in b/libipq/Makefile.in
index 79cc1bf..1438416 100644
--- a/libipq/Makefile.in
+++ b/libipq/Makefile.in
@@ -1,8 +1,9 @@
-# Makefile.in generated by automake 1.10.2 from Makefile.am.
+# Makefile.in generated by automake 1.11.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -16,9 +17,28 @@
# -*- Makefile -*-
+
VPATH = @srcdir@
-pkglibdir = $(libdir)/@PACKAGE@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
@@ -34,32 +54,56 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = libipq
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(srcdir)/libipq.pc.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/configure.ac
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_linker_flags.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_FILES = libipq.pc
+CONFIG_CLEAN_VPATH_FILES =
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" \
+ "$(DESTDIR)$(pkgconfigdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
libipq_la_LIBADD =
am_libipq_la_OBJECTS = libipq.lo
libipq_la_OBJECTS = $(am_libipq_la_OBJECTS)
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__depfiles_maybe = depfiles
+am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
@@ -71,9 +115,15 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(libipq_la_SOURCES)
DIST_SOURCES = $(libipq_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
man3dir = $(mandir)/man3
NROFF = nroff
MANS = $(man_MANS)
+DATA = $(pkgconfig_DATA)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -93,6 +143,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -116,9 +167,11 @@ LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -127,9 +180,12 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -140,6 +196,7 @@ abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
@@ -170,10 +227,13 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
kbuilddir = @kbuilddir@
-kinclude_CFLAGS = @kinclude_CFLAGS@
+kinclude_CPPFLAGS = @kinclude_CPPFLAGS@
ksourcedir = @ksourcedir@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_LDFLAGS2 = @libiptc_LDFLAGS2@
+libnetfilter_conntrack_CFLAGS = @libnetfilter_conntrack_CFLAGS@
+libnetfilter_conntrack_LIBS = @libnetfilter_conntrack_LIBS@
libnfnetlink_CFLAGS = @libnfnetlink_CFLAGS@
libnfnetlink_LIBS = @libnfnetlink_LIBS@
libxtables_vage = @libxtables_vage@
@@ -181,9 +241,9 @@ libxtables_vcurrent = @libxtables_vcurrent@
libxtables_vmajor = @libxtables_vmajor@
localedir = @localedir@
localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
+noundef_LDFLAGS = @noundef_LDFLAGS@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgconfigdir = @pkgconfigdir@
@@ -191,15 +251,18 @@ prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
regular_CFLAGS = @regular_CFLAGS@
+regular_CPPFLAGS = @regular_CPPFLAGS@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xtlibdir = @xtlibdir@
-AM_CFLAGS = ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include
+AM_CFLAGS = ${regular_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include
libipq_la_SOURCES = libipq.c
lib_LTLIBRARIES = libipq.la
man_MANS = ipq_create_handle.3 ipq_destroy_handle.3 ipq_errstr.3 \
@@ -207,6 +270,7 @@ man_MANS = ipq_create_handle.3 ipq_destroy_handle.3 ipq_errstr.3 \
ipq_perror.3 ipq_read.3 ipq_set_mode.3 ipq_set_verdict.3 \
libipq.3
+pkgconfig_DATA = libipq.pc
all: all-am
.SUFFIXES:
@@ -220,9 +284,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu libipq/Makefile'; \
- cd $(top_srcdir) && \
- $(AUTOMAKE) --gnu libipq/Makefile
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu libipq/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu libipq/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -240,23 +304,31 @@ $(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+libipq.pc: $(top_builddir)/config.status $(srcdir)/libipq.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
@$(NORMAL_INSTALL)
- test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
- @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
if test -f $$p; then \
- f=$(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ list2="$$list2 $$p"; \
else :; fi; \
- done
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
uninstall-libLTLIBRARIES:
@$(NORMAL_UNINSTALL)
- @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
- p=$(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
done
clean-libLTLIBRARIES:
@@ -267,7 +339,7 @@ clean-libLTLIBRARIES:
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
-libipq.la: $(libipq_la_OBJECTS) $(libipq_la_DEPENDENCIES)
+libipq.la: $(libipq_la_OBJECTS) $(libipq_la_DEPENDENCIES) $(EXTRA_libipq_la_DEPENDENCIES)
$(LINK) -rpath $(libdir) $(libipq_la_OBJECTS) $(libipq_la_LIBADD) $(LIBS)
mostlyclean-compile:
@@ -280,21 +352,21 @@ distclean-compile:
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c $<
.c.obj:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
@@ -304,52 +376,71 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man3: $(man3_MANS) $(man_MANS)
+install-man3: $(man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
- @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.3*) list="$$list $$i" ;; \
- esac; \
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man3dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man3dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man3dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.3[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \
+ fi; \
done; \
- for i in $$list; do \
- if test -f $$i; then file=$$i; \
- else file=$(srcdir)/$$i; fi; \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 3*) ;; \
- *) ext='3' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
- done
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \
+ done; }
+
uninstall-man3:
@$(NORMAL_UNINSTALL)
- @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.3*) list="$$list $$i" ;; \
- esac; \
- done; \
- for i in $$list; do \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 3*) ;; \
- *) ext='3' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
- rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
+ @list=''; test -n "$(man3dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.3[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man3dir)'; $(am__uninstall_files_from_dir)
+install-pkgconfigDATA: $(pkgconfig_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \
done
+uninstall-pkgconfigDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir)
+
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
@@ -362,7 +453,7 @@ tags: TAGS
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
+ set x; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
@@ -370,34 +461,52 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$tags $$unique; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$tags $$unique
+ $$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
- && cd $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) $$here
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
+ @list='$(MANS)'; if test -n "$$list"; then \
+ list=`for p in $$list; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+ if test -n "$$list" && \
+ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
+ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+ echo " typically \`make maintainer-clean' will remove them" >&2; \
+ exit 1; \
+ else :; fi; \
+ else :; fi
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -413,21 +522,25 @@ distdir: $(DISTFILES)
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
- cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
- test -f $(distdir)/$$file \
- || cp -p $$d/$$file $(distdir)/$$file \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
-all-am: Makefile $(LTLIBRARIES) $(MANS)
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
installdirs:
- for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)"; do \
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(pkgconfigdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -440,16 +553,22 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@@ -471,26 +590,38 @@ dvi-am:
html: html-am
+html-am:
+
info: info-am
info-am:
-install-data-am: install-man
+install-data-am: install-man install-pkgconfigDATA
install-dvi: install-dvi-am
+install-dvi-am:
+
install-exec-am: install-libLTLIBRARIES
install-html: install-html-am
+install-html-am:
+
install-info: install-info-am
+install-info-am:
+
install-man: install-man3
install-pdf: install-pdf-am
+install-pdf-am:
+
install-ps: install-ps-am
+install-ps-am:
+
installcheck-am:
maintainer-clean: maintainer-clean-am
@@ -511,7 +642,8 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-libLTLIBRARIES uninstall-man
+uninstall-am: uninstall-libLTLIBRARIES uninstall-man \
+ uninstall-pkgconfigDATA
uninstall-man: uninstall-man3
@@ -525,12 +657,14 @@ uninstall-man: uninstall-man3
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am \
install-libLTLIBRARIES install-man install-man3 install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-libLTLIBRARIES \
- uninstall-man uninstall-man3
+ install-pdf-am install-pkgconfigDATA install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-libLTLIBRARIES uninstall-man uninstall-man3 \
+ uninstall-pkgconfigDATA
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/libipq/ipq_create_handle.3 b/libipq/ipq_create_handle.3
index 6c0c796..11ef95c 100644
--- a/libipq/ipq_create_handle.3
+++ b/libipq/ipq_create_handle.3
@@ -1,7 +1,5 @@
.TH IPQ_CREATE_HANDLE 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual"
.\"
-\" $Id: ipq_create_handle.3,v 1.2 2001/10/16 14:41:02 jamesm Exp $
-.\"
.\" Copyright (c) 2000-2001 Netfilter Core Team
.\"
.\" This program is free software; you can redistribute it and/or modify
diff --git a/libipq/ipq_errstr.3 b/libipq/ipq_errstr.3
index bcb3ac4..c8d67ce 100644
--- a/libipq/ipq_errstr.3
+++ b/libipq/ipq_errstr.3
@@ -1,7 +1,5 @@
.TH IPQ_ERRSTR 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual"
.\"
-.\" $Id: ipq_errstr.3,v 1.1 2000/11/20 14:13:32 jamesm Exp $
-.\"
.\" Copyright (c) 2000 Netfilter Core Team
.\"
.\" This program is free software; you can redistribute it and/or modify
diff --git a/libipq/ipq_message_type.3 b/libipq/ipq_message_type.3
index 64b5220..89d8817 100644
--- a/libipq/ipq_message_type.3
+++ b/libipq/ipq_message_type.3
@@ -1,7 +1,5 @@
.TH IPQ_MESSAGE_TYPE 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual"
.\"
-.\" $Id: ipq_message_type.3,v 1.1 2000/11/20 14:13:32 jamesm Exp $
-.\"
.\" Copyright (c) 2000-2001 Netfilter Core Team
.\"
.\" This program is free software; you can redistribute it and/or modify
diff --git a/libipq/ipq_read.3 b/libipq/ipq_read.3
index 171c916..26ab9f9 100644
--- a/libipq/ipq_read.3
+++ b/libipq/ipq_read.3
@@ -1,7 +1,5 @@
.TH IPQ_READ 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual"
.\"
-.\" $Id: ipq_read.3,v 1.2 2001/10/16 14:41:02 jamesm Exp $
-.\"
.\" Copyright (c) 2000-2001 Netfilter Core Team
.\"
.\" This program is free software; you can redistribute it and/or modify
diff --git a/libipq/ipq_set_mode.3 b/libipq/ipq_set_mode.3
index 672ee4e..0edd3c0 100644
--- a/libipq/ipq_set_mode.3
+++ b/libipq/ipq_set_mode.3
@@ -1,7 +1,5 @@
.TH IPQ_SET_MODE 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual"
.\"
-.\" $Id: ipq_set_mode.3,v 1.1 2000/11/20 14:13:32 jamesm Exp $
-.\"
.\" Copyright (c) 2000-2001 Netfilter Core Team
.\"
.\" This program is free software; you can redistribute it and/or modify
diff --git a/libipq/ipq_set_verdict.3 b/libipq/ipq_set_verdict.3
index e9d3d3f..7771ed6 100644
--- a/libipq/ipq_set_verdict.3
+++ b/libipq/ipq_set_verdict.3
@@ -1,7 +1,5 @@
.TH IPQ_SET_VERDICT 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual"
.\"
-.\" $Id: ipq_set_verdict.3,v 1.1 2000/11/20 14:13:32 jamesm Exp $
-.\"
.\" Copyright (c) 2000-2001 Netfilter Core Team
.\"
.\" This program is free software; you can redistribute it and/or modify
diff --git a/libipq/libipq.3 b/libipq/libipq.3
index 0196248..611fcdf 100644
--- a/libipq/libipq.3
+++ b/libipq/libipq.3
@@ -1,7 +1,5 @@
.TH LIBIPQ 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual"
.\"
-.\" $Id: libipq.3,v 1.4 2001/10/16 16:58:25 jamesm Exp $
-.\"
.\" Copyright (c) 2000-2001 Netfilter Core Team
.\"
.\" This program is free software; you can redistribute it and/or modify
diff --git a/libipq/libipq.c b/libipq/libipq.c
index 620cc2d..fb65971 100644
--- a/libipq/libipq.c
+++ b/libipq/libipq.c
@@ -206,7 +206,7 @@ static char *ipq_strerror(int errcode)
/*
* Create and initialise an ipq handle.
*/
-struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol)
+struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol)
{
int status;
struct ipq_handle *h;
@@ -231,7 +231,6 @@ struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol)
if (h->fd == -1) {
ipq_errno = IPQ_ERR_SOCKET;
- close(h->fd);
free(h);
return NULL;
}
@@ -267,7 +266,7 @@ int ipq_destroy_handle(struct ipq_handle *h)
}
int ipq_set_mode(const struct ipq_handle *h,
- u_int8_t mode, size_t range)
+ uint8_t mode, size_t range)
{
struct {
struct nlmsghdr nlh;
diff --git a/libiptc.pc.in b/libipq/libipq.pc.in
index 63a459a..ea31ec7 100644
--- a/libiptc.pc.in
+++ b/libipq/libipq.pc.in
@@ -4,8 +4,8 @@ exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@
-Name: libiptc
-Description: iptables ruleset ADT and kernel interface
+Name: libipq
+Description: Interface to the (old) ip_queue mechanism
Version: @PACKAGE_VERSION@
-Libs: -L${libdir} -liptc
+Libs: -L${libdir} -lipq
Cflags: -I${includedir}
diff --git a/libiptc/.gitignore b/libiptc/.gitignore
new file mode 100644
index 0000000..49ca83d
--- /dev/null
+++ b/libiptc/.gitignore
@@ -0,0 +1 @@
+/*.pc
diff --git a/libiptc/Makefile.am b/libiptc/Makefile.am
new file mode 100644
index 0000000..f789d34
--- /dev/null
+++ b/libiptc/Makefile.am
@@ -0,0 +1,15 @@
+# -*- Makefile -*-
+
+AM_CFLAGS = ${regular_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include ${kinclude_CPPFLAGS}
+
+pkgconfig_DATA = libiptc.pc libip4tc.pc libip6tc.pc
+
+lib_LTLIBRARIES = libip4tc.la libip6tc.la libiptc.la
+libiptc_la_SOURCES =
+libiptc_la_LIBADD = libip4tc.la libip6tc.la
+libiptc_la_LDFLAGS = -version-info 0:0:0 ${libiptc_LDFLAGS2}
+libip4tc_la_SOURCES = libip4tc.c
+libip4tc_la_LDFLAGS = -version-info 1:0:1
+libip6tc_la_SOURCES = libip6tc.c
+libip6tc_la_LDFLAGS = -version-info 1:0:1 ${libiptc_LDFLAGS2}
diff --git a/libiptc/Makefile.in b/libiptc/Makefile.in
new file mode 100644
index 0000000..219d574
--- /dev/null
+++ b/libiptc/Makefile.in
@@ -0,0 +1,635 @@
+# Makefile.in generated by automake 1.11.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# -*- Makefile -*-
+
+
+VPATH = @srcdir@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = libiptc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(srcdir)/libip4tc.pc.in $(srcdir)/libip6tc.pc.in \
+ $(srcdir)/libiptc.pc.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_linker_flags.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = libiptc.pc libip4tc.pc libip6tc.pc
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+libip4tc_la_LIBADD =
+am_libip4tc_la_OBJECTS = libip4tc.lo
+libip4tc_la_OBJECTS = $(am_libip4tc_la_OBJECTS)
+libip4tc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libip4tc_la_LDFLAGS) $(LDFLAGS) -o $@
+libip6tc_la_LIBADD =
+am_libip6tc_la_OBJECTS = libip6tc.lo
+libip6tc_la_OBJECTS = $(am_libip6tc_la_OBJECTS)
+libip6tc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libip6tc_la_LDFLAGS) $(LDFLAGS) -o $@
+libiptc_la_DEPENDENCIES = libip4tc.la libip6tc.la
+am_libiptc_la_OBJECTS =
+libiptc_la_OBJECTS = $(am_libiptc_la_OBJECTS)
+libiptc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libiptc_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libip4tc_la_SOURCES) $(libip6tc_la_SOURCES) \
+ $(libiptc_la_SOURCES)
+DIST_SOURCES = $(libip4tc_la_SOURCES) $(libip6tc_la_SOURCES) \
+ $(libiptc_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+DATA = $(pkgconfig_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+pkgdatadir = @pkgdatadir@
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+blacklist_modules = @blacklist_modules@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+kbuilddir = @kbuilddir@
+kinclude_CPPFLAGS = @kinclude_CPPFLAGS@
+ksourcedir = @ksourcedir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libiptc_LDFLAGS2 = @libiptc_LDFLAGS2@
+libnetfilter_conntrack_CFLAGS = @libnetfilter_conntrack_CFLAGS@
+libnetfilter_conntrack_LIBS = @libnetfilter_conntrack_LIBS@
+libnfnetlink_CFLAGS = @libnfnetlink_CFLAGS@
+libnfnetlink_LIBS = @libnfnetlink_LIBS@
+libxtables_vage = @libxtables_vage@
+libxtables_vcurrent = @libxtables_vcurrent@
+libxtables_vmajor = @libxtables_vmajor@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+noundef_LDFLAGS = @noundef_LDFLAGS@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+pkgconfigdir = @pkgconfigdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+regular_CFLAGS = @regular_CFLAGS@
+regular_CPPFLAGS = @regular_CPPFLAGS@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+xtlibdir = @xtlibdir@
+AM_CFLAGS = ${regular_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include ${kinclude_CPPFLAGS}
+pkgconfig_DATA = libiptc.pc libip4tc.pc libip6tc.pc
+lib_LTLIBRARIES = libip4tc.la libip6tc.la libiptc.la
+libiptc_la_SOURCES =
+libiptc_la_LIBADD = libip4tc.la libip6tc.la
+libiptc_la_LDFLAGS = -version-info 0:0:0 ${libiptc_LDFLAGS2}
+libip4tc_la_SOURCES = libip4tc.c
+libip4tc_la_LDFLAGS = -version-info 1:0:1
+libip6tc_la_SOURCES = libip6tc.c
+libip6tc_la_LDFLAGS = -version-info 1:0:1 ${libiptc_LDFLAGS2}
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu libiptc/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu libiptc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+libiptc.pc: $(top_builddir)/config.status $(srcdir)/libiptc.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+libip4tc.pc: $(top_builddir)/config.status $(srcdir)/libip4tc.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+libip6tc.pc: $(top_builddir)/config.status $(srcdir)/libip6tc.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libip4tc.la: $(libip4tc_la_OBJECTS) $(libip4tc_la_DEPENDENCIES) $(EXTRA_libip4tc_la_DEPENDENCIES)
+ $(libip4tc_la_LINK) -rpath $(libdir) $(libip4tc_la_OBJECTS) $(libip4tc_la_LIBADD) $(LIBS)
+libip6tc.la: $(libip6tc_la_OBJECTS) $(libip6tc_la_DEPENDENCIES) $(EXTRA_libip6tc_la_DEPENDENCIES)
+ $(libip6tc_la_LINK) -rpath $(libdir) $(libip6tc_la_OBJECTS) $(libip6tc_la_LIBADD) $(LIBS)
+libiptc.la: $(libiptc_la_OBJECTS) $(libiptc_la_DEPENDENCIES) $(EXTRA_libiptc_la_DEPENDENCIES)
+ $(libiptc_la_LINK) -rpath $(libdir) $(libiptc_la_OBJECTS) $(libiptc_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libip4tc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libip6tc.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-pkgconfigDATA: $(pkgconfig_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \
+ done
+
+uninstall-pkgconfigDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir)
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pkgconfigDATA
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES uninstall-pkgconfigDATA
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+ install-pkgconfigDATA install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-libLTLIBRARIES \
+ uninstall-pkgconfigDATA
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index 0c64ac8..dd59951 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -36,33 +36,27 @@ typedef unsigned int socklen_t;
#define HOOK_FORWARD NF_IP_FORWARD
#define HOOK_LOCAL_OUT NF_IP_LOCAL_OUT
#define HOOK_POST_ROUTING NF_IP_POST_ROUTING
-#ifdef NF_IP_DROPPING
-#define HOOK_DROPPING NF_IP_DROPPING
-#endif
-#define STRUCT_ENTRY_TARGET struct ipt_entry_target
+#define STRUCT_ENTRY_TARGET struct xt_entry_target
#define STRUCT_ENTRY struct ipt_entry
-#define STRUCT_ENTRY_MATCH struct ipt_entry_match
+#define STRUCT_ENTRY_MATCH struct xt_entry_match
#define STRUCT_GETINFO struct ipt_getinfo
#define STRUCT_GET_ENTRIES struct ipt_get_entries
-#define STRUCT_COUNTERS struct ipt_counters
-#define STRUCT_COUNTERS_INFO struct ipt_counters_info
-#define STRUCT_STANDARD_TARGET struct ipt_standard_target
+#define STRUCT_COUNTERS struct xt_counters
+#define STRUCT_COUNTERS_INFO struct xt_counters_info
+#define STRUCT_STANDARD_TARGET struct xt_standard_target
#define STRUCT_REPLACE struct ipt_replace
-#define STRUCT_TC_HANDLE struct iptc_handle
-#define xtc_handle iptc_handle
-
#define ENTRY_ITERATE IPT_ENTRY_ITERATE
-#define TABLE_MAXNAMELEN IPT_TABLE_MAXNAMELEN
-#define FUNCTION_MAXNAMELEN IPT_FUNCTION_MAXNAMELEN
+#define TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
+#define FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define GET_TARGET ipt_get_target
-#define ERROR_TARGET IPT_ERROR_TARGET
+#define ERROR_TARGET XT_ERROR_TARGET
#define NUMHOOKS NF_IP_NUMHOOKS
-#define IPT_CHAINLABEL ipt_chainlabel
+#define IPT_CHAINLABEL xt_chainlabel
#define TC_DUMP_ENTRIES dump_entries
#define TC_IS_CHAIN iptc_is_chain
@@ -76,6 +70,7 @@ typedef unsigned int socklen_t;
#define TC_INSERT_ENTRY iptc_insert_entry
#define TC_REPLACE_ENTRY iptc_replace_entry
#define TC_APPEND_ENTRY iptc_append_entry
+#define TC_CHECK_ENTRY iptc_check_entry
#define TC_DELETE_ENTRY iptc_delete_entry
#define TC_DELETE_NUM_ENTRY iptc_delete_num_entry
#define TC_FLUSH_ENTRIES iptc_flush_entries
@@ -95,6 +90,7 @@ typedef unsigned int socklen_t;
#define TC_STRERROR iptc_strerror
#define TC_NUM_RULES iptc_num_rules
#define TC_GET_RULE iptc_get_rule
+#define TC_OPS iptc_ops
#define TC_AF AF_INET
#define TC_IPPROTO IPPROTO_IP
@@ -105,14 +101,14 @@ typedef unsigned int socklen_t;
#define SO_GET_ENTRIES IPT_SO_GET_ENTRIES
#define SO_GET_VERSION IPT_SO_GET_VERSION
-#define STANDARD_TARGET IPT_STANDARD_TARGET
+#define STANDARD_TARGET XT_STANDARD_TARGET
#define LABEL_RETURN IPTC_LABEL_RETURN
#define LABEL_ACCEPT IPTC_LABEL_ACCEPT
#define LABEL_DROP IPTC_LABEL_DROP
#define LABEL_QUEUE IPTC_LABEL_QUEUE
-#define ALIGN IPT_ALIGN
-#define RETURN IPT_RETURN
+#define ALIGN XT_ALIGN
+#define RETURN XT_RETURN
#include "libiptc.c"
@@ -125,7 +121,7 @@ typedef unsigned int socklen_t;
#define IP_PARTS(n) IP_PARTS_NATIVE(ntohl(n))
static int
-dump_entry(struct ipt_entry *e, struct iptc_handle *const handle)
+dump_entry(struct ipt_entry *e, struct xtc_handle *const handle)
{
size_t i;
STRUCT_ENTRY_TARGET *t;
@@ -165,7 +161,7 @@ dump_entry(struct ipt_entry *e, struct iptc_handle *const handle)
: "UNKNOWN");
else
printf("verdict=%u\n", pos);
- } else if (strcmp(t->u.user.name, IPT_ERROR_TARGET) == 0)
+ } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0)
printf("error=`%s'\n", t->data);
printf("\n");
@@ -208,7 +204,7 @@ is_same(const STRUCT_ENTRY *a, const STRUCT_ENTRY *b, unsigned char *matchmask)
mptr = matchmask + sizeof(STRUCT_ENTRY);
if (IPT_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
return NULL;
- mptr += IPT_ALIGN(sizeof(struct ipt_entry_target));
+ mptr += XT_ALIGN(sizeof(struct xt_entry_target));
return mptr;
}
@@ -220,8 +216,8 @@ unconditional(const struct ipt_ip *ip)
{
unsigned int i;
- for (i = 0; i < sizeof(*ip)/sizeof(u_int32_t); i++)
- if (((u_int32_t *)ip)[i])
+ for (i = 0; i < sizeof(*ip)/sizeof(uint32_t); i++)
+ if (((uint32_t *)ip)[i])
return 0;
return 1;
@@ -240,7 +236,7 @@ check_match(const STRUCT_ENTRY_MATCH *m, unsigned int *off)
static inline int
check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
unsigned int user_offset, int *was_return,
- struct iptc_handle *h)
+ struct xtc_handle *h)
{
unsigned int toff;
STRUCT_STANDARD_TARGET *t;
@@ -276,14 +272,14 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
idx = iptcb_entry2index(h, te);
assert(strcmp(GET_TARGET(te)->u.user.name,
- IPT_ERROR_TARGET)
+ XT_ERROR_TARGET)
!= 0);
assert(te != e);
/* Prior node must be error node, or this node. */
assert(t->verdict == iptcb_entry2offset(h, e)+e->next_offset
|| strcmp(GET_TARGET(index2entry(h, idx-1))
- ->u.user.name, IPT_ERROR_TARGET)
+ ->u.user.name, XT_ERROR_TARGET)
== 0);
}
@@ -293,7 +289,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
*was_return = 1;
else
*was_return = 0;
- } else if (strcmp(t->target.u.user.name, IPT_ERROR_TARGET) == 0) {
+ } else if (strcmp(t->target.u.user.name, XT_ERROR_TARGET) == 0) {
assert(t->target.u.target_size
== ALIGN(sizeof(struct ipt_error_target)));
@@ -306,7 +302,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
else *was_return = 0;
if (*off == user_offset)
- assert(strcmp(t->target.u.user.name, IPT_ERROR_TARGET) == 0);
+ assert(strcmp(t->target.u.user.name, XT_ERROR_TARGET) == 0);
(*off) += e->next_offset;
(*i)++;
@@ -316,7 +312,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
#ifdef IPTC_DEBUG
/* Do every conceivable sanity check on the handle */
static void
-do_check(struct iptc_handle *h, unsigned int line)
+do_check(struct xtc_handle *h, unsigned int line)
{
unsigned int i, n;
unsigned int user_offset; /* Offset of first user chain */
@@ -425,15 +421,6 @@ do_check(struct iptc_handle *h, unsigned int line)
assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n);
user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT];
-
-#ifdef NF_IP_DROPPING
- } else if (strcmp(h->info.name, "drop") == 0) {
- assert(h->info.valid_hooks == (1 << NF_IP_DROPPING));
-
- /* Hook should be first */
- assert(h->info.hook_entry[NF_IP_DROPPING] == 0);
- user_offset = 0;
-#endif
} else {
fprintf(stderr, "Unknown table `%s'\n", h->info.name);
abort();
diff --git a/libiptc/libip4tc.pc.in b/libiptc/libip4tc.pc.in
new file mode 100644
index 0000000..5efa1ca
--- /dev/null
+++ b/libiptc/libip4tc.pc.in
@@ -0,0 +1,10 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: libip4tc
+Description: iptables IPv4 ruleset ADT and kernel interface
+Version: @PACKAGE_VERSION@
+Libs: -L${libdir} -lip4tc
+Cflags: -I${includedir}
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
index 27fe4c4..ca01bcb 100644
--- a/libiptc/libip6tc.c
+++ b/libiptc/libip6tc.c
@@ -35,29 +35,26 @@ typedef unsigned int socklen_t;
#define HOOK_LOCAL_OUT NF_IP6_LOCAL_OUT
#define HOOK_POST_ROUTING NF_IP6_POST_ROUTING
-#define STRUCT_ENTRY_TARGET struct ip6t_entry_target
+#define STRUCT_ENTRY_TARGET struct xt_entry_target
#define STRUCT_ENTRY struct ip6t_entry
-#define STRUCT_ENTRY_MATCH struct ip6t_entry_match
+#define STRUCT_ENTRY_MATCH struct xt_entry_match
#define STRUCT_GETINFO struct ip6t_getinfo
#define STRUCT_GET_ENTRIES struct ip6t_get_entries
-#define STRUCT_COUNTERS struct ip6t_counters
-#define STRUCT_COUNTERS_INFO struct ip6t_counters_info
-#define STRUCT_STANDARD_TARGET struct ip6t_standard_target
+#define STRUCT_COUNTERS struct xt_counters
+#define STRUCT_COUNTERS_INFO struct xt_counters_info
+#define STRUCT_STANDARD_TARGET struct xt_standard_target
#define STRUCT_REPLACE struct ip6t_replace
-#define STRUCT_TC_HANDLE struct ip6tc_handle
-#define xtc_handle ip6tc_handle
-
#define ENTRY_ITERATE IP6T_ENTRY_ITERATE
-#define TABLE_MAXNAMELEN IP6T_TABLE_MAXNAMELEN
-#define FUNCTION_MAXNAMELEN IP6T_FUNCTION_MAXNAMELEN
+#define TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
+#define FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define GET_TARGET ip6t_get_target
-#define ERROR_TARGET IP6T_ERROR_TARGET
+#define ERROR_TARGET XT_ERROR_TARGET
#define NUMHOOKS NF_IP6_NUMHOOKS
-#define IPT_CHAINLABEL ip6t_chainlabel
+#define IPT_CHAINLABEL xt_chainlabel
#define TC_DUMP_ENTRIES dump_entries6
#define TC_IS_CHAIN ip6tc_is_chain
@@ -71,6 +68,7 @@ typedef unsigned int socklen_t;
#define TC_INSERT_ENTRY ip6tc_insert_entry
#define TC_REPLACE_ENTRY ip6tc_replace_entry
#define TC_APPEND_ENTRY ip6tc_append_entry
+#define TC_CHECK_ENTRY ip6tc_check_entry
#define TC_DELETE_ENTRY ip6tc_delete_entry
#define TC_DELETE_NUM_ENTRY ip6tc_delete_num_entry
#define TC_FLUSH_ENTRIES ip6tc_flush_entries
@@ -90,6 +88,7 @@ typedef unsigned int socklen_t;
#define TC_STRERROR ip6tc_strerror
#define TC_NUM_RULES ip6tc_num_rules
#define TC_GET_RULE ip6tc_get_rule
+#define TC_OPS ip6tc_ops
#define TC_AF AF_INET6
#define TC_IPPROTO IPPROTO_IPV6
@@ -100,21 +99,21 @@ typedef unsigned int socklen_t;
#define SO_GET_ENTRIES IP6T_SO_GET_ENTRIES
#define SO_GET_VERSION IP6T_SO_GET_VERSION
-#define STANDARD_TARGET IP6T_STANDARD_TARGET
+#define STANDARD_TARGET XT_STANDARD_TARGET
#define LABEL_RETURN IP6TC_LABEL_RETURN
#define LABEL_ACCEPT IP6TC_LABEL_ACCEPT
#define LABEL_DROP IP6TC_LABEL_DROP
#define LABEL_QUEUE IP6TC_LABEL_QUEUE
-#define ALIGN IP6T_ALIGN
-#define RETURN IP6T_RETURN
+#define ALIGN XT_ALIGN
+#define RETURN XT_RETURN
#include "libiptc.c"
#define BIT6(a, l) \
((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1)
-int
+static int
ipv6_prefix_length(const struct in6_addr *a)
{
int l, i;
@@ -130,12 +129,12 @@ ipv6_prefix_length(const struct in6_addr *a)
}
static int
-dump_entry(struct ip6t_entry *e, struct ip6tc_handle *const handle)
+dump_entry(struct ip6t_entry *e, struct xtc_handle *const handle)
{
size_t i;
char buf[40];
int len;
- struct ip6t_entry_target *t;
+ struct xt_entry_target *t;
printf("Entry %u (%lu):\n", iptcb_entry2index(handle, e),
iptcb_entry2offset(handle, e));
@@ -184,18 +183,18 @@ dump_entry(struct ip6t_entry *e, struct ip6tc_handle *const handle)
t = ip6t_get_target(e);
printf("Target name: `%s' [%u]\n", t->u.user.name, t->u.target_size);
- if (strcmp(t->u.user.name, IP6T_STANDARD_TARGET) == 0) {
+ if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) {
const unsigned char *data = t->data;
int pos = *(const int *)data;
if (pos < 0)
printf("verdict=%s\n",
pos == -NF_ACCEPT-1 ? "NF_ACCEPT"
: pos == -NF_DROP-1 ? "NF_DROP"
- : pos == IP6T_RETURN ? "RETURN"
+ : pos == XT_RETURN ? "RETURN"
: "UNKNOWN");
else
printf("verdict=%u\n", pos);
- } else if (strcmp(t->u.user.name, IP6T_ERROR_TARGET) == 0)
+ } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0)
printf("error=`%s'\n", t->data);
printf("\n");
@@ -240,7 +239,7 @@ is_same(const STRUCT_ENTRY *a, const STRUCT_ENTRY *b,
mptr = matchmask + sizeof(STRUCT_ENTRY);
if (IP6T_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
return NULL;
- mptr += IP6T_ALIGN(sizeof(struct ip6t_entry_target));
+ mptr += XT_ALIGN(sizeof(struct xt_entry_target));
return mptr;
}
diff --git a/libiptc/libip6tc.pc.in b/libiptc/libip6tc.pc.in
new file mode 100644
index 0000000..30a61b2
--- /dev/null
+++ b/libiptc/libip6tc.pc.in
@@ -0,0 +1,10 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: libip6tc
+Description: iptables IPv6 ruleset ADT and kernel interface
+Version: @PACKAGE_VERSION@
+Libs: -L${libdir} -lip6tc
+Cflags: -I${includedir}
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 7a9c742..f0f7815 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -29,9 +29,13 @@
* - performance work: speedup initial ruleset parsing.
* - sponsored by ComX Networks A/S (http://www.comx.dk/)
*/
+#include <unistd.h>
+#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
+#include <stdbool.h>
#include <xtables.h>
+#include <libiptc/xtcshared.h>
#include "linux_list.h"
@@ -60,18 +64,9 @@ static const char *hooknames[] = {
[HOOK_FORWARD] = "FORWARD",
[HOOK_LOCAL_OUT] = "OUTPUT",
[HOOK_POST_ROUTING] = "POSTROUTING",
-#ifdef HOOK_DROPPING
- [HOOK_DROPPING] = "DROPPING"
-#endif
};
/* Convenience structures */
-struct ipt_error_target
-{
- STRUCT_ENTRY_TARGET t;
- char error[TABLE_MAXNAMELEN];
-};
-
struct chain_head;
struct rule_head;
@@ -129,8 +124,7 @@ struct chain_head
unsigned int foot_offset; /* offset in rule blob */
};
-STRUCT_TC_HANDLE
-{
+struct xtc_handle {
int sockfd;
int changed; /* Have changes been made? */
@@ -402,7 +396,7 @@ __iptcc_bsearch_chain_index(const char *name, unsigned int offset,
}
debug("jump back to pos:%d (end:%d)\n", pos, end);
goto loop;
- } else if (res > 0 ){ /* Not far enough, jump forward */
+ } else { /* res > 0; Not far enough, jump forward */
/* Exit case: Last element of array */
if (pos == handle->chain_index_sz-1) {
@@ -429,8 +423,6 @@ __iptcc_bsearch_chain_index(const char *name, unsigned int offset,
debug("jump forward to pos:%d (end:%d)\n", pos, end);
goto loop;
}
-
- return list_pos;
}
/* Wrapper for string chain name based bsearch */
@@ -607,7 +599,7 @@ static int iptcc_chain_index_rebuild(struct xtc_handle *h)
*/
static int iptcc_chain_index_delete_chain(struct chain_head *c, struct xtc_handle *h)
{
- struct list_head *index_ptr, *index_ptr2, *next;
+ struct list_head *index_ptr, *next;
struct chain_head *c2;
unsigned int idx, idx2;
@@ -627,7 +619,7 @@ static int iptcc_chain_index_delete_chain(struct chain_head *c, struct xtc_handl
* is located in the same index bucket.
