diff options
Diffstat (limited to 'libiptc/libip4tc.c')
| -rw-r--r-- | libiptc/libip4tc.c | 63 |
1 files changed, 25 insertions, 38 deletions
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c index 0c64ac8..dd59951 100644 --- a/libiptc/libip4tc.c +++ b/libiptc/libip4tc.c @@ -36,33 +36,27 @@ typedef unsigned int socklen_t; #define HOOK_FORWARD NF_IP_FORWARD #define HOOK_LOCAL_OUT NF_IP_LOCAL_OUT #define HOOK_POST_ROUTING NF_IP_POST_ROUTING -#ifdef NF_IP_DROPPING -#define HOOK_DROPPING NF_IP_DROPPING -#endif -#define STRUCT_ENTRY_TARGET struct ipt_entry_target +#define STRUCT_ENTRY_TARGET struct xt_entry_target #define STRUCT_ENTRY struct ipt_entry -#define STRUCT_ENTRY_MATCH struct ipt_entry_match +#define STRUCT_ENTRY_MATCH struct xt_entry_match #define STRUCT_GETINFO struct ipt_getinfo #define STRUCT_GET_ENTRIES struct ipt_get_entries -#define STRUCT_COUNTERS struct ipt_counters -#define STRUCT_COUNTERS_INFO struct ipt_counters_info -#define STRUCT_STANDARD_TARGET struct ipt_standard_target +#define STRUCT_COUNTERS struct xt_counters +#define STRUCT_COUNTERS_INFO struct xt_counters_info +#define STRUCT_STANDARD_TARGET struct xt_standard_target #define STRUCT_REPLACE struct ipt_replace -#define STRUCT_TC_HANDLE struct iptc_handle -#define xtc_handle iptc_handle - #define ENTRY_ITERATE IPT_ENTRY_ITERATE -#define TABLE_MAXNAMELEN IPT_TABLE_MAXNAMELEN -#define FUNCTION_MAXNAMELEN IPT_FUNCTION_MAXNAMELEN +#define TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN +#define FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN #define GET_TARGET ipt_get_target -#define ERROR_TARGET IPT_ERROR_TARGET +#define ERROR_TARGET XT_ERROR_TARGET #define NUMHOOKS NF_IP_NUMHOOKS -#define IPT_CHAINLABEL ipt_chainlabel +#define IPT_CHAINLABEL xt_chainlabel #define TC_DUMP_ENTRIES dump_entries #define TC_IS_CHAIN iptc_is_chain @@ -76,6 +70,7 @@ typedef unsigned int socklen_t; #define TC_INSERT_ENTRY iptc_insert_entry #define TC_REPLACE_ENTRY iptc_replace_entry #define TC_APPEND_ENTRY iptc_append_entry +#define TC_CHECK_ENTRY iptc_check_entry #define TC_DELETE_ENTRY iptc_delete_entry #define TC_DELETE_NUM_ENTRY iptc_delete_num_entry #define TC_FLUSH_ENTRIES iptc_flush_entries @@ -95,6 +90,7 @@ typedef unsigned int socklen_t; #define TC_STRERROR iptc_strerror #define TC_NUM_RULES iptc_num_rules #define TC_GET_RULE iptc_get_rule +#define TC_OPS iptc_ops #define TC_AF AF_INET #define TC_IPPROTO IPPROTO_IP @@ -105,14 +101,14 @@ typedef unsigned int socklen_t; #define SO_GET_ENTRIES IPT_SO_GET_ENTRIES #define SO_GET_VERSION IPT_SO_GET_VERSION -#define STANDARD_TARGET IPT_STANDARD_TARGET +#define STANDARD_TARGET XT_STANDARD_TARGET #define LABEL_RETURN IPTC_LABEL_RETURN #define LABEL_ACCEPT IPTC_LABEL_ACCEPT #define LABEL_DROP IPTC_LABEL_DROP #define LABEL_QUEUE IPTC_LABEL_QUEUE -#define ALIGN IPT_ALIGN -#define RETURN IPT_RETURN +#define ALIGN XT_ALIGN +#define RETURN XT_RETURN #include "libiptc.c" @@ -125,7 +121,7 @@ typedef unsigned int socklen_t; #define IP_PARTS(n) IP_PARTS_NATIVE(ntohl(n)) static int -dump_entry(struct ipt_entry *e, struct iptc_handle *const handle) +dump_entry(struct ipt_entry *e, struct