#endif
};
+struct xtables_rule_match {
+ struct xtables_rule_match *next;
+ struct xtables_match *match;
+ /* Multiple matches of the same type: the ones before
+ the current one are completed from parsing point of view */
+ bool completed;
+};
+
+enum xtables_tryload {
+ XTF_DONT_LOAD,
+ XTF_DURING_LOAD,
+ XTF_TRY_LOAD,
+ XTF_LOAD_MUST_SUCCEED,
+};
+
extern const char *xtables_modprobe_program;
+extern struct xtables_match *xtables_matches;
+extern struct xtables_target *xtables_targets;
extern void *xtables_calloc(size_t, size_t);
extern void *xtables_malloc(size_t);
extern int xtables_insmod(const char *, const char *, bool);
extern int xtables_load_ko(const char *, bool);
+extern struct xtables_match *xtables_find_match(const char *name,
+ enum xtables_tryload, struct xtables_rule_match **match);
+extern struct xtables_target *xtables_find_target(const char *name,
+ enum xtables_tryload);
+
/* Your shared library should call one of these. */
extern void xtables_register_match(struct xtables_match *me);
extern void xtables_register_target(struct xtables_target *me);
int so_rev_target;
};
-enum xt_tryload {
- DONT_LOAD,
- DURING_LOAD,
- TRY_LOAD,
- LOAD_MUST_SUCCEED
-};
-
-struct xtables_rule_match {
- struct xtables_rule_match *next;
- struct xtables_match *match;
- /* Multiple matches of the same type: the ones before
- the current one are completed from parsing point of view */
- unsigned int completed;
-};
-
extern char *lib_dir;
/* This is decleared in ip[6]tables.c */
extern struct afinfo afinfo;
-/* Keeping track of external matches and targets: linked lists. */
-extern struct xtables_match *xtables_matches;
-extern struct xtables_target *xtables_targets;
-
-extern struct xtables_match *find_match(const char *name, enum xt_tryload,
- struct xtables_rule_match **match);
-extern struct xtables_target *find_target(const char *name, enum xt_tryload);
-
extern void _init(void);
#endif /* _XTABLES_INTERNAL_H */
/* Christophe Burki wants `-p 6' to imply `-m tcp'. */
static struct xtables_match *
-find_proto(const char *pname, enum ip6t_tryload tryload, int nolookup, struct ip6tables_rule_match **matches)
+find_proto(const char *pname, enum xtables_tryload tryload,
+ int nolookup, struct ip6tables_rule_match **matches)
{
unsigned int proto;
char *protoname = proto_to_name(proto, nolookup);
if (protoname)
- return find_match(protoname, tryload, matches);
+ return xtables_find_match(protoname, tryload, matches);
} else
- return find_match(pname, tryload, matches);
+ return xtables_find_match(pname, tryload, matches);
return NULL;
}
const struct ip6t_ip6 *ip,
int numeric)
{
- struct xtables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL);
+ struct xtables_match *match =
+ xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
if (match->print)
char buf[BUFSIZ];
if (!ip6tc_is_chain(targname, handle))
- target = find_target(targname, TRY_LOAD);
+ target = xtables_find_target(targname, XTF_TRY_LOAD);
else
- target = find_target(IP6T_STANDARD_TARGET, LOAD_MUST_SUCCEED);
+ target = xtables_find_target(IP6T_STANDARD_TARGET,
+ XTF_LOAD_MUST_SUCCEED);
t = ip6t_get_target((struct ip6t_entry *)fw);
flags = fw->ipv6.flags;
static int print_match_save(const struct ip6t_entry_match *e,
const struct ip6t_ip6 *ip)
{
- struct xtables_match *match
- = find_match(e->u.user.name, TRY_LOAD, NULL);
+ struct xtables_match *match =
+ xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
printf("-m %s ", e->u.user.name);
/* Print targinfo part */
t = ip6t_get_target((struct ip6t_entry *)e);
if (t->u.user.name[0]) {
- struct xtables_target *target
- = find_target(t->u.user.name, TRY_LOAD);
+ struct xtables_target *target =
+ xtables_find_target(t->u.user.name, XTF_TRY_LOAD);
if (!target) {
fprintf(stderr, "Can't find library for target `%s'\n",
exit_error(PARAMETER_PROBLEM,
"chain name not allowed to start "
"with `%c'\n", *optarg);
- if (find_target(optarg, TRY_LOAD))
+ if (xtables_find_target(optarg, XTF_TRY_LOAD))
exit_error(PARAMETER_PROBLEM,
"chain name may not clash "
"with target name\n");
/* ip6tables -p icmp -h */
if (!matches && protocol)
- find_match(protocol, TRY_LOAD, &matches);
+ xtables_find_match(protocol, XTF_TRY_LOAD,