*/
c2 = list_entry(next, struct chain_head, list);
- index_ptr2 = iptcc_bsearch_chain_index(c2->name, &idx2, h);
+ iptcc_bsearch_chain_index(c2->name, &idx2, h);
if (idx != idx2) {
/* Rebuild needed */
return iptcc_chain_index_rebuild(h);
@@ -1013,6 +1005,7 @@ new_rule:
if (t->target.u.target_size
!= ALIGN(sizeof(STRUCT_STANDARD_TARGET))) {
errno = EINVAL;
+ free(r);
return -1;
}
@@ -1093,10 +1086,10 @@ static int parse_table(struct xtc_handle *h)
/* Convenience structures */
struct iptcb_chain_start{
STRUCT_ENTRY e;
- struct ipt_error_target name;
+ struct xt_error_target name;
};
#define IPTCB_CHAIN_START_SIZE (sizeof(STRUCT_ENTRY) + \
- ALIGN(sizeof(struct ipt_error_target)))
+ ALIGN(sizeof(struct xt_error_target)))
struct iptcb_chain_foot {
STRUCT_ENTRY e;
@@ -1107,10 +1100,10 @@ struct iptcb_chain_foot {
struct iptcb_chain_error {
STRUCT_ENTRY entry;
- struct ipt_error_target target;
+ struct xt_error_target target;
};
#define IPTCB_CHAIN_ERROR_SIZE (sizeof(STRUCT_ENTRY) + \
- ALIGN(sizeof(struct ipt_error_target)))
+ ALIGN(sizeof(struct xt_error_target)))
@@ -1153,10 +1146,10 @@ static int iptcc_compile_chain(struct xtc_handle *h, STRUCT_REPLACE *repl, struc
head = (void *)repl->entries + c->head_offset;
head->e.target_offset = sizeof(STRUCT_ENTRY);
head->e.next_offset = IPTCB_CHAIN_START_SIZE;
- strcpy(head->name.t.u.user.name, ERROR_TARGET);
- head->name.t.u.target_size =
- ALIGN(sizeof(struct ipt_error_target));
- strcpy(head->name.error, c->name);
+ strcpy(head->name.target.u.user.name, ERROR_TARGET);
+ head->name.target.u.target_size =
+ ALIGN(sizeof(struct xt_error_target));
+ strcpy(head->name.errorname, c->name);
} else {
repl->hook_entry[c->hooknum-1] = c->head_offset;
repl->underflow[c->hooknum-1] = c->foot_offset;
@@ -1199,7 +1192,7 @@ static int iptcc_compile_chain_offsets(struct xtc_handle *h, struct chain_head *
if (!iptcc_is_builtin(c)) {
/* Chain has header */
*offset += sizeof(STRUCT_ENTRY)
- + ALIGN(sizeof(struct ipt_error_target));
+ + ALIGN(sizeof(struct xt_error_target));
(*num)++;
}
@@ -1239,7 +1232,7 @@ static int iptcc_compile_table_prep(struct xtc_handle *h, unsigned int *size)
/* Append one error rule at end of chain */
num++;
offset += sizeof(STRUCT_ENTRY)
- + ALIGN(sizeof(struct ipt_error_target));
+ + ALIGN(sizeof(struct xt_error_target));
/* ruleset size is now in offset */
*size = offset;
@@ -1262,10 +1255,10 @@ static int iptcc_compile_table(struct xtc_handle *h, STRUCT_REPLACE *repl)
error = (void *)repl->entries + repl->size - IPTCB_CHAIN_ERROR_SIZE;
error->entry.target_offset = sizeof(STRUCT_ENTRY);
error->entry.next_offset = IPTCB_CHAIN_ERROR_SIZE;
- error->target.t.u.user.target_size =
- ALIGN(sizeof(struct ipt_error_target));
- strcpy((char *)&error->target.t.u.user.name, ERROR_TARGET);
- strcpy((char *)&error->target.error, "ERROR");
+ error->target.target.u.user.target_size =
+ ALIGN(sizeof(struct xt_error_target));
+ strcpy((char *)&error->target.target.u.user.name, ERROR_TARGET);
+ strcpy((char *)&error->target.errorname, "ERROR");
return 1;
}
@@ -1278,12 +1271,9 @@ static int iptcc_compile_table(struct xtc_handle *h, STRUCT_REPLACE *repl)
static struct xtc_handle *
alloc_handle(const char *tablename, unsigned int size, unsigned int num_rules)
{
- size_t len;
struct xtc_handle *h;
- len = sizeof(STRUCT_TC_HANDLE) + size;
-
- h = malloc(sizeof(STRUCT_TC_HANDLE));
+ h = malloc(sizeof(*h));
if (!h) {
errno = ENOMEM;
return NULL;
@@ -1317,6 +1307,7 @@ TC_INIT(const char *tablename)
socklen_t s;
int sockfd;
+retry:
iptc_fn = TC_INIT;
if (strlen(tablename) >= TABLE_MAXNAMELEN) {
@@ -1328,7 +1319,12 @@ TC_INIT(const char *tablename)
if (sockfd < 0)
return NULL;
-retry:
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ abort();
+ }
+
s = sizeof(info);
strcpy(info.name, tablename);
@@ -1956,12 +1952,11 @@ is_same(const STRUCT_ENTRY *a,
const STRUCT_ENTRY *b,
unsigned char *matchmask);
-/* Delete the first rule in `chain' which matches `fw'. */
-int
-TC_DELETE_ENTRY(const IPT_CHAINLABEL chain,
- const STRUCT_ENTRY *origfw,
- unsigned char *matchmask,
- struct xtc_handle *handle)
+
+/* find the first rule in `chain' which matches `fw' and remove it unless dry_run is set */
+static int delete_entry(const IPT_CHAINLABEL chain, const STRUCT_ENTRY *origfw,
+ unsigned char *matchmask, struct xtc_handle *handle,
+ bool dry_run)
{
struct chain_head *c;
struct rule_head *r, *i;
@@ -2005,6 +2000,12 @@ TC_DELETE_ENTRY(const IPT_CHAINLABEL chain,
if (!target_same(r, i, mask))
continue;
+ /* if we are just doing a dry run, we simply skip the rest */
+ if (dry_run){
+ free(r);
+ return 1;
+ }
+
/* If we are about to delete the rule that is the
* current iterator, move rule iterator back. next
* pointer will then point to real next node */
@@ -2027,6 +2028,20 @@ TC_DELETE_ENTRY(const IPT_CHAINLABEL chain,
return 0;
}
+/* check whether a specified rule is present */
+int TC_CHECK_ENTRY(const IPT_CHAINLABEL chain, const STRUCT_ENTRY *origfw,
+ unsigned char *matchmask, struct xtc_handle *handle)
+{
+ /* do a dry-run delete to find out whether a matching rule exists */
+ return delete_entry(chain, origfw, matchmask, handle, true);
+}
+
+/* Delete the first rule in `chain' which matches `fw'. */
+int TC_DELETE_ENTRY(const IPT_CHAINLABEL chain, const STRUCT_ENTRY *origfw,
+ unsigned char *matchmask, struct xtc_handle *handle)
+{
+ return delete_entry(chain, origfw, matchmask, handle, false);
+}
/* Delete the rule in position `rulenum' in `chain'. */
int
@@ -2728,3 +2743,14 @@ TC_STRERROR(int err)
return strerror(err);
}
+
+const struct xtc_ops TC_OPS = {
+ .commit = TC_COMMIT,
+ .free = TC_FREE,
+ .builtin = TC_BUILTIN,
+ .is_chain = TC_IS_CHAIN,
+ .flush_entries = TC_FLUSH_ENTRIES,
+ .create_chain = TC_CREATE_CHAIN,
+ .set_policy = TC_SET_POLICY,
+ .strerror = TC_STRERROR,
+};
diff --git a/libiptc/libiptc.pc.in b/libiptc/libiptc.pc.in
new file mode 100644
index 0000000..0264bf0
--- /dev/null
+++ b/libiptc/libiptc.pc.in
@@ -0,0 +1,10 @@
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: libiptc
+Description: iptables v4/v6 ruleset ADT and kernel interface
+Version: @PACKAGE_VERSION@
+Requires: libip4tc libip6tc
diff --git a/libxtables/Makefile.am b/libxtables/Makefile.am
new file mode 100644
index 0000000..c5795fe
--- /dev/null
+++ b/libxtables/Makefile.am
@@ -0,0 +1,20 @@
+# -*- Makefile -*-
+
+AM_CFLAGS = ${regular_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables ${kinclude_CPPFLAGS}
+
+lib_LTLIBRARIES = libxtables.la
+libxtables_la_SOURCES = xtables.c xtoptions.c
+libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage}
+libxtables_la_LIBADD =
+if ENABLE_STATIC
+# With --enable-static, shipped extensions are linked into the main executable,
+# so we need all the LIBADDs here too
+libxtables_la_LIBADD += -lm
+endif
+if ENABLE_SHARED
+libxtables_la_CFLAGS = ${AM_CFLAGS}
+libxtables_la_LIBADD += -ldl
+else
+libxtables_la_CFLAGS = ${AM_CFLAGS} -DNO_SHARED_LIBS=1
+endif
diff --git a/libxtables/Makefile.in b/libxtables/Makefile.in
new file mode 100644
index 0000000..533e071
--- /dev/null
+++ b/libxtables/Makefile.in
@@ -0,0 +1,603 @@
+# Makefile.in generated by automake 1.11.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# -*- Makefile -*-
+
+VPATH = @srcdir@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+# With --enable-static, shipped extensions are linked into the main executable,
+# so we need all the LIBADDs here too
+@ENABLE_STATIC_TRUE@am__append_1 = -lm
+@ENABLE_SHARED_TRUE@am__append_2 = -ldl
+subdir = libxtables
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_linker_flags.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libxtables_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_libxtables_la_OBJECTS = libxtables_la-xtables.lo \
+ libxtables_la-xtoptions.lo
+libxtables_la_OBJECTS = $(am_libxtables_la_OBJECTS)
+libxtables_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libxtables_la_CFLAGS) \
+ $(CFLAGS) $(libxtables_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libxtables_la_SOURCES)
+DIST_SOURCES = $(libxtables_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+pkgdatadir = @pkgdatadir@
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+blacklist_modules = @blacklist_modules@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+kbuilddir = @kbuilddir@
+kinclude_CPPFLAGS = @kinclude_CPPFLAGS@
+ksourcedir = @ksourcedir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libiptc_LDFLAGS2 = @libiptc_LDFLAGS2@
+libnetfilter_conntrack_CFLAGS = @libnetfilter_conntrack_CFLAGS@
+libnetfilter_conntrack_LIBS = @libnetfilter_conntrack_LIBS@
+libnfnetlink_CFLAGS = @libnfnetlink_CFLAGS@
+libnfnetlink_LIBS = @libnfnetlink_LIBS@
+libxtables_vage = @libxtables_vage@
+libxtables_vcurrent = @libxtables_vcurrent@
+libxtables_vmajor = @libxtables_vmajor@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+noundef_LDFLAGS = @noundef_LDFLAGS@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+pkgconfigdir = @pkgconfigdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+regular_CFLAGS = @regular_CFLAGS@
+regular_CPPFLAGS = @regular_CPPFLAGS@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+xtlibdir = @xtlibdir@
+AM_CFLAGS = ${regular_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables ${kinclude_CPPFLAGS}
+lib_LTLIBRARIES = libxtables.la
+libxtables_la_SOURCES = xtables.c xtoptions.c
+libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage}
+libxtables_la_LIBADD = $(am__append_1) $(am__append_2)
+@ENABLE_SHARED_FALSE@libxtables_la_CFLAGS = ${AM_CFLAGS} -DNO_SHARED_LIBS=1
+@ENABLE_SHARED_TRUE@libxtables_la_CFLAGS = ${AM_CFLAGS}
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu libxtables/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu libxtables/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libxtables.la: $(libxtables_la_OBJECTS) $(libxtables_la_DEPENDENCIES) $(EXTRA_libxtables_la_DEPENDENCIES)
+ $(libxtables_la_LINK) -rpath $(libdir) $(libxtables_la_OBJECTS) $(libxtables_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxtables_la-xtables.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxtables_la-xtoptions.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+libxtables_la-xtables.lo: xtables.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libxtables_la_CFLAGS) $(CFLAGS) -MT libxtables_la-xtables.lo -MD -MP -MF $(DEPDIR)/libxtables_la-xtables.Tpo -c -o libxtables_la-xtables.lo `test -f 'xtables.c' || echo '$(srcdir)/'`xtables.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxtables_la-xtables.Tpo $(DEPDIR)/libxtables_la-xtables.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xtables.c' object='libxtables_la-xtables.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libxtables_la_CFLAGS) $(CFLAGS) -c -o libxtables_la-xtables.lo `test -f 'xtables.c' || echo '$(srcdir)/'`xtables.c
+
+libxtables_la-xtoptions.lo: xtoptions.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libxtables_la_CFLAGS) $(CFLAGS) -MT libxtables_la-xtoptions.lo -MD -MP -MF $(DEPDIR)/libxtables_la-xtoptions.Tpo -c -o libxtables_la-xtoptions.lo `test -f 'xtoptions.c' || echo '$(srcdir)/'`xtoptions.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxtables_la-xtoptions.Tpo $(DEPDIR)/libxtables_la-xtoptions.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xtoptions.c' object='libxtables_la-xtoptions.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libxtables_la_CFLAGS) $(CFLAGS) -c -o libxtables_la-xtoptions.lo `test -f 'xtoptions.c' || echo '$(srcdir)/'`xtoptions.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-libLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/xtables.c b/libxtables/xtables.c
index ed082f3..fb60c01 100644
--- a/xtables.c
+++ b/libxtables/xtables.c
@@ -15,9 +15,11 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-
+#include "config.h"
+#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
+#include <inttypes.h>
#include <netdb.h>
#include <stdarg.h>
#include <stdbool.h>
@@ -27,9 +29,18 @@
#include <unistd.h>
#include <sys/socket.h>
#include <sys/stat.h>
+#include <sys/statfs.h>
#include <sys/types.h>
+#include <sys/utsname.h>
#include <sys/wait.h>
#include <arpa/inet.h>
+#if defined(HAVE_LINUX_MAGIC_H)
+# include <linux/magic.h> /* for PROC_SUPER_MAGIC */
+#elif defined(HAVE_LINUX_PROC_FS_H)
+# include <linux/proc_fs.h> /* Linux 2.4 */
+#else
+# define PROC_SUPER_MAGIC 0x9fa0
+#endif
#include <xtables.h>
#include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
@@ -49,7 +60,8 @@
# define IP6T_SO_GET_REVISION_TARGET 69
#endif
#include <getopt.h>
-
+#include "iptables/internal.h"
+#include "xshared.h"
#define NPROTO 255
@@ -57,6 +69,12 @@
#define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
#endif
+/* we need this for ip6?tables-restore. ip6?tables-restore.c sets line to the
+ * current line of the input file, in order to give a more precise error
+ * message. ip6?tables itself doesn't need this, so it is initialized to the
+ * magic number of -1 */
+int line = -1;
+
void basic_exit_err(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals *xt_params = NULL;
@@ -73,67 +91,66 @@ void basic_exit_err(enum xtables_exittype status, const char *msg, ...)
exit(status);
}
-
-void xtables_free_opts(int reset_offset)
+void xtables_free_opts(int unused)
{
if (xt_params->opts != xt_params->orig_opts) {
free(xt_params->opts);
- xt_params->opts = xt_params->orig_opts;
- if (reset_offset)
- xt_params->option_offset = 0;
+ xt_params->opts = NULL;
}
}
-struct option *xtables_merge_options(struct option *oldopts,
+struct option *xtables_merge_options(struct option *orig_opts,
+ struct option *oldopts,
const struct option *newopts,
unsigned int *option_offset)
{
- unsigned int num_old, num_new, i;
- struct option *merge;
+ unsigned int num_oold = 0, num_old = 0, num_new = 0, i;
+ struct option *merge, *mp;
if (newopts == NULL)
return oldopts;
- for (num_old = 0; oldopts[num_old].name; num_old++) ;
+ for (num_oold = 0; orig_opts[num_oold].name; num_oold++) ;
+ if (oldopts != NULL)
+ for (num_old = 0; oldopts[num_old].name; num_old++) ;
for (num_new = 0; newopts[num_new].name; num_new++) ;
- xt_params->option_offset += 256;
- *option_offset = xt_params->option_offset;
+ /*
+ * Since @oldopts also has @orig_opts already (and does so at the
+ * start), skip these entries.
+ */
+ oldopts += num_oold;
+ num_old -= num_oold;
- merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
+ merge = malloc(sizeof(*mp) * (num_oold + num_old + num_new + 1));
if (merge == NULL)
return NULL;
- memcpy(merge, oldopts, num_old * sizeof(struct option));
- xtables_free_opts(0); /* Release any old options merged */
- for (i = 0; i < num_new; i++) {
- merge[num_old + i] = newopts[i];
- merge[num_old + i].val += *option_offset;
- }
- memset(merge + num_old + num_new, 0, sizeof(struct option));
+ /* Let the base options -[ADI...] have precedence over everything */
+ memcpy(merge, orig_opts, sizeof(*mp) * num_oold);
+ mp = merge + num_oold;
+
+ /* Second, the new options */
+ xt_params->option_offset += XT_OPTION_OFFSET_SCALE;
+ *option_offset = xt_params->option_offset;
+ memcpy(mp, newopts, sizeof(*mp) * num_new);
+
+ for (i = 0; i < num_new; ++i, ++mp)
+ mp->val += *option_offset;
+
+ /* Third, the old options */
+ memcpy(mp, oldopts, sizeof(*mp) * num_old);
+ mp += num_old;
+ xtables_free_opts(0);
+
+ /* Clear trailing entry */
+ memset(mp, 0, sizeof(*mp));
return merge;
}
-/**
- * xtables_afinfo - protocol family dependent information
- * @kmod: kernel module basename (e.g. "ip_tables")
- * @libprefix: prefix of .so library name (e.g. "libipt_")
- * @family: nfproto family
- * @ipproto: used by setsockopt (e.g. IPPROTO_IP)
- * @so_rev_match: optname to check revision support of match
- * @so_rev_target: optname to check revision support of target
- */
-struct xtables_afinfo {
- const char *kmod;
- const char *libprefix;
- uint8_t family;
- uint8_t ipproto;
- int so_rev_match;
- int so_rev_target;
-};
-
static const struct xtables_afinfo afinfo_ipv4 = {
.kmod = "ip_tables",
+ .proc_exists = "/proc/net/ip_tables_names",
.libprefix = "libipt_",
.family = NFPROTO_IPV4,
.ipproto = IPPROTO_IP,
@@ -143,6 +160,7 @@ static const struct xtables_afinfo afinfo_ipv4 = {
static const struct xtables_afinfo afinfo_ipv6 = {
.kmod = "ip6_tables",
+ .proc_exists = "/proc/net/ip6_tables_names",
.libprefix = "libip6t_",
.family = NFPROTO_IPV6,
.ipproto = IPPROTO_IPV6,
@@ -150,7 +168,7 @@ static const struct xtables_afinfo afinfo_ipv6 = {
.so_rev_target = IP6T_SO_GET_REVISION_TARGET,
};
-static const struct xtables_afinfo *afinfo;
+const struct xtables_afinfo *afinfo;
/* Search path for Xtables .so files */
static const char *xtables_libdir;
@@ -158,10 +176,18 @@ static const char *xtables_libdir;
/* the path to command to load kernel module */
const char *xtables_modprobe_program;
-/* Keeping track of external matches and targets: linked lists. */
+/* Keep track of matches/targets pending full registration: linked lists. */
+struct xtables_match *xtables_pending_matches;
+struct xtables_target *xtables_pending_targets;
+
+/* Keep track of fully registered external matches/targets: linked lists. */
struct xtables_match *xtables_matches;
struct xtables_target *xtables_targets;
+/* Fully register a match/target which was previously partially registered. */
+static void xtables_fully_register_pending_match(struct xtables_match *me);
+static void xtables_fully_register_pending_target(struct xtables_target *me);
+
void xtables_init(void)
{
xtables_libdir = getenv("XTABLES_LIBDIR");
@@ -279,25 +305,30 @@ static char *get_modprobe(void)
{
int procfile;
char *ret;
+ int count;
-#define PROCFILE_BUFSIZ 1024
procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
if (procfile < 0)
return NULL;
+ if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
- ret = (char *) malloc(PROCFILE_BUFSIZ);
+ ret = malloc(PATH_MAX);
if (ret) {
- memset(ret, 0, PROCFILE_BUFSIZ);
- switch (read(procfile, ret, PROCFILE_BUFSIZ)) {
- case -1: goto fail;
- case PROCFILE_BUFSIZ: goto fail; /* Partial read. Wierd */
+ count = read(procfile, ret, PATH_MAX);
+ if (count > 0 && count < PATH_MAX)
+ {
+ if (ret[count - 1] == '\n')
+ ret[count - 1] = '\0';
+ else
+ ret[count] = '\0';
+ close(procfile);
+ return ret;
}
- if (ret[strlen(ret)-1]=='\n')
- ret[strlen(ret)-1]=0;
- close(procfile);
- return ret;
}
- fail:
free(ret);
close(procfile);
return NULL;
@@ -339,6 +370,7 @@ int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
/* not usually reached */
exit(1);
case -1:
+ free(buf);
return -1;
default: /* parent */
@@ -351,15 +383,39 @@ int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
return -1;
}
+/* return true if a given file exists within procfs */
+static bool proc_file_exists(const char *filename)
+{
+ struct stat s;
+ struct statfs f;
+
+ if (lstat(filename, &s))
+ return false;
+ if (!S_ISREG(s.st_mode))
+ return false;
+ if (statfs(filename, &f))
+ return false;
+ if (f.f_type != PROC_SUPER_MAGIC)
+ return false;
+ return true;
+}
+
int xtables_load_ko(const char *modprobe, bool quiet)
{
static bool loaded = false;
- static int ret = -1;
+ int ret;
- if (!loaded) {
- ret = xtables_insmod(afinfo->kmod, modprobe, quiet);
- loaded = (ret == 0);
- }
+ if (loaded)
+ return 0;
+
+ if (proc_file_exists(afinfo->proc_exists)) {
+ loaded = true;
+ return 0;
+ };
+
+ ret = xtables_insmod(afinfo->kmod, modprobe, quiet);
+ if (ret == 0)
+ loaded = true;
return ret;
}
@@ -380,15 +436,20 @@ int xtables_load_ko(const char *modprobe, bool quiet)
* Returns true/false whether number was accepted. On failure, *value has
* undefined contents.
*/
-bool xtables_strtoul(const char *s, char **end, unsigned long *value,
- unsigned long min, unsigned long max)
+bool xtables_strtoul(const char *s, char **end, uintmax_t *value,
+ uintmax_t min, uintmax_t max)
{
- unsigned long v;
+ uintmax_t v;
+ const char *p;
char *my_end;
errno = 0;
- v = strtoul(s, &my_end, 0);
-
+ /* Since strtoul allows leading minus, we have to check for ourself. */
+ for (p = s; isspace(*p); ++p)
+ ;
+ if (*p == '-')
+ return false;
+ v = strtoumax(s, &my_end, 0);
if (my_end == s)
return false;
if (end != NULL)
@@ -408,7 +469,7 @@ bool xtables_strtoul(const char *s, char **end, unsigned long *value,
bool xtables_strtoui(const char *s, char **end, unsigned int *value,
unsigned int min, unsigned int max)
{
- unsigned long v;
+ uintmax_t v;
bool ret;
ret = xtables_strtoul(s, end, &v, min, max);
@@ -427,7 +488,7 @@ int xtables_service_to_port(const char *name, const char *proto)
return -1;
}
-u_int16_t xtables_parse_port(const char *port, const char *proto)
+uint16_t xtables_parse_port(const char *port, const char *proto)
{
unsigned int portnum;
@@ -455,15 +516,13 @@ void xtables_parse_interface(const char *arg, char *vianame,
strcpy(vianame, arg);
if (vialen == 0)
- memset(mask, 0, IFNAMSIZ);
+ return;
else if (vianame[vialen - 1] == '+') {
memset(mask, 0xFF, vialen - 1);
- memset(mask + vialen - 1, 0, IFNAMSIZ - vialen + 1);
/* Don't remove `+' here! -HW */
} else {
/* Include nul-terminator in match */
memset(mask, 0xFF, vialen + 1);
- memset(mask + vialen + 1, 0, IFNAMSIZ - vialen - 1);
for (i = 0; vianame[i]; i++) {
if (vianame[i] == '/' ||
vianame[i] == ' ') {
@@ -478,9 +537,11 @@ void xtables_parse_interface(const char *arg, char *vianame,
}
#ifndef NO_SHARED_LIBS
-static void *load_extension(const char *search_path, const char *prefix,
+static void *load_extension(const char *search_path, const char *af_prefix,
const char *name, bool is_target)
{
+ const char *all_prefixes[] = {"libxt_", af_prefix, NULL};
+ const char **prefix;
const char *dir = search_path, *next;
void *ptr = NULL;
struct stat sb;
@@ -490,39 +551,36 @@ static void *load_extension(const char *search_path, const char *prefix,
next = strchr(dir, ':');
if (next == NULL)
next = dir + strlen(dir);
- snprintf(path, sizeof(path), "%.*s/libxt_%s.so",
- (unsigned int)(next - dir), dir, name);
- if (dlopen(path, RTLD_NOW) != NULL) {
- /* Found library. If it didn't register itself,
- maybe they specified target as match. */
- if (is_target)
- ptr = xtables_find_target(name, XTF_DONT_LOAD);
- else
- ptr = xtables_find_match(name,
- XTF_DONT_LOAD, NULL);
- } else if (stat(path, &sb) == 0) {
- fprintf(stderr, "%s: %s\n", path, dlerror());
- }
+ for (prefix = all_prefixes; *prefix != NULL; ++prefix) {
+ snprintf(path, sizeof(path), "%.*s/%s%s.so",
+ (unsigned int)(next - dir), dir,
+ *prefix, name);
- if (ptr != NULL)
- return ptr;
+ if (stat(path, &sb) != 0) {
+ if (errno == ENOENT)
+ continue;
+ fprintf(stderr, "%s: %s\n", path,
+ strerror(errno));
+ return NULL;
+ }
+ if (dlopen(path, RTLD_NOW) == NULL) {
+ fprintf(stderr, "%s: %s\n", path, dlerror());
+ break;
+ }
- snprintf(path, sizeof(path), "%.*s/%s%s.so",
- (unsigned int)(next - dir), dir, prefix, name);
- if (dlopen(path, RTLD_NOW) != NULL) {
if (is_target)
ptr = xtables_find_target(name, XTF_DONT_LOAD);
else
ptr = xtables_find_match(name,
XTF_DONT_LOAD, NULL);
- } else if (stat(path, &sb) == 0) {
- fprintf(stderr, "%s: %s\n", path, dlerror());
- }
- if (ptr != NULL)
- return ptr;
+ if (ptr != NULL)
+ return ptr;
+ errno = ENOENT;
+ return NULL;
+ }
dir = next + 1;
} while (*next != '\0');
@@ -534,6 +592,7 @@ struct xtables_match *
xtables_find_match(const char *name, enum xtables_tryload tryload,
struct xtables_rule_match **matches)
{
+ struct xtables_match **dptr;
struct xtables_match *ptr;
const char *icmp6 = "icmp6";
@@ -549,6 +608,18 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
(strcmp(name,"icmp6") == 0) )
name = icmp6;
+ /* Trigger delayed initialization */
+ for (dptr = &xtables_pending_matches; *dptr; ) {
+ if (strcmp(name, (*dptr)->name) == 0) {
+ ptr = *dptr;
+ *dptr = (*dptr)->next;
+ ptr->next = NULL;
+ xtables_fully_register_pending_match(ptr);
+ } else {
+ dptr = &((*dptr)->next);
+ }
+ }
+
for (ptr = xtables_matches; ptr; ptr = ptr->next) {
if (strcmp(name, ptr->name) == 0) {
struct xtables_match *clone;
@@ -560,6 +631,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
/* Second and subsequent clones */
clone = xtables_malloc(sizeof(struct xtables_match));
memcpy(clone, ptr, sizeof(struct xtables_match));
+ clone->udata = NULL;
clone->mflags = 0;
/* This is a clone: */
clone->next = clone;
@@ -577,7 +649,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED)
xt_params->exit_err(PARAMETER_PROBLEM,
"Couldn't load match `%s':%s\n",
- name, dlerror());
+ name, strerror(errno));
}
#else
if (ptr && !ptr->loaded) {
@@ -614,6 +686,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
struct xtables_target *
xtables_find_target(const char *name, enum xtables_tryload tryload)
{
+ struct xtables_target **dptr;
struct xtables_target *ptr;
/* Standard target? */
@@ -624,6 +697,18 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
|| strcmp(name, XTC_LABEL_RETURN) == 0)
name = "standard";
+ /* Trigger delayed initialization */
+ for (dptr = &xtables_pending_targets; *dptr; ) {
+ if (strcmp(name, (*dptr)->name) == 0) {
+ ptr = *dptr;
+ *dptr = (*dptr)->next;
+ ptr->next = NULL;
+ xtables_fully_register_pending_target(ptr);
+ } else {
+ dptr = &((*dptr)->next);
+ }
+ }
+
for (ptr = xtables_targets; ptr; ptr = ptr->next) {
if (strcmp(name, ptr->name) == 0)
break;
@@ -637,7 +722,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED)
xt_params->exit_err(PARAMETER_PROBLEM,
"Couldn't load target `%s':%s\n",
- name, dlerror());
+ name, strerror(errno));
}
#else
if (ptr && !ptr->loaded) {
@@ -658,7 +743,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
return ptr;
}
-static int compatible_revision(const char *name, u_int8_t revision, int opt)
+static int compatible_revision(const char *name, uint8_t revision, int opt)
{
struct xt_get_revision rev;
socklen_t s = sizeof(rev);
@@ -669,10 +754,10 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
if (errno == EPERM) {
/* revision 0 is always supported. */
if (revision != 0)
- fprintf(stderr, "Could not determine whether "
+ fprintf(stderr, "%s: Could not determine whether "
"revision %u is supported, "
"assuming it is.\n",
- revision);
+ name, revision);
return 1;
}
fprintf(stderr, "Could not open socket to kernel: %s\n",
@@ -680,6 +765,12 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
exit(1);
}
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
+
xtables_load_ko(xtables_modprobe_program, true);
strcpy(rev.name, name);
@@ -706,20 +797,29 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
}
-static int compatible_match_revision(const char *name, u_int8_t revision)
+static int compatible_match_revision(const char *name, uint8_t revision)
{
return compatible_revision(name, revision, afinfo->so_rev_match);
}
-static int compatible_target_revision(const char *name, u_int8_t revision)
+static int compatible_target_revision(const char *name, uint8_t revision)
{
return compatible_revision(name, revision, afinfo->so_rev_target);
}
-void xtables_register_match(struct xtables_match *me)
+static void xtables_check_options(const char *name, const struct option *opt)
{
- struct xtables_match **i, *old;
+ for (; opt->name != NULL; ++opt)
+ if (opt->val < 0 || opt->val >= XT_OPTION_OFFSET_SCALE) {
+ fprintf(stderr, "%s: Extension %s uses invalid "
+ "option value %d\n",xt_params->program_name,
+ name, opt->val);
+ exit(1);
+ }
+}
+void xtables_register_match(struct xtables_match *me)
+{
if (me->version == NULL) {
fprintf(stderr, "%s: match %s<%u> is missing a version\n",
xt_params->program_name, me->name, me->revision);
@@ -734,7 +834,7 @@ void xtables_register_match(struct xtables_match *me)
}
if (strlen(me->name) >= XT_EXTENSION_MAXNAMELEN) {
- fprintf(stderr, "%s: target `%s' has invalid name\n",
+ fprintf(stderr, "%s: match `%s' has invalid name\n",
xt_params->program_name, me->name);
exit(1);
}
@@ -746,14 +846,91 @@ void xtables_register_match(struct xtables_match *me)
exit(1);
}
+ if (me->x6_options != NULL)
+ xtables_option_metavalidate(me->name, me->x6_options);
+ if (me->extra_opts != NULL)
+ xtables_check_options(me->name, me->extra_opts);
+
/* ignore not interested match */
if (me->family != afinfo->family && me->family != AF_UNSPEC)
return;
+ /* place on linked list of matches pending full registration */
+ me->next = xtables_pending_matches;
+ xtables_pending_matches = me;
+}
+
+/**
+ * Compare two actions for their preference
+ * @a: one action
+ * @b: another
+ *
+ * Like strcmp, returns a negative number if @a is less preferred than @b,
+ * positive number if @a is more preferred than @b, or zero if equally
+ * preferred.
+ */
+static int
+xtables_mt_prefer(bool a_alias, unsigned int a_rev, unsigned int a_fam,
+ bool b_alias, unsigned int b_rev, unsigned int b_fam)
+{
+ /*
+ * Alias ranks higher than no alias.
+ * (We want the new action to be used whenever possible.)
+ */
+ if (!a_alias && b_alias)
+ return -1;
+ if (a_alias && !b_alias)
+ return 1;
+
+ /* Higher revision ranks higher. */
+ if (a_rev < b_rev)
+ return -1;
+ if (a_rev > b_rev)
+ return 1;
+
+ /* NFPROTO_<specific> ranks higher than NFPROTO_UNSPEC. */
+ if (a_fam == NFPROTO_UNSPEC && b_fam != NFPROTO_UNSPEC)
+ return -1;
+ if (a_fam != NFPROTO_UNSPEC && b_fam == NFPROTO_UNSPEC)
+ return 1;
+
+ /* Must be the same thing. */
+ return 0;
+}
+
+static int xtables_match_prefer(const struct xtables_match *a,
+ const struct xtables_match *b)
+{
+ return xtables_mt_prefer(a->real_name != NULL,
+ a->revision, a->family,
+ b->real_name != NULL,
+ b->revision, b->family);
+}
+
+static int xtables_target_prefer(const struct xtables_target *a,
+ const struct xtables_target *b)
+{
+ /*
+ * Note that if x->real_name==NULL, it will be set to x->name in
+ * xtables_register_*; the direct pointer comparison here is therefore
+ * legitimate to detect an alias.
