]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2acb25b)
- added patch to support statically linking of iptables
authorHarald Welte <laforge@gnumonks.org>
Mon, 6 Aug 2001 18:50:21 +0000 (18:50 +0000)
committerHarald Welte <laforge@gnumonks.org>
Mon, 6 Aug 2001 18:50:21 +0000 (18:50 +0000)
- iptables-save/-restore is no longer experimental

70 files changed:
INSTALL patch | blob | blame | history
Makefile patch | blob | blame | history
Rules.make patch | blob | blame | history
extensions/Makefile patch | blob | blame | history
extensions/libip6t_LOG.c patch | blob | blame | history
extensions/libip6t_MARK.c patch | blob | blame | history
extensions/libip6t_agr.c patch | blob | blame | history
extensions/libip6t_icmpv6.c patch | blob | blame | history
extensions/libip6t_limit.c patch | blob | blame | history
extensions/libip6t_mac.c patch | blob | blame | history
extensions/libip6t_mark.c patch | blob | blame | history
extensions/libip6t_multiport.c patch | blob | blame | history
extensions/libip6t_owner.c patch | blob | blame | history
extensions/libip6t_standard.c patch | blob | blame | history
extensions/libip6t_tcp.c patch | blob | blame | history
extensions/libip6t_udp.c patch | blob | blame | history
extensions/libipt_BALANCE.c patch | blob | blame | history
extensions/libipt_DNAT.c patch | blob | blame | history
extensions/libipt_FTOS.c patch | blob | blame | history
extensions/libipt_LOG.c patch | blob | blame | history
extensions/libipt_MARK.c patch | blob | blame | history
extensions/libipt_MASQUERADE.c patch | blob | blame | history
extensions/libipt_MIRROR.c patch | blob | blame | history
extensions/libipt_NETLINK.c patch | blob | blame | history
extensions/libipt_NETMAP.c patch | blob | blame | history
extensions/libipt_POOL.c patch | blob | blame | history
extensions/libipt_REDIRECT.c patch | blob | blame | history
extensions/libipt_REJECT.c patch | blob | blame | history
extensions/libipt_SAME.c patch | blob | blame | history
extensions/libipt_SNAT.c patch | blob | blame | history
extensions/libipt_TCPMSS.c patch | blob | blame | history
extensions/libipt_TOS.c patch | blob | blame | history
extensions/libipt_TTL.c patch | blob | blame | history
extensions/libipt_ULOG.c patch | blob | blame | history
extensions/libipt_ah.c patch | blob | blame | history
extensions/libipt_connlimit.c patch | blob | blame | history
extensions/libipt_esp.c patch | blob | blame | history
extensions/libipt_icmp.c patch | blob | blame | history
extensions/libipt_ipv4options.c patch | blob | blame | history
extensions/libipt_length.c patch | blob | blame | history
extensions/libipt_limit.c patch | blob | blame | history
extensions/libipt_mac.c patch | blob | blame | history
extensions/libipt_mark.c patch | blob | blame | history
extensions/libipt_multiport.c patch | blob | blame | history
extensions/libipt_owner.c patch | blob | blame | history
extensions/libipt_pkttype.c patch | blob | blame | history
extensions/libipt_pool.c patch | blob | blame | history
extensions/libipt_psd.c patch | blob | blame | history
extensions/libipt_record_rpc.c patch | blob | blame | history
extensions/libipt_standard.c patch | blob | blame | history
extensions/libipt_state.c patch | blob | blame | history
extensions/libipt_string.c patch | blob | blame | history
extensions/libipt_tcp.c patch | blob | blame | history
extensions/libipt_tcpmss.c patch | blob | blame | history
extensions/libipt_time.c patch | blob | blame | history
extensions/libipt_tos.c patch | blob | blame | history
extensions/libipt_ttl.c patch | blob | blame | history
extensions/libipt_udp.c patch | blob | blame | history
extensions/libipt_unclean.c patch | blob | blame | history
include/ip6tables.h patch | blob | blame | history
include/iptables.h patch | blob | blame | history
include/iptables_common.h patch | blob | blame | history
ip6tables-restore.c patch | blob | blame | history
ip6tables-save.c patch | blob | blame | history
ip6tables-standalone.c patch | blob | blame | history
ip6tables.c patch | blob | blame | history
iptables-restore.c patch | blob | blame | history
iptables-save.c patch | blob | blame | history
iptables-standalone.c patch | blob | blame | history
iptables.c patch | blob | blame | history

diff --git a/INSTALL b/INSTALL
index 738dd9938754ccbba8cede445a021b2f139c4218..59fe5efa90bad5d335f1196e7ceffdcb55fd1cb9 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -17,16 +17,16 @@ That's it!
 ================================================================
 FEELING BRAVE?
 
-1) If you want to try some extensions, you can do the following:
+1) The netfilter core team is maintaining a set of extensions / new 
+   features which are not yet committed to the mainstream kernel tree.
+
+If you want to try some extensions, you can do the following:
        % make patch-o-matic KERNEL_DIR=<<where-your-kernel-is>>
 
-This offers you a collection of maybe-broken maybe-cool third-part
+This offers you a collection of maybe-broken maybe-cool third-party
 extensions.  It will modify you kernel source (so back it up first!).
-
-2) If you want to test out `iptables-save' and `iptables-restore', you
-can use
-       % make experimental
-       % make install-experimental
+Most of them will require you to recompile / rebuild your kernel and
+modules.
 