+ &matches);
exit_printhelp(matches);
invert);
jumpto = parse_target(optarg);
/* TRY_LOAD (may be chain name) */
- target = find_target(jumpto, TRY_LOAD);
+ target = xtables_find_target(jumpto, XTF_TRY_LOAD);
if (target) {
size_t size;
exit_error(PARAMETER_PROBLEM,
"unexpected ! flag before --match");
- m = find_match(optarg, LOAD_MUST_SUCCEED, &matches);
+ m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED,
+ &matches);
size = IP6T_ALIGN(sizeof(struct ip6t_entry_match))
+ m->size;
m->m = xtables_calloc(1, size);
*/
if (m == NULL
&& protocol
- && (!find_proto(protocol, DONT_LOAD,
+ && (!find_proto(protocol, XTF_DONT_LOAD,
options&OPT_NUMERIC, NULL)
- || (find_proto(protocol, DONT_LOAD,
+ || (find_proto(protocol, XTF_DONT_LOAD,
options&OPT_NUMERIC, NULL)
&& (proto_used == 0))
)
- && (m = find_proto(protocol, TRY_LOAD,
+ && (m = find_proto(protocol, XTF_TRY_LOAD,
options&OPT_NUMERIC, &matches))) {
/* Try loading protocol */
size_t size;
|| ip6tc_is_chain(jumpto, *handle))) {
size_t size;
- target = find_target(IP6T_STANDARD_TARGET,
- LOAD_MUST_SUCCEED);
+ target = xtables_find_target(IP6T_STANDARD_TARGET,
+ XTF_LOAD_MUST_SUCCEED);
size = sizeof(struct ip6t_entry_target)
+ target->size;
exit_error(PARAMETER_PROBLEM,
"goto '%s' is not a chain\n", jumpto);
#endif
- find_target(jumpto, LOAD_MUST_SUCCEED);
+ xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED);
} else {
e = generate_entry(&fw, matches, target->t);
free(target->t);
/* Christophe Burki wants `-p 6' to imply `-m tcp'. */
static struct xtables_match *
-find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct iptables_rule_match **matches)
+find_proto(const char *pname, enum xtables_tryload tryload,
+ int nolookup, struct iptables_rule_match **matches)
{
unsigned int proto;
char *protoname = proto_to_name(proto, nolookup);
if (protoname)
- return find_match(protoname, tryload, matches);
+ return xtables_find_match(protoname, tryload, matches);
} else
- return find_match(pname, tryload, matches);
+ return xtables_find_match(pname, tryload, matches);
return NULL;
}
const struct ipt_ip *ip,
int numeric)
{
- struct xtables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL);
+ struct xtables_match *match =
+ xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
if (match->print)
char buf[BUFSIZ];
if (!iptc_is_chain(targname, handle))
- target = find_target(targname, TRY_LOAD);
+ target = xtables_find_target(targname, XTF_TRY_LOAD);
else
- target = find_target(IPT_STANDARD_TARGET, LOAD_MUST_SUCCEED);
+ target = xtables_find_target(IPT_STANDARD_TARGET,
+ XTF_LOAD_MUST_SUCCEED);
t = ipt_get_target((struct ipt_entry *)fw);
flags = fw->ip.flags;
static int print_match_save(const struct ipt_entry_match *e,
const struct ipt_ip *ip)
{
- struct xtables_match *match
- = find_match(e->u.user.name, TRY_LOAD, NULL);
+ struct xtables_match *match =
+ xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
printf("-m %s ", e->u.user.name);
/* Print targinfo part */
t = ipt_get_target((struct ipt_entry *)e);
if (t->u.user.name[0]) {
- struct xtables_target *target
- = find_target(t->u.user.name, TRY_LOAD);
+ struct xtables_target *target =
+ xtables_find_target(t->u.user.name, XTF_TRY_LOAD);
if (!target) {
fprintf(stderr, "Can't find library for target `%s'\n",
exit_error(PARAMETER_PROBLEM,
"chain name not allowed to start "
"with `%c'\n", *optarg);
- if (find_target(optarg, TRY_LOAD))
+ if (xtables_find_target(optarg, XTF_TRY_LOAD))
exit_error(PARAMETER_PROBLEM,
"chain name may not clash "
"with target name\n");
/* iptables -p icmp -h */
if (!matches && protocol)
- find_match(protocol, TRY_LOAD, &matches);
+ xtables_find_match(protocol,
+ XTF_TRY_LOAD, &matches);
exit_printhelp(matches);
invert);
jumpto = parse_target(optarg);
/* TRY_LOAD (may be chain name) */
- target = find_target(jumpto, TRY_LOAD);
+ target = xtables_find_target(jumpto, XTF_TRY_LOAD);
if (target) {
size_t size;
exit_error(PARAMETER_PROBLEM,
"unexpected ! flag before --match");
- m = find_match(optarg, LOAD_MUST_SUCCEED, &matches);
+ m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED,
+ &matches);
size = IPT_ALIGN(sizeof(struct ipt_entry_match))
+ m->size;
m->m = xtables_calloc(1, size);
*/
if (m == NULL