+ */
+ return xtables_mt_prefer(a->real_name != NULL,
+ a->revision, a->family,
+ b->real_name != NULL,
+ b->revision, b->family);
+}
+
+static void xtables_fully_register_pending_match(struct xtables_match *me)
+{
+ struct xtables_match **i, *old;
+ const char *rn;
+ int compare;
+
old = xtables_find_match(me->name, XTF_DURING_LOAD, NULL);
if (old) {
- if (old->revision == me->revision &&
- old->family == me->family) {
+ compare = xtables_match_prefer(old, me);
+ if (compare == 0) {
fprintf(stderr,
"%s: match `%s' already registered.\n",
xt_params->program_name, me->name);
@@ -761,16 +938,14 @@ void xtables_register_match(struct xtables_match *me)
}
/* Now we have two (or more) options, check compatibility. */
- if (compatible_match_revision(old->name, old->revision)
- && old->revision > me->revision)
+ rn = (old->real_name != NULL) ? old->real_name : old->name;
+ if (compare > 0 &&
+ compatible_match_revision(rn, old->revision))
return;
/* See if new match can be used. */
- if (!compatible_match_revision(me->name, me->revision))
- return;
-
- /* Prefer !AF_UNSPEC over AF_UNSPEC for same revision. */
- if (old->revision == me->revision && me->family == AF_UNSPEC)
+ rn = (me->real_name != NULL) ? me->real_name : me->name;
+ if (!compatible_match_revision(rn, me->revision))
return;
/* Delete old one. */
@@ -803,8 +978,6 @@ void xtables_register_matches(struct xtables_match *match, unsigned int n)
void xtables_register_target(struct xtables_target *me)
{
- struct xtables_target *old;
-
if (me->version == NULL) {
fprintf(stderr, "%s: target %s<%u> is missing a version\n",
xt_params->program_name, me->name, me->revision);
@@ -831,16 +1004,32 @@ void xtables_register_target(struct xtables_target *me)
exit(1);
}
+ if (me->x6_options != NULL)
+ xtables_option_metavalidate(me->name, me->x6_options);
+ if (me->extra_opts != NULL)
+ xtables_check_options(me->name, me->extra_opts);
+
/* ignore not interested target */
if (me->family != afinfo->family && me->family != AF_UNSPEC)
return;
+ /* place on linked list of targets pending full registration */
+ me->next = xtables_pending_targets;
+ xtables_pending_targets = me;
+}
+
+static void xtables_fully_register_pending_target(struct xtables_target *me)
+{
+ struct xtables_target *old;
+ const char *rn;
+ int compare;
+
old = xtables_find_target(me->name, XTF_DURING_LOAD);
if (old) {
struct xtables_target **i;
- if (old->revision == me->revision &&
- old->family == me->family) {
+ compare = xtables_target_prefer(old, me);
+ if (compare == 0) {
fprintf(stderr,
"%s: target `%s' already registered.\n",
xt_params->program_name, me->name);
@@ -848,16 +1037,14 @@ void xtables_register_target(struct xtables_target *me)
}
/* Now we have two (or more) options, check compatibility. */
- if (compatible_target_revision(old->name, old->revision)
- && old->revision > me->revision)
+ rn = (old->real_name != NULL) ? old->real_name : old->name;
+ if (compare > 0 &&
+ compatible_target_revision(rn, old->revision))
return;
/* See if new target can be used. */
- if (!compatible_target_revision(me->name, me->revision))
- return;
-
- /* Prefer !AF_UNSPEC over AF_UNSPEC for same revision. */
- if (old->revision == me->revision && me->family == AF_UNSPEC)
+ rn = (me->real_name != NULL) ? me->real_name : me->name;
+ if (!compatible_target_revision(rn, me->revision))
return;
/* Delete old one. */
@@ -886,6 +1073,28 @@ void xtables_register_targets(struct xtables_target *target, unsigned int n)
} while (n > 0);
}
+/* receives a list of xtables_rule_match, release them */
+void xtables_rule_matches_free(struct xtables_rule_match **matches)
+{
+ struct xtables_rule_match *matchp, *tmp;
+
+ for (matchp = *matches; matchp;) {
+ tmp = matchp->next;
+ if (matchp->match->m) {
+ free(matchp->match->m);
+ matchp->match->m = NULL;
+ }
+ if (matchp->match == matchp->match->next) {
+ free(matchp->match);
+ matchp->match = NULL;
+ }
+ free(matchp);
+ matchp = tmp;
+ }
+
+ *matches = NULL;
+}
+
/**
* xtables_param_act - act on condition
* @status: a constant from enum xtables_exittype
@@ -922,8 +1131,10 @@ void xtables_param_act(unsigned int status, const char *p1, ...)
case XTF_ONLY_ONCE:
p2 = va_arg(args, const char *);
b = va_arg(args, unsigned int);
- if (!b)
+ if (!b) {
+ va_end(args);
return;
+ }
xt_params->exit_err(PARAMETER_PROBLEM,
"%s: \"%s\" option may only be specified once",
p1, p2);
@@ -931,8 +1142,10 @@ void xtables_param_act(unsigned int status, const char *p1, ...)
case XTF_NO_INVERT:
p2 = va_arg(args, const char *);
b = va_arg(args, unsigned int);
- if (!b)
+ if (!b) {
+ va_end(args);
return;
+ }
xt_params->exit_err(PARAMETER_PROBLEM,
"%s: \"%s\" option cannot be inverted", p1, p2);
break;
@@ -945,8 +1158,10 @@ void xtables_param_act(unsigned int status, const char *p1, ...)
break;
case XTF_ONE_ACTION:
b = va_arg(args, unsigned int);
- if (!b)
+ if (!b) {
+ va_end(args);
return;
+ }
xt_params->exit_err(PARAMETER_PROBLEM,
"%s: At most one action is possible", p1);
break;
@@ -999,28 +1214,43 @@ const char *xtables_ipaddr_to_anyname(const struct in_addr *addr)
return xtables_ipaddr_to_numeric(addr);
}
-const char *xtables_ipmask_to_numeric(const struct in_addr *mask)
+int xtables_ipmask_to_cidr(const struct in_addr *mask)
{
- static char buf[20];
uint32_t maskaddr, bits;
int i;
maskaddr = ntohl(mask->s_addr);
-
+ /* shortcut for /32 networks */
if (maskaddr == 0xFFFFFFFFL)
- /* we don't want to see "/32" */
- return "";
+ return 32;
i = 32;
bits = 0xFFFFFFFEL;
while (--i >= 0 && maskaddr != bits)
bits <<= 1;
if (i >= 0)
- sprintf(buf, "/%d", i);
- else
+ return i;
+
+ /* this mask cannot be converted to CIDR notation */
+ return -1;
+}
+
+const char *xtables_ipmask_to_numeric(const struct in_addr *mask)
+{
+ static char buf[20];
+ uint32_t cidr;
+
+ cidr = xtables_ipmask_to_cidr(mask);
+ if (cidr == (unsigned int)-1) {
/* mask was not a decent combination of 1's and 0's */
sprintf(buf, "/%s", xtables_ipaddr_to_numeric(mask));
+ return buf;
+ } else if (cidr == 32) {
+ /* we don't want to see "/32" */
+ return "";
+ }
+ sprintf(buf, "/%d", cidr);
return buf;
}
@@ -1109,7 +1339,7 @@ static struct in_addr *host_to_ipaddr(const char *name, unsigned int *naddr)
while (host->h_addr_list[*naddr] != NULL)
++*naddr;
- addr = xtables_calloc(*naddr, sizeof(struct in_addr) * *naddr);
+ addr = xtables_calloc(*naddr, sizeof(struct in_addr));
for (i = 0; i < *naddr; i++)
memcpy(&addr[i], host->h_addr_list[i],
sizeof(struct in_addr));
@@ -1167,7 +1397,7 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp,
struct in_addr **maskpp, unsigned int *naddrs)
{
struct in_addr *addrp;
- char buf[256], *p;
+ char buf[256], *p, *next;
unsigned int len, i, j, n, count = 1;
const char *loop = name;
@@ -1182,23 +1412,19 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp,
loop = name;
for (i = 0; i < count; ++i) {
- if (loop == NULL)
- break;
- if (*loop == ',')
+ while (isspace(*loop))
++loop;
- if (*loop == '\0')
- break;
- p = strchr(loop, ',');
- if (p != NULL)
- len = p - loop;
+ next = strchr(loop, ',');
+ if (next != NULL)
+ len = next - loop;
else
len = strlen(loop);
- if (len == 0 || sizeof(buf) - 1 < len)
- break;
+ if (len > sizeof(buf) - 1)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "Hostname too long");
strncpy(buf, loop, len);
buf[len] = '\0';
- loop += len;
if ((p = strrchr(buf, '/')) != NULL) {
*p = '\0';
addrp = parse_ipmask(p + 1);
@@ -1236,9 +1462,12 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp,
}
/* free what ipparse_hostnetwork had allocated: */
free(addrp);
+ if (next == NULL)
+ break;
+ loop = next + 1;
}
*naddrs = count;
- for (i = 0; i < n; ++i)
+ for (i = 0; i < count; ++i)
(*addrpp+i)->s_addr &= (*maskpp+i)->s_addr;
}
@@ -1277,8 +1506,13 @@ void xtables_ipparse_any(const char *name, struct in_addr **addrpp,
addrp[j++].s_addr &= maskp->s_addr;
for (k = 0; k < j - 1; ++k)
if (addrp[k].s_addr == addrp[j-1].s_addr) {
- --*naddrs;
- --j;
+ /*
+ * Nuke the dup by copying an address from the
+ * tail here, and check the current position
+ * again (--j).
+ */
+ memcpy(&addrp[--j], &addrp[--*naddrs],
+ sizeof(struct in_addr));
break;
}
}
@@ -1286,7 +1520,7 @@ void xtables_ipparse_any(const char *name, struct in_addr **addrpp,
const char *xtables_ip6addr_to_numeric(const struct in6_addr *addrp)
{
- /* 0000:0000:0000:0000:0000:000.000.000.000
+ /* 0000:0000:0000:0000:0000:0000:000.000.000.000
* 0000:0000:0000:0000:0000:0000:0000:0000 */
static char buf[50+1];
return inet_ntop(AF_INET6, addrp, buf, sizeof(buf));
@@ -1327,7 +1561,7 @@ const char *xtables_ip6addr_to_anyname(const struct in6_addr *addr)
return xtables_ip6addr_to_numeric(addr);
}
-static int ip6addr_prefix_length(const struct in6_addr *k)
+int xtables_ip6mask_to_cidr(const struct in6_addr *k)
{
unsigned int bits = 0;
uint32_t a, b, c, d;
@@ -1354,14 +1588,18 @@ static int ip6addr_prefix_length(const struct in6_addr *k)
const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp)
{
static char buf[50+2];
- int l = ip6addr_prefix_length(addrp);
+ int l = xtables_ip6mask_to_cidr(addrp);
if (l == -1) {
strcpy(buf, "/");
strcat(buf, xtables_ip6addr_to_numeric(addrp));
return buf;
}
- sprintf(buf, "/%d", l);
+ /* we don't want to see "/128" */
+ if (l == 128)
+ return "";
+ else
+ sprintf(buf, "/%d", l);
return buf;
}
@@ -1381,17 +1619,16 @@ struct in6_addr *xtables_numeric_to_ip6addr(const char *num)
static struct in6_addr *
host_to_ip6addr(const char *name, unsigned int *naddr)
{
- static struct in6_addr *addr;
+ struct in6_addr *addr;
struct addrinfo hints;
- struct addrinfo *res;
+ struct addrinfo *res, *p;
int err;
+ unsigned int i;
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
hints.ai_family = AF_INET6;
hints.ai_socktype = SOCK_RAW;
- hints.ai_protocol = IPPROTO_IPV6;
- hints.ai_next = NULL;
*naddr = 0;
if ((err = getaddrinfo(name, NULL, &hints, &res)) != 0) {
@@ -1400,20 +1637,20 @@ host_to_ip6addr(const char *name, unsigned int *naddr)
#endif
return NULL;
} else {
- if (res->ai_family != AF_INET6 ||
- res->ai_addrlen != sizeof(struct sockaddr_in6))
- return NULL;
-
+ /* Find length of address chain */
+ for (p = res; p != NULL; p = p->ai_next)
+ ++*naddr;
#ifdef DEBUG
fprintf(stderr, "resolved: len=%d %s ", res->ai_addrlen,
xtables_ip6addr_to_numeric(&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr));
#endif
- /* Get the first element of the address-chain */
- addr = xtables_malloc(sizeof(struct in6_addr));
- memcpy(addr, &((const struct sockaddr_in6 *)res->ai_addr)->sin6_addr,
- sizeof(struct in6_addr));
+ /* Copy each element of the address chain */
+ addr = xtables_calloc(*naddr, sizeof(struct in6_addr));
+ for (i = 0, p = res; p != NULL; p = p->ai_next)
+ memcpy(&addr[i++],
+ &((const struct sockaddr_in6 *)p->ai_addr)->sin6_addr,
+ sizeof(struct in6_addr));
freeaddrinfo(res);
- *naddr = 1;
return addr;
}
@@ -1480,7 +1717,7 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
{
static const struct in6_addr zero_addr;
struct in6_addr *addrp;
- char buf[256], *p;
+ char buf[256], *p, *next;
unsigned int len, i, j, n, count = 1;
const char *loop = name;
@@ -1495,23 +1732,19 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
loop = name;
for (i = 0; i < count /*NB: count can grow*/; ++i) {
- if (loop == NULL)
- break;
- if (*loop == ',')
+ while (isspace(*loop))
++loop;
- if (*loop == '\0')
- break;
- p = strchr(loop, ',');
- if (p != NULL)
- len = p - loop;
+ next = strchr(loop, ',');
+ if (next != NULL)
+ len = next - loop;
else
len = strlen(loop);
- if (len == 0 || sizeof(buf) - 1 < len)
- break;
+ if (len > sizeof(buf) - 1)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "Hostname too long");
strncpy(buf, loop, len);
buf[len] = '\0';
- loop += len;
if ((p = strrchr(buf, '/')) != NULL) {
*p = '\0';
addrp = parse_ip6mask(p + 1);
@@ -1525,12 +1758,6 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
strcpy(buf, "::");
addrp = ip6parse_hostnetwork(buf, &n);
- /* ip6parse_hostnetwork only ever returns one IP
- address (it exits if the resolution fails).
- Therefore, n will always be 1 here. Leaving the
- code below in anyway in case ip6parse_hostnetwork
- is improved some day to behave like
- ipparse_hostnetwork: */
if (n > 1) {
count += n - 1;
*addrpp = xtables_realloc(*addrpp,
@@ -1551,9 +1778,12 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
}
/* free what ip6parse_hostnetwork had allocated: */
free(addrp);
+ if (next == NULL)
+ break;
+ loop = next + 1;
}
*naddrs = count;
- for (i = 0; i < n; ++i)
+ for (i = 0; i < count; ++i)
for (j = 0; j < 4; ++j)
(*addrpp+i)->s6_addr32[j] &= (*maskpp+i)->s6_addr32[j];
}
@@ -1588,8 +1818,13 @@ void xtables_ip6parse_any(const char *name, struct in6_addr **addrpp,
++j;
for (k = 0; k < j - 1; ++k)
if (IN6_ARE_ADDR_EQUAL(&addrp[k], &addrp[j - 1])) {
- --*naddrs;
- --j;
+ /*
+ * Nuke the dup by copying an address from the
+ * tail here, and check the current position
+ * again (--j).
+ */
+ memcpy(&addrp[--j], &addrp[--*naddrs],
+ sizeof(struct in_addr));
break;
}
}
@@ -1604,17 +1839,17 @@ void xtables_save_string(const char *value)
size_t length;
const char *p;
- length = strcspn(value, no_quote_chars);
+ length = strspn(value, no_quote_chars);
if (length > 0 && value[length] == 0) {
/* no quoting required */
- fputs(value, stdout);
putchar(' ');
+ fputs(value, stdout);
} else {
/* there is at least one dangerous character in the
value, which we have to quote. Write double quotes
around the value and escape special characters with
a backslash */
- putchar('"');
+ printf(" \"");
for (p = strpbrk(value, escape_chars); p != NULL;
p = strpbrk(value, escape_chars)) {
@@ -1628,37 +1863,8 @@ void xtables_save_string(const char *value)
/* print the rest and finish the double quoted
string */
fputs(value, stdout);
- printf("\" ");
- }
-}
-
-/**
- * Check for option-intrapositional negation.
- * Do not use in new code.
- */
-int xtables_check_inverse(const char option[], int *invert,
- int *my_optind, int argc, char **argv)
-{
- if (option == NULL || strcmp(option, "!") != 0)
- return false;
-
- fprintf(stderr, "Using intrapositioned negation "
- "(`--option ! this`) is deprecated in favor of "
- "extrapositioned (`! --option this`).\n");
-
- if (*invert)
- xt_params->exit_err(PARAMETER_PROBLEM,
- "Multiple `!' flags not allowed");
- *invert = true;
- if (my_optind != NULL) {
- optarg = argv[*my_optind];
- ++*my_optind;
- if (argc && *my_optind > argc)
- xt_params->exit_err(PARAMETER_PROBLEM,
- "no argument following `!'");
+ putchar('\"');
}
-
- return true;
}
const struct xtables_pprot xtables_chain_protos[] = {
@@ -1677,40 +1883,79 @@ const struct xtables_pprot xtables_chain_protos[] = {
{NULL},
};
-u_int16_t
+uint16_t
xtables_parse_protocol(const char *s)
{
- unsigned int proto;
+ const struct protoent *pent;
+ unsigned int proto, i;
- if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) {
- struct protoent *pent;
+ if (xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX))
+ return proto;
- /* first deal with the special case of 'all' to prevent
- * people from being able to redefine 'all' in nsswitch
- * and/or provoke expensive [not working] ldap/nis/...
- * lookups */
- if (!strcmp(s, "all"))
- return 0;
+ /* first deal with the special case of 'all' to prevent
+ * people from being able to redefine 'all' in nsswitch
+ * and/or provoke expensive [not working] ldap/nis/...
+ * lookups */
+ if (strcmp(s, "all") == 0)
+ return 0;
- if ((pent = getprotobyname(s)))
- proto = pent->p_proto;
- else {
- unsigned int i;
- for (i = 0; i < ARRAY_SIZE(xtables_chain_protos); ++i) {
- if (xtables_chain_protos[i].name == NULL)
- continue;
+ pent = getprotobyname(s);
+ if (pent != NULL)
+ return pent->p_proto;
- if (strcmp(s, xtables_chain_protos[i].name) == 0) {
- proto = xtables_chain_protos[i].num;
- break;
- }
- }
- if (i == ARRAY_SIZE(xtables_chain_protos))
- xt_params->exit_err(PARAMETER_PROBLEM,
- "unknown protocol `%s' specified",
- s);
- }
+ for (i = 0; i < ARRAY_SIZE(xtables_chain_protos); ++i) {
+ if (xtables_chain_protos[i].name == NULL)
+ continue;
+ if (strcmp(s, xtables_chain_protos[i].name) == 0)
+ return xtables_chain_protos[i].num;
+ }
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "unknown protocol \"%s\" specified", s);
+ return -1;
+}
+
+void xtables_print_num(uint64_t number, unsigned int format)
+{
+ if (!(format & FMT_KILOMEGAGIGA)) {
+ printf(FMT("%8llu ","%llu "), (unsigned long long)number);
+ return;
+ }
+ if (number <= 99999) {
+ printf(FMT("%5llu ","%llu "), (unsigned long long)number);
+ return;
+ }
+ number = (number + 500) / 1000;
+ if (number <= 9999) {
+ printf(FMT("%4lluK ","%lluK "), (unsigned long long)number);
+ return;
+ }
+ number = (number + 500) / 1000;
+ if (number <= 9999) {
+ printf(FMT("%4lluM ","%lluM "), (unsigned long long)number);
+ return;
+ }
+ number = (number + 500) / 1000;
+ if (number <= 9999) {
+ printf(FMT("%4lluG ","%lluG "), (unsigned long long)number);
+ return;
+ }
+ number = (number + 500) / 1000;
+ printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
+}
+
+int kernel_version;
+
+void get_kernel_version(void)
+{
+ static struct utsname uts;
+ int x = 0, y = 0, z = 0;
+
+ if (uname(&uts) == -1) {
+ fprintf(stderr, "Unable to retrieve kernel version.\n");
+ xtables_free_opts(1);
+ exit(1);
}
- return proto;
+ sscanf(uts.release, "%d.%d.%d", &x, &y, &z);
+ kernel_version = LINUX_VERSION(x, y, z);
}
diff --git a/libxtables/xtoptions.c b/libxtables/xtoptions.c
new file mode 100644
index 0000000..78e9abd
--- /dev/null
+++ b/libxtables/xtoptions.c
@@ -0,0 +1,1204 @@
+/*
+ * Argument parser
+ * Copyright © Jan Engelhardt, 2011
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ */
+#include <ctype.h>
+#include <errno.h>
+#include <getopt.h>
+#include <limits.h>
+#include <netdb.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <arpa/inet.h>
+#include <netinet/ip.h>
+#include "xtables.h"
+#include "xshared.h"
+#ifndef IPTOS_NORMALSVC
+# define IPTOS_NORMALSVC 0
+#endif
+
+#define XTOPT_MKPTR(cb) \
+ ((void *)((char *)(cb)->data + (cb)->entry->ptroff))
+
+/**
+ * Simple key-value pairs for syslog levels
+ */
+struct syslog_level {
+ char name[8];
+ uint8_t level;
+};
+
+struct tos_value_mask {
+ uint8_t value, mask;
+};
+
+static const size_t xtopt_psize[] = {
+ /*
+ * All types not listed here, and thus essentially being initialized to
+ * zero have zero on purpose.
+ */
+ [XTTYPE_UINT8] = sizeof(uint8_t),
+ [XTTYPE_UINT16] = sizeof(uint16_t),
+ [XTTYPE_UINT32] = sizeof(uint32_t),
+ [XTTYPE_UINT64] = sizeof(uint64_t),
+ [XTTYPE_UINT8RC] = sizeof(uint8_t[2]),
+ [XTTYPE_UINT16RC] = sizeof(uint16_t[2]),
+ [XTTYPE_UINT32RC] = sizeof(uint32_t[2]),
+ [XTTYPE_UINT64RC] = sizeof(uint64_t[2]),
+ [XTTYPE_DOUBLE] = sizeof(double),
+ [XTTYPE_STRING] = -1,
+ [XTTYPE_SYSLOGLEVEL] = sizeof(uint8_t),
+ [XTTYPE_HOST] = sizeof(union nf_inet_addr),
+ [XTTYPE_HOSTMASK] = sizeof(union nf_inet_addr),
+ [XTTYPE_PROTOCOL] = sizeof(uint8_t),
+ [XTTYPE_PORT] = sizeof(uint16_t),
+ [XTTYPE_PORTRC] = sizeof(uint16_t[2]),
+ [XTTYPE_PLENMASK] = sizeof(union nf_inet_addr),
+ [XTTYPE_ETHERMAC] = sizeof(uint8_t[6]),
+};
+
+/**
+ * Creates getopt options from the x6-style option map, and assigns each a
+ * getopt id.
+ */
+struct option *
+xtables_options_xfrm(struct option *orig_opts, struct option *oldopts,
+ const struct xt_option_entry *entry, unsigned int *offset)
+{
+ unsigned int num_orig, num_old = 0, num_new, i;
+ struct option *merge, *mp;
+
+ if (entry == NULL)
+ return oldopts;
+ for (num_orig = 0; orig_opts[num_orig].name != NULL; ++num_orig)
+ ;
+ if (oldopts != NULL)
+ for (num_old = 0; oldopts[num_old].name != NULL; ++num_old)
+ ;
+ for (num_new = 0; entry[num_new].name != NULL; ++num_new)
+ ;
+
+ /*
+ * Since @oldopts also has @orig_opts already (and does so at the
+ * start), skip these entries.
+ */
+ oldopts += num_orig;
+ num_old -= num_orig;
+
+ merge = malloc(sizeof(*mp) * (num_orig + num_old + num_new + 1));
+ if (merge == NULL)
+ return NULL;
+
+ /* Let the base options -[ADI...] have precedence over everything */
+ memcpy(merge, orig_opts, sizeof(*mp) * num_orig);
+ mp = merge + num_orig;
+
+ /* Second, the new options */
+ xt_params->option_offset += XT_OPTION_OFFSET_SCALE;
+ *offset = xt_params->option_offset;
+
+ for (i = 0; i < num_new; ++i, ++mp, ++entry) {
+ mp->name = entry->name;
+ mp->has_arg = entry->type != XTTYPE_NONE;
+ mp->flag = NULL;
+ mp->val = entry->id + *offset;
+ }
+
+ /* Third, the old options */
+ memcpy(mp, oldopts, sizeof(*mp) * num_old);
+ mp += num_old;
+ xtables_free_opts(0);
+
+ /* Clear trailing entry */
+ memset(mp, 0, sizeof(*mp));
+ return merge;
+}
+
+/**
+ * Give the upper limit for a certain type.
+ */
+static uintmax_t xtopt_max_by_type(enum xt_option_type type)
+{
+ switch (type) {
+ case XTTYPE_UINT8:
+ case XTTYPE_UINT8RC:
+ return UINT8_MAX;
+ case XTTYPE_UINT16:
+ case XTTYPE_UINT16RC:
+ return UINT16_MAX;
+ case XTTYPE_UINT32:
+ case XTTYPE_UINT32RC:
+ return UINT32_MAX;
+ case XTTYPE_UINT64:
+ case XTTYPE_UINT64RC:
+ return UINT64_MAX;
+ default:
+ return 0;
+ }
+}
+
+/**
+ * Return the size of a single entity based upon a type - predominantly an
+ * XTTYPE_UINT*RC type.
+ */
+static size_t xtopt_esize_by_type(enum xt_option_type type)
+{
+ switch (type) {
+ case XTTYPE_UINT8RC:
+ return xtopt_psize[XTTYPE_UINT8];
+ case XTTYPE_UINT16RC:
+ return xtopt_psize[XTTYPE_UINT16];
+ case XTTYPE_UINT32RC:
+ return xtopt_psize[XTTYPE_UINT32];
+ case XTTYPE_UINT64RC:
+ return xtopt_psize[XTTYPE_UINT64];
+ default:
+ return xtopt_psize[type];
+ }
+}
+
+/**
+ * Require a simple integer.
+ */
+static void xtopt_parse_int(struct xt_option_call *cb)
+{
+ const struct xt_option_entry *entry = cb->entry;
+ uintmax_t lmin = 0, lmax = xtopt_max_by_type(entry->type);
+ uintmax_t value;
+
+ if (cb->entry->min != 0)
+ lmin = cb->entry->min;
+ if (cb->entry->max != 0)
+ lmax = cb->entry->max;
+
+ if (!xtables_strtoul(cb->arg, NULL, &value, lmin, lmax))
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: bad value for option \"--%s\", "
+ "or out of range (%ju-%ju).\n",
+ cb->ext_name, entry->name, lmin, lmax);
+
+ if (entry->type == XTTYPE_UINT8) {
+ cb->val.u8 = value;
+ if (entry->flags & XTOPT_PUT)
+ *(uint8_t *)XTOPT_MKPTR(cb) = cb->val.u8;
+ } else if (entry->type == XTTYPE_UINT16) {
+ cb->val.u16 = value;
+ if (entry->flags & XTOPT_PUT)
+ *(uint16_t *)XTOPT_MKPTR(cb) = cb->val.u16;
+ } else if (entry->type == XTTYPE_UINT32) {
+ cb->val.u32 = value;
+ if (entry->flags & XTOPT_PUT)
+ *(uint32_t *)XTOPT_MKPTR(cb) = cb->val.u32;
+ } else if (entry->type == XTTYPE_UINT64) {
+ cb->val.u64 = value;
+ if (entry->flags & XTOPT_PUT)
+ *(uint64_t *)XTOPT_MKPTR(cb) = cb->val.u64;
+ }
+}
+
+/**
+ * Require a simple floating point number.
+ */
+static void xtopt_parse_float(struct xt_option_call *cb)
+{
+ const struct xt_option_entry *entry = cb->entry;
+ double value;
+ char *end;
+
+ value = strtod(cb->arg, &end);
+ if (end == cb->arg || *end != '\0' ||
+ (entry->min != entry->max &&
+ (value < entry->min || value > entry->max)))
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: bad value for option \"--%s\", "
+ "or out of range (%u-%u).\n",
+ cb->ext_name, entry->name, entry->min, entry->max);
+
+ cb->val.dbl = value;
+ if (entry->flags & XTOPT_PUT)
+ *(double *)XTOPT_MKPTR(cb) = cb->val.dbl;
+}
+
+/**
+ * Copy the parsed value to the appropriate entry in cb->val.
+ */
+static void xtopt_mint_value_to_cb(struct xt_option_call *cb, uintmax_t value)
+{
+ const struct xt_option_entry *entry = cb->entry;
+
+ if (cb->nvals >= ARRAY_SIZE(cb->val.u32_range))
+ return;
+ if (entry->type == XTTYPE_UINT8RC)
+ cb->val.u8_range[cb->nvals] = value;
+ else if (entry->type == XTTYPE_UINT16RC)
+ cb->val.u16_range[cb->nvals] = value;
+ else if (entry->type == XTTYPE_UINT32RC)
+ cb->val.u32_range[cb->nvals] = value;
+ else if (entry->type == XTTYPE_UINT64RC)
+ cb->val.u64_range[cb->nvals] = value;
+}
+
+/**
+ * Copy the parsed value to the data area, using appropriate type access.
+ */
+static void xtopt_mint_value_to_ptr(struct xt_option_call *cb, void **datap,
+ uintmax_t value)
+{
+ const struct xt_option_entry *entry = cb->entry;
+ void *data = *datap;
+
+ if (!(entry->flags & XTOPT_PUT))
+ return;
+ if (entry->type == XTTYPE_UINT8RC)
+ *(uint8_t *)data = value;
+ else if (entry->type == XTTYPE_UINT16RC)
+ *(uint16_t *)data = value;
+ else if (entry->type == XTTYPE_UINT32RC)
+ *(uint32_t *)data = value;
+ else if (entry->type == XTTYPE_UINT64RC)
+ *(uint64_t *)data = value;
+ data += xtopt_esize_by_type(entry->type);
+ *datap = data;
+}
+
+/**
+ * Multiple integer parse routine.
+ *
+ * This function is capable of parsing any number of fields. Only the first
+ * two values from the string will be put into @cb however (and as such,
+ * @cb->val.uXX_range is just that large) to cater for the few extensions that
+ * do not have a range[2] field, but {min, max}, and which cannot use
+ * XTOPT_POINTER.
+ */
+static void xtopt_parse_mint(struct xt_option_call *cb)
+{
+ const struct xt_option_entry *entry = cb->entry;
+ const char *arg = cb->arg;
+ size_t esize = xtopt_esize_by_type(entry->type);
+ const uintmax_t lmax = xtopt_max_by_type(entry->type);
+ void *put = XTOPT_MKPTR(cb);
+ unsigned int maxiter;
+ uintmax_t value;
+ char *end = "";
+ char sep = ':';
+
+ maxiter = entry->size / esize;
+ if (maxiter == 0)
+ maxiter = ARRAY_SIZE(cb->val.u32_range);
+ if (entry->size % esize != 0)
+ xt_params->exit_err(OTHER_PROBLEM, "%s: memory block does "
+ "not have proper size\n", __func__);
+
+ cb->nvals = 0;
+ for (arg = cb->arg, end = (char *)arg; ; arg = end + 1) {
+ if (cb->nvals == maxiter)
+ xt_params->exit_err(PARAMETER_PROBLEM, "%s: Too many "
+ "components for option \"--%s\" (max: %u)\n",
+ cb->ext_name, entry->name, maxiter);
+ if (*arg == '\0' || *arg == sep) {
+ /* Default range components when field not spec'd. */
+ end = (char *)arg;
+ value = (cb->nvals == 1) ? lmax : 0;
+ } else {
+ if (!xtables_strtoul(arg, &end, &value, 0, lmax))
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: bad value for option \"--%s\" near "
+ "\"%s\", or out of range (0-%ju).\n",
+ cb->ext_name, entry->name, arg, lmax);
+ if (*end != '\0' && *end != sep)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: Argument to \"--%s\" has "
+ "unexpected characters near \"%s\".\n",
+ cb->ext_name, entry->name, end);
+ }
+ xtopt_mint_value_to_cb(cb, value);
+ ++cb->nvals;
+ xtopt_mint_value_to_ptr(cb, &put, value);
+ if (*end == '\0')
+ break;
+ }
+}
+
+static void xtopt_parse_string(struct xt_option_call *cb)
+{
+ const struct xt_option_entry *entry = cb->entry;
+ size_t z = strlen(cb->arg);
+ char *p;
+
+ if (entry->min != 0 && z < entry->min)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "Argument must have a minimum length of "
+ "%u characters\n", entry->min);
+ if (entry->max != 0 && z > entry->max)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "Argument must have a maximum length of "
+ "%u characters\n", entry->max);
+ if (!(entry->flags & XTOPT_PUT))
+ return;
+ if (z >= entry->size)
+ z = entry->size - 1;
+ p = XTOPT_MKPTR(cb);
+ strncpy(p, cb->arg, z);
+ p[z] = '\0';
+}
+
+static const struct tos_symbol_info {
+ unsigned char value;
+ const char *name;
+} tos_symbol_names[] = {
+ {IPTOS_LOWDELAY, "Minimize-Delay"},
+ {IPTOS_THROUGHPUT, "Maximize-Throughput"},
+ {IPTOS_RELIABILITY, "Maximize-Reliability"},
+ {IPTOS_MINCOST, "Minimize-Cost"},
+ {IPTOS_NORMALSVC, "Normal-Service"},
+ {},
+};
+
+/*
+ * tos_parse_numeric - parse a string like "15/255"
+ *
+ * @str: input string
+ * @tvm: (value/mask) tuple
+ * @max: maximum allowed value (must be pow(2,some_int)-1)
+ */
+static bool tos_parse_numeric(const char *str, struct xt_option_call *cb,
+ unsigned int max)
+{
+ unsigned int value;
+ char *end;
+
+ xtables_strtoui(str, &end, &value, 0, max);
+ cb->val.tos_value = value;
+ cb->val.tos_mask = max;
+
+ if (*end == '/') {
+ const char *p = end + 1;
+
+ if (!xtables_strtoui(p, &end, &value, 0, max))
+ xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"",
+ str);
+ cb->val.tos_mask = value;
+ }
+
+ if (*end != '\0')
+ xtables_error(PARAMETER_PROBLEM, "Illegal value: \"%s\"", str);
+ return true;
+}
+
+/**
+ * @str: input string
+ * @tvm: (value/mask) tuple
+ * @def_mask: mask to force when a symbolic name is used
+ */
+static void xtopt_parse_tosmask(struct xt_option_call *cb)
+{
+ const struct tos_symbol_info *symbol;
+ char *tmp;
+
+ if (xtables_strtoui(cb->arg, &tmp, NULL, 0, UINT8_MAX)) {
+ tos_parse_numeric(cb->arg, cb, UINT8_MAX);
+ return;
+ }
+ /*
+ * This is our way we deal with different defaults
+ * for different revisions.
+ */
+ cb->val.tos_mask = cb->entry->max;
+ for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol)
+ if (strcasecmp(cb->arg, symbol->name) == 0) {
+ cb->val.tos_value = symbol->value;
+ return;
+ }
+
+ xtables_error(PARAMETER_PROBLEM, "Symbolic name \"%s\" is unknown",
+ cb->arg);
+}
+
+/**
+ * Validate the input for being conformant to "mark[/mask]".
+ */
+static void xtopt_parse_markmask(struct xt_option_call *cb)
+{
+ unsigned int mark = 0, mask = ~0U;
+ char *end;
+
+ if (!xtables_strtoui(cb->arg, &end, &mark, 0, UINT32_MAX))
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: bad mark value for option \"--%s\", "
+ "or out of range.\n",
+ cb->ext_name, cb->entry->name);
+ if (*end == '/' &&
+ !xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: bad mask value for option \"--%s\", "
+ "or out of range.\n",
+ cb->ext_name, cb->entry->name);
+ if (*end != '\0')
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: trailing garbage after value "
+ "for option \"--%s\".\n",
+ cb->ext_name, cb->entry->name);
+ cb->val.mark = mark;
+ cb->val.mask = mask;
+}
+
+static int xtopt_sysloglvl_compare(const void *a, const void *b)
+{
+ const char *name = a;
+ const struct syslog_level *entry = b;
+
+ return strcmp(name, entry->name);
+}
+
+static void xtopt_parse_sysloglevel(struct xt_option_call *cb)
+{
+ static const struct syslog_level log_names[] = { /* must be sorted */
+ {"alert", LOG_ALERT},
+ {"crit", LOG_CRIT},
+ {"debug", LOG_DEBUG},
+ {"emerg", LOG_EMERG},
+ {"error", LOG_ERR}, /* deprecated */
+ {"info", LOG_INFO},
+ {"notice", LOG_NOTICE},
+ {"panic", LOG_EMERG}, /* deprecated */
+ {"warning", LOG_WARNING},
+ };
+ const struct syslog_level *e;
+ unsigned int num = 0;
+
+ if (!xtables_strtoui(cb->arg, NULL, &num, 0, 7)) {
+ e = bsearch(cb->arg, log_names, ARRAY_SIZE(log_names),
+ sizeof(*log_names), xtopt_sysloglvl_compare);
+ if (e == NULL)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "log level \"%s\" unknown\n", cb->arg);
+ num = e->level;
+ }
+ cb->val.syslog_level = num;
+ if (cb->entry->flags & XTOPT_PUT)
+ *(uint8_t *)XTOPT_MKPTR(cb) = num;
+}
+
+static void *xtables_sa_host(const void *sa, unsigned int afproto)
+{
+ if (afproto == AF_INET6)
+ return &((struct sockaddr_in6 *)sa)->sin6_addr;
+ else if (afproto == AF_INET)
+ return &((struct sockaddr_in *)sa)->sin_addr;
+ return (void *)sa;
+}
+
+static socklen_t xtables_sa_hostlen(unsigned int afproto)
+{
+ if (afproto == AF_INET6)
+ return sizeof(struct in6_addr);
+ else if (afproto == AF_INET)
+ return sizeof(struct in_addr);
+ return 0;
+}
+
+/**
+ * Accepts: a hostname (DNS), or a single inetaddr - without any mask. The
+ * result is stored in @cb->val.haddr. Additionally, @cb->val.hmask and
+ * @cb->val.hlen are set for completeness to the appropriate values.
+ */
+static void xtopt_parse_host(struct xt_option_call *cb)
+{
+ struct addrinfo hints = {.ai_family = afinfo->family};
+ unsigned int adcount = 0;
+ struct addrinfo *res, *p;
+ int ret;
+
+ ret = getaddrinfo(cb->arg, NULL, &hints, &res);
+ if (ret < 0)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "getaddrinfo: %s\n", gai_strerror(ret));
+
+ memset(&cb->val.hmask, 0xFF, sizeof(cb->val.hmask));
+ cb->val.hlen = (afinfo->family == NFPROTO_IPV4) ? 32 : 128;
+
+ for (p = res; p != NULL; p = p->ai_next) {
+ if (adcount == 0) {
+ memset(&cb->val.haddr, 0, sizeof(cb->val.haddr));
+ memcpy(&cb->val.haddr,
+ xtables_sa_host(p->ai_addr, p->ai_family),
+ xtables_sa_hostlen(p->ai_family));
+ ++adcount;
+ continue;
+ }
+ if (memcmp(&cb->val.haddr,
+ xtables_sa_host(p->ai_addr, p->ai_family),
+ xtables_sa_hostlen(p->ai_family)) != 0)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s resolves to more than one address\n",
+ cb->arg);
+ }
+
+ freeaddrinfo(res);
+ if (cb->entry->flags & XTOPT_PUT)
+ /* Validation in xtables_option_metavalidate */
+ memcpy(XTOPT_MKPTR(cb), &cb->val.haddr,
+ sizeof(cb->val.haddr));
+}
+
+/**
+ * @name: port name, or number as a string (e.g. "http" or "80")
+ *
+ * Resolve a port name to a number. Returns the port number in integral
+ * form on success, or <0 on error. (errno will not be set.)