 ================================================================
 PROBLEMS YOU MAY ENCOUNTER:
@@ -42,6 +42,12 @@ PROBLEMS YOU MAY ENCOUNTER:
        % make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man
        # make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man install
 
+4) If you want to build a statically linked version of the iptables binary,
+   without the need for loading the plugins at runtime (e.g. for an embedded
+   device or router-on-a-disk), please use
+
+       % make NO_SHARED_LIBS=1
+
 NOTE: make sure you build with at least the correct LIBDIR=
 specification, otherwise iptables(8) won't know where to find the
 dynamic objects.
diff --git a/Makefile b/Makefile
index 5446177799decbd5b894e2e1eed84d7d8f3df53a..238c34a02a1fe4dc44cc6f75fbbed159e1f5a7c0 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,9 @@
 # Standard part of Makefile for topdir.
 TOPLEVEL_INCLUDED=YES
 
+# uncomment this to get a fully statically linked version
+# NO_SHARED_LIBS = 1
+
 ifndef KERNEL_DIR
 KERNEL_DIR=/usr/src/linux
 endif
@@ -25,8 +28,24 @@ endif
 COPT_FLAGS:=-O2 -DNDEBUG
 CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g #-pg
 
+ifdef NO_SHARED_LIBS
+CFLAGS += -DNO_SHARED_LIBS=1
+endif
+
+ifndef NO_SHARED_LIBS
 DEPFILES = $(SHARED_LIBS:%.so=%.d)
 SH_CFLAGS:=$(CFLAGS) -fPIC
+STATIC_LIBS  =
+STATIC6_LIBS =
+LDFLAGS      = -rdynamic
+LDLIBS       = -ldl
+else
+DEPFILES = $(EXT_OBJS:%.o=%.d)
+STATIC_LIBS  = extensions/libext.a
+STATIC6_LIBS = extensions/libext6.a
+LDFLAGS      =
+LDLIBS       =
+endif
 
 EXTRAS+=iptables iptables.o
 EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables $(DESTDIR)$(MANDIR)/man8/iptables.8
@@ -72,22 +91,22 @@ pending-patches:
 iptables.o: iptables.c
        $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $<
 
-iptables: iptables-standalone.c iptables.o libiptc/libiptc.a
-       $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl
+iptables: iptables-standalone.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a
+       $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
 
 $(DESTDIR)$(BINDIR)/iptables: iptables
        @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
        cp $< $@
 
-iptables-save: iptables-save.c iptables.o libiptc/libiptc.a
-       $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl
+iptables-save: iptables-save.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a
+       $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
 
 $(DESTDIR)$(BINDIR)/iptables-save: iptables-save
        @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
        cp $< $@
 
-iptables-restore: iptables-restore.c iptables.o libiptc/libiptc.a
-       $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl
+iptables-restore: iptables-restore.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a
+       $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
 
 $(DESTDIR)$(BINDIR)/iptables-restore: iptables-restore
        @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
@@ -96,22 +115,22 @@ $(DESTDIR)$(BINDIR)/iptables-restore: iptables-restore
 ip6tables.o: ip6tables.c
        $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $<
 
-ip6tables: ip6tables-standalone.c ip6tables.o libiptc/libiptc.a
-       $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl
+ip6tables: ip6tables-standalone.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a
+       $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ $(LD_LIBS)
 
 $(DESTDIR)$(BINDIR)/ip6tables: ip6tables
        @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
        cp $< $@
 
-ip6tables-save: ip6tables-save.c ip6tables.o libiptc/libiptc.a
-       $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl
+ip6tables-save: ip6tables-save.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a
+       $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ $(LD_LIBS)
 
 $(DESTDIR)$(BINDIR)/ip6tables-save: ip6tables-save
        @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
        cp $< $@
 
-ip6tables-restore: ip6tables-restore.c ip6tables.o libiptc/libiptc.a
-       $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl
+ip6tables-restore: ip6tables-restore.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a
+       $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ $(LD_LIBS)
 
 $(DESTDIR)$(BINDIR)/ip6tables-restore: ip6tables-restore
        @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
diff --git a/Rules.make b/Rules.make
index 7c84143fe6a1d00712f70d8b26bdfd86bd8eb2e0..8c04caf229340156340bc162a6cce1b85e9bda66 100644 (file)
--- a/Rules.make
+++ b/Rules.make
@@ -7,6 +7,7 @@ experimental: $(EXTRAS_EXP)
 # Have to handle extensions which no longer exist.
 clean: $(EXTRA_CLEANS)
        rm -f $(SHARED_LIBS) $(EXTRAS) $(EXTRAS_EXP) $(SHARED_LIBS:%.so=%_sh.o)
+       rm -f extensions/initext.c extensions/initext6.c
        @find . -name '*.[ao]' -o -name '*.so' | xargs rm -f
 
 install: all $(EXTRA_INSTALLS)
diff --git a/extensions/Makefile b/extensions/Makefile
index d7b617332590e5a81a8b87d42a4bb2e9dd067aa1..e420aeb70c28c75c60569f3896a88cf349e883e8 100644 (file)
--- a/extensions/Makefile
+++ b/extensions/Makefile
@@ -16,6 +16,7 @@ PF6_EXT_SLIB+=$(PF6_EXT_SLIB_OPTS)
 OPTIONALS+=$(patsubst %,IPv4:%,$(PF_EXT_SLIB_OPTS))
 OPTIONALS+=$(patsubst %,IPv6:%,$(PF6_EXT_SLIB_OPTS))
 
+ifndef NO_SHARED_LIBS
 SHARED_LIBS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).so)
 EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so)
 
@@ -23,12 +24,57 @@ ifdef DO_IPV6
 SHARED_LIBS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).so)
 EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so)
 endif
+else   # NO_SHARED_LIBS
+EXT_OBJS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).o)
+EXT_FUNC+=$(foreach T,$(PF_EXT_SLIB),ipt_$(T))
+EXT_OBJS+= extensions/initext.o
+EXT6_OBJS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).o)
+EXT6_FUNC+=$(foreach T,$(PF6_EXT_SLIB),ip6t_$(T))
+EXT6_OBJS+= extensions/initext6.o
+endif
 
