xtables: add xtables-compat-multi for the nftables compatibility layer

author Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 4 Feb 2014 15:21:18 +0000 (16:21 +0100)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 4 Feb 2014 15:28:33 +0000 (16:28 +0100)
author Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 4 Feb 2014 15:21:18 +0000 (16:21 +0100)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 4 Feb 2014 15:28:33 +0000 (16:28 +0100)
diff --git a/iptables/Makefile.am b/iptables/Makefile.am

index 2c6a163fb99f488df1307a6a2cc6e945dc388998..41bca7c757fcff1d58ebd69900a2c5a93563eeb5 100644 (file)
--- a/iptables/Makefile.am
+++ b/iptables/Makefile.am
@@ -25,24 +25,32 @@ endif
  xtables_multi_SOURCES += xshared.c
  xtables_multi_LDADD   += ../libxtables/libxtables.la -lm
  
+# nftables compatibility layer
  if ENABLE_NFTABLES
-if HAVE_LIBMNL
-if HAVE_LIBNFTNL
-xtables_multi_SOURCES += xtables-config-parser.y xtables-config-syntax.l
-xtables_multi_SOURCES += xtables-save.c xtables-restore.c \
-                        xtables-standalone.c xtables.c nft.c \
-                        nft-shared.c nft-ipv4.c nft-ipv6.c nft-arp.c \
-                        xtables-config.c xtables-events.c \
-                        xtables-arp-standalone.c xtables-arp.c
-xtables_multi_LDADD   += ${libmnl_LIBS} ${libnftnl_LIBS}
-xtables_multi_CFLAGS  += -DENABLE_NFTABLES
-# yacc and lex generate dirty code
-xtables_multi-xtables-config-parser.o xtables_multi-xtables-config-syntax.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls
-endif
+xtables_compat_multi_SOURCES  = xtables-compat-multi.c iptables-xml.c
+xtables_compat_multi_CFLAGS   = ${AM_CFLAGS}
+xtables_compat_multi_LDADD    = ../extensions/libext.a
+if ENABLE_STATIC
+xtables_compat_multi_CFLAGS  += -DALL_INCLUSIVE
  endif
+xtables_compat_multi_CFLAGS  += -DENABLE_NFTABLES -DENABLE_IPV4 -DENABLE_IPV6
+xtables_compat_multi_SOURCES += xtables-config-parser.y xtables-config-syntax.l
+xtables_compat_multi_SOURCES += xtables-save.c xtables-restore.c \
+                               xtables-standalone.c xtables.c nft.c \
+                               nft-shared.c nft-ipv4.c nft-ipv6.c nft-arp.c \
+                               xtables-config.c xtables-events.c \
+                               xtables-arp-standalone.c xtables-arp.c
+xtables_compat_multi_LDADD   += ${libmnl_LIBS} ${libnftnl_LIBS}
+# yacc and lex generate dirty code
+xtables_compat_multi-xtables-config-parser.o xtables_compat_multi-xtables-config-syntax.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls
+xtables_compat_multi_SOURCES += xshared.c
+xtables_compat_multi_LDADD   += ../libxtables/libxtables.la -lm
  endif
  
  sbin_PROGRAMS    = xtables-multi
+if ENABLE_NFTABLES
+sbin_PROGRAMS  += xtables-compat-multi
+endif
  man_MANS         = iptables.8 iptables-restore.8 iptables-save.8 \
                     iptables-xml.1 ip6tables.8 ip6tables-restore.8 \
                     ip6tables-save.8 iptables-extensions.8
@@ -57,8 +65,9 @@ if ENABLE_IPV6
  v6_sbin_links  = ip6tables ip6tables-restore ip6tables-save
  endif
  if ENABLE_NFTABLES
-x_sbin_links  = xtables xtables-restore xtables-save xtables-config \
-               xtables-events xtables-arp
+x_sbin_links  = iptables-compat iptables-compat-restore iptables-compat-save \
+               ip6tables-compat ip6tables-compat-restore ip6tables-compat-save \
+               arptables-compat xtables-config xtables-events
  endif
  
  iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../extensions/targets.man
@@ -75,4 +84,4 @@ install-exec-hook:
         for i in ${vx_bin_links}; do ${LN_S} -f "${sbindir}/xtables-multi" "${DESTDIR}${bindir}/$$i"; done;
         for i in ${v4_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
         for i in ${v6_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
-       for i in ${x_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
+       for i in ${x_sbin_links}; do ${LN_S} -f xtables-compat-multi "${DESTDIR}${sbindir}/$$i"; done;
diff --git a/iptables/xtables-arp-standalone.c b/iptables/xtables-arp-standalone.c

index 8d4679f1cb09f89848de82e7dc9f3e32bf191a74..23b6bcb453eff8816bee573581cbd2bbc704b8b4 100644 (file)
--- a/iptables/xtables-arp-standalone.c
+++ b/iptables/xtables-arp-standalone.c
@@ -62,7 +62,7 @@ int xtables_arp_main(int argc, char *argv[])
                 .family = NFPROTO_ARP,
         };
  