+ */
+static int xtables_getportbyname(const char *name)
+{
+ struct addrinfo *res = NULL, *p;
+ int ret;
+
+ ret = getaddrinfo(NULL, name, NULL, &res);
+ if (ret < 0)
+ return -1;
+ ret = -1;
+ for (p = res; p != NULL; p = p->ai_next) {
+ if (p->ai_family == AF_INET6) {
+ ret = ((struct sockaddr_in6 *)p->ai_addr)->sin6_port;
+ break;
+ } else if (p->ai_family == AF_INET) {
+ ret = ((struct sockaddr_in *)p->ai_addr)->sin_port;
+ break;
+ }
+ }
+ freeaddrinfo(res);
+ if (ret < 0)
+ return ret;
+ return ntohs(ret);
+}
+
+/**
+ * Validate and parse a protocol specification (number or name) by use of
+ * /etc/protocols and put the result into @cb->val.protocol.
+ */
+static void xtopt_parse_protocol(struct xt_option_call *cb)
+{
+ cb->val.protocol = xtables_parse_protocol(cb->arg);
+ if (cb->entry->flags & XTOPT_PUT)
+ *(uint8_t *)XTOPT_MKPTR(cb) = cb->val.protocol;
+}
+
+/**
+ * Validate and parse a port specification and put the result into
+ * @cb->val.port.
+ */
+static void xtopt_parse_port(struct xt_option_call *cb)
+{
+ const struct xt_option_entry *entry = cb->entry;
+ int ret;
+
+ ret = xtables_getportbyname(cb->arg);
+ if (ret < 0)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "Port \"%s\" does not resolve to anything.\n",
+ cb->arg);
+ if (entry->flags & XTOPT_NBO)
+ ret = htons(ret);
+ cb->val.port = ret;
+ if (entry->flags & XTOPT_PUT)
+ *(uint16_t *)XTOPT_MKPTR(cb) = cb->val.port;
+}
+
+static void xtopt_parse_mport(struct xt_option_call *cb)
+{
+ static const size_t esize = sizeof(uint16_t);
+ const struct xt_option_entry *entry = cb->entry;
+ char *lo_arg, *wp_arg, *arg;
+ unsigned int maxiter;
+ int value;
+
+ wp_arg = lo_arg = strdup(cb->arg);
+ if (lo_arg == NULL)
+ xt_params->exit_err(RESOURCE_PROBLEM, "strdup");
+
+ maxiter = entry->size / esize;
+ if (maxiter == 0)
+ maxiter = 2; /* ARRAY_SIZE(cb->val.port_range) */
+ if (entry->size % esize != 0)
+ xt_params->exit_err(OTHER_PROBLEM, "%s: memory block does "
+ "not have proper size\n", __func__);
+
+ cb->val.port_range[0] = 0;
+ cb->val.port_range[1] = UINT16_MAX;
+ cb->nvals = 0;
+
+ while ((arg = strsep(&wp_arg, ":")) != NULL) {
+ if (cb->nvals == maxiter)
+ xt_params->exit_err(PARAMETER_PROBLEM, "%s: Too many "
+ "components for option \"--%s\" (max: %u)\n",
+ cb->ext_name, entry->name, maxiter);
+ if (*arg == '\0') {
+ ++cb->nvals;
+ continue;
+ }
+
+ value = xtables_getportbyname(arg);
+ if (value < 0)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "Port \"%s\" does not resolve to "
+ "anything.\n", arg);
+ if (entry->flags & XTOPT_NBO)
+ value = htons(value);
+ if (cb->nvals < ARRAY_SIZE(cb->val.port_range))
+ cb->val.port_range[cb->nvals] = value;
+ ++cb->nvals;
+ }
+
+ if (cb->nvals == 1) {
+ cb->val.port_range[1] = cb->val.port_range[0];
+ ++cb->nvals;
+ }
+ if (entry->flags & XTOPT_PUT)
+ memcpy(XTOPT_MKPTR(cb), cb->val.port_range, sizeof(uint16_t) *
+ (cb->nvals <= maxiter ? cb->nvals : maxiter));
+ free(lo_arg);
+}
+
+static int xtopt_parse_mask(struct xt_option_call *cb)
+{
+ struct addrinfo hints = {.ai_family = afinfo->family,
+ .ai_flags = AI_NUMERICHOST };
+ struct addrinfo *res;
+ int ret;
+
+ ret = getaddrinfo(cb->arg, NULL, &hints, &res);
+ if (ret < 0)
+ return 0;
+
+ memcpy(&cb->val.hmask, xtables_sa_host(res->ai_addr, res->ai_family),
+ xtables_sa_hostlen(res->ai_family));
+
+ switch(afinfo->family) {
+ case AF_INET:
+ cb->val.hlen = xtables_ipmask_to_cidr(&cb->val.hmask.in);
+ break;
+ case AF_INET6:
+ cb->val.hlen = xtables_ip6mask_to_cidr(&cb->val.hmask.in6);
+ break;
+ }
+
+ freeaddrinfo(res);
+ return 1;
+}
+
+/**
+ * Parse an integer and ensure it is within the address family's prefix length
+ * limits. The result is stored in @cb->val.hlen.
+ */
+static void xtopt_parse_plen(struct xt_option_call *cb)
+{
+ const struct xt_option_entry *entry = cb->entry;
+ unsigned int prefix_len = 128; /* happiness is a warm gcc */
+
+ cb->val.hlen = (afinfo->family == NFPROTO_IPV4) ? 32 : 128;
+ if (!xtables_strtoui(cb->arg, NULL, &prefix_len, 0, cb->val.hlen)) {
+ /* Is this mask expressed in full format? e.g. 255.255.255.0 */
+ if (xtopt_parse_mask(cb))
+ return;
+
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: bad value for option \"--%s\", "
+ "neither a valid network mask "
+ "nor valid CIDR (%u-%u).\n",
+ cb->ext_name, entry->name, 0, cb->val.hlen);
+ }
+ cb->val.hlen = prefix_len;
+}
+
+/**
+ * Reuse xtopt_parse_plen for testing the integer. Afterwards convert this to
+ * a bitmask, and make it available through @cb->val.hmask (hlen remains
+ * valid). If %XTOPT_PUT is used, hmask will be copied to the target area.
+ */
+static void xtopt_parse_plenmask(struct xt_option_call *cb)
+{
+ const struct xt_option_entry *entry = cb->entry;
+ uint32_t *mask = cb->val.hmask.all;
+
+ xtopt_parse_plen(cb);
+
+ memset(mask, 0xFF, sizeof(union nf_inet_addr));
+ /* This shifting is AF-independent. */
+ if (cb->val.hlen == 0) {
+ mask[0] = mask[1] = mask[2] = mask[3] = 0;
+ } else if (cb->val.hlen <= 32) {
+ mask[0] <<= 32 - cb->val.hlen;
+ mask[1] = mask[2] = mask[3] = 0;
+ } else if (cb->val.hlen <= 64) {
+ mask[1] <<= 32 - (cb->val.hlen - 32);
+ mask[2] = mask[3] = 0;
+ } else if (cb->val.hlen <= 96) {
+ mask[2] <<= 32 - (cb->val.hlen - 64);
+ mask[3] = 0;
+ } else if (cb->val.hlen <= 128) {
+ mask[3] <<= 32 - (cb->val.hlen - 96);
+ }
+ mask[0] = htonl(mask[0]);
+ mask[1] = htonl(mask[1]);
+ mask[2] = htonl(mask[2]);
+ mask[3] = htonl(mask[3]);
+ if (entry->flags & XTOPT_PUT)
+ memcpy(XTOPT_MKPTR(cb), mask, sizeof(union nf_inet_addr));
+}
+
+static void xtopt_parse_hostmask(struct xt_option_call *cb)
+{
+ const char *orig_arg = cb->arg;
+ char *work, *p;
+
+ if (strchr(cb->arg, '/') == NULL) {
+ xtopt_parse_host(cb);
+ return;
+ }
+ work = strdup(orig_arg);
+ if (work == NULL)
+ xt_params->exit_err(PARAMETER_PROBLEM, "strdup");
+ p = strchr(work, '/'); /* by def this can't be NULL now */
+ *p++ = '\0';
+ /*
+ * Because xtopt_parse_host and xtopt_parse_plenmask would store
+ * different things in the same target area, XTTYPE_HOSTMASK must
+ * disallow XTOPT_PUT, which it does by forcing its absence,
+ * cf. not being listed in xtopt_psize.
+ */
+ cb->arg = work;
+ xtopt_parse_host(cb);
+ cb->arg = p;
+ xtopt_parse_plenmask(cb);
+ cb->arg = orig_arg;
+}
+
+static void xtopt_parse_ethermac(struct xt_option_call *cb)
+{
+ const char *arg = cb->arg;
+ unsigned int i;
+ char *end;
+
+ for (i = 0; i < ARRAY_SIZE(cb->val.ethermac) - 1; ++i) {
+ cb->val.ethermac[i] = strtoul(arg, &end, 16);
+ if (*end != ':' || end - arg > 2)
+ goto out;
+ arg = end + 1;
+ }
+ i = ARRAY_SIZE(cb->val.ethermac) - 1;
+ cb->val.ethermac[i] = strtoul(arg, &end, 16);
+ if (*end != '\0' || end - arg > 2)
+ goto out;
+ if (cb->entry->flags & XTOPT_PUT)
+ memcpy(XTOPT_MKPTR(cb), cb->val.ethermac,
+ sizeof(cb->val.ethermac));
+ return;
+ out:
+ xt_params->exit_err(PARAMETER_PROBLEM, "ether");
+}
+
+static void (*const xtopt_subparse[])(struct xt_option_call *) = {
+ [XTTYPE_UINT8] = xtopt_parse_int,
+ [XTTYPE_UINT16] = xtopt_parse_int,
+ [XTTYPE_UINT32] = xtopt_parse_int,
+ [XTTYPE_UINT64] = xtopt_parse_int,
+ [XTTYPE_UINT8RC] = xtopt_parse_mint,
+ [XTTYPE_UINT16RC] = xtopt_parse_mint,
+ [XTTYPE_UINT32RC] = xtopt_parse_mint,
+ [XTTYPE_UINT64RC] = xtopt_parse_mint,
+ [XTTYPE_DOUBLE] = xtopt_parse_float,
+ [XTTYPE_STRING] = xtopt_parse_string,
+ [XTTYPE_TOSMASK] = xtopt_parse_tosmask,
+ [XTTYPE_MARKMASK32] = xtopt_parse_markmask,
+ [XTTYPE_SYSLOGLEVEL] = xtopt_parse_sysloglevel,
+ [XTTYPE_HOST] = xtopt_parse_host,
+ [XTTYPE_HOSTMASK] = xtopt_parse_hostmask,
+ [XTTYPE_PROTOCOL] = xtopt_parse_protocol,
+ [XTTYPE_PORT] = xtopt_parse_port,
+ [XTTYPE_PORTRC] = xtopt_parse_mport,
+ [XTTYPE_PLEN] = xtopt_parse_plen,
+ [XTTYPE_PLENMASK] = xtopt_parse_plenmask,
+ [XTTYPE_ETHERMAC] = xtopt_parse_ethermac,
+};
+
+/**
+ * The master option parsing routine. May be used for the ".x6_parse"
+ * function pointer in extensions if fully automatic parsing is desired.
+ * It may be also called manually from a custom x6_parse function.
+ */
+void xtables_option_parse(struct xt_option_call *cb)
+{
+ const struct xt_option_entry *entry = cb->entry;
+ unsigned int eflag = 1 << cb->entry->id;
+
+ /*
+ * With {.id = P_FOO, .excl = P_FOO} we can have simple double-use
+ * prevention. Though it turned out that this is too much typing (most
+ * of the options are one-time use only), so now we also have
+ * %XTOPT_MULTI.
+ */
+ if ((!(entry->flags & XTOPT_MULTI) || (entry->excl & eflag)) &&
+ cb->xflags & eflag)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" can only be used once.\n",
+ cb->ext_name, cb->entry->name);
+ if (cb->invert && !(entry->flags & XTOPT_INVERT))
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" cannot be inverted.\n",
+ cb->ext_name, entry->name);
+ if (entry->type != XTTYPE_NONE && optarg == NULL)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" requires an argument.\n",
+ cb->ext_name, entry->name);
+ /*
+ * Fill in fallback value for "nvals", in case an extension (as it
+ * happened with libxt_conntrack.2) tries to read it, despite not using
+ * a *RC option type.
+ */
+ cb->nvals = 1;
+ if (entry->type <= ARRAY_SIZE(xtopt_subparse) &&
+ xtopt_subparse[entry->type] != NULL)
+ xtopt_subparse[entry->type](cb);
+ /* Exclusion with other flags tested later in finalize. */
+ cb->xflags |= 1 << entry->id;
+}
+
+/**
+ * Verifies that an extension's option map descriptor is valid, and ought to
+ * be called right after the extension has been loaded, and before option
+ * merging/xfrm.
+ */
+void xtables_option_metavalidate(const char *name,
+ const struct xt_option_entry *entry)
+{
+ for (; entry->name != NULL; ++entry) {
+ if (entry->id >= CHAR_BIT * sizeof(unsigned int) ||
+ entry->id >= XT_OPTION_OFFSET_SCALE)
+ xt_params->exit_err(OTHER_PROBLEM,
+ "Extension %s uses invalid ID %u\n",
+ name, entry->id);
+ if (!(entry->flags & XTOPT_PUT)) {
+ if (entry->ptroff != 0)
+ xt_params->exit_err(OTHER_PROBLEM,
+ "%s: ptroff for \"--%s\" is non-"
+ "zero but no XTOPT_PUT is specified. "
+ "Oversight?", name, entry->name);
+ continue;
+ }
+ if (entry->type >= ARRAY_SIZE(xtopt_psize) ||
+ xtopt_psize[entry->type] == 0)
+ xt_params->exit_err(OTHER_PROBLEM,
+ "%s: entry type of option \"--%s\" cannot be "
+ "combined with XTOPT_PUT\n",
+ name, entry->name);
+ if (xtopt_psize[entry->type] != -1 &&
+ xtopt_psize[entry->type] != entry->size)
+ xt_params->exit_err(OTHER_PROBLEM,
+ "%s: option \"--%s\" points to a memory block "
+ "of wrong size (expected %zu, got %zu)\n",
+ name, entry->name,
+ xtopt_psize[entry->type], entry->size);
+ }
+}
+
+/**
+ * Find an option entry by its id.
+ */
+static const struct xt_option_entry *
+xtables_option_lookup(const struct xt_option_entry *entry, unsigned int id)
+{
+ for (; entry->name != NULL; ++entry)
+ if (entry->id == id)
+ return entry;
+ return NULL;
+}
+
+/**
+ * @c: getopt id (i.e. with offset)
+ * @fw: struct ipt_entry or ip6t_entry
+ *
+ * Dispatch arguments to the appropriate parse function, based upon the
+ * extension's choice of API.
+ */
+void xtables_option_tpcall(unsigned int c, char **argv, bool invert,
+ struct xtables_target *t, void *fw)
+{
+ struct xt_option_call cb;
+
+ if (t->x6_parse == NULL) {
+ if (t->parse != NULL)
+ t->parse(c - t->option_offset, argv, invert,
+ &t->tflags, fw, &t->t);
+ return;
+ }
+
+ c -= t->option_offset;
+ cb.entry = xtables_option_lookup(t->x6_options, c);
+ if (cb.entry == NULL)
+ xtables_error(OTHER_PROBLEM,
+ "Extension does not know id %u\n", c);
+ cb.arg = optarg;
+ cb.invert = invert;
+ cb.ext_name = t->name;
+ cb.data = t->t->data;
+ cb.xflags = t->tflags;
+ cb.target = &t->t;
+ cb.xt_entry = fw;
+ cb.udata = t->udata;
+ t->x6_parse(&cb);
+ t->tflags = cb.xflags;
+}
+
+/**
+ * @c: getopt id (i.e. with offset)
+ * @fw: struct ipt_entry or ip6t_entry
+ *
+ * Dispatch arguments to the appropriate parse function, based upon the
+ * extension's choice of API.
+ */
+void xtables_option_mpcall(unsigned int c, char **argv, bool invert,
+ struct xtables_match *m, void *fw)
+{
+ struct xt_option_call cb;
+
+ if (m->x6_parse == NULL) {
+ if (m->parse != NULL)
+ m->parse(c - m->option_offset, argv, invert,
+ &m->mflags, fw, &m->m);
+ return;
+ }
+
+ c -= m->option_offset;
+ cb.entry = xtables_option_lookup(m->x6_options, c);
+ if (cb.entry == NULL)
+ xtables_error(OTHER_PROBLEM,
+ "Extension does not know id %u\n", c);
+ cb.arg = optarg;
+ cb.invert = invert;
+ cb.ext_name = m->name;
+ cb.data = m->m->data;
+ cb.xflags = m->mflags;
+ cb.match = &m->m;
+ cb.xt_entry = fw;
+ cb.udata = m->udata;
+ m->x6_parse(&cb);
+ m->mflags = cb.xflags;
+}
+
+/**
+ * @name: name of extension
+ * @entry: current option (from all ext's entries) being validated
+ * @xflags: flags the extension has collected
+ * @i: conflicting option (id) to test for
+ */
+static void
+xtables_option_fcheck2(const char *name, const struct xt_option_entry *entry,
+ const struct xt_option_entry *other,
+ unsigned int xflags)
+{
+ unsigned int ef = 1 << entry->id, of = 1 << other->id;
+
+ if (entry->also & of && !(xflags & of))
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" also requires \"--%s\".\n",
+ name, entry->name, other->name);
+
+ if (!(entry->excl & of))
+ /* Use of entry does not collide with other option, good. */
+ return;
+ if ((xflags & (ef | of)) != (ef | of))
+ /* Conflicting options were not used. */
+ return;
+
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" cannot be used together with \"--%s\".\n",
+ name, entry->name, other->name);
+}
+
+/**
+ * @name: name of extension
+ * @xflags: accumulated flags
+ * @entry: extension's option table
+ *
+ * Check that all option constraints have been met. This effectively replaces
+ * ->final_check of the older API.
+ */
+void xtables_options_fcheck(const char *name, unsigned int xflags,
+ const struct xt_option_entry *table)
+{
+ const struct xt_option_entry *entry, *other;
+ unsigned int i;
+
+ for (entry = table; entry->name != NULL; ++entry) {
+ if (entry->flags & XTOPT_MAND &&
+ !(xflags & (1 << entry->id)))
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" must be specified\n",
+ name, entry->name);
+ if (!(xflags & (1 << entry->id)))
+ /* Not required, not specified, thus skip. */
+ continue;
+
+ for (i = 0; i < CHAR_BIT * sizeof(entry->id); ++i) {
+ if (entry->id == i)
+ /*
+ * Avoid conflict with self. Multi-use check
+ * was done earlier in xtables_option_parse.
+ */
+ continue;
+ other = xtables_option_lookup(table, i);
+ if (other == NULL)
+ continue;
+ xtables_option_fcheck2(name, entry, other, xflags);
+ }
+ }
+}
+
+/**
+ * Dispatch arguments to the appropriate final_check function, based upon the
+ * extension's choice of API.
+ */
+void xtables_option_tfcall(struct xtables_target *t)
+{
+ if (t->x6_fcheck != NULL) {
+ struct xt_fcheck_call cb;
+
+ cb.ext_name = t->name;
+ cb.data = t->t->data;
+ cb.xflags = t->tflags;
+ cb.udata = t->udata;
+ t->x6_fcheck(&cb);
+ } else if (t->final_check != NULL) {
+ t->final_check(t->tflags);
+ }
+ if (t->x6_options != NULL)
+ xtables_options_fcheck(t->name, t->tflags, t->x6_options);
+}
+
+/**
+ * Dispatch arguments to the appropriate final_check function, based upon the
+ * extension's choice of API.
+ */
+void xtables_option_mfcall(struct xtables_match *m)
+{
+ if (m->x6_fcheck != NULL) {
+ struct xt_fcheck_call cb;
+
+ cb.ext_name = m->name;
+ cb.data = m->m->data;
+ cb.xflags = m->mflags;
+ cb.udata = m->udata;
+ m->x6_fcheck(&cb);
+ } else if (m->final_check != NULL) {
+ m->final_check(m->mflags);
+ }
+ if (m->x6_options != NULL)
+ xtables_options_fcheck(m->name, m->mflags, m->x6_options);
+}
+
+struct xtables_lmap *xtables_lmap_init(const char *file)
+{
+ struct xtables_lmap *lmap_head = NULL, *lmap_prev = NULL, *lmap_this;
+ char buf[512];
+ FILE *fp;
+ char *cur, *nxt;
+ int id;
+
+ fp = fopen(file, "re");
+ if (fp == NULL)
+ return NULL;
+
+ while (fgets(buf, sizeof(buf), fp) != NULL) {
+ cur = buf;
+ while (isspace(*cur))
+ ++cur;
+ if (*cur == '#' || *cur == '\n' || *cur == '\0')
+ continue;
+
+ /* iproute2 allows hex and dec format */
+ errno = 0;
+ id = strtoul(cur, &nxt, strncmp(cur, "0x", 2) == 0 ? 16 : 10);
+ if (nxt == cur || errno != 0)
+ continue;
+
+ /* same boundaries as in iproute2 */
+ if (id < 0 || id > 255)
+ continue;
+ cur = nxt;
+
+ if (!isspace(*cur))
+ continue;
+ while (isspace(*cur))
+ ++cur;
+ if (*cur == '#' || *cur == '\n' || *cur == '\0')
+ continue;
+ nxt = cur;
+ while (*nxt != '\0' && !isspace(*nxt))
+ ++nxt;
+ if (nxt == cur)
+ continue;
+ *nxt = '\0';
+
+ /* found valid data */
+ lmap_this = malloc(sizeof(*lmap_this));
+ if (lmap_this == NULL) {
+ perror("malloc");
+ goto out;
+ }
+ lmap_this->id = id;
+ lmap_this->name = strdup(cur);
+ if (lmap_this->name == NULL) {
+ free(lmap_this);
+ goto out;
+ }
+ lmap_this->next = NULL;
+
+ if (lmap_prev != NULL)
+ lmap_prev->next = lmap_this;
+ else
+ lmap_head = lmap_this;
+ lmap_prev = lmap_this;
+ }
+
+ fclose(fp);
+ return lmap_head;
+ out:
+ fclose(fp);
+ xtables_lmap_free(lmap_head);
+ return NULL;
+}
+
+void xtables_lmap_free(struct xtables_lmap *head)
+{
+ struct xtables_lmap *next;
+
+ for (; head != NULL; head = next) {
+ next = head->next;
+ free(head->name);
+ free(head);
+ }
+}
+
+int xtables_lmap_name2id(const struct xtables_lmap *head, const char *name)
+{
+ for (; head != NULL; head = head->next)
+ if (strcmp(head->name, name) == 0)
+ return head->id;
+ return -1;
+}
+
+const char *xtables_lmap_id2name(const struct xtables_lmap *head, int id)
+{
+ for (; head != NULL; head = head->next)
+ if (head->id == id)
+ return head->name;
+ return NULL;
+}
diff --git a/m4/.gitignore b/m4/.gitignore
new file mode 100644
index 0000000..64d9bbc
--- /dev/null
+++ b/m4/.gitignore
@@ -0,0 +1,2 @@
+/libtool.m4
+/lt*.m4
diff --git a/m4/ax_check_linker_flags.m4 b/m4/ax_check_linker_flags.m4
new file mode 100644
index 0000000..ba7bf3c
--- /dev/null
+++ b/m4/ax_check_linker_flags.m4
@@ -0,0 +1,78 @@
+#http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=blob_plain;f=m4/ax_check_linker_flags.m4
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_check_linker_flags.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_CHECK_LINKER_FLAGS(FLAGS, [ACTION-SUCCESS], [ACTION-FAILURE])
+#
+# DESCRIPTION
+#
+# Check whether the given linker FLAGS work with the current language's
+# linker, or whether they give an error.
+#
+# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+# success/failure.
+#
+# NOTE: Based on AX_CHECK_COMPILER_FLAGS.
+#
+# LICENSE
+#
+# Copyright (c) 2009 Mike Frysinger <vapier@gentoo.org>
+# Copyright (c) 2009 Steven G. Johnson <stevenj@alum.mit.edu>
+# Copyright (c) 2009 Matteo Frigo
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+# Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception, the respective Autoconf Macro's copyright owner
+# gives unlimited permission to copy, distribute and modify the configure
+# scripts that are the output of Autoconf when processing the Macro. You
+# need not follow the terms of the GNU General Public License when using
+# or distributing such scripts, even though portions of the text of the
+# Macro appear in them. The GNU General Public License (GPL) does govern
+# all other use of the material that constitutes the Autoconf Macro.
+#
+# This special exception to the GPL applies to versions of the Autoconf
+# Macro released by the Autoconf Archive. When you make and distribute a
+# modified version of the Autoconf Macro, you may extend this special
+# exception to the GPL to apply to your modified version as well.
+
+#serial 6
+
+AC_DEFUN([AX_CHECK_LINKER_FLAGS],
+[AC_MSG_CHECKING([whether the linker accepts $1])
+dnl Some hackery here since AC_CACHE_VAL can't handle a non-literal varname:
+AS_LITERAL_IF([$1],
+ [AC_CACHE_VAL(AS_TR_SH(ax_cv_linker_flags_[$1]), [
+ ax_save_FLAGS=$LDFLAGS
+ LDFLAGS="$1"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM()],
+ AS_TR_SH(ax_cv_linker_flags_[$1])=yes,
+ AS_TR_SH(ax_cv_linker_flags_[$1])=no)
+ LDFLAGS=$ax_save_FLAGS])],
+ [ax_save_FLAGS=$LDFLAGS
+ LDFLAGS="$1"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM()],
+ eval AS_TR_SH(ax_cv_linker_flags_[$1])=yes,
+ eval AS_TR_SH(ax_cv_linker_flags_[$1])=no)
+ LDFLAGS=$ax_save_FLAGS])
+eval ax_check_linker_flags=$AS_TR_SH(ax_cv_linker_flags_[$1])
+AC_MSG_RESULT($ax_check_linker_flags)
+if test "x$ax_check_linker_flags" = xyes; then
+ m4_default([$2], :)
+else
+ m4_default([$3], :)
+fi
+])dnl AX_CHECK_LINKER_FLAGS
diff --git a/m4/libtool.m4 b/m4/libtool.m4
index 4ceb7f1..02b4bbe 100644
--- a/m4/libtool.m4
+++ b/m4/libtool.m4
@@ -1,7 +1,8 @@
# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
#
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008 Free Software Foundation, Inc.
+# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is free software; the Free Software Foundation gives
@@ -10,7 +11,8 @@
m4_define([_LT_COPYING], [dnl
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008 Free Software Foundation, Inc.
+# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is part of GNU Libtool.
@@ -37,7 +39,7 @@ m4_define([_LT_COPYING], [dnl
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
])
-# serial 56 LT_INIT
+# serial 57 LT_INIT
# LT_PREREQ(VERSION)
@@ -66,6 +68,7 @@ esac
# ------------------
AC_DEFUN([LT_INIT],
[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT
+AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
AC_BEFORE([$0], [LT_LANG])dnl
AC_BEFORE([$0], [LT_OUTPUT])dnl
AC_BEFORE([$0], [LTDL_INIT])dnl
@@ -82,6 +85,8 @@ AC_REQUIRE([LTVERSION_VERSION])dnl
AC_REQUIRE([LTOBSOLETE_VERSION])dnl
m4_require([_LT_PROG_LTMAIN])dnl
+_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
+
dnl Parse OPTIONS
_LT_SET_OPTIONS([$0], [$1])
@@ -118,7 +123,7 @@ m4_defun([_LT_CC_BASENAME],
*) break;;
esac
done
-cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
])
@@ -138,6 +143,11 @@ m4_defun([_LT_FILEUTILS_DEFAULTS],
m4_defun([_LT_SETUP],
[AC_REQUIRE([AC_CANONICAL_HOST])dnl
AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
+AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
+
+_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
+dnl
_LT_DECL([], [host_alias], [0], [The host system])dnl
_LT_DECL([], [host], [0])dnl
_LT_DECL([], [host_os], [0])dnl
@@ -160,10 +170,13 @@ _LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
dnl
m4_require([_LT_FILEUTILS_DEFAULTS])dnl
m4_require([_LT_CHECK_SHELL_FEATURES])dnl
+m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
m4_require([_LT_CMD_RELOAD])dnl
m4_require([_LT_CHECK_MAGIC_METHOD])dnl
+m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
m4_require([_LT_CMD_OLD_ARCHIVE])dnl
m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+m4_require([_LT_WITH_SYSROOT])dnl
_LT_CONFIG_LIBTOOL_INIT([
# See if we are running on zsh, and set the options which allow our
@@ -179,7 +192,6 @@ fi
_LT_CHECK_OBJDIR
m4_require([_LT_TAG_COMPILER])dnl
-_LT_PROG_ECHO_BACKSLASH
case $host_os in
aix3*)
@@ -193,23 +205,6 @@ aix3*)
;;
esac
-# Sed substitution that helps us do robust quoting. It backslashifies
-# metacharacters that are still active within double-quoted strings.
-sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([["`\\]]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-
# Global variables:
ofile=libtool
can_build_shared=yes
@@ -250,6 +245,28 @@ _LT_CONFIG_COMMANDS
])# _LT_SETUP
+# _LT_PREPARE_SED_QUOTE_VARS
+# --------------------------
+# Define a few sed substitution that help us do robust quoting.
+m4_defun([_LT_PREPARE_SED_QUOTE_VARS],
+[# Backslashify metacharacters that are still active within
+# double-quoted strings.
+sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\([["`\\]]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+])
+
# _LT_PROG_LTMAIN
# ---------------
# Note that this code is called both from `configure', and `config.status'
@@ -380,12 +397,12 @@ m4_define([lt_decl_dquote_varnames],
# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
# ---------------------------------------------------
m4_define([lt_decl_varnames_tagged],
-[_$0(m4_quote(m4_default([$1], [[, ]])),
- m4_quote(m4_if([$2], [],
- m4_quote(lt_decl_tag_varnames),
- m4_quote(m4_shift($@)))),
- m4_split(m4_normalize(m4_quote(_LT_TAGS))))])
-m4_define([_lt_decl_varnames_tagged], [lt_combine([$1], [$2], [_], $3)])
+[m4_assert([$# <= 2])dnl
+_$0(m4_quote(m4_default([$1], [[, ]])),
+ m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
+ m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
+m4_define([_lt_decl_varnames_tagged],
+[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
@@ -408,7 +425,7 @@ m4_define([_lt_decl_all_varnames],
# declaration there will have the same value as in `configure'. VARNAME
# must have a single quote delimited value for this to work.
m4_define([_LT_CONFIG_STATUS_DECLARE],
-[$1='`$ECHO "X$][$1" | $Xsed -e "$delay_single_quote_subst"`'])
+[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
# _LT_CONFIG_STATUS_DECLARATIONS
@@ -418,7 +435,7 @@ m4_define([_LT_CONFIG_STATUS_DECLARE],
# embedded single quotes properly. In configure, this macro expands
# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
#
-# <var>='`$ECHO "X$<var>" | $Xsed -e "$delay_single_quote_subst"`'
+# <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`'
m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
[m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
@@ -517,12 +534,20 @@ LTCC='$LTCC'
LTCFLAGS='$LTCFLAGS'
compiler='$compiler_DEFAULT'
+# A function that is used when there is no print builtin or printf.
+func_fallback_echo ()
+{
+ eval 'cat <<_LTECHO_EOF
+\$[]1
+_LTECHO_EOF'
+}
+
# Quote evaled strings.
for var in lt_decl_all_varnames([[ \
]], lt_decl_quote_varnames); do
- case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
*[[\\\\\\\`\\"\\\$]]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
;;
*)
eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
@@ -533,9 +558,9 @@ done
# Double-quote double-evaled strings.
for var in lt_decl_all_varnames([[ \
]], lt_decl_dquote_varnames); do
- case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
*[[\\\\\\\`\\"\\\$]]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
;;
*)
eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
@@ -543,16 +568,38 @@ for var in lt_decl_all_varnames([[ \
esac
done
-# Fix-up fallback echo if it was mangled by the above quoting rules.
-case \$lt_ECHO in
-*'\\\[$]0 --fallback-echo"')dnl "
- lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\[$]0 --fallback-echo"\[$]/\[$]0 --fallback-echo"/'\`
- ;;
-esac
-
_LT_OUTPUT_LIBTOOL_INIT
])
+# _LT_GENERATED_FILE_INIT(FILE, [COMMENT])
+# ------------------------------------
+# Generate a child script FILE with all initialization necessary to
+# reuse the environment learned by the parent script, and make the
+# file executable. If COMMENT is supplied, it is inserted after the
+# `#!' sequence but before initialization text begins. After this
+# macro, additional text can be appended to FILE to form the body of
+# the child script. The macro ends with non-zero status if the
+# file could not be fully written (such as if the disk is full).
+m4_ifdef([AS_INIT_GENERATED],
+[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])],
+[m4_defun([_LT_GENERATED_FILE_INIT],
+[m4_require([AS_PREPARE])]dnl
+[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl
+[lt_write_fail=0
+cat >$1 <<_ASEOF || lt_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+$2
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$1 <<\_ASEOF || lt_write_fail=1
+AS_SHELL_SANITIZE
+_AS_PREPARE
+exec AS_MESSAGE_FD>&1
+_ASEOF
+test $lt_write_fail = 0 && chmod +x $1[]dnl
+m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
# LT_OUTPUT
# ---------
@@ -562,20 +609,11 @@ _LT_OUTPUT_LIBTOOL_INIT
AC_DEFUN([LT_OUTPUT],
[: ${CONFIG_LT=./config.lt}
AC_MSG_NOTICE([creating $CONFIG_LT])
-cat >"$CONFIG_LT" <<_LTEOF
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate a libtool stub with the current configuration.
-
-lt_cl_silent=false
-SHELL=\${CONFIG_SHELL-$SHELL}
-_LTEOF
+_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
+[# Run this file to recreate a libtool stub with the current configuration.])
cat >>"$CONFIG_LT" <<\_LTEOF
-AS_SHELL_SANITIZE
-_AS_PREPARE
-
-exec AS_MESSAGE_FD>&1
+lt_cl_silent=false
exec AS_MESSAGE_LOG_FD>>config.log
{
echo
@@ -601,7 +639,7 @@ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
configured by $[0], generated by m4_PACKAGE_STRING.
-Copyright (C) 2008 Free Software Foundation, Inc.
+Copyright (C) 2011 Free Software Foundation, Inc.
This config.lt script is free software; the Free Software Foundation
gives unlimited permision to copy, distribute and modify it."
@@ -646,15 +684,13 @@ chmod +x "$CONFIG_LT"
# appending to config.log, which fails on DOS, as config.log is still kept
# open by configure. Here we exec the FD to /dev/null, effectively closing
# config.log, so it can be properly (re)opened and appended to by config.lt.
-if test "$no_create" != yes; then
- lt_cl_success=:
- test "$silent" = yes &&
- lt_config_lt_args="$lt_config_lt_args --quiet"
- exec AS_MESSAGE_LOG_FD>/dev/null
- $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
- exec AS_MESSAGE_LOG_FD>>config.log
- $lt_cl_success || AS_EXIT(1)
-fi
+lt_cl_success=:
+test "$silent" = yes &&
+ lt_config_lt_args="$lt_config_lt_args --quiet"
+exec AS_MESSAGE_LOG_FD>/dev/null
+$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
+exec AS_MESSAGE_LOG_FD>>config.log
+$lt_cl_success || AS_EXIT(1)
])# LT_OUTPUT
@@ -717,15 +753,12 @@ _LT_EOF
# if finds mixed CR/LF and LF-only lines. Since sed operates in
# text mode, it properly converts lines to CR/LF. This bash problem
# is reportedly fixed, but why not run on old versions too?
- sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
+ sed '$q' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
- _LT_PROG_XSI_SHELLFNS
+ _LT_PROG_REPLACE_SHELLFNS
- sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- mv -f "$cfgfile" "$ofile" ||
+ mv -f "$cfgfile" "$ofile" ||
(rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
chmod +x "$ofile"
],
@@ -770,6 +803,7 @@ AC_DEFUN([LT_LANG],
m4_case([$1],
[C], [_LT_LANG(C)],
[C++], [_LT_LANG(CXX)],
+ [Go], [_LT_LANG(GO)],
[Java], [_LT_LANG(GCJ)],
[Fortran 77], [_LT_LANG(F77)],
[Fortran], [_LT_LANG(FC)],
@@ -791,6 +825,31 @@ m4_defun([_LT_LANG],
])# _LT_LANG
+m4_ifndef([AC_PROG_GO], [
+############################################################
+# NOTE: This macro has been submitted for inclusion into #
+# GNU Autoconf as AC_PROG_GO. When it is available in #
+# a released version of Autoconf we should remove this #
+# macro and use it instead. #
+############################################################
+m4_defun([AC_PROG_GO],
+[AC_LANG_PUSH(Go)dnl
+AC_ARG_VAR([GOC], [Go compiler command])dnl
+AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
+_AC_ARG_VAR_LDFLAGS()dnl
+AC_CHECK_TOOL(GOC, gccgo)
+if test -z "$GOC"; then
+ if test -n "$ac_tool_prefix"; then
+ AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
+ fi
+fi
+if test -z "$GOC"; then
+ AC_CHECK_PROG(GOC, gccgo, gccgo, false)
+fi
+])#m4_defun
+])#m4_ifndef
+
+
# _LT_LANG_DEFAULT_CONFIG
# -----------------------
m4_defun([_LT_LANG_DEFAULT_CONFIG],
@@ -821,6 +880,10 @@ AC_PROVIDE_IFELSE([AC_PROG_GCJ],
m4_ifdef([LT_PROG_GCJ],
[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
+AC_PROVIDE_IFELSE([AC_PROG_GO],
+ [LT_LANG(GO)],
+ [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
+
AC_PROVIDE_IFELSE([LT_PROG_RC],
[LT_LANG(RC)],
[m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
@@ -831,11 +894,13 @@ AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
+AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
dnl aclocal-1.4 backwards compatibility:
dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
dnl AC_DEFUN([AC_LIBTOOL_F77], [])
dnl AC_DEFUN([AC_LIBTOOL_FC], [])
dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
+dnl AC_DEFUN([AC_LIBTOOL_RC], [])
# _LT_TAG_COMPILER
@@ -921,7 +986,13 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-dynamiclib -Wl,-single_module conftest.c 2>conftest.err
_lt_result=$?