 ifndef TOPLEVEL_INCLUDED
 local:
        cd .. && $(MAKE) $(SHARED_LIBS)
 endif
 
+ifdef NO_SHARED_LIBS
+extensions/libext.a: $(EXT_OBJS)
+       rm -f $@; ar crv $@ $(EXT_OBJS)
+
+extensions/libext6.a: $(EXT6_OBJS)
+       rm -f $@; ar crv $@ $(EXT6_OBJS)
+
+extensions/initext.o: extensions/initext.c
+extensions/initext6.o: extensions/initext6.c
+
+extensions/initext.c: extensions/Makefile
+       echo "" > $@
+       for i in $(EXT_FUNC); do \
+               echo "extern void $${i}_init(void);" >> $@; \
+       done
+       echo "void init_extensions(void) {" >> $@
+       for i in $(EXT_FUNC); do \
+               echo "  $${i}_init();" >> $@; \
+       done
+       echo "}" >> $@
+
+extensions/initext6.c: extensions/Makefile
+       echo "" > $@
+       for i in $(EXT6_FUNC); do \
+               echo "extern void $${i}_init(void);" >> $@; \
+       done
+       echo "void init_extensions(void) {" >> $@
+       for i in $(EXT6_FUNC); do \
+               echo "  $${i}_init();" >> $@; \
+       done
+       echo "}" >> $@
+
+extensions/lib%.o: extensions/lib%.c
+       $(CC) $(CFLAGS) -D_INIT=$*_init -c -o $@ $<
+
+endif
 $(DESTDIR)$(LIBDIR)/iptables/libipt_%.so: extensions/libipt_%.so
        @[ -d $(DESTDIR)$(LIBDIR)/iptables ] || mkdir -p $(DESTDIR)$(LIBDIR)/iptables
        cp $< $@
diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c
index 6800315095138f4e7f687d074ee58f5a04fc9751..ef39c98d74e81a4c1ff666e3286472f4ff594d64 100644 (file)
--- a/extensions/libip6t_LOG.c
+++ b/extensions/libip6t_LOG.c
@@ -239,6 +239,7 @@ save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)
                printf("--log-ip-options ");
 }
 
+static
 struct ip6tables_target log
 = { NULL,
     "LOG",
diff --git a/extensions/libip6t_MARK.c b/extensions/libip6t_MARK.c
index efbb4ec06ff5da95850bbaa8955ed2fdc144ee67..6d2b1031f9c4ae15cd2a6dab2a6851ffdc89a78e 100644 (file)
--- a/extensions/libip6t_MARK.c
+++ b/extensions/libip6t_MARK.c
@@ -100,6 +100,7 @@ save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)
        printf("--set-mark 0x%lx ", markinfo->mark);
 }
 
+static
 struct ip6tables_target mark
 = { NULL,
     "MARK",
diff --git a/extensions/libip6t_agr.c b/extensions/libip6t_agr.c
index 676f9e6c1b799d830f5f9b810ec9096898a15ab9..888fc2c9cd08886b545cdb9c1fe163dc4879c809 100644 (file)
--- a/extensions/libip6t_agr.c
+++ b/extensions/libip6t_agr.c
@@ -65,6 +65,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match
        /* printf("--agr "); */
 }
 
+static
 struct ip6tables_match agr
 = { NULL,
     "agr",
diff --git a/extensions/libip6t_icmpv6.c b/extensions/libip6t_icmpv6.c
index 1b801d2d2d3bd008b19e20db483e8b7bf1a458d6..67302eb5ec53300df02c196f58f68e0dd1bdba9a 100644 (file)
--- a/extensions/libip6t_icmpv6.c
+++ b/extensions/libip6t_icmpv6.c
@@ -258,7 +258,7 @@ static void final_check(unsigned int flags)
 {
 }
 
-struct ip6tables_match icmpv6
+static struct ip6tables_match icmpv6
 = { NULL,
     "icmpv6",
     NETFILTER_VERSION,
diff --git a/extensions/libip6t_limit.c b/extensions/libip6t_limit.c
index cd267ef896dada581795000691df7130b9abcb6b..837b0fe2063c5bbf53e5c7d2506160bc05693f1c 100644 (file)
--- a/extensions/libip6t_limit.c
+++ b/extensions/libip6t_limit.c
@@ -176,6 +176,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match
                printf("--limit-burst %u ", r->burst);
 }
 
+static
 struct ip6tables_match limit
 = { NULL,
     "limit",
diff --git a/extensions/libip6t_mac.c b/extensions/libip6t_mac.c
index 283c486cceaf59310130f366bc43ff28e605c3a5..e4c434548140036834d9e56ba6293dac78f94d4a 100644 (file)
--- a/extensions/libip6t_mac.c
+++ b/extensions/libip6t_mac.c
@@ -124,6 +124,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match
                  ((struct ip6t_mac_info *)match->data)->invert);
 }
 
+static
 struct ip6tables_match mac
 = { NULL,
     "mac",
diff --git a/extensions/libip6t_mark.c b/extensions/libip6t_mark.c
index e4ed932362c45f2a9a20de1c924e50dbb67002e1..b344bb63b6743c1027dd1c7b4c2b1b8bd3efdd73 100644 (file)
--- a/extensions/libip6t_mark.c
+++ b/extensions/libip6t_mark.c
@@ -108,6 +108,7 @@ save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match)
                  ((struct ip6t_mark_info *)match->data)->invert, 0);
 }
 
+static
 struct ip6tables_match mark
 = { NULL,
     "mark",
diff --git a/extensions/libip6t_multiport.c b/extensions/libip6t_multiport.c
index d58bbb974badefe6d45411ecdf50f3cde02ba776..16bbcf8e366c9c4238e0b69f71cb5de72def65c9 100644 (file)
--- a/extensions/libip6t_multiport.c
+++ b/extensions/libip6t_multiport.c
@@ -242,6 +242,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match
        printf(" ");
 }
 
+static
 struct ip6tables_match multiport
 = { NULL,
     "multiport",
diff --git a/extensions/libip6t_owner.c b/extensions/libip6t_owner.c
index 7648d657e56d6342187dec221817d2b08bf5f50b..4eed251335d2abfd8ae8713593897d28baf4c509 100644 (file)
--- a/extensions/libip6t_owner.c
+++ b/extensions/libip6t_owner.c
@@ -199,6 +199,7 @@ save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match)
        print_item(info, IP6T_OWNER_SID, 0, "--sid-owner ");
 }
 
+static
 struct ip6tables_match owner
 = { NULL,
     "owner",
diff --git a/extensions/libip6t_standard.c b/extensions/libip6t_standard.c
index 1ffb1d7ab88adf58d8ee938ff9fa709f1725aba1..79414483db080a1e2b75c012baf3dea9e41f82d6 100644 (file)
--- a/extensions/libip6t_standard.c
+++ b/extensions/libip6t_standard.c
@@ -47,6 +47,7 @@ save(const struct ip6t_ip6 *ip6, const struct ip6t_entry_target *target)
 {
 }
 