&& protocol
- && (!find_proto(protocol, DONT_LOAD,
+ && (!find_proto(protocol, XTF_DONT_LOAD,
options&OPT_NUMERIC, NULL)
- || (find_proto(protocol, DONT_LOAD,
+ || (find_proto(protocol, XTF_DONT_LOAD,
options&OPT_NUMERIC, NULL)
&& (proto_used == 0))
)
- && (m = find_proto(protocol, TRY_LOAD,
+ && (m = find_proto(protocol, XTF_TRY_LOAD,
options&OPT_NUMERIC, &matches))) {
/* Try loading protocol */
size_t size;
|| iptc_is_chain(jumpto, *handle))) {
size_t size;
- target = find_target(IPT_STANDARD_TARGET,
- LOAD_MUST_SUCCEED);
+ target = xtables_find_target(IPT_STANDARD_TARGET,
+ XTF_LOAD_MUST_SUCCEED);
size = sizeof(struct ipt_entry_target)
+ target->size;
exit_error(PARAMETER_PROBLEM,
"goto '%s' is not a chain\n", jumpto);
#endif
- find_target(jumpto, LOAD_MUST_SUCCEED);
+ xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED);
} else {
e = generate_entry(&fw, matches, target->t);
free(target->t);
/* Found library. If it didn't register itself,
maybe they specified target as match. */
if (is_target)
- ptr = find_target(name, DONT_LOAD);
+ ptr = xtables_find_target(name, XTF_DONT_LOAD);
else
- ptr = find_match(name, DONT_LOAD, NULL);
+ ptr = xtables_find_match(name,
+ XTF_DONT_LOAD, NULL);
} else if (stat(path, &sb) == 0) {
fprintf(stderr, "%s: %s\n", path, dlerror());
}
(unsigned int)(next - dir), dir, prefix, name);
if (dlopen(path, RTLD_NOW) != NULL) {
if (is_target)
- ptr = find_target(name, DONT_LOAD);
+ ptr = xtables_find_target(name, XTF_DONT_LOAD);
else
- ptr = find_match(name, DONT_LOAD, NULL);
+ ptr = xtables_find_match(name,
+ XTF_DONT_LOAD, NULL);
} else if (stat(path, &sb) == 0) {
fprintf(stderr, "%s: %s\n", path, dlerror());
}
}
#endif
-struct xtables_match *find_match(const char *name, enum xt_tryload tryload,
- struct xtables_rule_match **matches)
+struct xtables_match *
+xtables_find_match(const char *name, enum xtables_tryload tryload,
+ struct xtables_rule_match **matches)
{
struct xtables_match *ptr;
const char *icmp6 = "icmp6";
}
#ifndef NO_SHARED_LIBS
- if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
+ if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) {
ptr = load_extension(lib_dir, afinfo.libprefix, name, false);
- if (ptr == NULL && tryload == LOAD_MUST_SUCCEED)
+ if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED)
exit_error(PARAMETER_PROBLEM,
"Couldn't load match `%s':%s\n",
name, dlerror());
}
#else
if (ptr && !ptr->loaded) {
- if (tryload != DONT_LOAD)
+ if (tryload != XTF_DONT_LOAD)
ptr->loaded = 1;
else
ptr = NULL;
}
- if(!ptr && (tryload == LOAD_MUST_SUCCEED)) {
+ if(!ptr && (tryload == XTF_LOAD_MUST_SUCCEED)) {
exit_error(PARAMETER_PROBLEM,
"Couldn't find match `%s'\n", name);
}
for (i = matches; *i; i = &(*i)->next) {
if (strcmp(name, (*i)->match->name) == 0)
- (*i)->completed = 1;
+ (*i)->completed = true;
}
newentry->match = ptr;
- newentry->completed = 0;
+ newentry->completed = false;
newentry->next = NULL;
*i = newentry;
}
return ptr;
}
-
-struct xtables_target *find_target(const char *name, enum xt_tryload tryload)
+struct xtables_target *
+xtables_find_target(const char *name, enum xtables_tryload tryload)
{
struct xtables_target *ptr;
}
#ifndef NO_SHARED_LIBS
- if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
+ if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) {
ptr = load_extension(lib_dir, afinfo.libprefix, name, true);
- if (ptr == NULL && tryload == LOAD_MUST_SUCCEED)
+ if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED)
exit_error(PARAMETER_PROBLEM,
"Couldn't load target `%s':%s\n",
name, dlerror());
}
#else
if (ptr && !ptr->loaded) {
- if (tryload != DONT_LOAD)
+ if (tryload != XTF_DONT_LOAD)
ptr->loaded = 1;
else
ptr = NULL;
if (me->family != afinfo.family && me->family != AF_UNSPEC)
return;
- old = find_match(me->name, DURING_LOAD, NULL);
+ old = xtables_find_match(me->name, XTF_DURING_LOAD, NULL);
if (old) {
if (old->revision == me->revision &&
old->family == me->family) {
if (me->family != afinfo.family && me->family != AF_UNSPEC)
return;
- old = find_target(me->name, DURING_LOAD);
+ old = xtables_find_target(me->name, XTF_DURING_LOAD);
if (old) {
struct xtables_target **i;
projects / thirdparty / iptables.git / commitdiff