- if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ # If there is a non-empty error log, and "single_module"
+ # appears in it, assume the flag caused a linker warning
+ if test -s conftest.err && $GREP single_module conftest.err; then
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ # Otherwise, if the output was created with a 0 exit code from
+ # the compiler, it worked.
+ elif test -f libconftest.dylib && test $_lt_result -eq 0; then
lt_cv_apple_cc_single_mod=yes
else
cat conftest.err >&AS_MESSAGE_LOG_FD
@@ -929,6 +1000,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
rm -rf libconftest.dylib*
rm -f conftest.*
fi])
+
AC_CACHE_CHECK([for -exported_symbols_list linker flag],
[lt_cv_ld_exported_symbols_list],
[lt_cv_ld_exported_symbols_list=no
@@ -940,15 +1012,43 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
[lt_cv_ld_exported_symbols_list=no])
LDFLAGS="$save_LDFLAGS"
])
+
+ AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
+ [lt_cv_ld_force_load=no
+ cat > conftest.c << _LT_EOF
+int forced_loaded() { return 2;}
+_LT_EOF
+ echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
+ $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
+ echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+ $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+ echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
+ $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
+ cat > conftest.c << _LT_EOF
+int main() { return 0;}
+_LT_EOF
+ echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
+ $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
+ _lt_result=$?
+ if test -s conftest.err && $GREP force_load conftest.err; then
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then
+ lt_cv_ld_force_load=yes
+ else
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ fi
+ rm -f conftest.err libconftest.a conftest conftest.c
+ rm -rf conftest.dSYM
+ ])
case $host_os in
rhapsody* | darwin1.[[012]])
_lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
darwin1.*)
_lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
- darwin*) # darwin 5.x on
+ darwin*) # darwin 5.x on
# if running on 10.5 or later, the deployment target defaults
# to the OS version, if on x86, and 10.4, the deployment
- # target defaults to 10.4. Don't you love it?
+ # target defaults to 10.4. Don't you love it?
case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
_lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
@@ -967,7 +1067,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
else
_lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
fi
- if test "$DSYMUTIL" != ":"; then
+ if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then
_lt_dsymutil='~$DSYMUTIL $lib || :'
else
_lt_dsymutil=
@@ -977,8 +1077,8 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
])
-# _LT_DARWIN_LINKER_FEATURES
-# --------------------------
+# _LT_DARWIN_LINKER_FEATURES([TAG])
+# ---------------------------------
# Checks for linker and compiler features on darwin
m4_defun([_LT_DARWIN_LINKER_FEATURES],
[
@@ -987,11 +1087,21 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_automatic, $1)=yes
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
- _LT_TAGVAR(whole_archive_flag_spec, $1)=''
+ if test "$lt_cv_ld_force_load" = "yes"; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+ m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
+ [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes])
+ else
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=''
+ fi
_LT_TAGVAR(link_all_deplibs, $1)=yes
_LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined"
- if test "$GCC" = "yes"; then
- output_verbose_link_cmd=echo
+ case $cc_basename in
+ ifort*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test "$_lt_dar_can_shared" = "yes"; then
+ output_verbose_link_cmd=func_echo_all
_LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
_LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
_LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
@@ -1007,203 +1117,142 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
fi
])
-# _LT_SYS_MODULE_PATH_AIX
-# -----------------------
+# _LT_SYS_MODULE_PATH_AIX([TAGNAME])
+# ----------------------------------
# Links a minimal program and checks the executable
# for the system default hardcoded library path. In most cases,
# this is /usr/lib:/lib, but when the MPI compilers are used
# the location of the communication and MPI libs are included too.
# If we don't find anything, use the default library path according
# to the aix ld manual.
+# Store the results from the different compilers for each TAGNAME.
+# Allow to override them for all tags through lt_cv_aix_libpath.
m4_defun([_LT_SYS_MODULE_PATH_AIX],
[m4_require([_LT_DECL_SED])dnl
-AC_LINK_IFELSE(AC_LANG_PROGRAM,[
-lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\(.*\)$/\1/
- p
- }
- }'
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then
- aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-fi],[])
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+if test "${lt_cv_aix_libpath+set}" = set; then
+ aix_libpath=$lt_cv_aix_libpath
+else
+ AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
+ [AC_LINK_IFELSE([AC_LANG_PROGRAM],[
+ lt_aix_libpath_sed='[
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\([^ ]*\) *$/\1/
+ p
+ }
+ }]'
+ _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+ # Check for a 64-bit object if we didn't find anything.
+ if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
+ _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+ fi],[])
+ if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
+ _LT_TAGVAR([lt_cv_aix_libpath_], [$1])="/usr/lib:/lib"
+ fi
+ ])
+ aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
+fi
])# _LT_SYS_MODULE_PATH_AIX
# _LT_SHELL_INIT(ARG)
# -------------------
m4_define([_LT_SHELL_INIT],
-[ifdef([AC_DIVERSION_NOTICE],
- [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)],
- [AC_DIVERT_PUSH(NOTICE)])
-$1
-AC_DIVERT_POP
-])# _LT_SHELL_INIT
+[m4_divert_text([M4SH-INIT], [$1
+])])# _LT_SHELL_INIT
+
# _LT_PROG_ECHO_BACKSLASH
# -----------------------
-# Add some code to the start of the generated configure script which
-# will find an echo command which doesn't interpret backslashes.
+# Find how we can fake an echo command that does not interpret backslash.
+# In particular, with Autoconf 2.60 or later we add some code to the start
+# of the generated configure script which will find a shell with a builtin
+# printf (which we can use as an echo command).
m4_defun([_LT_PROG_ECHO_BACKSLASH],
-[_LT_SHELL_INIT([
-# Check that we are running under the correct shell.
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-case X$lt_ECHO in
-X*--fallback-echo)
- # Remove one level of quotation (which was required for Make).
- ECHO=`echo "$lt_ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','`
- ;;
-esac
-
-ECHO=${lt_ECHO-echo}
-if test "X[$]1" = X--no-reexec; then
- # Discard the --no-reexec flag, and continue.
- shift
-elif test "X[$]1" = X--fallback-echo; then
- # Avoid inline document here, it may be left over
- :
-elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
- # Yippee, $ECHO works!
- :
+[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
+ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
+
+AC_MSG_CHECKING([how to print strings])
+# Test print first, because it will be a builtin if present.
+if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
+ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
+ ECHO='print -r --'
+elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
+ ECHO='printf %s\n'
else
- # Restart under the correct shell.
- exec $SHELL "[$]0" --no-reexec ${1+"[$]@"}
-fi
-
-if test "X[$]1" = X--fallback-echo; then
- # used as fallback echo
- shift
- cat <<_LT_EOF
-[$]*
-_LT_EOF
- exit 0
+ # Use this function as a fallback that always works.
+ func_fallback_echo ()
+ {
+ eval 'cat <<_LTECHO_EOF
+$[]1
+_LTECHO_EOF'
+ }
+ ECHO='func_fallback_echo'
fi
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-if test -z "$lt_ECHO"; then
- if test "X${echo_test_string+set}" != Xset; then
- # find a string as large as possible, as long as the shell can cope with it
- for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
- # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
- if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
- { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
- then
- break
- fi
- done
- fi
-
- if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- :
- else
- # The Solaris, AIX, and Digital Unix default echo programs unquote
- # backslashes. This makes it impossible to quote backslashes using
- # echo "$something" | sed 's/\\/\\\\/g'
- #
- # So, first we look for a working echo in the user's PATH.
-
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
- for dir in $PATH /usr/ucb; do
- IFS="$lt_save_ifs"
- if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
- test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- ECHO="$dir/echo"
- break
- fi
- done
- IFS="$lt_save_ifs"
-
- if test "X$ECHO" = Xecho; then
- # We didn't find a better echo, so look for alternatives.
- if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- # This shell has a builtin print -r that does the trick.
- ECHO='print -r'
- elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
- test "X$CONFIG_SHELL" != X/bin/ksh; then
- # If we have ksh, try running configure again with it.
- ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
- export ORIGINAL_CONFIG_SHELL
- CONFIG_SHELL=/bin/ksh
- export CONFIG_SHELL
- exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"}
- else
- # Try using printf.
- ECHO='printf %s\n'
- if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- # Cool, printf works
- :
- elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
- test "X$echo_testing_string" = 'X\t' &&
- echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
- export CONFIG_SHELL
- SHELL="$CONFIG_SHELL"
- export SHELL
- ECHO="$CONFIG_SHELL [$]0 --fallback-echo"
- elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
- test "X$echo_testing_string" = 'X\t' &&
- echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- ECHO="$CONFIG_SHELL [$]0 --fallback-echo"
- else
- # maybe with a smaller string...
- prev=:
-
- for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do
- if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
- then
- break
- fi
- prev="$cmd"
- done
+# func_echo_all arg...
+# Invoke $ECHO with all args, space-separated.
+func_echo_all ()
+{
+ $ECHO "$*"
+}
- if test "$prev" != 'sed 50q "[$]0"'; then
- echo_test_string=`eval $prev`
- export echo_test_string
- exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"}
- else
- # Oops. We lost completely, so just stick with echo.
- ECHO=echo
- fi
- fi
- fi
- fi
- fi
-fi
+case "$ECHO" in
+ printf*) AC_MSG_RESULT([printf]) ;;
+ print*) AC_MSG_RESULT([print -r]) ;;
+ *) AC_MSG_RESULT([cat]) ;;
+esac
-# Copy echo and quote the copy suitably for passing to libtool from
-# the Makefile, instead of quoting the original, which is used later.
-lt_ECHO=$ECHO
-if test "X$lt_ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then
- lt_ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo"
-fi
+m4_ifdef([_AS_DETECT_SUGGESTED],
+[_AS_DETECT_SUGGESTED([
+ test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || (
+ ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+ ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
+ ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
+ PATH=/empty FPATH=/empty; export PATH FPATH
+ test "X`printf %s $ECHO`" = "X$ECHO" \
+ || test "X`print -r -- $ECHO`" = "X$ECHO" )])])
-AC_SUBST(lt_ECHO)
-])
_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
-_LT_DECL([], [ECHO], [1],
- [An echo program that does not interpret backslashes])
+_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
])# _LT_PROG_ECHO_BACKSLASH
+# _LT_WITH_SYSROOT
+# ----------------
+AC_DEFUN([_LT_WITH_SYSROOT],
+[AC_MSG_CHECKING([for sysroot])
+AC_ARG_WITH([sysroot],
+[ --with-sysroot[=DIR] Search for dependent libraries within DIR
+ (or the compiler's sysroot if not specified).],
+[], [with_sysroot=no])
+
+dnl lt_sysroot will always be passed unquoted. We quote it here
+dnl in case the user passed a directory name.
+lt_sysroot=
+case ${with_sysroot} in #(
+ yes)
+ if test "$GCC" = yes; then
+ lt_sysroot=`$CC --print-sysroot 2>/dev/null`
+ fi
+ ;; #(
+ /*)
+ lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
+ ;; #(
+ no|'')
+ ;; #(
+ *)
+ AC_MSG_RESULT([${with_sysroot}])
+ AC_MSG_ERROR([The sysroot must be an absolute path.])
+ ;;
+esac
+
+ AC_MSG_RESULT([${lt_sysroot:-no}])
+_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
+[dependent libraries, and in which our libraries should be installed.])])
+
# _LT_ENABLE_LOCK
# ---------------
m4_defun([_LT_ENABLE_LOCK],
@@ -1232,7 +1281,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '[#]line __oline__ "configure"' > conftest.$ac_ext
+ echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
if AC_TRY_EVAL(ac_compile); then
if test "$lt_cv_prog_gnu_ld" = yes; then
case `/usr/bin/file conftest.$ac_objext` in
@@ -1275,7 +1324,14 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
LD="${LD-ld} -m elf_i386_fbsd"
;;
x86_64-*linux*)
- LD="${LD-ld} -m elf_i386"
+ case `/usr/bin/file conftest.o` in
+ *x86-64*)
+ LD="${LD-ld} -m elf32_x86_64"
+ ;;
+ *)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ esac
;;
ppc64-*linux*|powerpc64-*linux*)
LD="${LD-ld} -m elf32ppclinux"
@@ -1325,14 +1381,27 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
CFLAGS="$SAVE_CFLAGS"
fi
;;
-sparc*-*solaris*)
+*-*solaris*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
if AC_TRY_EVAL(ac_compile); then
case `/usr/bin/file conftest.o` in
*64-bit*)
case $lt_cv_prog_gnu_ld in
- yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ yes*)
+ case $host in
+ i?86-*-solaris*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ sparc*-*-solaris*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
+ if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
+ LD="${LD-ld}_sol2"
+ fi
+ ;;
*)
if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
LD="${LD-ld} -64"
@@ -1350,14 +1419,47 @@ need_locks="$enable_libtool_lock"
])# _LT_ENABLE_LOCK
+# _LT_PROG_AR
+# -----------
+m4_defun([_LT_PROG_AR],
+[AC_CHECK_TOOLS(AR, [ar], false)
+: ${AR=ar}
+: ${AR_FLAGS=cru}
+_LT_DECL([], [AR], [1], [The archiver])
+_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
+
+AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
+ [lt_cv_ar_at_file=no
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
+ [echo conftest.$ac_objext > conftest.lst
+ lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
+ AC_TRY_EVAL([lt_ar_try])
+ if test "$ac_status" -eq 0; then
+ # Ensure the archiver fails upon bogus file names.
+ rm -f conftest.$ac_objext libconftest.a
+ AC_TRY_EVAL([lt_ar_try])
+ if test "$ac_status" -ne 0; then
+ lt_cv_ar_at_file=@
+ fi
+ fi
+ rm -f conftest.* libconftest.a
+ ])
+ ])
+
+if test "x$lt_cv_ar_at_file" = xno; then
+ archiver_list_spec=
+else
+ archiver_list_spec=$lt_cv_ar_at_file
+fi
+_LT_DECL([], [archiver_list_spec], [1],
+ [How to feed a file listing to the archiver])
+])# _LT_PROG_AR
+
+
# _LT_CMD_OLD_ARCHIVE
# -------------------
m4_defun([_LT_CMD_OLD_ARCHIVE],
-[AC_CHECK_TOOL(AR, ar, false)
-test -z "$AR" && AR=ar
-test -z "$AR_FLAGS" && AR_FLAGS=cru
-_LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1])
+[_LT_PROG_AR
AC_CHECK_TOOL(STRIP, strip, :)
test -z "$STRIP" && STRIP=:
@@ -1376,18 +1478,27 @@ old_postuninstall_cmds=
if test -n "$RANLIB"; then
case $host_os in
openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
;;
*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
;;
esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
fi
+
+case $host_os in
+ darwin*)
+ lock_old_archive_extraction=yes ;;
+ *)
+ lock_old_archive_extraction=no ;;
+esac
_LT_DECL([], [old_postinstall_cmds], [2])
_LT_DECL([], [old_postuninstall_cmds], [2])
_LT_TAGDECL([], [old_archive_cmds], [2],
[Commands used to build an old-style archive])
+_LT_DECL([], [lock_old_archive_extraction], [0],
+ [Whether to use a lock for old archive extraction])
])# _LT_CMD_OLD_ARCHIVE
@@ -1412,15 +1523,15 @@ AC_CACHE_CHECK([$1], [$2],
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&AS_MESSAGE_LOG_FD
- echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
$SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
$2=yes
@@ -1460,7 +1571,7 @@ AC_CACHE_CHECK([$1], [$2],
if test -s conftest.err; then
# Append any errors to the config.log.
cat conftest.err 1>&AS_MESSAGE_LOG_FD
- $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
$SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
if diff conftest.exp conftest.er2 >/dev/null; then
$2=yes
@@ -1512,7 +1623,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
lt_cv_sys_max_cmd_len=-1;
;;
- cygwin* | mingw*)
+ cygwin* | mingw* | cegcc*)
# On Win9x/ME, this test blows up -- it succeeds, but takes
# about 5 minutes as the teststring grows exponentially.
# Worse, since 9x/ME are not pre-emptively multitasking,
@@ -1523,6 +1634,11 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
lt_cv_sys_max_cmd_len=8192;
;;
+ mint*)
+ # On MiNT this can take a long time and run out of memory.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
amigaos*)
# On AmigaOS with pdksh, this test takes hours, literally.
# So we just punt and use a minimum line length of 8192.
@@ -1548,6 +1664,11 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
lt_cv_sys_max_cmd_len=196608
;;
+ os2*)
+ # The test takes a long time on OS/2.
+ lt_cv_sys_max_cmd_len=8192
+ ;;
+
osf*)
# Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
# due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
@@ -1574,7 +1695,8 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
;;
*)
lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
- if test -n "$lt_cv_sys_max_cmd_len"; then
+ if test -n "$lt_cv_sys_max_cmd_len" && \
+ test undefined != "$lt_cv_sys_max_cmd_len"; then
lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
else
@@ -1587,8 +1709,8 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
# If test is not a shell built-in, we'll probably end up computing a
# maximum length that is only half of the actual maximum length, but
# we can't tell.
- while { test "X"`$SHELL [$]0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
- = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+ while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \
+ = "X$teststring$teststring"; } >/dev/null 2>&1 &&
test $i != 17 # 1/2 MB should be enough
do
i=`expr $i + 1`
@@ -1639,7 +1761,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-[#line __oline__ "configure"
+[#line $LINENO "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -1680,11 +1802,13 @@ else
# endif
#endif
-#ifdef __cplusplus
-extern "C" void exit (int);
+/* When -fvisbility=hidden is used, assume the code has been annotated
+ correspondingly for the symbols needed. */
+#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+int fnord () __attribute__((visibility("default")));
#endif
-void fnord() { int i=42;}
+int fnord () { return 42; }
int main ()
{
void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
@@ -1693,13 +1817,17 @@ int main ()
if (self)
{
if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ else
+ {
+ if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ else puts (dlerror ());
+ }
/* dlclose (self); */
}
else
puts (dlerror ());
- exit (status);
+ return status;
}]
_LT_EOF
if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
@@ -1738,7 +1866,7 @@ else
lt_cv_dlopen_self=yes
;;
- mingw* | pw32*)
+ mingw* | pw32* | cegcc*)
lt_cv_dlopen="LoadLibrary"
lt_cv_dlopen_libs=
;;
@@ -1869,16 +1997,16 @@ AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&AS_MESSAGE_LOG_FD
- echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
- $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
$SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
@@ -2035,7 +2163,9 @@ m4_defun([_LT_SYS_DYNAMIC_LINKER],
[AC_REQUIRE([AC_CANONICAL_HOST])dnl
m4_require([_LT_DECL_EGREP])dnl
m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_OBJDUMP])dnl
m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_CHECK_SHELL_FEATURES])dnl
AC_MSG_CHECKING([dynamic linker characteristics])
m4_if([$1],
[], [
@@ -2044,16 +2174,23 @@ if test "$GCC" = yes; then
darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
*) lt_awk_arg="/^libraries:/" ;;
esac
- lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
- if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+ case $host_os in
+ mingw* | cegcc*) lt_sed_strip_eq="s,=\([[A-Za-z]]:\),\1,g" ;;
+ *) lt_sed_strip_eq="s,=/,/,g" ;;
+ esac
+ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
+ case $lt_search_path_spec in
+ *\;*)
# if the path contains ";" then we assume it to be the separator
# otherwise default to the standard path separator (i.e. ":") - it is
# assumed that no part of a normal pathname contains ";" but that should
# okay in the real world where ";" in dirpaths is itself problematic.
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
- else
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
+ ;;
+ *)
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
+ ;;
+ esac
# Ok, now we have the path, separated by spaces, we can step through it
# and add multilib dir if necessary.
lt_tmp_lt_search_path_spec=
@@ -2066,7 +2203,7 @@ if test "$GCC" = yes; then
lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
fi
done
- lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+ lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
BEGIN {RS=" "; FS="/|\n";} {
lt_foo="";
lt_count=0;
@@ -2086,7 +2223,13 @@ BEGIN {RS=" "; FS="/|\n";} {
if (lt_foo != "") { lt_freq[[lt_foo]]++; }
if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
}'`
- sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+ # AWK program above erroneously prepends '/' to C:/dos/paths
+ # for these hosts.
+ case $host_os in
+ mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
+ $SED 's,/\([[A-Za-z]]:\),\1,g'` ;;
+ esac
+ sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
else
sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
fi])
@@ -2112,7 +2255,7 @@ need_version=unknown
case $host_os in
aix3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
shlibpath_var=LIBPATH
@@ -2121,7 +2264,7 @@ aix3*)
;;
aix[[4-9]]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
hardcode_into_libs=yes
@@ -2174,7 +2317,7 @@ amigaos*)
m68k)
library_names_spec='$libname.ixlibrary $libname.a'
# Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
;;
esac
;;
@@ -2186,7 +2329,7 @@ beos*)
;;
bsdi[[45]]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
@@ -2199,14 +2342,15 @@ bsdi[[45]]*)
# libtool to hard-code these into programs
;;
-cygwin* | mingw* | pw32*)
+cygwin* | mingw* | pw32* | cegcc*)
version_type=windows
shrext_cmds=".dll"
need_version=no
need_lib_prefix=no
- case $GCC,$host_os in
- yes,cygwin* | yes,mingw* | yes,pw32*)
+ case $GCC,$cc_basename in
+ yes,*)
+ # gcc
library_names_spec='$libname.dll.a'
# DLL is installed to $(libdir)/../bin by postinstall_cmds
postinstall_cmds='base_file=`basename \${file}`~
@@ -2227,36 +2371,83 @@ cygwin* | mingw* | pw32*)
cygwin*)
# Cygwin DLLs use 'cyg' prefix rather than 'lib'
soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
- sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+m4_if([$1], [],[
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
;;
- mingw*)
+ mingw* | cegcc*)
# MinGW DLLs use traditional 'lib' prefix
soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
- sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
- if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
- # It is most probably a Windows format PATH printed by
- # mingw gcc, but we are running on Cygwin. Gcc prints its search
- # path with ; separators, and with drive letters. We can handle the
- # drive letters (cygwin fileutils understands them), so leave them,
- # especially as we might pass files found there to a mingw objdump,
- # which wouldn't understand a cygwinified path. Ahh.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
- else
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
;;
pw32*)
# pw32 DLLs use 'pw' prefix rather than 'lib'
library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
;;
esac
+ dynamic_linker='Win32 ld.exe'
+ ;;
+
+ *,cl*)
+ # Native MSVC
+ libname_spec='$name'
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ library_names_spec='${libname}.dll.lib'
+
+ case $build_os in
+ mingw*)
+ sys_lib_search_path_spec=
+ lt_save_ifs=$IFS
+ IFS=';'
+ for lt_path in $LIB
+ do
+ IFS=$lt_save_ifs
+ # Let DOS variable expansion print the short 8.3 style file name.
+ lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
+ sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
+ done
+ IFS=$lt_save_ifs
+ # Convert to MSYS style.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
+ ;;
+ cygwin*)
+ # Convert to unix form, then to dos form, then back to unix form
+ # but this time dos style (no spaces!) so that the unix form looks
+ # like /cygdrive/c/PROGRA~1:/cygdr...
+ sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
+ sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
+ sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ ;;
+ *)
+ sys_lib_search_path_spec="$LIB"
+ if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
+ # It is most probably a Windows format PATH.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ # FIXME: find the short name or the path components, as spaces are
+ # common. (e.g. "Program Files" -> "PROGRA~1")
+ ;;
+ esac
+
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+ dynamic_linker='Win32 link.exe'
;;
*)
+ # Assume MSVC wrapper
library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ dynamic_linker='Win32 ld.exe'
;;
esac
- dynamic_linker='Win32 ld.exe'
# FIXME: first we should search . and the directory the executable is in
shlibpath_var=PATH
;;
@@ -2277,7 +2468,7 @@ m4_if([$1], [],[
;;
dgux*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
@@ -2285,10 +2476,6 @@ dgux*)
shlibpath_var=LD_LIBRARY_PATH
;;
-freebsd1*)
- dynamic_linker=no
- ;;
-
freebsd* | dragonfly*)
# DragonFly does not have aout. When/if they implement a new
# versioning mechanism, adjust this.
@@ -2296,7 +2483,7 @@ freebsd* | dragonfly*)
objformat=`/usr/bin/objformat`
else
case $host_os in
- freebsd[[123]]*) objformat=aout ;;
+ freebsd[[23]].*) objformat=aout ;;
*) objformat=elf ;;
esac
fi
@@ -2314,7 +2501,7 @@ freebsd* | dragonfly*)
esac
shlibpath_var=LD_LIBRARY_PATH
case $host_os in
- freebsd2*)
+ freebsd2.*)
shlibpath_overrides_runpath=yes
;;
freebsd3.[[01]]* | freebsdelf3.[[01]]*)
@@ -2333,13 +2520,16 @@ freebsd* | dragonfly*)
esac
;;
-gnu*)
- version_type=linux
+haiku*)
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
+ dynamic_linker="$host_os runtime_loader"
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_var=LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
hardcode_into_libs=yes
;;
@@ -2385,12 +2575,14 @@ hpux9* | hpux10* | hpux11*)
soname_spec='${libname}${release}${shared_ext}$major'
;;
esac
- # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
postinstall_cmds='chmod 555 $lib'
+ # or fails outright, so override atomically:
+ install_override_mode=555
;;
interix[[3-9]]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
@@ -2406,7 +2598,7 @@ irix5* | irix6* | nonstopux*)
nonstopux*) version_type=nonstopux ;;
*)
if test "$lt_cv_prog_gnu_ld" = yes; then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
else
version_type=irix
fi ;;
@@ -2443,9 +2635,9 @@ linux*oldld* | linux*aout* | linux*coff*)
dynamic_linker=no
;;
-# This must be Linux ELF.
-linux* | k*bsd*-gnu)
- version_type=linux
+# This must be glibc/ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -2453,16 +2645,21 @@ linux* | k*bsd*-gnu)
finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
+
# Some binutils ld are patched to set DT_RUNPATH
- save_LDFLAGS=$LDFLAGS
- save_libdir=$libdir
- eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
- LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
- AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
- [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
- [shlibpath_overrides_runpath=yes])])
- LDFLAGS=$save_LDFLAGS
- libdir=$save_libdir
+ AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath],
+ [lt_cv_shlibpath_overrides_runpath=no
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
+ LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+ [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
+ [lt_cv_shlibpath_overrides_runpath=yes])])
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
+ ])
+ shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
# This implies no fast_install, which is unacceptable.
# Some rework will be needed to allow for fast_install
@@ -2471,7 +2668,7 @@ linux* | k*bsd*-gnu)
# Append ld.so.conf contents to the search path
if test -f /etc/ld.so.conf; then
- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
fi
@@ -2484,6 +2681,18 @@ linux* | k*bsd*-gnu)
dynamic_linker='GNU/Linux ld.so'
;;
+netbsdelf*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='NetBSD ld.elf_so'
+ ;;
+
netbsd*)
version_type=sunos
need_lib_prefix=no
@@ -2503,7 +2712,7 @@ netbsd*)
;;
newsos6)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
@@ -2572,7 +2781,7 @@ rdos*)
;;
solaris*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -2597,7 +2806,7 @@ sunos4*)
;;
sysv4 | sysv4.3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -2621,7 +2830,7 @@ sysv4 | sysv4.3*)
sysv4*MP*)
if test -d /usr/nec ;then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
soname_spec='$libname${shared_ext}.$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -2652,17 +2861,17 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
tpf*)
# TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_name_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
;;
uts4*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -2679,7 +2888,7 @@ variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
if test "$GCC" = yes; then
variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
fi
-
+
if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
fi
@@ -2704,6 +2913,8 @@ _LT_DECL([], [library_names_spec], [1],
The last name is the one that the linker finds with -lNAME]])
_LT_DECL([], [soname_spec], [1],
[[The coded name of the library, if different from the real name]])
+_LT_DECL([], [install_override_mode], [1],
+ [Permission mode override for installation of shared libraries])
_LT_DECL([], [postinstall_cmds], [2],
[Command to use after installation of a shared archive])
_LT_DECL([], [postuninstall_cmds], [2],
@@ -2816,6 +3027,7 @@ AC_REQUIRE([AC_CANONICAL_HOST])dnl
AC_REQUIRE([AC_CANONICAL_BUILD])dnl
m4_require([_LT_DECL_SED])dnl
m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
AC_ARG_WITH([gnu-ld],
[AS_HELP_STRING([--with-gnu-ld],
@@ -2937,6 +3149,11 @@ case $reload_flag in
esac
reload_cmds='$LD$reload_flag -o $output$reload_objs'
case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ if test "$GCC" != yes; then
+ reload_cmds=false
+ fi
+ ;;
darwin*)
if test "$GCC" = yes; then
reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
@@ -2945,8 +3162,8 @@ case $host_os in
fi
;;
esac
-_LT_DECL([], [reload_flag], [1], [How to create reloadable object files])dnl
-_LT_DECL([], [reload_cmds], [2])dnl
+_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl
+_LT_TAGDECL([], [reload_cmds], [2])dnl
])# _LT_CMD_RELOAD
@@ -2956,6 +3173,7 @@ _LT_DECL([], [reload_cmds], [2])dnl
# -- PORTME fill in with the dynamic library characteristics
m4_defun([_LT_CHECK_MAGIC_METHOD],
[m4_require([_LT_DECL_EGREP])
+m4_require([_LT_DECL_OBJDUMP])
AC_CACHE_CHECK([how to recognize dependent libraries],
lt_cv_deplibs_check_method,
[lt_cv_file_magic_cmd='$MAGIC_CMD'
@@ -2997,15 +3215,23 @@ mingw* | pw32*)
# Base MSYS/MinGW do not provide the 'file' command needed by
# func_win32_libid shell function, so use a weaker test based on 'objdump',
# unless we find 'file', for example because we are cross-compiling.
- if ( file / ) >/dev/null 2>&1; then
+ # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin.
+ if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then
lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
lt_cv_file_magic_cmd='func_win32_libid'
else
- lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ # Keep this pattern in sync with the one in func_win32_libid.
+ lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
lt_cv_file_magic_cmd='$OBJDUMP -f'
fi
;;
+cegcc*)
+ # use the weaker test based on 'objdump'. See mingw*.
+ lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
darwin* | rhapsody*)
lt_cv_deplibs_check_method=pass_all
;;
@@ -3026,7 +3252,7 @@ freebsd* | dragonfly*)
fi
;;
-gnu*)
+haiku*)
lt_cv_deplibs_check_method=pass_all
;;
@@ -3038,11 +3264,11 @@ hpux10.20* | hpux11*)
lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
;;
hppa*64*)
- [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]']
+ [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]']
lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
;;
*)
- lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library'
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library'
lt_cv_file_magic_test_file=/usr/lib/libc.sl
;;
esac
@@ -3063,12 +3289,12 @@ irix5* | irix6* | nonstopux*)
lt_cv_deplibs_check_method=pass_all
;;
-# This must be Linux ELF.
-linux* | k*bsd*-gnu)
+# This must be glibc/ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
lt_cv_deplibs_check_method=pass_all
;;
-netbsd*)
+netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
else
@@ -3142,6 +3368,21 @@ tpf*)
;;
esac
])
+
+file_magic_glob=
+want_nocaseglob=no
+if test "$build" = "$host"; then
+ case $host_os in
+ mingw* | pw32*)
+ if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
+ want_nocaseglob=yes
+ else
+ file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"`
+ fi
+ ;;
+ esac
+fi
+
file_magic_cmd=$lt_cv_file_magic_cmd
deplibs_check_method=$lt_cv_deplibs_check_method
test -z "$deplibs_check_method" && deplibs_check_method=unknown
@@ -3149,7 +3390,11 @@ test -z "$deplibs_check_method" && deplibs_check_method=unknown
_LT_DECL([], [deplibs_check_method], [1],
[Method to check whether dependent libraries are shared objects])
_LT_DECL([], [file_magic_cmd], [1],
- [Command to use when deplibs_check_method == "file_magic"])
+ [Command to use when deplibs_check_method = "file_magic"])
+_LT_DECL([], [file_magic_glob], [1],
+ [How to find potential files when deplibs_check_method = "file_magic"])
+_LT_DECL([], [want_nocaseglob], [1],
+ [Find potential files using nocaseglob when deplibs_check_method = "file_magic"])
])# _LT_CHECK_MAGIC_METHOD
@@ -3206,7 +3451,19 @@ if test "$lt_cv_path_NM" != "no"; then
NM="$lt_cv_path_NM"
else
# Didn't find any BSD compatible name lister, look for dumpbin.
- AC_CHECK_TOOLS(DUMPBIN, ["dumpbin -symbols" "link -dump -symbols"], :)
+ if test -n "$DUMPBIN"; then :
+ # Let the user override the test.
+ else
+ AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
+ case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in
+ *COFF*)
+ DUMPBIN="$DUMPBIN -symbols"
+ ;;
+ *)
+ DUMPBIN=:
+ ;;
+ esac
+ fi
AC_SUBST([DUMPBIN])
if test "$DUMPBIN" != ":"; then
NM="$DUMPBIN"
@@ -3219,13 +3476,13 @@ _LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
[lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:__oline__: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&AS_MESSAGE_LOG_FD
- (eval echo "\"\$as_me:__oline__: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
+ (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&AS_MESSAGE_LOG_FD
- (eval echo "\"\$as_me:__oline__: output\"" >&AS_MESSAGE_LOG_FD)
+ (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
cat conftest.out >&AS_MESSAGE_LOG_FD
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
@@ -3240,6 +3497,67 @@ dnl aclocal-1.4 backwards compatibility:
dnl AC_DEFUN([AM_PROG_NM], [])
dnl AC_DEFUN([AC_PROG_NM], [])
+# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
+# --------------------------------
+# how to determine the name of the shared library
+# associated with a specific link library.