+static
 struct ip6tables_target standard
 = { NULL,
     "standard",
diff --git a/extensions/libip6t_tcp.c b/extensions/libip6t_tcp.c
index dd515f0eab69cc3132b1af31d9979a5e0d17bdc6..f03f072aa6aaeaf687f3a568d03fad35b0d185c3 100644 (file)
--- a/extensions/libip6t_tcp.c
+++ b/extensions/libip6t_tcp.c
@@ -420,6 +420,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match
        }
 }
 
+static
 struct ip6tables_match tcp
 = { NULL,
     "tcp",
diff --git a/extensions/libip6t_udp.c b/extensions/libip6t_udp.c
index ac0361674dfd8eb4fa1b09e4c3b953f1d6ab07c0..441c81479c9f0b6938ee691098f478dd75812b4b 100644 (file)
--- a/extensions/libip6t_udp.c
+++ b/extensions/libip6t_udp.c
@@ -231,6 +231,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match
        }
 }
 
+static
 struct ip6tables_match udp
 = { NULL,
     "udp",
diff --git a/extensions/libipt_BALANCE.c b/extensions/libipt_BALANCE.c
index abbf1b63cdfc1ac881bc8f03d195056115a6add6..75f4cda8e55c06b93188ee2c26312a283abf3ed9 100644 (file)
--- a/extensions/libipt_BALANCE.c
+++ b/extensions/libipt_BALANCE.c
@@ -131,6 +131,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
        printf("-%s ", addr_to_dotted(&a));
 }
 
+static
 struct iptables_target balance
 = { NULL,
     "BALANCE",
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index 8ae9a62b73a74da6fe472e2584f2815a66282687..3e466ae31d19803c21adbe847b9b69a50fa79ac1 100644 (file)
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -224,6 +224,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
        }
 }
 
+static
 struct iptables_target dnat
 = { NULL,
     "DNAT",
diff --git a/extensions/libipt_FTOS.c b/extensions/libipt_FTOS.c
index 48f88ec50e55141b4ee21f67fa863696df2fa830..b9a5d696abf7188b265d95c3ce40f5749c3ba29d 100644 (file)
--- a/extensions/libipt_FTOS.c
+++ b/extensions/libipt_FTOS.c
@@ -110,6 +110,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
        printf("--set-ftos 0x%02x ", finfo->ftos);
 }
 
+static
 struct iptables_target ftos
 = { NULL,
     "FTOS",
diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index 9f41853f0b9c5bbe4dd97f50bd5e392f4f230ed8..f71f4bf83cdd6bc84f7c7c4bdcad6d50dc46321a 100644 (file)
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -239,6 +239,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
                printf("--log-ip-options ");
 }
 
+static
 struct iptables_target log
 = { NULL,
     "LOG",
diff --git a/extensions/libipt_MARK.c b/extensions/libipt_MARK.c
index ef7d7331a8745af4f12ef302b60d6bf15582a68a..6d4c41eabc21765883f87191123e99c457ff1bf7 100644 (file)
--- a/extensions/libipt_MARK.c
+++ b/extensions/libipt_MARK.c
@@ -100,6 +100,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
        printf("--set-mark 0x%lx ", markinfo->mark);
 }
 
+static
 struct iptables_target mark
 = { NULL,
     "MARK",
diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c
index 2159016d71e0190dc4e1f5730222f68ec139b757..0eecba5cf88bc2ac360f942b0a49a0d5585195ad 100644 (file)
--- a/extensions/libipt_MASQUERADE.c
+++ b/extensions/libipt_MASQUERADE.c
@@ -146,6 +146,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
        }
 }
 
+static
 struct iptables_target masq
 = { NULL,
     "MASQUERADE",
diff --git a/extensions/libipt_MIRROR.c b/extensions/libipt_MIRROR.c
index b4d9a07c9413781281d6449ffcce27d3126db68a..632e9548105760a7fc910d763d54d2a4567e0344 100644 (file)
--- a/extensions/libipt_MIRROR.c
+++ b/extensions/libipt_MIRROR.c
@@ -41,6 +41,7 @@ final_check(unsigned int flags)
 {
 }
 
+static
 struct iptables_target mirror
 = { NULL,
     "MIRROR",
diff --git a/extensions/libipt_NETLINK.c b/extensions/libipt_NETLINK.c
index 3faf92899603438927ab55b8f2331affaa37199b..104e642709ad36daff2c9c6703c1f4ca738be716 100644 (file)
--- a/extensions/libipt_NETLINK.c
+++ b/extensions/libipt_NETLINK.c
@@ -136,6 +136,7 @@ print(const struct ipt_ip *ip,
                printf("nlsize %i ", nld->size);
 }
 
+static
 struct iptables_target netlink = { NULL,
        "NETLINK",
        NETFILTER_VERSION,
diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c
index 7d5ad04fb25cb27a10162c0c3ef1dd5c97b84a80..947ca8d453d29ebc59a999c62140eceb59c20c3f 100644 (file)
--- a/extensions/libipt_NETMAP.c
+++ b/extensions/libipt_NETMAP.c
@@ -179,6 +179,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
        print(ip, target, 0);
 }
 
+static
 struct iptables_target target_module
 = { NULL,
     MODULENAME,
diff --git a/extensions/libipt_POOL.c b/extensions/libipt_POOL.c
index 12d9572d687575e74fb184a4555e88b90499bed1..62697710f1270dc9003d0abcf7d9617f94887245 100644 (file)
--- a/extensions/libipt_POOL.c
+++ b/extensions/libipt_POOL.c
@@ -130,6 +130,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
        }
 }
 
+static
 struct iptables_target ipt_pool_target
 = { NULL,
     "POOL",
diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c
index 3119a70037f5bee02e4c184ea39f46ae59a38ae8..02afacf981bfee7a4e6852f2a5ae13f2876db272 100644 (file)
--- a/extensions/libipt_REDIRECT.c
+++ b/extensions/libipt_REDIRECT.c
@@ -147,6 +147,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
        }
 }
 
+static
 struct iptables_target redir
 = { NULL,
     "REDIRECT",
diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
index 956805a67e144d860db21265ac9cd3e40ec8b02a..eb813413d361aa404dd9ebe4ee1e5588c137d6ea 100644 (file)
--- a/extensions/libipt_REJECT.c
+++ b/extensions/libipt_REJECT.c
@@ -155,6 +155,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
        printf("--reject-with %s ", reject_table[i].name);
 }
 