xtc_handle *const handle) { size_t i; STRUCT_ENTRY_TARGET *t; @@ -165,7 +161,7 @@ dump_entry(struct ipt_entry *e, struct iptc_handle *const handle) : "UNKNOWN"); else printf("verdict=%u\n", pos); - } else if (strcmp(t->u.user.name, IPT_ERROR_TARGET) == 0) + } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0) printf("error=`%s'\n", t->data); printf("\n"); @@ -208,7 +204,7 @@ is_same(const STRUCT_ENTRY *a, const STRUCT_ENTRY *b, unsigned char *matchmask) mptr = matchmask + sizeof(STRUCT_ENTRY); if (IPT_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr)) return NULL; - mptr += IPT_ALIGN(sizeof(struct ipt_entry_target)); + mptr += XT_ALIGN(sizeof(struct xt_entry_target)); return mptr; } @@ -220,8 +216,8 @@ unconditional(const struct ipt_ip *ip) { unsigned int i; - for (i = 0; i < sizeof(*ip)/sizeof(u_int32_t); i++) - if (((u_int32_t *)ip)[i]) + for (i = 0; i < sizeof(*ip)/sizeof(uint32_t); i++) + if (((uint32_t *)ip)[i]) return 0; return 1; @@ -240,7 +236,7 @@ check_match(const STRUCT_ENTRY_MATCH *m, unsigned int *off) static inline int check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off, unsigned int user_offset, int *was_return, - struct iptc_handle *h) + struct xtc_handle *h) { unsigned int toff; STRUCT_STANDARD_TARGET *t; @@ -276,14 +272,14 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off, idx = iptcb_entry2index(h, te); assert(strcmp(GET_TARGET(te)->u.user.name, - IPT_ERROR_TARGET) + XT_ERROR_TARGET) != 0); assert(te != e); /* Prior node must be error node, or this node. */ assert(t->verdict == iptcb_entry2offset(h, e)+e->next_offset || strcmp(GET_TARGET(index2entry(h, idx-1)) - ->u.user.name, IPT_ERROR_TARGET) + ->u.user.name, XT_ERROR_TARGET) == 0); } @@ -293,7 +289,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off, *was_return = 1; else *was_return = 0; - } else if (strcmp(t->target.u.user.name, IPT_ERROR_TARGET) == 0) { + } else if (strcmp(t->target.u.user.name, XT_ERROR_TARGET) == 0) { assert(t->target.u.target_size == ALIGN(sizeof(struct ipt_error_target))); @@ -306,7 +302,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off, else *was_return = 0; if (*off == user_offset) - assert(strcmp(t->target.u.user.name, IPT_ERROR_TARGET) == 0); + assert(strcmp(t->target.u.user.name, XT_ERROR_TARGET) == 0); (*off) += e->next_offset; (*i)++; @@ -316,7 +312,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off, #ifdef IPTC_DEBUG /* Do every conceivable sanity check on the handle */ static void -do_check(struct iptc_handle *h, unsigned int line) +do_check(struct xtc_handle *h, unsigned int line) { unsigned int i, n; unsigned int user_offset; /* Offset of first user chain */ @@ -425,15 +421,6 @@ do_check(struct iptc_handle *h, unsigned int line) assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n); user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT]; - -#ifdef NF_IP_DROPPING - } else if (strcmp(h->info.name, "drop") == 0) { - assert(h->info.valid_hooks == (1 << NF_IP_DROPPING)); - - /* Hook should be first */ - assert(h->info.hook_entry[NF_IP_DROPPING] == 0); - user_offset = 0; -#endif } else { fprintf(stderr, "Unknown table `%s'\n", h->info.name); abort(); |