+# -- PORTME fill in with the dynamic library characteristics
+m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB],
+[m4_require([_LT_DECL_EGREP])
+m4_require([_LT_DECL_OBJDUMP])
+m4_require([_LT_DECL_DLLTOOL])
+AC_CACHE_CHECK([how to associate runtime and link libraries],
+lt_cv_sharedlib_from_linklib_cmd,
+[lt_cv_sharedlib_from_linklib_cmd='unknown'
+
+case $host_os in
+cygwin* | mingw* | pw32* | cegcc*)
+ # two different shell functions defined in ltmain.sh
+ # decide which to use based on capabilities of $DLLTOOL
+ case `$DLLTOOL --help 2>&1` in
+ *--identify-strict*)
+ lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
+ ;;
+ *)
+ lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
+ ;;
+ esac
+ ;;
+*)
+ # fallback: assume linklib IS sharedlib
+ lt_cv_sharedlib_from_linklib_cmd="$ECHO"
+ ;;
+esac
+])
+sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
+test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
+
+_LT_DECL([], [sharedlib_from_linklib_cmd], [1],
+ [Command to associate shared and link libraries])
+])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
+
+
+# _LT_PATH_MANIFEST_TOOL
+# ----------------------
+# locate the manifest tool
+m4_defun([_LT_PATH_MANIFEST_TOOL],
+[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
+test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
+AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
+ [lt_cv_path_mainfest_tool=no
+ echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
+ $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ if $GREP 'Manifest Tool' conftest.out > /dev/null; then
+ lt_cv_path_mainfest_tool=yes
+ fi
+ rm -f conftest*])
+if test "x$lt_cv_path_mainfest_tool" != xyes; then
+ MANIFEST_TOOL=:
+fi
+_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
+])# _LT_PATH_MANIFEST_TOOL
+
# LT_LIB_M
# --------
@@ -3248,7 +3566,7 @@ AC_DEFUN([LT_LIB_M],
[AC_REQUIRE([AC_CANONICAL_HOST])dnl
LIBM=
case $host in
-*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*)
+*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
# These system don't have libm, or don't need it
;;
*-ncr-sysv4.3*)
@@ -3276,7 +3594,12 @@ m4_defun([_LT_COMPILER_NO_RTTI],
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
if test "$GCC" = yes; then
- _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+ case $cc_basename in
+ nvcc*)
+ _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;;
+ esac
_LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
lt_cv_prog_compiler_rtti_exceptions,
@@ -3293,6 +3616,7 @@ _LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
[AC_REQUIRE([AC_CANONICAL_HOST])dnl
AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_PROG_AWK])dnl
AC_REQUIRE([LT_PATH_NM])dnl
AC_REQUIRE([LT_PATH_LD])dnl
m4_require([_LT_DECL_SED])dnl
@@ -3317,7 +3641,7 @@ case $host_os in
aix*)
symcode='[[BCDT]]'
;;
-cygwin* | mingw* | pw32*)
+cygwin* | mingw* | pw32* | cegcc*)
symcode='[[ABCDGISTW]]'
;;
hpux*)
@@ -3360,8 +3684,8 @@ esac
lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'"
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
# Handle CRLF in mingw tool chain
opt_cr=
@@ -3385,6 +3709,7 @@ for ac_symprfx in "" "_"; do
# which start with @ or ?.
lt_cv_sys_global_symbol_pipe="$AWK ['"\
" {last_section=section; section=\$ 3};"\
+" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
" \$ 0!~/External *\|/{next};"\
" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
@@ -3397,6 +3722,7 @@ for ac_symprfx in "" "_"; do
else
lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
fi
+ lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
# Check to see that the pipe works correctly.
pipe_works=no
@@ -3418,7 +3744,7 @@ _LT_EOF
if AC_TRY_EVAL(ac_compile); then
# Now try to grab the symbols.
nlist=conftest.nm
- if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then
+ if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
# Try sorting and uniquifying the output.
if sort "$nlist" | uniq > "$nlist"T; then
mv -f "$nlist"T "$nlist"
@@ -3430,6 +3756,18 @@ _LT_EOF
if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
cat <<_LT_EOF > conftest.$ac_ext
+/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
+#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE)
+/* DATA imports from DLLs on WIN32 con't be const, because runtime
+ relocations are performed -- see ld's documentation on pseudo-relocs. */
+# define LT@&t@_DLSYM_CONST
+#elif defined(__osf__)
+/* This system does not cope well with relocations in const data. */
+# define LT@&t@_DLSYM_CONST
+#else
+# define LT@&t@_DLSYM_CONST const
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -3441,7 +3779,7 @@ _LT_EOF
cat <<_LT_EOF >> conftest.$ac_ext
/* The mapping between symbol names and symbols. */
-const struct {
+LT@&t@_DLSYM_CONST struct {
const char *name;
void *address;
}
@@ -3467,15 +3805,15 @@ static const void *lt_preloaded_setup() {
_LT_EOF
# Now try linking the two files.
mv conftest.$ac_objext conftstm.$ac_objext
- lt_save_LIBS="$LIBS"
- lt_save_CFLAGS="$CFLAGS"
+ lt_globsym_save_LIBS=$LIBS
+ lt_globsym_save_CFLAGS=$CFLAGS
LIBS="conftstm.$ac_objext"
CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then
pipe_works=yes
fi
- LIBS="$lt_save_LIBS"
- CFLAGS="$lt_save_CFLAGS"
+ LIBS=$lt_globsym_save_LIBS
+ CFLAGS=$lt_globsym_save_CFLAGS
else
echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
fi
@@ -3508,6 +3846,13 @@ else
AC_MSG_RESULT(ok)
fi
+# Response file support.
+if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ nm_file_list_spec='@'
+elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then
+ nm_file_list_spec='@'
+fi
+
_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
[Take the output of nm and produce a listing of raw symbols and C names])
_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
@@ -3518,6 +3863,8 @@ _LT_DECL([global_symbol_to_c_name_address],
_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
[lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
[Transform the output of nm in a C name address pair when lib prefix is needed])
+_LT_DECL([], [nm_file_list_spec], [1],
+ [Specify filename containing input files for $NM])
]) # _LT_CMD_GLOBAL_SYMBOLS
@@ -3529,7 +3876,6 @@ _LT_TAGVAR(lt_prog_compiler_wl, $1)=
_LT_TAGVAR(lt_prog_compiler_pic, $1)=
_LT_TAGVAR(lt_prog_compiler_static, $1)=
-AC_MSG_CHECKING([for $compiler option to produce PIC])
m4_if([$1], [CXX], [
# C++ specific cases for pic, static, wl, etc.
if test "$GXX" = yes; then
@@ -3563,7 +3909,7 @@ m4_if([$1], [CXX], [
beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
# PIC is the default for these OSes.
;;
- mingw* | cygwin* | os2* | pw32*)
+ mingw* | cygwin* | os2* | pw32* | cegcc*)
# This hack is so that the source file can tell whether it is being
# built for inclusion in a dll (and should export symbols for example).
# Although the cygwin gcc ignores -fPIC, still need this for old-style
@@ -3580,6 +3926,11 @@ m4_if([$1], [CXX], [
# DJGPP does not support shared libraries at all
_LT_TAGVAR(lt_prog_compiler_pic, $1)=
;;
+ haiku*)
+ # PIC is the default for Haiku.
+ # The "-static" flag exists, but is broken.
+ _LT_TAGVAR(lt_prog_compiler_static, $1)=
+ ;;
interix[[3-9]]*)
# Interix 3.x gcc -fpic/-fPIC options generate broken code.
# Instead, we relocate shared libraries at runtime.
@@ -3590,10 +3941,11 @@ m4_if([$1], [CXX], [
fi
;;
hpux*)
- # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
- # not for PA HP-UX.
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
case $host_cpu in
- hppa*64*|ia64*)
+ hppa*64*)
;;
*)
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
@@ -3628,6 +3980,12 @@ m4_if([$1], [CXX], [
;;
esac
;;
+ mingw* | cygwin* | os2* | pw32* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ m4_if([$1], [GCJ], [],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ ;;
dgux*)
case $cc_basename in
ec++*)
@@ -3684,19 +4042,26 @@ m4_if([$1], [CXX], [
;;
esac
;;
- linux* | k*bsd*-gnu)
+ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
case $cc_basename in
KCC*)
# KAI C++ Compiler
_LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
;;
- icpc* | ecpc* )
- # Intel C++
+ ecpc* )
+ # old Intel C++ for x86_64 which still supported -KPIC.
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
;;
+ icpc* )
+ # Intel C++, used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
pgCC* | pgcpp*)
# Portland Group C++ compiler
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
@@ -3710,8 +4075,8 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(lt_prog_compiler_pic, $1)=
_LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
;;
- xlc* | xlC*)
- # IBM XL 8.0 on PPC
+ xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*)
+ # IBM XL 8.0, 9.0 on PPC and BlueGene
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
@@ -3741,7 +4106,7 @@ m4_if([$1], [CXX], [
;;
esac
;;
- netbsd*)
+ netbsd* | netbsdelf*-gnu)
;;
*qnx* | *nto*)
# QNX uses GNU C++, but need to define -shared option too, otherwise
@@ -3773,7 +4138,7 @@ m4_if([$1], [CXX], [
;;
solaris*)
case $cc_basename in
- CC*)
+ CC* | sunCC*)
# Sun C++ 4.2, 5.x and Centerline C++
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
@@ -3862,7 +4227,7 @@ m4_if([$1], [CXX], [
# PIC is the default for these OSes.
;;
- mingw* | cygwin* | pw32* | os2*)
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
# This hack is so that the source file can tell whether it is being
# built for inclusion in a dll (and should export symbols for example).
# Although the cygwin gcc ignores -fPIC, still need this for old-style
@@ -3877,11 +4242,18 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
;;
+ haiku*)
+ # PIC is the default for Haiku.
+ # The "-static" flag exists, but is broken.
+ _LT_TAGVAR(lt_prog_compiler_static, $1)=
+ ;;
+
hpux*)
- # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
- # not for PA HP-UX.
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
case $host_cpu in
- hppa*64*|ia64*)
+ hppa*64*)
# +Z the default
;;
*)
@@ -3918,6 +4290,15 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
;;
esac
+
+ case $cc_basename in
+ nvcc*) # Cuda Compiler Driver 2.2
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
+ if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
+ fi
+ ;;
+ esac
else
# PORTME Check for flag to pass linker flags through the system compiler.
case $host_os in
@@ -3931,7 +4312,7 @@ m4_if([$1], [CXX], [
fi
;;
- mingw* | cygwin* | pw32* | os2*)
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
# This hack is so that the source file can tell whether it is being
# built for inclusion in a dll (and should export symbols for example).
m4_if([$1], [GCJ], [],
@@ -3960,14 +4341,34 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
;;
- linux* | k*bsd*-gnu)
+ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
case $cc_basename in
- icc* | ecc* | ifort*)
+ # old Intel for x86_64 which still supported -KPIC.
+ ecc*)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
;;
- pgcc* | pgf77* | pgf90* | pgf95*)
+ # icc used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ icc* | ifort*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ # Lahey Fortran 8.1.
+ lf95*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
+ ;;
+ nagfor*)
+ # NAG Fortran compiler
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
# Portland Group compilers (*not* the Pentium gcc compiler,
# which looks to be a dead project)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
@@ -3979,25 +4380,40 @@ m4_if([$1], [CXX], [
# All Alpha code is PIC.
_LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
;;
- xl*)
- # IBM XL C 8.0/Fortran 10.1 on PPC
+ xl* | bgxl* | bgf* | mpixl*)
+ # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
;;
*)
case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
+ # Sun Fortran 8.3 passes all unrecognized flags to the linker
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
+ ;;
+ *Sun\ F* | *Sun*Fortran*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
*Sun\ C*)
# Sun C 5.9
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
;;
- *Sun\ F*)
- # Sun Fortran 8.3 passes all unrecognized flags to the linker
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ *Intel*\ [[CF]]*Compiler*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ *Portland\ Group*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
;;
esac
;;
@@ -4029,7 +4445,7 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
case $cc_basename in
- f77* | f90* | f95*)
+ f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
*)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
@@ -4086,9 +4502,11 @@ case $host_os in
_LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
;;
esac
-AC_MSG_RESULT([$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
-_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
- [How to pass a linker flag through the compiler])
+
+AC_CACHE_CHECK([for $compiler option to produce PIC],
+ [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)],
+ [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
+_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)
#
# Check to make sure the PIC flag actually works.
@@ -4107,6 +4525,8 @@ fi
_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
[Additional compiler flags for building library objects])
+_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
+ [How to pass a linker flag through the compiler])
#
# Check to make sure the static flag actually works.
#
@@ -4127,6 +4547,7 @@ _LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
m4_defun([_LT_LINKER_SHLIBS],
[AC_REQUIRE([LT_PATH_LD])dnl
AC_REQUIRE([LT_PATH_NM])dnl
+m4_require([_LT_PATH_MANIFEST_TOOL])dnl
m4_require([_LT_FILEUTILS_DEFAULTS])dnl
m4_require([_LT_DECL_EGREP])dnl
m4_require([_LT_DECL_SED])dnl
@@ -4135,27 +4556,40 @@ m4_require([_LT_TAG_COMPILER])dnl
AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
m4_if([$1], [CXX], [
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
case $host_os in
aix[[4-9]]*)
# If we're using GNU nm, then we don't want the "-C" option.
# -C means demangle to AIX nm, but means don't demangle with GNU nm
+ # Also, AIX nm treats weak defined symbols like other global defined
+ # symbols, whereas GNU nm marks them as "W".
if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
else
_LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
fi
;;
pw32*)
_LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
- ;;
- cygwin* | mingw*)
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
- ;;
+ ;;
+ cygwin* | mingw* | cegcc*)
+ case $cc_basename in
+ cl*)
+ _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
+ ;;
+ *)
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
+ _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
+ ;;
+ esac
+ ;;
+ linux* | k*bsd*-gnu | gnu*)
+ _LT_TAGVAR(link_all_deplibs, $1)=no
+ ;;
*)
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- ;;
+ ;;
esac
- _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
], [
runpath_var=
_LT_TAGVAR(allow_undefined_flag, $1)=
@@ -4170,7 +4604,6 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
- _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
@@ -4200,7 +4633,7 @@ dnl Note also adjust exclude_expsyms for C++ above.
extract_expsyms_cmds=
case $host_os in
- cygwin* | mingw* | pw32*)
+ cygwin* | mingw* | pw32* | cegcc*)
# FIXME: the MSVC++ port hasn't been tested in a loooong time
# When not using gcc, we currently assume that we are using
# Microsoft Visual C++.
@@ -4215,10 +4648,39 @@ dnl Note also adjust exclude_expsyms for C++ above.
openbsd*)
with_gnu_ld=no
;;
+ linux* | k*bsd*-gnu | gnu*)
+ _LT_TAGVAR(link_all_deplibs, $1)=no
+ ;;
esac
_LT_TAGVAR(ld_shlibs, $1)=yes
+
+ # On some targets, GNU ld is compatible enough with the native linker
+ # that we're better off using the native interface for both.
+ lt_use_gnu_ld_interface=no
if test "$with_gnu_ld" = yes; then
+ case $host_os in
+ aix*)
+ # The AIX port of GNU ld has always aspired to compatibility
+ # with the native linker. However, as the warning in the GNU ld
+ # block says, versions before 2.19.5* couldn't really create working
+ # shared libraries, regardless of the interface used.
+ case `$LD -v 2>&1` in
+ *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
+ *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
+ *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
+ *)
+ lt_use_gnu_ld_interface=yes
+ ;;
+ esac
+ ;;
+ *)
+ lt_use_gnu_ld_interface=yes
+ ;;
+ esac
+ fi
+
+ if test "$lt_use_gnu_ld_interface" = yes; then
# If archive_cmds runs LD, not CC, wlarc should be empty
wlarc='${wl}'
@@ -4236,6 +4698,7 @@ dnl Note also adjust exclude_expsyms for C++ above.
fi
supports_anon_versioning=no
case `$LD -v 2>&1` in
+ *GNU\ gold*) supports_anon_versioning=yes ;;
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
*\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
*\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
@@ -4251,11 +4714,12 @@ dnl Note also adjust exclude_expsyms for C++ above.
_LT_TAGVAR(ld_shlibs, $1)=no
cat <<_LT_EOF 1>&2
-*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** Warning: the GNU linker, at least up to release 2.19, is reported
*** to be unable to reliably create shared libraries on AIX.
*** Therefore, libtool is disabling shared libraries support. If you
-*** really care for shared libraries, you may want to modify your PATH
-*** so that a non-GNU linker is found, and then restart.
+*** really care for shared libraries, you may want to install binutils
+*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
+*** You will then need to restart the configuration process.
_LT_EOF
fi
@@ -4287,14 +4751,16 @@ _LT_EOF
fi
;;
- cygwin* | mingw* | pw32*)
+ cygwin* | mingw* | pw32* | cegcc*)
# _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
# as there is no search path for DLLs.
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols'
_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
_LT_TAGVAR(always_export_symbols, $1)=no
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
+ _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
@@ -4312,6 +4778,11 @@ _LT_EOF
fi
;;
+ haiku*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
interix[[3-9]]*)
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
@@ -4327,7 +4798,7 @@ _LT_EOF
_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
;;
- gnu* | linux* | tpf* | k*bsd*-gnu)
+ gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
tmp_diet=no
if test "$host_os" = linux-dietlibc; then
case $cc_basename in
@@ -4337,15 +4808,16 @@ _LT_EOF
if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
&& test "$tmp_diet" = no
then
- tmp_addflag=
+ tmp_addflag=' $pic_flag'
tmp_sharedflag='-shared'
case $cc_basename,$host_cpu in
pgcc*) # Portland Group C compiler
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
tmp_addflag=' $pic_flag'
;;
- pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ pgf77* | pgf90* | pgf95* | pgfortran*)
+ # Portland Group f77 and f90 compilers
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
tmp_addflag=' $pic_flag -Mnomain' ;;
ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
tmp_addflag=' -i_dynamic' ;;
@@ -4353,13 +4825,20 @@ _LT_EOF
tmp_addflag=' -i_dynamic -nofor_main' ;;
ifc* | ifort*) # Intel Fortran compiler
tmp_addflag=' -nofor_main' ;;
- xl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+ lf95*) # Lahey Fortran 8.1
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ tmp_sharedflag='--shared' ;;
+ xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
tmp_sharedflag='-qmkshrobj'
tmp_addflag= ;;
+ nvcc*) # Cuda Compiler Driver 2.2
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(compiler_needs_object, $1)=yes
+ ;;
esac
case `$CC -V 2>&1 | sed 5q` in
*Sun\ C*) # Sun C 5.9
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
_LT_TAGVAR(compiler_needs_object, $1)=yes
tmp_sharedflag='-G' ;;
*Sun\ F*) # Sun Fortran 8.3
@@ -4375,17 +4854,16 @@ _LT_EOF
fi
case $cc_basename in
- xlf*)
+ xlf* | bgf* | bgxlf* | mpixlf*)
# IBM XL Fortran 10.1 on PPC cannot create shared libs itself
_LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
- _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
- _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
if test "x$supports_anon_versioning" = xyes; then
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
fi
;;
esac
@@ -4394,13 +4872,13 @@ _LT_EOF
fi
;;
- netbsd*)
+ netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
wlarc=
else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
fi
;;
@@ -4418,8 +4896,8 @@ _LT_EOF
_LT_EOF
elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
@@ -4465,8 +4943,8 @@ _LT_EOF
*)
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
@@ -4506,8 +4984,10 @@ _LT_EOF
else
# If we're using GNU nm, then we don't want the "-C" option.
# -C means demangle to AIX nm, but means don't demangle with GNU nm
+ # Also, AIX nm treats weak defined symbols like other global
+ # defined symbols, whereas GNU nm marks them as "W".
if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
else
_LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
fi
@@ -4569,6 +5049,7 @@ _LT_EOF
if test "$aix_use_runtimelinking" = yes; then
shared_flag="$shared_flag "'${wl}-G'
fi
+ _LT_TAGVAR(link_all_deplibs, $1)=no
else
# not using gcc
if test "$host_cpu" = ia64; then
@@ -4584,6 +5065,7 @@ _LT_EOF
fi
fi
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
# It seems that -bexpall does not export symbols beginning with
# underscore (_), so it is better to generate a list of symbols to export.
_LT_TAGVAR(always_export_symbols, $1)=yes
@@ -4593,9 +5075,9 @@ _LT_EOF
_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
# Determine the default libpath from the value encoded in an
# empty executable.
- _LT_SYS_MODULE_PATH_AIX
+ _LT_SYS_MODULE_PATH_AIX([$1])
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
else
if test "$host_cpu" = ia64; then
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
@@ -4604,14 +5086,19 @@ _LT_EOF
else
# Determine the default libpath from the value encoded in an
# empty executable.
- _LT_SYS_MODULE_PATH_AIX
+ _LT_SYS_MODULE_PATH_AIX([$1])
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
# Warning - without using the other run time loading flags,
# -berok will link without error, but may produce a broken library.
_LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
_LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
- # Exported symbols can be pulled into shared objects from archives
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ if test "$with_gnu_ld" = yes; then
+ # We only use this code for GNU lds that support --whole-archive.
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ else
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ fi
_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
# This is similar to how AIX traditionally builds its shared libraries.
_LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
@@ -4638,25 +5125,69 @@ _LT_EOF
_LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
;;
- cygwin* | mingw* | pw32*)
+ cygwin* | mingw* | pw32* | cegcc*)
# When not using gcc, we currently assume that we are using
# Microsoft Visual C++.
# hardcode_libdir_flag_spec is actually meaningless, as there is
# no search path for DLLs.
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=".dll"
- # FIXME: Setting linknames here is a bad hack.
- _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
- # The linker will automatically build a .lib file if we build a DLL.
- _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
- # FIXME: Should let the user specify the lib program.
- _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
- _LT_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ case $cc_basename in
+ cl*)
+ # Native MSVC
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=yes
+ _LT_TAGVAR(file_list_spec, $1)='@'
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames='
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp;
+ else
+ sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp;
+ fi~
+ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+ linknames='
+ # The linker will not automatically build a static lib if we build a DLL.
+ # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
+ # Don't use ranlib
+ _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
+ _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
+ lt_tool_outputfile="@TOOL_OUTPUT@"~
+ case $lt_outputfile in
+ *.exe|*.EXE) ;;
+ *)
+ lt_outputfile="$lt_outputfile.exe"
+ lt_tool_outputfile="$lt_tool_outputfile.exe"
+ ;;
+ esac~
+ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then
+ $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
+ $RM "$lt_outputfile.manifest";
+ fi'
+ ;;
+ *)
+ # Assume MSVC wrapper
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
+ # FIXME: Should let the user specify the lib program.
+ _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ ;;
+ esac
;;
darwin* | rhapsody*)
@@ -4669,10 +5200,6 @@ _LT_EOF
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
;;
- freebsd1*)
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
# FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
# support. Future versions do this automatically, but an explicit c++rt0.o
# does not break anything, and helps significantly (at the cost of a little
@@ -4685,7 +5212,7 @@ _LT_EOF
;;
# Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2*)
+ freebsd2.*)
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_minus_L, $1)=yes
@@ -4694,7 +5221,7 @@ _LT_EOF
# FreeBSD 3 and greater uses gcc -shared to do shared libraries.
freebsd* | dragonfly*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
@@ -4702,7 +5229,7 @@ _LT_EOF
hpux9*)
if test "$GCC" = yes; then
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
else
_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
fi
@@ -4717,14 +5244,13 @@ _LT_EOF
;;
hpux10*)
- if test "$GCC" = yes -a "$with_gnu_ld" = no; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ if test "$GCC" = yes && test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
else
_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
fi
if test "$with_gnu_ld" = no; then
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
- _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
@@ -4736,16 +5262,16 @@ _LT_EOF
;;
hpux11*)
- if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ if test "$GCC" = yes && test "$with_gnu_ld" = no; then
case $host_cpu in
hppa*64*)
_LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
;;
ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
;;
*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
;;
esac
else
@@ -4757,7 +5283,14 @@ _LT_EOF
_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
;;
*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ m4_if($1, [], [
+ # Older versions of the 11.00 compiler do not understand -b yet
+ # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
+ _LT_LINKER_OPTION([if $CC understands -b],
+ _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
+ [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
+ [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
+ [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
;;
esac
fi
@@ -4785,19 +5318,34 @@ _LT_EOF
irix5* | irix6* | nonstopux*)
if test "$GCC" = yes; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
# Try to use the -exported_symbol ld option, if it does not
# work, assume that -exports_file does not work either and
# implicitly export all symbols.
- save_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
- AC_LINK_IFELSE(int foo(void) {},
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
- )
- LDFLAGS="$save_LDFLAGS"
+ # This should be the same for all languages, so no per-tag cache variable.
+ AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
+ [lt_cv_irix_exported_symbol],
+ [save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE(
+ [AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
+ [C++], [[int foo (void) { return 0; }]],
+ [Fortran 77], [[
+ subroutine foo
+ end]],
+ [Fortran], [[
+ subroutine foo
+ end]])])],
+ [lt_cv_irix_exported_symbol=yes],
+ [lt_cv_irix_exported_symbol=no])
+ LDFLAGS="$save_LDFLAGS"])
+ if test "$lt_cv_irix_exported_symbol" = yes; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+ fi
else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
fi
_LT_TAGVAR(archive_cmds_need_lc, $1)='no'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
@@ -4806,7 +5354,7 @@ _LT_EOF
_LT_TAGVAR(link_all_deplibs, $1)=yes
;;
- netbsd*)
+ netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
else
@@ -4859,17 +5407,17 @@ _LT_EOF
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
_LT_TAGVAR(hardcode_minus_L, $1)=yes
_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
_LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
;;
osf3*)
if test "$GCC" = yes; then
_LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
else
_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
fi
_LT_TAGVAR(archive_cmds_need_lc, $1)='no'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
@@ -4879,13 +5427,13 @@ _LT_EOF
osf4* | osf5*) # as osf3* with the addition of -msym flag
if test "$GCC" = yes; then
_LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
else
_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
# Both c and cxx compiler support -rpath directly
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
@@ -4898,9 +5446,9 @@ _LT_EOF
_LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
if test "$GCC" = yes; then
wlarc='${wl}'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
else
case `$CC -V 2>&1` in
*"Compilers 5.0"*)
@@ -5076,36 +5624,38 @@ x|xyes)
# Test whether the compiler implicitly links with -lc since on some
# systems, -lgcc has to come before -lc. If gcc already passes -lc
# to ld, don't add -lc before -lgcc.
- AC_MSG_CHECKING([whether -lc should be explicitly linked in])
- $RM conftest*
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
- soname=conftest
- lib=conftest
- libobjs=conftest.$ac_objext
- deplibs=
- wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
- pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
- compiler_flags=-v
- linker_flags=-v
- verstring=
- output_objdir=.
- libname=conftest
- lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
- _LT_TAGVAR(allow_undefined_flag, $1)=
- if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
- then
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- else
- _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
- fi
- _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
- else
- cat conftest.err 1>&5
- fi
- $RM conftest*
- AC_MSG_RESULT([$_LT_TAGVAR(archive_cmds_need_lc, $1)])
+ AC_CACHE_CHECK([whether -lc should be explicitly linked in],
+ [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1),
+ [$RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
+ pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
+ _LT_TAGVAR(allow_undefined_flag, $1)=
+ if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
+ then
+ lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ else
+ lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+ fi
+ _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+ ])
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)
;;
esac
fi
@@ -5142,9 +5692,6 @@ _LT_TAGDECL([], [no_undefined_flag], [1],
_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
[Flag to hardcode $libdir into a binary during linking.
This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1],
- [[If ld is used when linking, flag to hardcode $libdir into a binary
- during linking. This must work even if $libdir does not exist]])
_LT_TAGDECL([], [hardcode_libdir_separator], [1],
[Whether we need a single "-rpath" flag with a separated argument])
_LT_TAGDECL([], [hardcode_direct], [0],
@@ -5170,8 +5717,6 @@ _LT_TAGDECL([], [inherit_rpath], [0],
to runtime path list])
_LT_TAGDECL([], [link_all_deplibs], [0],
[Whether libtool must link a program against all its dependency libraries])
-_LT_TAGDECL([], [fix_srcfile_path], [1],
- [Fix the shell variable $srcfile for the compiler])
_LT_TAGDECL([], [always_export_symbols], [0],
[Set to "yes" if exported symbols are required])
_LT_TAGDECL([], [export_symbols_cmds], [2],
@@ -5182,6 +5727,8 @@ _LT_TAGDECL([], [include_expsyms], [1],
[Symbols that must always be exported])
_LT_TAGDECL([], [prelink_cmds], [2],
[Commands necessary for linking programs (against libraries) with templates])
+_LT_TAGDECL([], [postlink_cmds], [2],
+ [Commands necessary for finishing linking programs])
_LT_TAGDECL([], [file_list_spec], [1],
[Specify filename containing input files])
dnl FIXME: Not yet implemented
@@ -5275,37 +5822,22 @@ CC="$lt_save_CC"
])# _LT_LANG_C_CONFIG
-# _LT_PROG_CXX
-# ------------
-# Since AC_PROG_CXX is broken, in that it returns g++ if there is no c++
-# compiler, we have our own version here.
-m4_defun([_LT_PROG_CXX],
-[
-pushdef([AC_MSG_ERROR], [_lt_caught_CXX_error=yes])
-AC_PROG_CXX
-if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
- ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
- (test "X$CXX" != "Xg++"))) ; then
- AC_PROG_CXXCPP
-else
- _lt_caught_CXX_error=yes
-fi
-popdef([AC_MSG_ERROR])
-])# _LT_PROG_CXX
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([_LT_PROG_CXX], [])
-
-
# _LT_LANG_CXX_CONFIG([TAG])
# --------------------------
# Ensure that the configuration variables for a C++ compiler are suitably
# defined. These variables are subsequently used by _LT_CONFIG to write
# the compiler configuration to `libtool'.
m4_defun([_LT_LANG_CXX_CONFIG],
-[AC_REQUIRE([_LT_PROG_CXX])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_PATH_MANIFEST_TOOL])dnl
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ AC_PROG_CXXCPP
+else
+ _lt_caught_CXX_error=yes
+fi
AC_LANG_PUSH(C++)
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
@@ -5317,7 +5849,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
@@ -5327,6 +5858,8 @@ _LT_TAGVAR(module_cmds, $1)=
_LT_TAGVAR(module_expsym_cmds, $1)=
_LT_TAGVAR(link_all_deplibs, $1)=unknown
_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
_LT_TAGVAR(no_undefined_flag, $1)=
_LT_TAGVAR(whole_archive_flag_spec, $1)=
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
@@ -5358,6 +5891,7 @@ if test "$_lt_caught_CXX_error" != yes; then
# Allow CC to be a program name with arguments.
lt_save_CC=$CC
+ lt_save_CFLAGS=$CFLAGS
lt_save_LD=$LD
lt_save_GCC=$GCC
GCC=$GXX
@@ -5375,6 +5909,7 @@ if test "$_lt_caught_CXX_error" != yes; then
fi
test -z "${LDCXX+set}" || LD=$LDCXX
CC=${CXX-"c++"}
+ CFLAGS=$CXXFLAGS
compiler=$CC
_LT_TAGVAR(compiler, $1)=$CC
_LT_CC_BASENAME([$compiler])
@@ -5396,8 +5931,8 @@ if test "$_lt_caught_CXX_error" != yes; then
# Check if GNU C++ uses GNU ld as the underlying linker, since the
# archiving commands below assume that GNU ld is being used.
if test "$with_gnu_ld" = yes; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
@@ -5429,7 +5964,7 @@ if test "$_lt_caught_CXX_error" != yes; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
else
GXX=no
@@ -5527,6 +6062,7 @@ if test "$_lt_caught_CXX_error" != yes; then
fi
fi
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
# It seems that -bexpall does not export symbols beginning with
# underscore (_), so it is better to generate a list of symbols to
# export.
@@ -5537,10 +6073,10 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
# Determine the default libpath from the value encoded in an empty
# executable.
- _LT_SYS_MODULE_PATH_AIX
+ _LT_SYS_MODULE_PATH_AIX([$1])
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
else
if test "$host_cpu" = ia64; then
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
@@ -5549,14 +6085,19 @@ if test "$_lt_caught_CXX_error" != yes; then
else
# Determine the default libpath from the value encoded in an
# empty executable.
- _LT_SYS_MODULE_PATH_AIX
+ _LT_SYS_MODULE_PATH_AIX([$1])
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
# Warning - without using the other run time loading flags,
# -berok will link without error, but may produce a broken library.
_LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
_LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
- # Exported symbols can be pulled into shared objects from archives
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ if test "$with_gnu_ld" = yes; then
+ # We only use this code for GNU lds that support --whole-archive.
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ else
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ fi
_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
# This is similar to how AIX traditionally builds its shared
# libraries.
@@ -5585,29 +6126,76 @@ if test "$_lt_caught_CXX_error" != yes; then
esac
;;
- cygwin* | mingw* | pw32*)
- # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
- # as there is no search path for DLLs.
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(always_export_symbols, $1)=no
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file (1st line
- # is EXPORTS), use it as is; otherwise, prepend...
- _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
+ cygwin* | mingw* | pw32* | cegcc*)
+ case $GXX,$cc_basename in
+ ,cl* | no,cl*)
+ # Native MSVC
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=yes
+ _LT_TAGVAR(file_list_spec, $1)='@'
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames='
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ $SED -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp;
+ else
+ $SED -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp;
+ fi~
+ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+ linknames='
+ # The linker will not automatically build a static lib if we build a DLL.
+ # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ # Don't use ranlib
+ _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
+ _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
+ lt_tool_outputfile="@TOOL_OUTPUT@"~
+ case $lt_outputfile in
+ *.exe|*.EXE) ;;
+ *)
+ lt_outputfile="$lt_outputfile.exe"
+ lt_tool_outputfile="$lt_tool_outputfile.exe"
+ ;;
+ esac~
+ func_to_tool_file "$lt_outputfile"~
+ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then
+ $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
+ $RM "$lt_outputfile.manifest";
+ fi'
+ ;;
+ *)
+ # g++
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols'
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=no
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
darwin* | rhapsody*)
_LT_DARWIN_LINKER_FEATURES($1)
;;
@@ -5630,7 +6218,7 @@ if test "$_lt_caught_CXX_error" != yes; then
esac
;;
- freebsd[[12]]*)
+ freebsd2.*)
# C++ shared libraries reported to be fairly broken before
# switch to ELF
_LT_TAGVAR(ld_shlibs, $1)=no
@@ -5646,7 +6234,9 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(ld_shlibs, $1)=yes
;;
- gnu*)
+ haiku*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
;;
hpux9*)
@@ -5673,11 +6263,11 @@ if test "$_lt_caught_CXX_error" != yes; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
if test "$GXX" = yes; then
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
else
# FIXME: insert proper C++ library support
_LT_TAGVAR(ld_shlibs, $1)=no
@@ -5738,7 +6328,7 @@ if test "$_lt_caught_CXX_error" != yes; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
if test "$GXX" = yes; then
@@ -5748,10 +6338,10 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
;;
ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
;;
*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
;;
esac
fi
@@ -5781,7 +6371,7 @@ if test "$_lt_caught_CXX_error" != yes; then
case $cc_basename in
CC*)
# SGI C++
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
# Archives containing C++ object files must be created using
# "CC -ar", where "CC" is the IRIX C++ compiler. This is
@@ -5792,9 +6382,9 @@ if test "$_lt_caught_CXX_error" != yes; then
*)
if test "$GXX" = yes; then
if test "$with_gnu_ld" = no; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` -o $lib'
fi
fi
_LT_TAGVAR(link_all_deplibs, $1)=yes
@@ -5805,7 +6395,7 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(inherit_rpath, $1)=yes
;;
- linux* | k*bsd*-gnu)
+ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
case $cc_basename in
KCC*)
# Kuck and Associates, Inc. (KAI) C++ Compiler
@@ -5823,7 +6413,7 @@ if test "$_lt_caught_CXX_error" != yes; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
@@ -5860,26 +6450,26 @@ if test "$_lt_caught_CXX_error" != yes; then
pgCC* | pgcpp*)
# Portland Group C++ compiler
case `$CC -V` in
- *pgCC\ [[1-5]]* | *pgcpp\ [[1-5]]*)
+ *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
_LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
rm -rf $tpldir~
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
_LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
rm -rf $tpldir~
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
$RANLIB $oldlib'
_LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
rm -rf $tpldir~
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
rm -rf $tpldir~
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
;;
- *) # Version 6 will use weak symbols
+ *) # Version 6 and above use weak symbols
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
;;
@@ -5887,7 +6477,7 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
;;
cxx*)
# Compaq C++
@@ -5906,9 +6496,9 @@ if test "$_lt_caught_CXX_error" != yes; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
;;
- xl*)
+ xl* | mpixl* | bgxl*)
# IBM XL 8.0 on PPC, with GNU ld
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
@@ -5928,13 +6518,13 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
_LT_TAGVAR(compiler_needs_object, $1)=yes
# Not sure whether something based on
# $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
# would be better.
- output_verbose_link_cmd='echo'
+ output_verbose_link_cmd='func_echo_all'
# Archives containing C++ object files must be created using
# "CC -xar", where "CC" is the Sun C++ compiler. This is
@@ -6003,7 +6593,7 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
_LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
fi
- output_verbose_link_cmd=echo
+ output_verbose_link_cmd=func_echo_all
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
@@ -6038,15 +6628,15 @@ if test "$_lt_caught_CXX_error" != yes; then
case $host in
osf3*)
_LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && func_echo_all "${wl}-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
;;
*)
_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
echo "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~
$RM $lib.exp'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
;;
@@ -6062,17 +6652,17 @@ if test "$_lt_caught_CXX_error" != yes; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
if test "$GXX" = yes && test "$with_gnu_ld" = no; then
_LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
case $host in
osf3*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
;;
*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
;;
esac
@@ -6082,7 +6672,7 @@ if test "$_lt_caught_CXX_error" != yes; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
else
# FIXME: insert proper C++ library support
@@ -6118,7 +6708,7 @@ if test "$_lt_caught_CXX_error" != yes; then
solaris*)
case $cc_basename in
- CC*)
+ CC* | sunCC*)
# Sun C++ 4.2, 5.x and Centerline C++
_LT_TAGVAR(archive_cmds_need_lc,$1)=yes
_LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
@@ -6139,7 +6729,7 @@ if test "$_lt_caught_CXX_error" != yes; then
esac
_LT_TAGVAR(link_all_deplibs, $1)=yes
- output_verbose_link_cmd='echo'
+ output_verbose_link_cmd='func_echo_all'
# Archives containing C++ object files must be created using
# "CC -xar", where "CC" is the Sun C++ compiler. This is
@@ -6159,14 +6749,14 @@ if test "$_lt_caught_CXX_error" != yes; then
if test "$GXX" = yes && test "$with_gnu_ld" = no; then
_LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs'
if $CC --version | $GREP -v '^2\.7' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+ $CC -shared $pic_flag -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
else
# g++ 2.7 appears to require `-G' NOT `-shared' on this
# platform.
@@ -6177,7 +6767,7 @@ if test "$_lt_caught_CXX_error" != yes; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
fi
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
@@ -6231,6 +6821,10 @@ if test "$_lt_caught_CXX_error" != yes; then
CC*)
_LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
+ '"$_LT_TAGVAR(old_archive_cmds, $1)"
+ _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
+ '"$_LT_TAGVAR(reload_cmds, $1)"
;;
*)
_LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
@@ -6286,6 +6880,7 @@ if test "$_lt_caught_CXX_error" != yes; then
fi # test -n "$compiler"
CC=$lt_save_CC
+ CFLAGS=$lt_save_CFLAGS
LDCXX=$LD
LD=$lt_save_LD
GCC=$lt_save_GCC
@@ -6300,6 +6895,29 @@ AC_LANG_POP
])# _LT_LANG_CXX_CONFIG
+# _LT_FUNC_STRIPNAME_CNF
+# ----------------------
+# func_stripname_cnf prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+#
+# This function is identical to the (non-XSI) version of func_stripname,
+# except this one can be used by m4 code that may be executed by configure,
+# rather than the libtool script.