+static
 struct iptables_target reject
 = { NULL,
     "REJECT",
diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index 84bc3c5b7b8214bf1f4ff3feae1f0c1b5d9dfed5..4e7ef37a1ef02b82cb11c2350395c8112e322b78 100644 (file)
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -165,6 +165,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
                printf("--nodst ");
 }
 
+static
 struct iptables_target same
 = { NULL,
     "SAME",
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index 83f4ce9eef2e514d003c4485c3660cc5dc73084a..1af0d5eff35709f4d8fcad54cbef7fea13b011f2 100644 (file)
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -224,6 +224,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
        }
 }
 
+static
 struct iptables_target snat
 = { NULL,
     "SNAT",
diff --git a/extensions/libipt_TCPMSS.c b/extensions/libipt_TCPMSS.c
index d14f0c08533fbfc8fdf060fcdd491cf2f2f31fb8..ebc10a7998871c1cfc476a4ca026745fbe996d92 100644 (file)
--- a/extensions/libipt_TCPMSS.c
+++ b/extensions/libipt_TCPMSS.c
@@ -113,6 +113,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
                printf("--set-mss %u ", mssinfo->mss);
 }
 
+static
 struct iptables_target mss
 = { NULL,
     "TCPMSS",
diff --git a/extensions/libipt_TOS.c b/extensions/libipt_TOS.c
index 9feba06063c6f54fc9de2d3947e3949b13e366bb..0e54a08f4824a869cdd7163bfb03b2bde1f9dc7d 100644 (file)
--- a/extensions/libipt_TOS.c
+++ b/extensions/libipt_TOS.c
@@ -14,6 +14,7 @@ struct tosinfo {
 };
 
 /* TOS names and values. */
+static
 struct TOS_value
 {
        unsigned char TOS;
@@ -152,6 +153,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
        printf("--set-tos 0x%02x ", tosinfo->tos);
 }
 
+static
 struct iptables_target tos
 = { NULL,
     "TOS",
diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c
index 985b914685be6c7a954569d2cd6036add60b77de..b04289ac6bed7103fcf93018d7921b06a38a6968 100644 (file)
--- a/extensions/libipt_TTL.c
+++ b/extensions/libipt_TTL.c
@@ -143,6 +143,7 @@ static struct option opts[] = {
        { 0 }
 };
 
+static
 struct iptables_target TTL = { NULL, 
        "TTL",
        NETFILTER_VERSION,
diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c
index 9d4bad87e20b8f8d6c23a9d7e6086e187668747a..5de8ee0e01069b6151969f7665ec884d4de8978b 100644 (file)
--- a/extensions/libipt_ULOG.c
+++ b/extensions/libipt_ULOG.c
@@ -187,6 +187,7 @@ print(const struct ipt_ip *ip,
        printf("queue_threshold %d ", loginfo->qthreshold);
 }
 
+static
 struct iptables_target ulog = { NULL,
        "ULOG",
        NETFILTER_VERSION,
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index e779fa53d9969e58c143fe8d5b08d275439cce0b..0473760fada7528663354b24e9d355ea1ab81508 100644 (file)
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -169,6 +169,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
 
 }
 
+static
 struct iptables_match ah
 = { NULL,
     "ah",
diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c
index 19928ac2e77d5b9e221b26e40306e519af722377..a11cf140719cea2d09eef9d5015b75098aae4f3b 100644 (file)
--- a/extensions/libipt_connlimit.c
+++ b/extensions/libipt_connlimit.c
@@ -113,6 +113,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        printf("--iplimit-mask %d ",count_bits(info->mask));
 }
 
+static
 static struct iptables_match iplimit = {
        name:           "iplimit",
        version:        NETFILTER_VERSION,
diff --git a/extensions/libipt_esp.c b/extensions/libipt_esp.c
index d60c2a6576028b5a5ccc5c17bedf44ec9c8c5331..07d251566816a16c174cf440c448e4d3c0cbbb83 100644 (file)
--- a/extensions/libipt_esp.c
+++ b/extensions/libipt_esp.c
@@ -169,6 +169,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
 
 }
 
+static
 struct iptables_match esp
 = { NULL,
     "esp",
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index a8b6bd13f87fb3184df601df485ae06152b9ee2c..8d2d85d5ca46d6ed1ff9ef5e0ffc082e933bce7d 100644 (file)
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -273,6 +273,7 @@ static void final_check(unsigned int flags)
 {
 }
 
+static
 struct iptables_match icmp
 = { NULL,
     "icmp",
diff --git a/extensions/libipt_ipv4options.c b/extensions/libipt_ipv4options.c
index 89ca9fc96f473892e5bd53faf7e72b62e34a7a41..e99c96c9521a661634d89f7f2c050cb33c103e08 100644 (file)
--- a/extensions/libipt_ipv4options.c
+++ b/extensions/libipt_ipv4options.c
@@ -253,6 +253,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        printf(" ");
 }
 
+static
 struct iptables_match ipv4options_struct
 = { NULL,
     "ipv4options",
diff --git a/extensions/libipt_length.c b/extensions/libipt_length.c
index ee2af94356634dd56cc12aecfa8e372512579fd0..00326c4b7fe5644e6c93c08bdfa08c36e9bfef02 100644 (file)
--- a/extensions/libipt_length.c
+++ b/extensions/libipt_length.c
@@ -139,6 +139,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        print_length((struct ipt_length_info *)match->data);
 }
 
+static
 struct iptables_match length
 = { NULL,
     "length",
diff --git a/extensions/libipt_limit.c b/extensions/libipt_limit.c
index 9aaf842aea151a3932427e49574455bad9dd4a5e..edbc1cbfca972b0f19241a5a137d8d845a6e6ce5 100644 (file)
--- a/extensions/libipt_limit.c
+++ b/extensions/libipt_limit.c
@@ -176,6 +176,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
                printf("--limit-burst %u ", r->burst);
 }
 
+static
 struct iptables_match limit
 = { NULL,
     "limit",
diff --git a/extensions/libipt_mac.c b/extensions/libipt_mac.c
index 6d61d6051d38694bae699c2959c6f1e5ca6fdc88..1b088a854f35b0416e9bdbaa713e797c6328323e 100644 (file)
--- a/extensions/libipt_mac.c
+++ b/extensions/libipt_mac.c
@@ -124,6 +124,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
                  ((struct ipt_mac_info *)match->data)->invert);
 }
 