-       xtables_globals.program_name = "xtables-arp";
+       xtables_globals.program_name = "arptables";
         /* This code below could be replaced by xtables_init_all, which
          * doesn't support NFPROTO_ARP yet.
          */
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c

index 298801b393ef6124960cb7afbb46377a626f629c..0c79a387bfc4c9327ee5eedab608cd243e3ca6dc 100644 (file)
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -202,7 +202,7 @@ static int inverse_for_options[NUMBER_OF_OPT] =
  };
  
  const char *program_version = XTABLES_VERSION;
-const char *program_name = "xtables-arp";
+const char *program_name = "arptables";
  
  /* A few hardcoded protocols for 'all' and in case the user has no
     /etc/protocols */
diff --git a/iptables/xtables-compat-multi.c b/iptables/xtables-compat-multi.c

new file mode 100644 (file)

index 0000000..4781052
--- /dev/null
+++ b/iptables/xtables-compat-multi.c
@@ -0,0 +1,39 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "xshared.h"
+
+#include "xtables-multi.h"
+
+static const struct subcommand multi_subcommands[] = {
+       {"iptables-xml",                iptables_xml_main},
+       {"xml",                         iptables_xml_main},
+       {"iptables",                    xtables_ip4_main},
+       {"iptables-compat",             xtables_ip4_main},
+       {"main4",                       xtables_ip4_main},
+       {"save4",                       xtables_ip4_save_main},
+       {"restore4",                    xtables_ip4_restore_main},
+       {"iptables-save",               xtables_ip4_save_main},
+       {"iptables-restore",            xtables_ip4_restore_main},
+       {"iptables-compat-save",        xtables_ip4_save_main},
+       {"iptables-compat-restore",     xtables_ip4_restore_main},
+       {"ip6tables",                   xtables_ip6_main},
+       {"ip6tables-compat",            xtables_ip6_main},
+       {"main6",                       xtables_ip6_main},
+       {"save6",                       xtables_ip6_save_main},
+       {"restore6",                    xtables_ip6_restore_main},
+       {"ip6tables-save",              xtables_ip6_save_main},
+       {"ip6tables-restore",           xtables_ip6_restore_main},
+       {"ip6tables-compat-save",       xtables_ip6_save_main},
+       {"ip6tables-compat-restore",    xtables_ip6_restore_main},
+       {"arptables",                   xtables_arp_main},
+       {"arptables-compat",            xtables_arp_main},
+       {"xtables-config",              xtables_config_main},
+       {"xtables-events",              xtables_events_main},
+       {NULL},
+};
+
+int main(int argc, char **argv)
+{
+       return subcmd_main(argc, argv, multi_subcommands);
+}
diff --git a/iptables/xtables-multi.h b/iptables/xtables-multi.h

index 759e24f0867240cc5b340dbf9ab4e01b1871ddb4..e706894b98fccb1a5045e9bb9dbd97821d0c48c7 100644 (file)
--- a/iptables/xtables-multi.h
+++ b/iptables/xtables-multi.h
@@ -2,11 +2,16 @@
  #define _XTABLES_MULTI_H 1
  
  extern int iptables_xml_main(int, char **);
-extern int xtables_main(int, char **);
-extern int xtables_save_main(int, char **);
-extern int xtables_restore_main(int, char **);
+#ifdef ENABLE_NFTABLES
+extern int xtables_ip4_main(int, char **);
+extern int xtables_ip4_save_main(int, char **);
+extern int xtables_ip4_restore_main(int, char **);
+extern int xtables_ip6_main(int, char **);
+extern int xtables_ip6_save_main(int, char **);
+extern int xtables_ip6_restore_main(int, char **);
+extern int xtables_arp_main(int, char **);
  extern int xtables_config_main(int, char **);
  extern int xtables_events_main(int, char **);
-extern int xtables_arp_main(int, char **);
+#endif
  
  #endif /* _XTABLES_MULTI_H */
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c

index 230894cd822ad0ad62bc6f4d8965ddf6744b2110..c4af2c5d3031fc28b4112fb0c0bd36418a637d06 100644 (file)
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -165,11 +165,11 @@ static const struct xtc_ops xtc_ops = {
         .strerror       = nft_strerror,
  };
  