+m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl
+AC_REQUIRE([_LT_DECL_SED])
+AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
+func_stripname_cnf ()
+{
+ case ${2} in
+ .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;;
+ *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;;
+ esac
+} # func_stripname_cnf
+])# _LT_FUNC_STRIPNAME_CNF
+
# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
# ---------------------------------
# Figure out "hidden" library dependencies from verbose
@@ -6308,6 +6926,7 @@ AC_LANG_POP
# objects, libraries and library flags.
m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl
# Dependencies to place before and after the object being linked:
_LT_TAGVAR(predep_objects, $1)=
_LT_TAGVAR(postdep_objects, $1)=
@@ -6357,7 +6976,20 @@ public class foo {
}
};
_LT_EOF
+], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
+package foo
+func foo() {
+}
+_LT_EOF
])
+
+_lt_libdeps_save_CFLAGS=$CFLAGS
+case "$CC $CFLAGS " in #(
+*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
+*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
+*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
+esac
+
dnl Parse the compiler output and extract the necessary
dnl objects, libraries and library flags.
if AC_TRY_EVAL(ac_compile); then
@@ -6369,7 +7001,7 @@ if AC_TRY_EVAL(ac_compile); then
pre_test_object_deps_done=no
for p in `eval "$output_verbose_link_cmd"`; do
- case $p in
+ case ${prev}${p} in
-L* | -R* | -l*)
# Some compilers place space between "-{L,R}" and the path.
@@ -6378,13 +7010,22 @@ if AC_TRY_EVAL(ac_compile); then
test $p = "-R"; then
prev=$p
continue
- else
- prev=
fi
+ # Expand the sysroot to ease extracting the directories later.
+ if test -z "$prev"; then
+ case $p in
+ -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
+ -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
+ -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
+ esac
+ fi
+ case $p in
+ =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
+ esac
if test "$pre_test_object_deps_done" = no; then
- case $p in
- -L* | -R*)
+ case ${prev} in
+ -L | -R)
# Internal compiler library paths should come after those
# provided the user. The postdeps already come after the
# user supplied libs so there is no need to process them.
@@ -6404,8 +7045,10 @@ if AC_TRY_EVAL(ac_compile); then
_LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}"
fi
fi
+ prev=
;;
+ *.lto.$objext) ;; # Ignore GCC LTO objects
*.$objext)
# This assumes that the test object file only shows up
# once in the compiler output.
@@ -6441,6 +7084,7 @@ else
fi
$RM -f confest.$objext
+CFLAGS=$_lt_libdeps_save_CFLAGS
# PORTME: override above test on systems where it is broken
m4_if([$1], [CXX],
@@ -6477,7 +7121,7 @@ linux*)
solaris*)
case $cc_basename in
- CC*)
+ CC* | sunCC*)
# The more standards-conforming stlport4 library is
# incompatible with the Cstd library. Avoid specifying
# it if it's in CXXFLAGS. Ignore libCrun as
@@ -6521,32 +7165,16 @@ _LT_TAGDECL([], [compiler_lib_search_path], [1],
])# _LT_SYS_HIDDEN_LIBDEPS
-# _LT_PROG_F77
-# ------------
-# Since AC_PROG_F77 is broken, in that it returns the empty string
-# if there is no fortran compiler, we have our own version here.
-m4_defun([_LT_PROG_F77],
-[
-pushdef([AC_MSG_ERROR], [_lt_disable_F77=yes])
-AC_PROG_F77
-if test -z "$F77" || test "X$F77" = "Xno"; then
- _lt_disable_F77=yes
-fi
-popdef([AC_MSG_ERROR])
-])# _LT_PROG_F77
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([_LT_PROG_F77], [])
-
-
# _LT_LANG_F77_CONFIG([TAG])
# --------------------------
# Ensure that the configuration variables for a Fortran 77 compiler are
# suitably defined. These variables are subsequently used by _LT_CONFIG
# to write the compiler configuration to `libtool'.
m4_defun([_LT_LANG_F77_CONFIG],
-[AC_REQUIRE([_LT_PROG_F77])dnl
-AC_LANG_PUSH(Fortran 77)
+[AC_LANG_PUSH(Fortran 77)
+if test -z "$F77" || test "X$F77" = "Xno"; then
+ _lt_disable_F77=yes
+fi
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
_LT_TAGVAR(allow_undefined_flag, $1)=
@@ -6556,7 +7184,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_automatic, $1)=no
@@ -6565,6 +7192,8 @@ _LT_TAGVAR(module_cmds, $1)=
_LT_TAGVAR(module_expsym_cmds, $1)=
_LT_TAGVAR(link_all_deplibs, $1)=unknown
_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
_LT_TAGVAR(no_undefined_flag, $1)=
_LT_TAGVAR(whole_archive_flag_spec, $1)=
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
@@ -6604,7 +7233,9 @@ if test "$_lt_disable_F77" != yes; then
# Allow CC to be a program name with arguments.
lt_save_CC="$CC"
lt_save_GCC=$GCC
+ lt_save_CFLAGS=$CFLAGS
CC=${F77-"f77"}
+ CFLAGS=$FFLAGS
compiler=$CC
_LT_TAGVAR(compiler, $1)=$CC
_LT_CC_BASENAME([$compiler])
@@ -6658,38 +7289,24 @@ if test "$_lt_disable_F77" != yes; then
GCC=$lt_save_GCC
CC="$lt_save_CC"
+ CFLAGS="$lt_save_CFLAGS"
fi # test "$_lt_disable_F77" != yes
AC_LANG_POP
])# _LT_LANG_F77_CONFIG
-# _LT_PROG_FC
-# -----------
-# Since AC_PROG_FC is broken, in that it returns the empty string
-# if there is no fortran compiler, we have our own version here.
-m4_defun([_LT_PROG_FC],
-[
-pushdef([AC_MSG_ERROR], [_lt_disable_FC=yes])
-AC_PROG_FC
-if test -z "$FC" || test "X$FC" = "Xno"; then
- _lt_disable_FC=yes
-fi
-popdef([AC_MSG_ERROR])
-])# _LT_PROG_FC
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([_LT_PROG_FC], [])
-
-
# _LT_LANG_FC_CONFIG([TAG])
# -------------------------
# Ensure that the configuration variables for a Fortran compiler are
# suitably defined. These variables are subsequently used by _LT_CONFIG
# to write the compiler configuration to `libtool'.
m4_defun([_LT_LANG_FC_CONFIG],
-[AC_REQUIRE([_LT_PROG_FC])dnl
-AC_LANG_PUSH(Fortran)
+[AC_LANG_PUSH(Fortran)
+
+if test -z "$FC" || test "X$FC" = "Xno"; then
+ _lt_disable_FC=yes
+fi
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
_LT_TAGVAR(allow_undefined_flag, $1)=
@@ -6699,7 +7316,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_automatic, $1)=no
@@ -6708,6 +7324,8 @@ _LT_TAGVAR(module_cmds, $1)=
_LT_TAGVAR(module_expsym_cmds, $1)=
_LT_TAGVAR(link_all_deplibs, $1)=unknown
_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
_LT_TAGVAR(no_undefined_flag, $1)=
_LT_TAGVAR(whole_archive_flag_spec, $1)=
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
@@ -6747,7 +7365,9 @@ if test "$_lt_disable_FC" != yes; then
# Allow CC to be a program name with arguments.
lt_save_CC="$CC"
lt_save_GCC=$GCC
+ lt_save_CFLAGS=$CFLAGS
CC=${FC-"f95"}
+ CFLAGS=$FCFLAGS
compiler=$CC
GCC=$ac_cv_fc_compiler_gnu
@@ -6803,7 +7423,8 @@ if test "$_lt_disable_FC" != yes; then
fi # test -n "$compiler"
GCC=$lt_save_GCC
- CC="$lt_save_CC"
+ CC=$lt_save_CC
+ CFLAGS=$lt_save_CFLAGS
fi # test "$_lt_disable_FC" != yes
AC_LANG_POP
@@ -6840,10 +7461,12 @@ _LT_COMPILER_BOILERPLATE
_LT_LINKER_BOILERPLATE
# Allow CC to be a program name with arguments.
-lt_save_CC="$CC"
+lt_save_CC=$CC
+lt_save_CFLAGS=$CFLAGS
lt_save_GCC=$GCC
GCC=yes
CC=${GCJ-"gcj"}
+CFLAGS=$GCJFLAGS
compiler=$CC
_LT_TAGVAR(compiler, $1)=$CC
_LT_TAGVAR(LD, $1)="$LD"
@@ -6853,6 +7476,8 @@ _LT_CC_BASENAME([$compiler])
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
## CAVEAT EMPTOR:
## There is no encapsulation within the following macros, do not change
@@ -6872,10 +7497,82 @@ fi
AC_LANG_RESTORE
GCC=$lt_save_GCC
-CC="$lt_save_CC"
+CC=$lt_save_CC
+CFLAGS=$lt_save_CFLAGS
])# _LT_LANG_GCJ_CONFIG
+# _LT_LANG_GO_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for the GNU Go compiler
+# are suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_GO_CONFIG],
+[AC_REQUIRE([LT_PROG_GO])dnl
+AC_LANG_SAVE
+
+# Source file extension for Go test sources.
+ac_ext=go
+
+# Object file extension for compiled Go test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="package main; func main() { }"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='package main; func main() { }'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_CFLAGS=$CFLAGS
+lt_save_GCC=$GCC
+GCC=yes
+CC=${GOC-"gccgo"}
+CFLAGS=$GOFLAGS
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_TAGVAR(LD, $1)="$LD"
+_LT_CC_BASENAME([$compiler])
+
+# Go did not exist at the time GCC didn't implicitly link libc in.
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+ _LT_COMPILER_NO_RTTI($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+fi
+
+AC_LANG_RESTORE
+
+GCC=$lt_save_GCC
+CC=$lt_save_CC
+CFLAGS=$lt_save_CFLAGS
+])# _LT_LANG_GO_CONFIG
+
+
# _LT_LANG_RC_CONFIG([TAG])
# -------------------------
# Ensure that the configuration variables for the Windows resource compiler
@@ -6907,9 +7604,11 @@ _LT_LINKER_BOILERPLATE
# Allow CC to be a program name with arguments.
lt_save_CC="$CC"
+lt_save_CFLAGS=$CFLAGS
lt_save_GCC=$GCC
GCC=
CC=${RC-"windres"}
+CFLAGS=
compiler=$CC
_LT_TAGVAR(compiler, $1)=$CC
_LT_CC_BASENAME([$compiler])
@@ -6922,7 +7621,8 @@ fi
GCC=$lt_save_GCC
AC_LANG_RESTORE
-CC="$lt_save_CC"
+CC=$lt_save_CC
+CFLAGS=$lt_save_CFLAGS
])# _LT_LANG_RC_CONFIG
@@ -6942,6 +7642,13 @@ dnl aclocal-1.4 backwards compatibility:
dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
+# LT_PROG_GO
+# ----------
+AC_DEFUN([LT_PROG_GO],
+[AC_CHECK_TOOL(GOC, gccgo,)
+])
+
+
# LT_PROG_RC
# ----------
AC_DEFUN([LT_PROG_RC],
@@ -6970,6 +7677,27 @@ AC_SUBST([GREP])
])
+# _LT_DECL_OBJDUMP
+# --------------
+# If we don't have a new enough Autoconf to choose the best objdump
+# available, choose the one first in the user's PATH.
+m4_defun([_LT_DECL_OBJDUMP],
+[AC_CHECK_TOOL(OBJDUMP, objdump, false)
+test -z "$OBJDUMP" && OBJDUMP=objdump
+_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
+AC_SUBST([OBJDUMP])
+])
+
+# _LT_DECL_DLLTOOL
+# ----------------
+# Ensure DLLTOOL variable is set.
+m4_defun([_LT_DECL_DLLTOOL],
+[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+_LT_DECL([], [DLLTOOL], [1], [DLL creation program])
+AC_SUBST([DLLTOOL])
+])
+
# _LT_DECL_SED
# ------------
# Check for a fully-functional sed program, that truncates
@@ -7062,8 +7790,8 @@ m4_defun([_LT_CHECK_SHELL_FEATURES],
# Try some XSI features
xsi_shell=no
( _lt_dummy="a/b/c"
- test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
- = c,a/b,, \
+ test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \
+ = c,a/b,b/c, \
&& eval 'test $(( 1 + 1 )) -eq 2 \
&& test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
&& xsi_shell=yes
@@ -7102,208 +7830,162 @@ _LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
])# _LT_CHECK_SHELL_FEATURES
-# _LT_PROG_XSI_SHELLFNS
-# ---------------------
-# Bourne and XSI compatible variants of some useful shell functions.
-m4_defun([_LT_PROG_XSI_SHELLFNS],
-[case $xsi_shell in
- yes)
- cat << \_LT_EOF >> "$cfgfile"
-
-# func_dirname file append nondir_replacement
-# Compute the dirname of FILE. If nonempty, add APPEND to the result,
-# otherwise set result to NONDIR_REPLACEMENT.
-func_dirname ()
-{
- case ${1} in
- */*) func_dirname_result="${1%/*}${2}" ;;
- * ) func_dirname_result="${3}" ;;
- esac
-}
-
-# func_basename file
-func_basename ()
-{
- func_basename_result="${1##*/}"
-}
-
-# func_dirname_and_basename file append nondir_replacement
-# perform func_basename and func_dirname in a single function
-# call:
-# dirname: Compute the dirname of FILE. If nonempty,
-# add APPEND to the result, otherwise set result
-# to NONDIR_REPLACEMENT.
-# value returned in "$func_dirname_result"
-# basename: Compute filename of FILE.
-# value retuned in "$func_basename_result"
-# Implementation must be kept synchronized with func_dirname
-# and func_basename. For efficiency, we do not delegate to
-# those functions but instead duplicate the functionality here.
-func_dirname_and_basename ()
-{
- case ${1} in
- */*) func_dirname_result="${1%/*}${2}" ;;
- * ) func_dirname_result="${3}" ;;
- esac
- func_basename_result="${1##*/}"
-}
-
-# func_stripname prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-func_stripname ()
-{
- # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
- # positional parameters, so assign one to ordinary parameter first.
- func_stripname_result=${3}
- func_stripname_result=${func_stripname_result#"${1}"}
- func_stripname_result=${func_stripname_result%"${2}"}
-}
-
-# func_opt_split
-func_opt_split ()
-{
- func_opt_split_opt=${1%%=*}
- func_opt_split_arg=${1#*=}
-}
-
-# func_lo2o object
-func_lo2o ()
-{
- case ${1} in
- *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
- *) func_lo2o_result=${1} ;;
- esac
-}
-
-# func_xform libobj-or-source
-func_xform ()
-{
- func_xform_result=${1%.*}.lo
-}
-
-# func_arith arithmetic-term...
-func_arith ()
-{
- func_arith_result=$(( $[*] ))
-}
-
-# func_len string
-# STRING may not start with a hyphen.
-func_len ()
-{
- func_len_result=${#1}
-}
+# _LT_PROG_FUNCTION_REPLACE (FUNCNAME, REPLACEMENT-BODY)
+# ------------------------------------------------------
+# In `$cfgfile', look for function FUNCNAME delimited by `^FUNCNAME ()$' and
+# '^} FUNCNAME ', and replace its body with REPLACEMENT-BODY.
+m4_defun([_LT_PROG_FUNCTION_REPLACE],
+[dnl {
+sed -e '/^$1 ()$/,/^} # $1 /c\
+$1 ()\
+{\
+m4_bpatsubsts([$2], [$], [\\], [^\([ ]\)], [\\\1])
+} # Extended-shell $1 implementation' "$cfgfile" > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+test 0 -eq $? || _lt_function_replace_fail=:
+])
-_LT_EOF
- ;;
- *) # Bourne compatible functions.
- cat << \_LT_EOF >> "$cfgfile"
-# func_dirname file append nondir_replacement
-# Compute the dirname of FILE. If nonempty, add APPEND to the result,
-# otherwise set result to NONDIR_REPLACEMENT.
-func_dirname ()
-{
- # Extract subdirectory from the argument.
- func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
- if test "X$func_dirname_result" = "X${1}"; then
- func_dirname_result="${3}"
- else
- func_dirname_result="$func_dirname_result${2}"
- fi
-}
+# _LT_PROG_REPLACE_SHELLFNS
+# -------------------------
+# Replace existing portable implementations of several shell functions with
+# equivalent extended shell implementations where those features are available..
+m4_defun([_LT_PROG_REPLACE_SHELLFNS],
+[if test x"$xsi_shell" = xyes; then
+ _LT_PROG_FUNCTION_REPLACE([func_dirname], [dnl
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac])
+
+ _LT_PROG_FUNCTION_REPLACE([func_basename], [dnl
+ func_basename_result="${1##*/}"])
+
+ _LT_PROG_FUNCTION_REPLACE([func_dirname_and_basename], [dnl
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+ func_basename_result="${1##*/}"])
-# func_basename file
-func_basename ()
-{
- func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
-}
+ _LT_PROG_FUNCTION_REPLACE([func_stripname], [dnl
+ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+ # positional parameters, so assign one to ordinary parameter first.
+ func_stripname_result=${3}
+ func_stripname_result=${func_stripname_result#"${1}"}
+ func_stripname_result=${func_stripname_result%"${2}"}])
-dnl func_dirname_and_basename
-dnl A portable version of this function is already defined in general.m4sh
-dnl so there is no need for it here.
+ _LT_PROG_FUNCTION_REPLACE([func_split_long_opt], [dnl
+ func_split_long_opt_name=${1%%=*}
+ func_split_long_opt_arg=${1#*=}])
-# func_stripname prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-# func_strip_suffix prefix name
-func_stripname ()
-{
- case ${2} in
- .*) func_stripname_result=`$ECHO "X${3}" \
- | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
- *) func_stripname_result=`$ECHO "X${3}" \
- | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
- esac
-}
+ _LT_PROG_FUNCTION_REPLACE([func_split_short_opt], [dnl
+ func_split_short_opt_arg=${1#??}
+ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}])
-# sed scripts:
-my_sed_long_opt='1s/^\(-[[^=]]*\)=.*/\1/;q'
-my_sed_long_arg='1s/^-[[^=]]*=//'
+ _LT_PROG_FUNCTION_REPLACE([func_lo2o], [dnl
+ case ${1} in
+ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
+ *) func_lo2o_result=${1} ;;
+ esac])
-# func_opt_split
-func_opt_split ()
-{
- func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
- func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
-}
+ _LT_PROG_FUNCTION_REPLACE([func_xform], [ func_xform_result=${1%.*}.lo])
-# func_lo2o object
-func_lo2o ()
-{
- func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
-}
+ _LT_PROG_FUNCTION_REPLACE([func_arith], [ func_arith_result=$(( $[*] ))])
-# func_xform libobj-or-source
-func_xform ()
-{
- func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[[^.]]*$/.lo/'`
-}
+ _LT_PROG_FUNCTION_REPLACE([func_len], [ func_len_result=${#1}])
+fi
-# func_arith arithmetic-term...
-func_arith ()
-{
- func_arith_result=`expr "$[@]"`
-}
+if test x"$lt_shell_append" = xyes; then
+ _LT_PROG_FUNCTION_REPLACE([func_append], [ eval "${1}+=\\${2}"])
-# func_len string
-# STRING may not start with a hyphen.
-func_len ()
-{
- func_len_result=`expr "$[1]" : ".*" 2>/dev/null || echo $max_cmd_len`
-}
+ _LT_PROG_FUNCTION_REPLACE([func_append_quoted], [dnl
+ func_quote_for_eval "${2}"
+dnl m4 expansion turns \\\\ into \\, and then the shell eval turns that into \
+ eval "${1}+=\\\\ \\$func_quote_for_eval_result"])
-_LT_EOF
-esac
+ # Save a `func_append' function call where possible by direct use of '+='
+ sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+ test 0 -eq $? || _lt_function_replace_fail=:
+else
+ # Save a `func_append' function call even when '+=' is not available
+ sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \
+ && mv -f "$cfgfile.tmp" "$cfgfile" \
+ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
+ test 0 -eq $? || _lt_function_replace_fail=:
+fi
-case $lt_shell_append in
- yes)
- cat << \_LT_EOF >> "$cfgfile"
+if test x"$_lt_function_replace_fail" = x":"; then
+ AC_MSG_WARN([Unable to substitute extended shell functions in $ofile])
+fi
+])
-# func_append var value
-# Append VALUE to the end of shell variable VAR.
-func_append ()
-{
- eval "$[1]+=\$[2]"
-}
-_LT_EOF
+# _LT_PATH_CONVERSION_FUNCTIONS
+# -----------------------------
+# Determine which file name conversion functions should be used by
+# func_to_host_file (and, implicitly, by func_to_host_path). These are needed
+# for certain cross-compile configurations and native mingw.
+m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+AC_MSG_CHECKING([how to convert $build file names to $host format])
+AC_CACHE_VAL(lt_cv_to_host_file_cmd,
+[case $host in
+ *-*-mingw* )
+ case $build in
+ *-*-mingw* ) # actually msys
+ lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
+ ;;
+ *-*-cygwin* )
+ lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
+ ;;
+ * ) # otherwise, assume *nix
+ lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
+ ;;
+ esac
;;
- *)
- cat << \_LT_EOF >> "$cfgfile"
-
-# func_append var value
-# Append VALUE to the end of shell variable VAR.
-func_append ()
-{
- eval "$[1]=\$$[1]\$[2]"
-}
-
-_LT_EOF
+ *-*-cygwin* )
+ case $build in
+ *-*-mingw* ) # actually msys
+ lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
+ ;;
+ *-*-cygwin* )
+ lt_cv_to_host_file_cmd=func_convert_file_noop
+ ;;
+ * ) # otherwise, assume *nix
+ lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
+ ;;
+ esac
;;
- esac
+ * ) # unhandled hosts (and "normal" native builds)
+ lt_cv_to_host_file_cmd=func_convert_file_noop
+ ;;
+esac
+])
+to_host_file_cmd=$lt_cv_to_host_file_cmd
+AC_MSG_RESULT([$lt_cv_to_host_file_cmd])
+_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd],
+ [0], [convert $build file names to $host format])dnl
+
+AC_MSG_CHECKING([how to convert $build file names to toolchain format])
+AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
+[#assume ordinary cross tools, or native build.
+lt_cv_to_tool_file_cmd=func_convert_file_noop
+case $host in
+ *-*-mingw* )
+ case $build in
+ *-*-mingw* ) # actually msys
+ lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
+ ;;
+ esac
+ ;;
+esac
])
+to_tool_file_cmd=$lt_cv_to_tool_file_cmd
+AC_MSG_RESULT([$lt_cv_to_tool_file_cmd])
+_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
+ [0], [convert $build files to toolchain format])dnl
+])# _LT_PATH_CONVERSION_FUNCTIONS
diff --git a/m4/ltoptions.m4 b/m4/ltoptions.m4
index e970119..5d9acd8 100644
--- a/m4/ltoptions.m4
+++ b/m4/ltoptions.m4
@@ -1,13 +1,14 @@
# Helper functions for option handling. -*- Autoconf -*-
#
-# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+# Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
-# serial 6 ltoptions.m4
+# serial 7 ltoptions.m4
# This is to help aclocal find these macros, as it can't see m4_define.
AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
@@ -125,7 +126,7 @@ LT_OPTION_DEFINE([LT_INIT], [win32-dll],
[enable_win32_dll=yes
case $host in
-*-*-cygwin* | *-*-mingw* | *-*-pw32*)
+*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
AC_CHECK_TOOL(AS, as, false)
AC_CHECK_TOOL(DLLTOOL, dlltool, false)
AC_CHECK_TOOL(OBJDUMP, objdump, false)
@@ -133,13 +134,13 @@ case $host in
esac
test -z "$AS" && AS=as
-_LT_DECL([], [AS], [0], [Assembler program])dnl
+_LT_DECL([], [AS], [1], [Assembler program])dnl
test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl
+_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl
+_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
])# win32-dll
AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
@@ -325,9 +326,24 @@ dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
m4_define([_LT_WITH_PIC],
[AC_ARG_WITH([pic],
- [AS_HELP_STRING([--with-pic],
+ [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
- [pic_mode="$withval"],
+ [lt_p=${PACKAGE-default}
+ case $withval in
+ yes|no) pic_mode=$withval ;;
+ *)
+ pic_mode=default
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for lt_pkg in $withval; do
+ IFS="$lt_save_ifs"
+ if test "X$lt_pkg" = "X$lt_p"; then
+ pic_mode=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
[pic_mode=default])
test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
diff --git a/m4/ltsugar.m4 b/m4/ltsugar.m4
index 0d258e0..9000a05 100644
--- a/m4/ltsugar.m4
+++ b/m4/ltsugar.m4
@@ -1,13 +1,13 @@
# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
#
-# Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
+# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
-# serial 5 ltsugar.m4
+# serial 6 ltsugar.m4
# This is to help aclocal find these macros, as it can't see m4_define.
AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
@@ -63,14 +63,14 @@ m4_define([lt_append],
# Produce a SEP delimited list of all paired combinations of elements of
# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list
# has the form PREFIXmINFIXSUFFIXn.
+# Needed until we can rely on m4_combine added in Autoconf 2.62.
m4_define([lt_combine],
-[m4_if([$2], [], [],
- [m4_if([$4], [], [],
- [lt_join(m4_quote(m4_default([$1], [[, ]])),
- lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_prefix, [$2],
- [m4_foreach(_Lt_suffix, lt_car([m4_shiftn(3, $@)]),
- [_Lt_prefix[]$3[]_Lt_suffix ])])))))])])dnl
-])
+[m4_if(m4_eval([$# > 3]), [1],
+ [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
+[[m4_foreach([_Lt_prefix], [$2],
+ [m4_foreach([_Lt_suffix],
+ ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
+ [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
diff --git a/m4/ltversion.m4 b/m4/ltversion.m4
index 45cb155..07a8602 100644
--- a/m4/ltversion.m4
+++ b/m4/ltversion.m4
@@ -7,17 +7,17 @@
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
-# Generated from ltversion.in.
+# @configure_input@
-# serial 2976 ltversion.m4
+# serial 3337 ltversion.m4
# This file is part of GNU Libtool
-m4_define([LT_PACKAGE_VERSION], [2.2.4])
-m4_define([LT_PACKAGE_REVISION], [1.2976])
+m4_define([LT_PACKAGE_VERSION], [2.4.2])
+m4_define([LT_PACKAGE_REVISION], [1.3337])
AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.2.4'
-macro_revision='1.2976'
+[macro_version='2.4.2'
+macro_revision='1.3337'
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
_LT_DECL(, macro_revision, 0)
])
diff --git a/m4/lt~obsolete.m4 b/m4/lt~obsolete.m4
index 637bb20..c573da9 100644
--- a/m4/lt~obsolete.m4
+++ b/m4/lt~obsolete.m4
@@ -1,13 +1,13 @@
# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
#
-# Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc.
+# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc.
# Written by Scott James Remnant, 2004.
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
-# serial 4 lt~obsolete.m4
+# serial 5 lt~obsolete.m4
# These exist entirely to fool aclocal when bootstrapping libtool.
#
@@ -77,7 +77,6 @@ m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])])
m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])])
m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])])
-m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])])
m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
@@ -90,3 +89,10 @@ m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])])
m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
+m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
+m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])])
+m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
+m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
+m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])])
+m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])])
+m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])])
diff --git a/packaging/iptables.spec b/packaging/iptables.spec
index 30df5e3..4acafa2 100644
--- a/packaging/iptables.spec
+++ b/packaging/iptables.spec
@@ -1,91 +1,96 @@
-Name: iptables
-Summary: administration tools for packet filtering and NAT
-Version: 1.4.9.1
-Release: 1
-Source: %{name}-%{version}.tar.gz
-Group: System/Base
-URL: http://www.netfilter.org/
-License: GPLv2
-BuildRequires: kernel-headers
-Conflicts: kernel < 2.4.20
+Name: iptables
+Summary: Tools for managing Linux kernel packet filtering capabilities
+Version: 1.4.22
+Release: 1
+Group: System/Network
+Source: %{name}-%{version}.tar.gz
+URL: http://www.netfilter.org
+License: GPL-2.0+
+BuildRequires: kernel-headers
%description
-These are the user-space administration tools for the Linux
-kernel's netfilter and iptables. netfilter and iptables provide
-a framework for stateful and stateless packet filtering, network
-and port address translation, and other IP packet manipulation.
-The framework is the successor to ipchains.
-netfilter and iptables are used in applications such as Internet
-connection sharing, firewalls, IP accounting, transparent proxying,
-advanced routing and traffic control.
-
-%package ipv6
-Summary: IPv6 support for iptables
-Group: System/Base
-Requires: %{name} = %{version}-%{release}
-
-%description ipv6
-The iptables package contains IPv6 (the next version of the IP
-protocol) support for iptables. Iptables controls the Linux kernel
-network packet filtering code, allowing you to set up firewalls and IP
-masquerading.
-
-Install iptables-ipv6 if you need to set up firewalling for your
-network and you are using ipv6.
+The iptables utility controls the network packet filtering code in the
+Linux kernel. If you need to set up firewalls and/or IP masquerading,
+you should install this package.
%package devel
-Summary: development files for iptable's libipq
-Group: System/Base
-Requires: %{name} = %{version}-%{release}
+Summary: Development package for iptables
+Group: System/Network
+License: GPL-2.0+
+Requires: %{name} = %{version}
+Requires: pkgconfig
%description devel
-Header files, static libs and documentation for libipq, iptables'
-user-space packet queuing library.
+iptables development headers and libraries.
+
+The iptc interface is upstream marked as not public. The interface is not
+stable and may change with every new version. It is therefore unsupported.