+static
 struct iptables_match mac
 = { NULL,
     "mac",
diff --git a/extensions/libipt_mark.c b/extensions/libipt_mark.c
index aced54757f6405f10c80cf756cb61532c3b432d5..001635a663451322f2fa6ec5766bfc4abc8944d5 100644 (file)
--- a/extensions/libipt_mark.c
+++ b/extensions/libipt_mark.c
@@ -108,6 +108,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
                  ((struct ipt_mark_info *)match->data)->invert, 0);
 }
 
+static
 struct iptables_match mark
 = { NULL,
     "mark",
diff --git a/extensions/libipt_multiport.c b/extensions/libipt_multiport.c
index 6eb5bdf0e429efb9dcfaf21eb6d6f1e584b1452e..58cf18ca0fc790d614759e68d6db18fcada85a5a 100644 (file)
--- a/extensions/libipt_multiport.c
+++ b/extensions/libipt_multiport.c
@@ -242,6 +242,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        printf(" ");
 }
 
+static
 struct iptables_match multiport
 = { NULL,
     "multiport",
diff --git a/extensions/libipt_owner.c b/extensions/libipt_owner.c
index 233cd0be1431ce2adb9a7c5421599baa1b4be93e..953eb59aaa10e08e4bd19b528422d1b6c2395dd2 100644 (file)
--- a/extensions/libipt_owner.c
+++ b/extensions/libipt_owner.c
@@ -199,6 +199,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        print_item(info, IPT_OWNER_SID, 0, "--sid-owner ");
 }
 
+static
 struct iptables_match owner
 = { NULL,
     "owner",
diff --git a/extensions/libipt_pkttype.c b/extensions/libipt_pkttype.c
index f05a2316c45ea72e950473f881bb507f57a6ff42..04a43db75d0f58ffbbf9777b22a64d7ec7118bc2 100644 (file)
--- a/extensions/libipt_pkttype.c
+++ b/extensions/libipt_pkttype.c
@@ -153,6 +153,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        print_pkttype(info);
 }
 
+static
 struct iptables_match pkttype = {
     NULL,
     "pkttype",
diff --git a/extensions/libipt_pool.c b/extensions/libipt_pool.c
index 23e2922da3d80a08fd05fce05377144d81b98b46..3fec4634c17bbb85746204bcb59346d931caacf8 100644 (file)
--- a/extensions/libipt_pool.c
+++ b/extensions/libipt_pool.c
@@ -122,6 +122,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
                        ip_pool_get_name(buf, sizeof(buf), info->dst, 0));
 }
 
+static
 struct iptables_match pool
 = { NULL,
     "pool",
diff --git a/extensions/libipt_psd.c b/extensions/libipt_psd.c
index d5bb87e8f07eee9959821663abea8ab0f5e19cca..21b9fb884f0318091805f62ff320f8055de00e3b 100644 (file)
--- a/extensions/libipt_psd.c
+++ b/extensions/libipt_psd.c
@@ -174,6 +174,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        printf("--psd-hi-ports-weight %u ",psdinfo->hi_ports_weight);
 }
 
+static
 struct iptables_match psd
 = { NULL,
     "psd",
diff --git a/extensions/libipt_record_rpc.c b/extensions/libipt_record_rpc.c
index f0c86bae903ba316ca984b49d35a611721262353..c40df4022137b4207dd92c7a0c4bfd888486e7cc 100644 (file)
--- a/extensions/libipt_record_rpc.c
+++ b/extensions/libipt_record_rpc.c
@@ -52,6 +52,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
 {
 }
 
+static
 struct iptables_match record_rpc
 = { NULL,
     "record_rpc",
diff --git a/extensions/libipt_standard.c b/extensions/libipt_standard.c
index 22db24ba31d073f4d0ed0d3b69351bbcd418e072..c5faf1898a5857426a634422068c103db26ce7ce 100644 (file)
--- a/extensions/libipt_standard.c
+++ b/extensions/libipt_standard.c
@@ -47,6 +47,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
 {
 }
 
+static
 struct iptables_target standard
 = { NULL,
     "standard",
diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c
index d21ccf16e0c0fc73c824c92fdd7a22d0b369ff7b..25bc2a2c113a95940e71f4478fe32375c328f2aa 100644 (file)
--- a/extensions/libipt_state.c
+++ b/extensions/libipt_state.c
@@ -142,6 +142,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        print_state(sinfo->statemask);
 }
 
+static
 struct iptables_match state
 = { NULL,
     "state",
diff --git a/extensions/libipt_string.c b/extensions/libipt_string.c
index 279f9be1b66e8b25cae60ae8bd75d63c220c6e3e..b9f38d7a570f77a0384b706279f037800a569888 100644 (file)
--- a/extensions/libipt_string.c
+++ b/extensions/libipt_string.c
@@ -113,6 +113,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
                  ((struct ipt_string_info *)match->data)->invert, 0);
 }
 
+static
 struct iptables_match string
 = { NULL,
     "string",
diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c
index 1b0a37a3ea7870db1c159791cdf9e02586ecc8b1..7f172529fb14a35e781fcf490f6db2f8c0cc2a80 100644 (file)
--- a/extensions/libipt_tcp.c
+++ b/extensions/libipt_tcp.c
@@ -423,6 +423,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        }
 }
 
+static
 struct iptables_match tcp
 = { NULL,
     "tcp",
diff --git a/extensions/libipt_tcpmss.c b/extensions/libipt_tcpmss.c
index 6cf4211f4879141066d58c7ccdd4cd395c180675..92e05392bcf5a9ef383a975fa6e68aa9402bd4e0 100644 (file)
--- a/extensions/libipt_tcpmss.c
+++ b/extensions/libipt_tcpmss.c
@@ -140,6 +140,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
                     mssinfo->invert, 0);
 }
 
+static
 struct iptables_match tcpmss
 = { NULL,
     "tcpmss",
diff --git a/extensions/libipt_time.c b/extensions/libipt_time.c
index 10b37885ff487acb59e80d5000a581895e476436..9d1e5597d96ed6e1032396ff78a60ee4f81e87d7 100644 (file)
--- a/extensions/libipt_time.c
+++ b/extensions/libipt_time.c
@@ -288,6 +288,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        printf(" ");
 }
 