-int
-xtables_restore_main(int argc, char *argv[])
+static int
+xtables_restore_main(int family, const char *progname, int argc, char *argv[])
  {
         struct nft_handle h = {
-               .family = AF_INET,      /* default to IPv4 */
+               .family = family,
         };
         char buffer[10240];
         int c;
@@ -183,8 +183,8 @@ xtables_restore_main(int argc, char *argv[])
  
         line = 0;
  
-       xtables_globals.program_name = "xtables-restore";
-       c = xtables_init_all(&xtables_globals, NFPROTO_IPV4);
+       xtables_globals.program_name = progname;
+       c = xtables_init_all(&xtables_globals, family);
         if (c < 0) {
                 fprintf(stderr, "%s/%s Failed to initialize xtables\n",
                                 xtables_globals.program_name,
@@ -472,3 +472,15 @@ xtables_restore_main(int argc, char *argv[])
         fclose(in);
         return 0;
  }
+
+int xtables_ip4_restore_main(int argc, char *argv[])
+{
+       return xtables_restore_main(NFPROTO_IPV4, "iptables-restore",
+                                   argc, argv);
+}
+
+int xtables_ip6_restore_main(int argc, char *argv[])
+{
+       return xtables_restore_main(NFPROTO_IPV6, "ip6tables-restore",
+                                   argc, argv);
+}
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c

index 77eab149b3a655a3c02a56105a374e6be7311165..93065cfcfeddeaedee8e3e85595133e8439780cb 100644 (file)
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -74,17 +74,17 @@ do_output(struct nft_handle *h, const char *tablename, bool counters)
   * :Chain name POLICY packets bytes
   * rule
   */
-int
-xtables_save_main(int argc, char *argv[])
+static int
+xtables_save_main(int family, const char *progname, int argc, char *argv[])
  {
         const char *tablename = NULL;
         bool dump = false;
         struct nft_handle h = {
-               .family = AF_INET,      /* default to AF_INET */
+               .family = family,
         };
         int c;
  
-       xtables_globals.program_name = "xtables-save";
+       xtables_globals.program_name = progname;
         /* XXX xtables_init_all does several things we don't want */
         c = xtables_init_all(&xtables_globals, NFPROTO_IPV4);
         if (c < 0) {
@@ -143,3 +143,13 @@ xtables_save_main(int argc, char *argv[])
  
         return !do_output(&h, tablename, show_counters);
  }
+
+int xtables_ip4_save_main(int argc, char *argv[])
+{
+       return xtables_save_main(NFPROTO_IPV4, "iptables-save", argc, argv);
+}
+
+int xtables_ip6_save_main(int argc, char *argv[])
+{
+       return xtables_save_main(NFPROTO_IPV6, "ip6tables-save", argc, argv);
+}
diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c

index c9f8e15ab8b54ec3729dbd059a9c7218636a2eff..eb139805d082f237fc5e5d307b7d4ceae3402fe1 100644 (file)
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -39,17 +39,17 @@
  #include "xtables-multi.h"
  #include "nft.h"
  
-int
-xtables_main(int argc, char *argv[])
+static int
+xtables_main(int family, const char *progname, int argc, char *argv[])
  {
         int ret;
         char *table = "filter";
-       struct nft_handle h;
+       struct nft_handle h = {
+               .family = family,
+       };
  
-       memset(&h, 0, sizeof(h));
-
-       xtables_globals.program_name = "xtables";
-       ret = xtables_init_all(&xtables_globals, NFPROTO_IPV4);
+       xtables_globals.program_name = progname;
+       ret = xtables_init_all(&xtables_globals, family);
         if (ret < 0) {
                 fprintf(stderr, "%s/%s Failed to initialize xtables\n",
                                 xtables_globals.program_name,
@@ -92,3 +92,13 @@ xtables_main(int argc, char *argv[])
  
         exit(!ret);
  }
+
+int xtables_ip4_main(int argc, char *argv[])
+{
+       return xtables_main(NFPROTO_IPV4, "iptables", argc, argv);
+}
+
+int xtables_ip6_main(int argc, char *argv[])
+{
+       return xtables_main(NFPROTO_IPV6, "ip6tables", argc, argv);
+}
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 4 Feb 2014 15:21:18 +0000 (16:21 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 4 Feb 2014 15:28:33 +0000 (16:28 +0100)
iptables/Makefile.am		patch \| blob \| blame \| history
iptables/xtables-arp-standalone.c		patch \| blob \| blame \| history
iptables/xtables-arp.c		patch \| blob \| blame \| history
iptables/xtables-compat-multi.c	[new file with mode: 0644]	patch \| blob
iptables/xtables-multi.h		patch \| blob \| blame \| history
iptables/xtables-restore.c		patch \| blob \| blame \| history
iptables/xtables-save.c		patch \| blob \| blame \| history
iptables/xtables-standalone.c		patch \| blob \| blame \| history