%prep
%setup -q
+
%build
-%autogen
-%configure --prefix=%{_prefix}
-make %{?jobs:-j%jobs}
+export CFLAGS+=" $RPM_OPT_FLAGS -Wall -Werror -O2 -D_FORTIFY_SOURCE=2 -fno-strict-aliasing"
+export LDFLAGS+=" -Wl,--as-needed"
+
+%configure --enable-devel --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
+
+# do not use rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
+make %{?_smp_mflags}
+
%install
-rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
-%clean
-rm -rf $RPM_BUILD_ROOT
+# remove la file(s)
+rm -f %{buildroot}/%{_libdir}/*.la
+
+# install ip*tables.h header files
+install -m 644 include/ip*tables.h %{buildroot}%{_includedir}/
+install -d -m 755 %{buildroot}%{_includedir}/iptables
+install -m 644 include/iptables/internal.h %{buildroot}%{_includedir}/iptables/
+
+# install ipulog header file
+install -d -m 755 %{buildroot}%{_includedir}/libipulog/
+install -m 644 include/libipulog/*.h %{buildroot}%{_includedir}/libipulog/
+
+# remove man pages
+rm -rf %{buildroot}%{_mandir}
-%post
-/sbin/ldconfig
+# License
+mkdir -p %{buildroot}%{_datadir}/license
+cp COPYING %{buildroot}%{_datadir}/license/iptables
-%postun -p /sbin/ldconfig
%files
-%defattr(-,root,root)
-/usr/bin/iptables-xml
-/usr/lib/libip4tc.so
-/usr/lib/libip4tc.so.*
-/usr/lib/libiptc.so
-/usr/lib/libiptc.so.*
-/usr/lib/libxtables.so
-/usr/lib/libxtables.so.*
-/usr/libexec/xtables/libipt*
-/usr/libexec/xtables/libxt*
-/usr/sbin/iptables*
-
-%files ipv6
-%defattr(-,root,root)
-/usr/sbin/ip6tables*
-/usr/lib/libip6tc.so
-/usr/lib/libip6tc.so.*
-/usr/libexec/xtables/libip6t*
+%manifest iptables.manifest
+%{_sbindir}/iptables*
+%{_sbindir}/ip6tables*
+%{_sbindir}/xtables-multi
+%{_bindir}/iptables-xml
+%dir %{_libdir}/xtables
+%{_libdir}/xtables/libipt*
+%{_libdir}/xtables/libip6t*
+%{_libdir}/xtables/libxt*
+%{_libdir}/libip*tc.so.*
+%{_libdir}/libxtables.so.*
+%{_datadir}/license/iptables
%files devel
-%defattr(-,root,root)
-/usr/include/*
-/usr/lib/*.la
-/usr/lib/pkgconfig/*
-%{_mandir}/man8/iptables*
-%{_mandir}/man8/ip6tables*
+%dir %{_includedir}/iptables
+%{_includedir}/iptables/*.h
+%{_includedir}/*.h
+%dir %{_includedir}/libiptc
+%{_includedir}/libiptc/*.h
+%dir %{_includedir}/libipulog
+%{_includedir}/libipulog/*.h
+%{_libdir}/libip*tc.so
+%{_libdir}/libxtables.so
+%{_libdir}/pkgconfig/libiptc.pc
+%{_libdir}/pkgconfig/libip4tc.pc
+%{_libdir}/pkgconfig/libip6tc.pc
+%{_libdir}/pkgconfig/xtables.pc
diff --git a/tests/options-ipv4.rules b/tests/options-ipv4.rules
new file mode 100644
index 0000000..b4adc92
--- /dev/null
+++ b/tests/options-ipv4.rules
@@ -0,0 +1,52 @@
+# Generated by iptables-save v1.4.10 on Mon Jan 31 03:03:38 2011
+*mangle
+:PREROUTING ACCEPT [2461:977932]
+:INPUT ACCEPT [2461:977932]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [1740:367048]
+:POSTROUTING ACCEPT [1740:367048]
+
+# libipt_
+-A INPUT -p ah -m ah --ahspi 1
+-A INPUT -p ah -m ah --ahspi :2
+-A INPUT -p ah -m ah --ahspi 0:3
+-A INPUT -p ah -m ah --ahspi 4:
+-A INPUT -p ah -m ah --ahspi 5:4294967295
+
+-A FORWARD -p tcp -j ECN --ecn-tcp-remove
+-A FORWARD -j LOG --log-prefix "hi" --log-tcp-sequence --log-tcp-options --log-ip-options --log-uid --log-macdecode
+-A FORWARD -j TTL --ttl-inc 1
+-A FORWARD -j TTL --ttl-dec 1
+-A FORWARD -j TTL --ttl-set 1
+-A FORWARD -j ULOG --ulog-prefix "abc" --ulog-cprange 2 --ulog-qthreshold 2
+COMMIT
+# Completed on Mon Jan 31 03:03:38 2011
+# Generated by iptables-save v1.4.10 on Mon Jan 31 03:03:38 2011
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+-A PREROUTING -d 1.2.3.4/32 -i lo -j CLUSTERIP --new --hashmode sourceip --clustermac 01:02:03:04:05:06 --total-nodes 9 --local-node 2 --hash-init 123456789
+-A PREROUTING -i dummy0 -j DNAT --to-destination 1.2.3.4 --random --persistent
+-A PREROUTING -i dummy0 -p tcp -j REDIRECT --to-ports 1-2 --random
+-A POSTROUTING -o dummy0 -p tcp -j MASQUERADE --to-ports 1-2 --random
+-A POSTROUTING -o dummy0 -p tcp -j NETMAP --to 1.0.0.0/8
+-A POSTROUTING -o dummy0 -p tcp -j SNAT --to-source 1.2.3.4-1.2.3.5 --random --persistent
+COMMIT
+# Completed on Mon Jan 31 03:03:38 2011
+# Generated by iptables-save v1.4.10 on Mon Jan 31 03:03:38 2011
+*filter
+:INPUT ACCEPT [76:13548]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [59:11240]
+#-A INPUT -m addrtype --src-type UNICAST --dst-type UNICAST --limit-iface-in
+-A INPUT -p tcp -m ecn --ecn-tcp-ece --ecn-tcp-cwr --ecn-ip-ect 0
+-A INPUT -p tcp -m ecn --ecn-tcp-ece --ecn-tcp-cwr --ecn-ip-ect 1
+-A INPUT -p icmp -m icmp --icmp-type 5/0
+-A INPUT -p icmp -m icmp --icmp-type 5/1
+-A INPUT -p icmp -m icmp --icmp-type 5
+-A INPUT -m realm --realm 0x1 -m ttl --ttl-eq 64 -m ttl --ttl-lt 64 -m ttl --ttl-gt 64
+-A FORWARD -p tcp -j REJECT --reject-with tcp-reset
+COMMIT
+# Completed on Mon Jan 31 03:03:39 2011
diff --git a/tests/options-most.rules b/tests/options-most.rules
new file mode 100644
index 0000000..ef4e7f1
--- /dev/null
+++ b/tests/options-most.rules
@@ -0,0 +1,214 @@
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:matches - -
+:ntarg - -
+:zmatches - -
+-A INPUT -j matches
+-A INPUT -m u32 --u32 "0x0=0x0&&0x0=0x1" -j ntarg
+-A INPUT -j zmatches
+-A INPUT -m conntrack --ctstate INVALID --ctproto 6 --ctorigsrc fe80::/64 --ctorigdst fe80::/64 --ctreplsrc fe80::/64 --ctrepldst fe80::/64 --ctorigsrcport 12 --ctorigdstport 13 --ctreplsrcport 14 --ctrepldstport 15 --ctstatus EXPECTED --ctexpire 1:2 --ctdir REPLY
+-A INPUT -p tcp -m cluster --cluster-local-nodemask 0x00000001 --cluster-total-nodes 2 --cluster-hash-seed 0x00000001 -m cluster --cluster-local-nodemask 0x00000001 --cluster-total-nodes 2 --cluster-hash-seed 0x00000001 -m comment --comment foo -m connbytes --connbytes 1:2 --connbytes-mode packets --connbytes-dir both -m connlimit --connlimit-upto 1 --connlimit-mask 8 --connlimit-saddr -m connlimit --connlimit-above 1 --connlimit-mask 9 --connlimit-daddr -m connmark --mark 0x99 -m conntrack --ctstate INVALID --ctproto 6 --ctorigsrc fe80::/64 --ctorigdst fe80::/64 --ctreplsrc fe80::/64 --ctrepldst fe80::/64 --ctorigsrcport 12 --ctorigdstport 13 --ctreplsrcport 14 --ctrepldstport 15 --ctstatus EXPECTED --ctexpire 1:2 --ctdir REPLY -m cpu --cpu 2 -m dscp --dscp 0x04 -m dscp --dscp 0x00 -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 5 --hashlimit-mode srcip,dstip --hashlimit-name f1 --hashlimit-htable-size 64 --hashlimit-htable-max 128 --hashlimit-htable-gcinterval 60 --hashlimit-htable-expire 120 --hashlimit-srcmask 24 --hashlimit-dstmask 24 -m hashlimit --hashlimit-above 5/sec --hashlimit-burst 5 --hashlimit-name f1 -m helper --helper ftp -m iprange --src-range ::1-::2 --dst-range ::1-::2 -m ipvs --vaddr fe80::/64 --vport 1 --vdir REPLY --vmethod GATE --vportctl 21 -m length --length 1:2 -m limit --limit 1/sec -m mac --mac-source 01:02:03:04:05:06 -m mark --mark 0x1 -m physdev --physdev-in eth0 -m pkttype --pkt-type unicast -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --mode tunnel --tunnel-dst fe80::/64 --tunnel-src fe80::/64 --next --reqid 2 -m quota --quota 0 -m recent --rcheck --name DEFAULT --rsource -m socket --transparent -m string --string "foobar" --algo kmp --from 1 --to 2 --icase -m time --timestart 01:02:03 --timestop 03:04:05 --monthdays 1,2,3,4,5 --weekdays Mon,Fri,Sun --datestart 2001-02-03T04:05:06 --datestop 2012-09-08T09:06:05 --utc -m tos --tos 0xff/0x01 -m u32 --u32 "0x0=0x0" -m u32 --u32 "0x0=0x0" -m hbh -m hbh -m hl --hl-eq 1
+-A INPUT -m ipv6header --header hop-by-hop --soft
+-A INPUT -p tcp -m cluster --cluster-local-nodemask 0x00000001 --cluster-total-nodes 2 --cluster-hash-seed 0x00000001
+-A INPUT -p tcp -m cluster --cluster-local-nodemask 0x00000001 --cluster-total-nodes 2 --cluster-hash-seed 0x00000001
+-A INPUT -p tcp -m comment --comment foo
+-A INPUT -p tcp -m connbytes --connbytes 1:2 --connbytes-mode packets --connbytes-dir both
+-A INPUT -p tcp -m connlimit --connlimit-upto 1 --connlimit-mask 8 --connlimit-saddr
+-A INPUT -p tcp -m connlimit --connlimit-above 1 --connlimit-mask 9 --connlimit-daddr
+-A INPUT -p tcp -m connmark --mark 0x99
+-A INPUT -p tcp -m conntrack --ctstate INVALID --ctproto 6 --ctorigsrc fe80::/64 --ctorigdst fe80::/64 --ctreplsrc fe80::/64 --ctrepldst fe80::/64 --ctorigsrcport 12 --ctorigdstport 13 --ctreplsrcport 14 --ctrepldstport 15 --ctstatus EXPECTED --ctexpire 1:2 --ctdir REPLY
+-A INPUT -p tcp -m cpu --cpu 2
+-A INPUT -p tcp -m dscp --dscp 0x04 -m dscp ! --dscp 0x04
+-A INPUT -p tcp -m dscp --dscp 0x00 -m dscp ! --dscp 0x00
+-A INPUT -p tcp -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 5 --hashlimit-mode srcip,dstip --hashlimit-name f1 --hashlimit-htable-size 64 --hashlimit-htable-max 128 --hashlimit-htable-gcinterval 60 --hashlimit-htable-expire 120 --hashlimit-srcmask 24 --hashlimit-dstmask 24
+-A INPUT -p tcp -m hashlimit --hashlimit-above 5/sec --hashlimit-burst 5 --hashlimit-name f1
+-A INPUT -p tcp -m helper --helper ftp
+-A INPUT -p tcp -m iprange --src-range ::1-::2 --dst-range ::1-::2
+-A INPUT -p tcp -m length --length 1:2
+-A INPUT -p tcp -m limit --limit 1/sec
+-A INPUT -p tcp -m mac --mac-source 01:02:03:04:05:06
+-A INPUT -p tcp -m mark --mark 0x1
+-A INPUT -p tcp -m physdev --physdev-in eth0
+-A INPUT -p tcp -m pkttype --pkt-type unicast
+-A INPUT -p tcp -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --mode tunnel --tunnel-dst fe80::/64 --tunnel-src fe80::/64 --next --reqid 2
+-A INPUT -p tcp -m quota --quota 0
+-A INPUT -p tcp -m recent --rcheck --name DEFAULT --rsource
+-A INPUT -p tcp -m socket --transparent
+-A INPUT -p tcp -m string --string "foobar" --algo kmp --from 1 --to 2 --icase
+-A INPUT -p tcp -m string --hex-string "|00|" --algo kmp --from 1 --to 2 --icase
+-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN
+-A INPUT -p tcp -m tos --tos 0xff/0x01
+-A INPUT -p tcp -m u32 ! --u32 "0x0=0x0" -m u32 ! --u32 "0x0=0x0"
+-A INPUT -p tcp -m hbh -m hbh -m hl --hl-eq 1 -m ipv6header --header hop-by-hop --soft
+-A INPUT -m ipv6header --header hop-by-hop --soft -m rt --rt-type 2 --rt-segsleft 2 --rt-len 5 -m rt --rt-type 0 --rt-segsleft 2 --rt-len 5 --rt-0-res --rt-0-addrs ::1 --rt-0-not-strict -m rt --rt-type 0 --rt-segsleft 2 --rt-len 5 --rt-0-res --rt-0-addrs ::1,::2 --rt-0-not-strict
+-A INPUT -p tcp -m cpu --cpu 1 -m tcp --sport 1:2 --dport 1:2 --tcp-option 1 --tcp-flags FIN,SYN,RST,ACK SYN -m cpu --cpu 1
+-A INPUT -p dccp -m cpu --cpu 1 -m dccp --sport 1:2 --dport 3:4 -m cpu --cpu 1
+-A INPUT -p dccp -m dccp ! --sport 1:2 ! --dport 3:4 ! --dccp-types REQUEST,RESPONSE ! --dccp-option 1
+-A INPUT -p udp -m cpu --cpu 1 -m udp --sport 1:2 --dport 3:4 -m cpu --cpu 1
+-A INPUT -p sctp -m cpu --cpu 1 -m sctp --sport 1:2 --dport 3:4 --chunk-types all INIT,SACK -m cpu --cpu 1
+-A INPUT -p esp -m esp --espspi 1:2
+-A INPUT -p tcp -m multiport --dports 1,2 -m multiport --dports 1,2
+-A INPUT -p tcp -m tcpmss --mss 1:2 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN
+-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 4/0
+-A INPUT
+-A INPUT -p ipv6-mh -m mh --mh-type 3
+-A OUTPUT -m owner --socket-exists --uid-owner 1-2 --gid-owner 2-3
+-A OUTPUT -m owner ! --socket-exists ! --uid-owner 0 ! --gid-owner 0
+-A matches -m connbytes --connbytes 1 --connbytes-mode bytes --connbytes-dir both
+-A matches
+-A matches -m connbytes --connbytes :2 --connbytes-mode bytes --connbytes-dir both
+-A matches
+-A matches -m connbytes --connbytes 0:3 --connbytes-mode bytes --connbytes-dir both
+-A matches
+-A matches -m connbytes --connbytes 4: --connbytes-mode bytes --connbytes-dir both
+-A matches
+-A matches -m connbytes --connbytes 5:18446744073709551615 --connbytes-mode bytes --connbytes-dir both
+-A matches
+-A matches -m conntrack --ctexpire 1
+-A matches
+-A matches -m conntrack --ctexpire :2
+-A matches
+-A matches -m conntrack --ctexpire 0:3
+-A matches
+-A matches -m conntrack --ctexpire 4:
+-A matches
+-A matches -m conntrack --ctexpire 5:4294967295
+-A matches
+-A matches -m conntrack ! --ctstate NEW ! --ctproto tcp ! --ctorigsrc ::1/127 ! --ctorigdst ::2/127 ! --ctreplsrc ::2/127 ! --ctrepldst ::2/127 ! --ctorigsrcport 3 ! --ctorigdstport 4 ! --ctreplsrcport 5 ! --ctrepldstport 6 ! --ctstatus ASSURED ! --ctexpire 8:9
+-A matches
+-A matches -m dst ! --dst-len 12
+-A matches
+-A matches -p esp -m esp --espspi 1
+-A matches
+-A matches -p esp -m esp --espspi :2
+-A matches
+-A matches -p esp -m esp --espspi 0:3
+-A matches
+-A matches -p esp -m esp --espspi 4:
+-A matches
+-A matches -p esp -m esp --espspi 5:4294967295
+-A matches
+-A matches -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1 --hashlimit-htable-expire 2000
+-A matches -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1
+-A matches -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-name mini2
+-A matches -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 1 --hashlimit-name mini3
+-A matches -m hashlimit --hashlimit-upto 1/day --hashlimit-burst 1 --hashlimit-name mini4
+-A matches -m hashlimit --hashlimit-upto 4kb/s --hashlimit-burst 400kb --hashlimit-name mini5
+-A matches -m hashlimit --hashlimit-upto 10mb/s --hashlimit-name mini6
+-A matches -m hashlimit --hashlimit-upto 123456b/s --hashlimit-burst 1mb --hashlimit-name mini7
+-A matches
+-A matches -m hbh ! --hbh-len 5
+-A matches
+-A matches -m ipvs --vaddr fe80::/64 --vport 1 --vdir REPLY --vmethod GATE --vportctl 21
+-A matches
+-A matches -m length --length 1
+-A matches
+-A matches -m length --length :2
+-A matches
+-A matches -m length --length 0:3
+-A matches
+-A matches -m length --length 4:
+-A matches
+-A matches -m length --length 5:65535
+-A matches
+-A matches -m physdev ! --physdev-is-in ! --physdev-is-out ! --physdev-is-bridged
+-A matches
+-A matches -p tcp -m tcpmss --mss 1
+-A matches
+-A matches -p tcp -m tcpmss --mss :2
+-A matches
+-A matches -p tcp -m tcpmss --mss 0:3
+-A matches
+-A matches -p tcp -m tcpmss --mss 4:
+-A matches
+-A matches -p tcp -m tcpmss --mss 5:65535
+-A matches
+-A matches -m statistic --mode random ! --probability 0.4
+-A matches
+-A matches -m statistic --mode nth ! --every 5 --packet 2
+-A matches
+-A matches -m string --hex-string "action=|5C22|http|3A|" --algo bm
+-A matches
+-A matches -m string --hex-string "action=|5C|http|3A|" --algo bm
+-A matches
+-A matches -m time --timestart 01:02:03 --timestop 04:05:06 --monthdays 1,2,3,4,5 --weekdays Mon,Fri,Sun --datestart 2001-02-03T04:05:06 --datestop 2012-09-08T09:06:05 --localtz
+-A matches
+-A matches -m time --timestart 01:02:03 --timestop 04:05:06 --monthdays 1,2,3,4,5 --weekdays Mon,Fri,Sun --datestart 2001-02-03T04:05:06 --datestop 2012-09-08T09:06:05 --kerneltz
+-A matches
+-A matches -m time --timestart 01:02:03 --timestop 04:05:06 --monthdays 1,2,3,4,5 --weekdays Mon,Fri,Sun --datestart 2001-02-03T04:05:06 --datestop 2012-09-08T09:06:05
+-A matches
+-A matches -m time --timestart 02:00:00 --timestop 03:00:00 --datestart 1970-01-01T02:00:00 --datestop 1970-01-01T03:00:00
+-A matches
+-A matches -m ah --ahspi 1
+-A matches
+-A matches -m ah --ahspi :2
+-A matches
+-A matches -m ah --ahspi 0:3
+-A matches
+-A matches -m ah --ahspi 4:
+-A matches
+-A matches -m ah --ahspi 5:4294967295
+-A matches
+-A matches -m frag --fragid 1
+-A matches
+-A matches -m frag --fragid :2
+-A matches
+-A matches -m frag --fragid 0:3
+-A matches
+-A matches -m frag --fragid 4:
+-A matches
+-A matches -m frag --fragid 5:4294967295
+-A matches
+-A matches -m frag ! --fragid 9:10 ! --fraglen 12
+-A matches
+-A matches -m rt --rt-segsleft 1
+-A matches
+-A matches -m rt --rt-segsleft :2
+-A matches
+-A matches -m rt --rt-segsleft 0:3
+-A matches
+-A matches -m rt --rt-segsleft 4:
+-A matches
+-A matches -m rt --rt-segsleft 5:4294967295
+-A matches
+-A ntarg -j LOG --log-tcp-sequence --log-tcp-options --log-ip-options
+-A ntarg
+-A ntarg -j NFQUEUE --queue-num 1
+-A ntarg
+-A ntarg -j NFQUEUE --queue-balance 8:99
+-A ntarg
+-A ntarg -j NFQUEUE --queue-num 0 --queue-bypass
+-A ntarg
+-A ntarg -j RATEEST --rateest-name RE1 --rateest-interval 250.0ms --rateest-ewmalog 500.0ms
+-A ntarg
+-A ntarg -j RATEEST --rateest-name RE2 --rateest-interval 250.0ms --rateest-ewmalog 500.0ms
+-A ntarg
+-A zmatches -m rateest --rateest RE1 --rateest-lt --rateest-bps 8bit
+-A zmatches -m rateest --rateest RE1 --rateest-eq --rateest-pps 5
+-A zmatches -m rateest --rateest RE1 --rateest-gt --rateest-bps 5kbit
+-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-lt --rateest-bps2 16bit
+-A zmatches -m rateest --rateest1 RE1 --rateest-lt --rateest-bps --rateest2 RE2
+-A zmatches -m rateest --rateest-delta --rateest1 RE1 --rateest-lt --rateest2 RE2 --rateest-pps2 42
+-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-eq --rateest-bps2 16bit
+-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-gt --rateest-bps2 16bit
+-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-lt --rateest-pps2 9
+-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-eq --rateest-pps2 9
+-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-gt --rateest-pps2 9
+COMMIT
+*mangle
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:matches - -
+:ntarg - -
+:zmatches - -
+-A INPUT -m u32 --u32 "0x0=0x0&&0x0=0x1" -j ntarg
+-A ntarg -j HL --hl-inc 1
+-A ntarg -j HL --hl-dec 1
+-A ntarg
+COMMIT
diff --git a/utils/.gitignore b/utils/.gitignore
new file mode 100644
index 0000000..216d1e4
--- /dev/null
+++ b/utils/.gitignore
@@ -0,0 +1,2 @@
+/nfnl_osf
+/nfbpf_compile
diff --git a/utils/Makefile.am b/utils/Makefile.am
index 79ce34b..c4192a9 100644
--- a/utils/Makefile.am
+++ b/utils/Makefile.am
@@ -1,8 +1,25 @@
# -*- Makefile -*-
-AM_CFLAGS = ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include
+AM_CFLAGS = ${regular_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include \
+ -I${top_srcdir}/include ${libnfnetlink_CFLAGS}
-sbin_PROGRAMS = nfnl_osf
-pkgdata_DATA = pf.os
+sbin_PROGRAMS =
+pkgdata_DATA =
-nfnl_osf_LDADD = -lnfnetlink
+if HAVE_LIBNFNETLINK
+sbin_PROGRAMS += nfnl_osf
+pkgdata_DATA += pf.os
+
+nfnl_osf_LDADD = ${libnfnetlink_LIBS}
+endif
+
+if ENABLE_BPFC
+sbin_PROGRAMS += nfbpf_compile
+nfbpf_compile_LDADD = -lpcap
+endif
+
+if ENABLE_SYNCONF
+sbin_PROGRAMS += nfsynproxy
+nfsynproxy_LDADD = -lpcap
+endif
diff --git a/utils/Makefile.in b/utils/Makefile.in
index c6c5fa7..285d863 100644
--- a/utils/Makefile.in
+++ b/utils/Makefile.in
@@ -1,8 +1,9 @@
-# Makefile.in generated by automake 1.10.2 from Makefile.am.
+# Makefile.in generated by automake 1.11.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -18,8 +19,26 @@
VPATH = @srcdir@
-pkglibdir = $(libdir)/@PACKAGE@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
@@ -34,28 +53,43 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-sbin_PROGRAMS = nfnl_osf$(EXEEXT)
+sbin_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2) $(am__EXEEXT_3)
+@HAVE_LIBNFNETLINK_TRUE@am__append_1 = nfnl_osf
+@HAVE_LIBNFNETLINK_TRUE@am__append_2 = pf.os
+@ENABLE_BPFC_TRUE@am__append_3 = nfbpf_compile
+@ENABLE_SYNCONF_TRUE@am__append_4 = nfsynproxy
subdir = utils
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/configure.ac
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_linker_flags.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+@HAVE_LIBNFNETLINK_TRUE@am__EXEEXT_1 = nfnl_osf$(EXEEXT)
+@ENABLE_BPFC_TRUE@am__EXEEXT_2 = nfbpf_compile$(EXEEXT)
+@ENABLE_SYNCONF_TRUE@am__EXEEXT_3 = nfsynproxy$(EXEEXT)
am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(pkgdatadir)"
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(sbin_PROGRAMS)
+nfbpf_compile_SOURCES = nfbpf_compile.c
+nfbpf_compile_OBJECTS = nfbpf_compile.$(OBJEXT)
+nfbpf_compile_DEPENDENCIES =
nfnl_osf_SOURCES = nfnl_osf.c
nfnl_osf_OBJECTS = nfnl_osf.$(OBJEXT)
-nfnl_osf_DEPENDENCIES =
+am__DEPENDENCIES_1 =
+@HAVE_LIBNFNETLINK_TRUE@nfnl_osf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+nfsynproxy_SOURCES = nfsynproxy.c
+nfsynproxy_OBJECTS = nfsynproxy.$(OBJEXT)
+nfsynproxy_DEPENDENCIES =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__depfiles_maybe = depfiles
+am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
@@ -65,15 +99,40 @@ CCLD = $(CC)
LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@
-SOURCES = nfnl_osf.c
-DIST_SOURCES = nfnl_osf.c
+SOURCES = nfbpf_compile.c nfnl_osf.c nfsynproxy.c
+DIST_SOURCES = nfbpf_compile.c nfnl_osf.c nfsynproxy.c
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-pkgdataDATA_INSTALL = $(INSTALL_DATA)
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
DATA = $(pkgdata_DATA)
ETAGS = etags
CTAGS = ctags
@@ -94,6 +153,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -117,9 +177,11 @@ LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -128,9 +190,12 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -141,6 +206,7 @@ abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
@@ -171,10 +237,13 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
kbuilddir = @kbuilddir@
-kinclude_CFLAGS = @kinclude_CFLAGS@
+kinclude_CPPFLAGS = @kinclude_CPPFLAGS@
ksourcedir = @ksourcedir@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_LDFLAGS2 = @libiptc_LDFLAGS2@
+libnetfilter_conntrack_CFLAGS = @libnetfilter_conntrack_CFLAGS@
+libnetfilter_conntrack_LIBS = @libnetfilter_conntrack_LIBS@
libnfnetlink_CFLAGS = @libnfnetlink_CFLAGS@
libnfnetlink_LIBS = @libnfnetlink_LIBS@
libxtables_vage = @libxtables_vage@
@@ -182,9 +251,9 @@ libxtables_vcurrent = @libxtables_vcurrent@
libxtables_vmajor = @libxtables_vmajor@
localedir = @localedir@
localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
+noundef_LDFLAGS = @noundef_LDFLAGS@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgconfigdir = @pkgconfigdir@
@@ -192,17 +261,24 @@ prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
regular_CFLAGS = @regular_CFLAGS@
+regular_CPPFLAGS = @regular_CPPFLAGS@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xtlibdir = @xtlibdir@
-AM_CFLAGS = ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include
-pkgdata_DATA = pf.os
-nfnl_osf_LDADD = -lnfnetlink
+AM_CFLAGS = ${regular_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include \
+ -I${top_srcdir}/include ${libnfnetlink_CFLAGS}
+
+pkgdata_DATA = $(am__append_2)
+@HAVE_LIBNFNETLINK_TRUE@nfnl_osf_LDADD = ${libnfnetlink_LIBS}
+@ENABLE_BPFC_TRUE@nfbpf_compile_LDADD = -lpcap
+@ENABLE_SYNCONF_TRUE@nfsynproxy_LDADD = -lpcap
all: all-am
.SUFFIXES:
@@ -216,9 +292,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu utils/Makefile'; \
- cd $(top_srcdir) && \
- $(AUTOMAKE) --gnu utils/Makefile
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu utils/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu utils/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -236,37 +312,62 @@ $(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
install-sbinPROGRAMS: $(sbin_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
- @list='$(sbin_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
- else :; fi; \
- done
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-sbinPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(sbin_PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
- rm -f "$(DESTDIR)$(sbindir)/$$f"; \
- done
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(sbindir)" && rm -f $$files
clean-sbinPROGRAMS:
- @list='$(sbin_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
-nfnl_osf$(EXEEXT): $(nfnl_osf_OBJECTS) $(nfnl_osf_DEPENDENCIES)
+ @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+nfbpf_compile$(EXEEXT): $(nfbpf_compile_OBJECTS) $(nfbpf_compile_DEPENDENCIES) $(EXTRA_nfbpf_compile_DEPENDENCIES)
+ @rm -f nfbpf_compile$(EXEEXT)
+ $(LINK) $(nfbpf_compile_OBJECTS) $(nfbpf_compile_LDADD) $(LIBS)
+nfnl_osf$(EXEEXT): $(nfnl_osf_OBJECTS) $(nfnl_osf_DEPENDENCIES) $(EXTRA_nfnl_osf_DEPENDENCIES)
@rm -f nfnl_osf$(EXEEXT)
$(LINK) $(nfnl_osf_OBJECTS) $(nfnl_osf_LDADD) $(LIBS)
+nfsynproxy$(EXEEXT): $(nfsynproxy_OBJECTS) $(nfsynproxy_DEPENDENCIES) $(EXTRA_nfsynproxy_DEPENDENCIES)
+ @rm -f nfsynproxy$(EXEEXT)
+ $(LINK) $(nfsynproxy_OBJECTS) $(nfsynproxy_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -274,25 +375,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nfbpf_compile.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nfnl_osf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nfsynproxy.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c $<
.c.obj:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
@@ -304,21 +407,25 @@ clean-libtool:
-rm -rf .libs _libs
install-pkgdataDATA: $(pkgdata_DATA)
@$(NORMAL_INSTALL)
- test -z "$(pkgdatadir)" || $(MKDIR_P) "$(DESTDIR)$(pkgdatadir)"
- @list='$(pkgdata_DATA)'; for p in $$list; do \
+ @list='$(pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(pkgdatadir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(pkgdatadir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- f=$(am__strip_dir) \
- echo " $(pkgdataDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgdatadir)/$$f'"; \
- $(pkgdataDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgdatadir)/$$f"; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgdatadir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgdatadir)" || exit $$?; \
done
uninstall-pkgdataDATA:
@$(NORMAL_UNINSTALL)
- @list='$(pkgdata_DATA)'; for p in $$list; do \
- f=$(am__strip_dir) \
- echo " rm -f '$(DESTDIR)$(pkgdatadir)/$$f'"; \
- rm -f "$(DESTDIR)$(pkgdatadir)/$$f"; \
- done
+ @list='$(pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(pkgdatadir)'; $(am__uninstall_files_from_dir)
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@@ -332,7 +439,7 @@ tags: TAGS
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
+ set x; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
@@ -340,29 +447,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$tags $$unique; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$tags $$unique
+ $$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
- && cd $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) $$here
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
@@ -383,13 +495,17 @@ distdir: $(DISTFILES)
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
- cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
- test -f $(distdir)/$$file \
- || cp -p $$d/$$file $(distdir)/$$file \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@@ -410,16 +526,22 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@@ -441,6 +563,8 @@ dvi-am:
html: html-am
+html-am:
+
info: info-am
info-am:
@@ -449,18 +573,28 @@ install-data-am: install-pkgdataDATA
install-dvi: install-dvi-am
+install-dvi-am:
+
install-exec-am: install-sbinPROGRAMS
install-html: install-html-am
+install-html-am:
+
install-info: install-info-am
+install-info-am:
+
install-man:
install-pdf: install-pdf-am
+install-pdf-am:
+
install-ps: install-ps-am
+install-ps-am:
+
installcheck-am:
maintainer-clean: maintainer-clean-am
@@ -500,6 +634,7 @@ uninstall-am: uninstall-pkgdataDATA uninstall-sbinPROGRAMS
tags uninstall uninstall-am uninstall-pkgdataDATA \
uninstall-sbinPROGRAMS
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/utils/nfbpf_compile.c b/utils/nfbpf_compile.c
new file mode 100644
index 0000000..2c46c7b
--- /dev/null
+++ b/utils/nfbpf_compile.c
@@ -0,0 +1,55 @@
+/*
+ * BPF program compilation tool
+ *
+ * Generates decimal output, similar to `tcpdump -ddd ...`.
+ * Unlike tcpdump, will generate for any given link layer type.
+ *
+ * Written by Willem de Bruijn (willemb@google.com)
+ * Copyright Google, Inc. 2013
+ * Licensed under the GNU General Public License version 2 (GPLv2)
+*/
+
+#include <pcap.h>
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+ struct bpf_program program;
+ struct bpf_insn *ins;
+ int i, dlt = DLT_RAW;
+
+ if (argc < 2 || argc > 3) {
+ fprintf(stderr, "Usage: %s [link] '<program>'\n\n"
+ " link is a pcap linklayer type:\n"
+ " one of EN10MB, RAW, SLIP, ...\n\n"
+ "Examples: %s RAW 'tcp and greater 100'\n"
+ " %s EN10MB 'ip proto 47'\n'",
+ argv[0], argv[0], argv[0]);
+ return 1;
+ }
+
+ if (argc == 3) {
+ dlt = pcap_datalink_name_to_val(argv[1]);
+ if (dlt == -1) {
+ fprintf(stderr, "Unknown datalinktype: %s\n", argv[1]);
+ return 1;
+ }
+ }
+
+ if (pcap_compile_nopcap(65535, dlt, &program, argv[argc - 1], 1,
+ PCAP_NETMASK_UNKNOWN)) {
+ fprintf(stderr, "Compilation error\n");
+ return 1;
+ }
+
+ printf("%d,", program.bf_len);
+ ins = program.bf_insns;
+ for (i = 0; i < program.bf_len-1; ++ins, ++i)
+ printf("%u %u %u %u,", ins->code, ins->jt, ins->jf, ins->k);
+
+ printf("%u %u %u %u\n", ins->code, ins->jt, ins->jf, ins->k);
+
+ pcap_freecode(&program);
+ return 0;
+}
+
diff --git a/utils/nfsynproxy.c b/utils/nfsynproxy.c
new file mode 100644
index 0000000..baedc92
--- /dev/null
+++ b/utils/nfsynproxy.c
@@ -0,0 +1,228 @@
+/*
+ * Copyright (c) 2013 Patrick McHardy <kaber@trash.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <stdlib.h>
+#include <stdbool.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <getopt.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <pcap/pcap.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+
+static const char *iface = "lo";
+static uint16_t port;
+static const char *chain = "SYNPROXY";
+
+static int parse_packet(const char *host, const uint8_t *data)
+{
+ const struct iphdr *iph = (void *)data + 14;
+ const struct tcphdr *th = (void *)iph + iph->ihl * 4;
+ int length;
+ uint8_t *ptr;
+
+ if (!th->syn || !th->ack)
+ return 0;
+
+ printf("-A %s -d %s -p tcp --dport %u "
+ "-m state --state UNTRACKED,INVALID "
+ "-j SYNPROXY ", chain, host, port);
+
+ /* ECE && !CWR */
+ if (th->res2 == 0x1)
+ printf("--ecn ");
+
+ length = th->doff * 4 - sizeof(*th);
+ ptr = (uint8_t *)(th + 1);
+ while (length > 0) {
+ int opcode = *ptr++;
+ int opsize;
+
+ switch (opcode) {
+ case TCPOPT_EOL:
+ return 1;
+ case TCPOPT_NOP:
+ length--;
+ continue;
+ default:
+ opsize = *ptr++;
+ if (opsize < 2)
+ return 1;
+ if (opsize > length)
+ return 1;
+
+ switch (opcode) {
+ case TCPOPT_MAXSEG:
+ if (opsize == TCPOLEN_MAXSEG)
+ printf("--mss %u ", ntohs(*(uint16_t *)ptr));
+ break;
+ case TCPOPT_WINDOW:
+ if (opsize == TCPOLEN_WINDOW)
+ printf("--wscale %u ", *ptr);
+ break;
+ case TCPOPT_TIMESTAMP:
+ if (opsize == TCPOLEN_TIMESTAMP)
+ printf("--timestamp ");
+ break;
+ case TCPOPT_SACK_PERMITTED:
+ if (opsize == TCPOLEN_SACK_PERMITTED)
+ printf("--sack-perm ");
+ break;
+ }
+
+ ptr += opsize - 2;
+ length -= opsize;
+ }
+ }
+ printf("\n");
+ return 1;
+}
+
+static void probe_host(const char *host)
+{
+ struct sockaddr_in sin;
+ char pcap_errbuf[PCAP_ERRBUF_SIZE];
+ struct pcap_pkthdr pkthdr;
+ const uint8_t *data;
+ struct bpf_program fp;
+ pcap_t *ph;
+ int fd;
+
+ ph = pcap_create(iface, pcap_errbuf);
+ if (ph == NULL) {
+ perror("pcap_create");
+ goto err1;
+ }
+
+ if (pcap_setnonblock(ph, 1, pcap_errbuf) == -1) {
+ perror("pcap_setnonblock");
+ goto err2;
+ }
+
+ if (pcap_setfilter(ph, &fp) == -1) {
+ pcap_perror(ph, "pcap_setfilter");
+ goto err2;
+ }
+
+ if (pcap_activate(ph) != 0) {
+ pcap_perror(ph, "pcap_activate");
+ goto err2;
+ }
+
+ if (pcap_compile(ph, &fp, "src host 127.0.0.1 and tcp and src port 80",
+ 1, PCAP_NETMASK_UNKNOWN) == -1) {
+ pcap_perror(ph, "pcap_compile");
+ goto err2;
+ }
+
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ if (fd < 0) {
+ perror("socket");
+ goto err3;
+ }
+
+ memset(&sin, 0, sizeof(sin));
+ sin.sin_family = AF_INET;
+ sin.sin_port = htons(port);
+ sin.sin_addr.s_addr = inet_addr(host);
+
+ if (connect(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
+ perror("connect");
+ goto err4;
+ }
+
+ for (;;) {
+ data = pcap_next(ph, &pkthdr);
+ if (data == NULL)
+ break;
+ if (parse_packet(host, data))
+ break;
+ }
+
+ close(fd);
+
+err4:
+ close(fd);
+err3:
+ pcap_freecode(&fp);
+err2:
+ pcap_close(ph);
+err1:
+ return;
+}
+
+enum {
+ OPT_HELP = 'h',
+ OPT_IFACE = 'i',
+ OPT_PORT = 'p',
+ OPT_CHAIN = 'c',
+};
+
+static const struct option options[] = {
+ { .name = "help", .has_arg = false, .val = OPT_HELP },
+ { .name = "iface", .has_arg = true, .val = OPT_IFACE },
+ { .name = "port" , .has_arg = true, .val = OPT_PORT },
+ { .name = "chain", .has_arg = true, .val = OPT_CHAIN },
+ { }
+};
+
+static void print_help(const char *name)
+{
+ printf("%s [ options ] address...\n"
+ "\n"
+ "Options:\n"
+ " -i/--iface Outbound interface\n"
+ " -p/--port Port number to probe\n"
+ " -c/--chain Chain name to use for rules\n"
+ " -h/--help Show this help\n",
+ name);
+}
+
+int main(int argc, char **argv)
+{
+ int optidx = 0, c;
+
+ for (;;) {
+ c = getopt_long(argc, argv, "hi:p:c:", options, &optidx);
+ if (c == -1)
+ break;
+
+ switch (c) {
+ case OPT_IFACE:
+ iface = optarg;
+ break;
+ case OPT_PORT:
+ port = atoi(optarg);
+ break;
+ case OPT_CHAIN:
+ chain = optarg;
+ break;
+ case OPT_HELP:
+ print_help(argv[0]);
+ exit(0);
+ case '?':
+ print_help(argv[0]);
+ exit(1);
+ }
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ while (argc > 0) {
+ probe_host(*argv);
+ argc--;
+ argv++;
+ }
+ return 0;
+}
diff --git a/xshared.c b/xshared.c
deleted file mode 100644
index 21b5b2c..0000000
--- a/xshared.c
+++ /dev/null
@@ -1,31 +0,0 @@
-#include <stdio.h>
-#include <xtables.h>
-#include "xshared.h"
-
-/*
- * Print out any special helps. A user might like to be able to add a --help
- * to the commandline, and see expected results. So we call help for all
- * specified matches and targets.
- */
-void print_extension_helps(const struct xtables_target *t,
- const struct xtables_rule_match *m)
-{
- for (; t != NULL; t = t->next) {
- if (t->used) {
- printf("\n");
- if (t->help == NULL)
- printf("%s does not take any options\n",
- t->name);
- else
- t->help();
- }
- }
- for (; m != NULL; m = m->next) {
- printf("\n");
- if (m->match->help == NULL)
- printf("%s does not take any options\n",
- m->match->name);
- else
- m->match->help();
- }
-}
diff --git a/xshared.h b/xshared.h
deleted file mode 100644
index c53b618..0000000
--- a/xshared.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef IPTABLES_XSHARED_H
-#define IPTABLES_XSHARED_H 1
-
-struct xtables_rule_match;
-struct xtables_target;
-
-extern void print_extension_helps(const struct xtables_target *,
- const struct xtables_rule_match *);
-
-#endif /* IPTABLES_XSHARED_H */