+static
 struct iptables_match timestruct
 = { NULL,
     "time",
diff --git a/extensions/libipt_tos.c b/extensions/libipt_tos.c
index f1d3b2a65740ed3ea7c359ab055f16aa72ce7a3a..a1ef4e6e5ee457aef304ffea7679b978197b5c88 100644 (file)
--- a/extensions/libipt_tos.c
+++ b/extensions/libipt_tos.c
@@ -9,6 +9,7 @@
 #include <linux/netfilter_ipv4/ipt_tos.h>
 
 /* TOS names and values. */
+static
 struct TOS_value
 {
        unsigned char TOS;
@@ -151,6 +152,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
                  ((struct ipt_tos_info *)match->data)->invert, 0);
 }
 
+static
 struct iptables_match tos
 = { NULL,
     "tos",
diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c
index 060b2409a15228fed2e599613e4c29a59c261be1..f1ca31c4ea5c87ab9605d7722554c657098df95e 100644 (file)
--- a/extensions/libipt_ttl.c
+++ b/extensions/libipt_ttl.c
@@ -155,6 +155,7 @@ static struct option opts[] = {
        { 0 }
 };
 
+static
 struct iptables_match ttl = {
        NULL,
        "ttl",
diff --git a/extensions/libipt_udp.c b/extensions/libipt_udp.c
index 9b18d18beeefe988cb2645fad6c74928ad6a5521..3db35b1bc8450b097ef1ba6dd8d5ae78078c2533 100644 (file)
--- a/extensions/libipt_udp.c
+++ b/extensions/libipt_udp.c
@@ -231,6 +231,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
        }
 }
 
+static
 struct iptables_match udp
 = { NULL,
     "udp",
diff --git a/extensions/libipt_unclean.c b/extensions/libipt_unclean.c
index b954e368fec28cc48aa1d1cebab449986f49cfe0..5e842e937c37fc47fae4010f104e1289c2fa06c9 100644 (file)
--- a/extensions/libipt_unclean.c
+++ b/extensions/libipt_unclean.c
@@ -41,6 +41,7 @@ static void final_check(unsigned int flags)
 {
 }
 
+static
 struct iptables_match unclean
 = { NULL,
     "unclean",
diff --git a/include/ip6tables.h b/include/ip6tables.h
index 9ac3835cf195d5befeece3e83d9d324081c2deff..ca388f7c0d2a7630a5b659a865e567cfb9bc2c1d 100644 (file)
--- a/include/ip6tables.h
+++ b/include/ip6tables.h
@@ -51,6 +51,9 @@ struct ip6tables_match
        struct ip6t_entry_match *m;
        unsigned int mflags;
        unsigned int used;
+#ifdef NO_SHARED_LIBS
+       unsigned int loaded; /* simulate loading so options are merged properly */
+#endif
 };
 
 struct ip6tables_target
@@ -98,6 +101,9 @@ struct ip6tables_target
        struct ip6t_entry_target *t;
        unsigned int tflags;
        unsigned int used;
+#ifdef NO_SHARED_LIBS
+       unsigned int loaded; /* simulate loading so options are merged properly */
+#endif
 };
 
 /* Your shared library should call one of these. */
diff --git a/include/iptables.h b/include/iptables.h
index 719db54465c1b98c94f588e5ea3c6747014c02cf..ac2a6b3b9b355668a6705b5c7fd3c7e197b1b3a0 100644 (file)
--- a/include/iptables.h
+++ b/include/iptables.h
@@ -51,6 +51,9 @@ struct iptables_match
        struct ipt_entry_match *m;
        unsigned int mflags;
        unsigned int used;
+#ifdef NO_SHARED_LIBS
+       unsigned int loaded; /* simulate loading so options are merged properly */
+#endif
 };
 
 struct iptables_target
@@ -98,6 +101,9 @@ struct iptables_target
        struct ipt_entry_target *t;
        unsigned int tflags;
        unsigned int used;
+#ifdef NO_SHARED_LIBS
+       unsigned int loaded; /* simulate loading so options are merged properly */
+#endif
 };
 
 /* Your shared library should call one of these. */
diff --git a/include/iptables_common.h b/include/iptables_common.h
index dff849eecc84bc62c2ef38ebde8bf441b84c9d22..12b579758623fb34177b0995833d61b0b4c64e45 100644 (file)
--- a/include/iptables_common.h
+++ b/include/iptables_common.h
@@ -19,4 +19,11 @@ void exit_error(enum exittype, char *, ...)__attribute__((noreturn,
                                                          format(printf,2,3)));
 extern const char *program_name, *program_version;
 
+#ifdef NO_SHARED_LIBS
+# ifdef _INIT
+#  define _init _INIT
+# endif
+  extern void init_extensions(void);
+#endif
+
 #endif /*_IPTABLES_COMMON_H*/
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index f7a94f2c888ef14affd353dd40047496b3213e57..40804eef7e7035803805df380985159657f6ee19 100644 (file)
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -93,6 +93,10 @@ int main(int argc, char *argv[])
        program_name = "ip6tables-restore";
        program_version = NETFILTER_VERSION;
 
+#ifdef NO_SHARED_LIBS
+       init_extensions();
+#endif
+
        while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) {
                switch (c) {
                        case 'b':
diff --git a/ip6tables-save.c b/ip6tables-save.c
index c18bda21de57c7db4c4600c0dc23ffa9f9aa069a..772f786c40a0633d1edf3ca3a1d3b5d76e8bd2ea 100644 (file)
--- a/ip6tables-save.c
+++ b/ip6tables-save.c
@@ -314,6 +314,10 @@ int main(int argc, char *argv[])
        program_name = "ip6tables-save";
        program_version = NETFILTER_VERSION;
 
+#ifdef NO_SHARED_LIBS
+       init_extensions();
+#endif
+
        while ((c = getopt_long(argc, argv, "bc", options, NULL)) != -1) {
                switch (c) {
                case 'b':
diff --git a/ip6tables-standalone.c b/ip6tables-standalone.c
index 1120590f1d85229450e39ce06dbd8f2a5d9355d7..f0145ce121ae4f1b161607686a227fd79b11dfc1 100644 (file)
--- a/ip6tables-standalone.c
+++ b/ip6tables-standalone.c
@@ -39,6 +39,10 @@ main(int argc, char *argv[])
        program_name = "ip6tables";
        program_version = NETFILTER_VERSION;
 
+#ifdef NO_SHARED_LIBS
+       init_extensions();
+#endif
+
        ret = do_command6(argc, argv, &table, &handle);
        if (ret)
                ret = ip6tc_commit(&handle);
diff --git a/ip6tables.c b/ip6tables.c
index 2160950e7b6fe24d83044351b228239207eb4804..2d13f3af20d0430cfce300fe1e20a44b0ae01604 100644 (file)
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -684,6 +684,7 @@ find_match(const char *name, enum ip6t_tryload tryload)
                        break;
        }
 
+#ifndef NO_SHARED_LIBS
        if (!ptr && tryload != DONT_LOAD) {
                char path[sizeof(IP6T_LIB_DIR) + sizeof("/libip6t_.so")
                         + strlen(name)];
@@ -701,6 +702,14 @@ find_match(const char *name, enum ip6t_tryload tryload)
                        exit_error(PARAMETER_PROBLEM,
                                   "Couldn't load match `%s'\n", name);
        }
+#else
+       if (ptr && !ptr->loaded) {
+               if (tryload != DONT_LOAD)
+                       ptr->loaded = 1;
+               else
+                       ptr = NULL;
+       }
+#endif
 
         if (ptr)
                 ptr->used = 1;
@@ -881,6 +890,7 @@ find_target(const char *name, enum ip6t_tryload tryload)
                        break;
        }
 
+#ifndef NO_SHARED_LIBS
        if (!ptr && tryload != DONT_LOAD) {
                char path[sizeof(IP6T_LIB_DIR) + sizeof("/libip6t_.so")
                         + strlen(name)];
@@ -898,6 +908,14 @@ find_target(const char *name, enum ip6t_tryload tryload)
                                   "Couldn't load target `%s'%s\n", 
                                   name, dlerror());
        }
+#else
+       if (ptr && !ptr->loaded) {
+               if (tryload != DONT_LOAD)
+                       ptr->loaded = 1;
+               else
+                       ptr = NULL;
+       }
+#endif
 
         if (ptr)
                 ptr->used = 1;
diff --git a/iptables-restore.c b/iptables-restore.c
index b6bcb7b79bc47ccd71aa8e31957160bce108c808..2f4d87687858a9f11b81062fbc53a839b76f7d9e 100644 (file)
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -4,7 +4,7 @@
  *
  * This coude is distributed under the terms of GNU GPL
  *
- * $Id: iptables-restore.c,v 1.12 2001/05/26 04:41:56 laforge Exp $
+ * $Id: iptables-restore.c,v 1.13 2001/06/16 18:25:25 laforge Exp $
  */
 
 #include <getopt.h>
@@ -109,6 +109,10 @@ int main(int argc, char *argv[])
        program_name = "iptables-restore";
        program_version = NETFILTER_VERSION;
 
+#ifdef NO_SHARED_LIBS
+       init_extensions();
+#endif
+
        while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) {
                switch (c) {
                        case 'b':
diff --git a/iptables-save.c b/iptables-save.c
index 60397146c9235b1032969d5e7ee8ee762bd40292..aa3b69af6b8691a109f54277d4333220f7b7bc27 100644 (file)
--- a/iptables-save.c
+++ b/iptables-save.c
@@ -306,6 +306,10 @@ int main(int argc, char *argv[])
        program_name = "iptables-save";
        program_version = NETFILTER_VERSION;
 
+#ifdef NO_SHARED_LIBS
+       init_extensions();
+#endif
+
        while ((c = getopt_long(argc, argv, "bc", options, NULL)) != -1) {
                switch (c) {
                case 'b':
diff --git a/iptables-standalone.c b/iptables-standalone.c
index b891e974bd888fbaa90d2123a4bde7b03ee415c7..791f9505f60146ad62f744f38312b963acd091d1 100644 (file)
--- a/iptables-standalone.c
+++ b/iptables-standalone.c
@@ -40,6 +40,10 @@ main(int argc, char *argv[])
        program_name = "iptables";
        program_version = NETFILTER_VERSION;
 
+#ifdef NO_SHARED_LIBS
+       init_extensions();
+#endif
+
        ret = do_command(argc, argv, &table, &handle);
        if (ret)
                ret = iptc_commit(&handle);
diff --git a/iptables.c b/iptables.c
index 55420ab94b1a2dc978d2dfbfdf954136ab9c10c7..7f4c8926aab6df4ef00853bbfdc497c0a5842254 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -649,6 +649,7 @@ find_match(const char *name, enum ipt_tryload tryload)
                        break;
        }
 
+#ifndef NO_SHARED_LIBS
        if (!ptr && tryload != DONT_LOAD) {
                char path[sizeof(IPT_LIB_DIR) + sizeof("/libipt_.so")
                         + strlen(name)];
@@ -667,6 +668,14 @@ find_match(const char *name, enum ipt_tryload tryload)
                                   "Couldn't load match `%s':%s\n",
                                   name, dlerror());
        }
+#else
+       if (ptr && !ptr->loaded) {
+               if (tryload != DONT_LOAD)
+                       ptr->loaded = 1;
+               else
+                       ptr = NULL;
+       }
+#endif
 
        if (ptr)
                ptr->used = 1;
@@ -904,6 +913,7 @@ find_target(const char *name, enum ipt_tryload tryload)
                        break;
        }
 
+#ifndef NO_SHARED_LIBS
        if (!ptr && tryload != DONT_LOAD) {
                char path[sizeof(IPT_LIB_DIR) + sizeof("/libipt_.so")
                         + strlen(name)];
@@ -921,6 +931,14 @@ find_target(const char *name, enum ipt_tryload tryload)
                                   "Couldn't load target `%s':%s\n",
                                   name, dlerror());
        }
+#else
+       if (ptr && !ptr->loaded) {
+               if (tryload != DONT_LOAD)
+                       ptr->loaded = 1;
+               else
+                       ptr = NULL;
+       }
+#endif
 
        if (ptr)
                ptr->used = 1;
Mirror of git://git.netfilter.org/iptables