regular_CFLAGS="-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64 \
-D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations \
-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
- -Winline -pipe -DIPTABLES_VERSION=\\\"$PACKAGE_VERSION\\\" \
+ -Winline -pipe \
-DXTABLES_LIBDIR=\\\"\${xtlibdir}\\\" -DXTABLES_INTERNAL";
kinclude_CFLAGS="";
if [[ -n "$kbuilddir" ]]; then
static void HL_help(void)
{
printf(
-"HL target v%s options\n"
+"HL target options\n"
" --hl-set value Set HL to <value 0-255>\n"
" --hl-dec value Decrement HL by <value 1-255>\n"
-" --hl-inc value Increment HL by <value 1-255>\n"
-, IPTABLES_VERSION);
+" --hl-inc value Increment HL by <value 1-255>\n");
}
static int HL_parse(int c, char **argv, int invert, unsigned int *flags,
{ .name = NULL }
};
-static struct ip6tables_target hl_target6 = {
+static struct xtables_target hl_tg6_reg = {
.name = "HL",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_HL_info)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_HL_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_HL_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_HL_info)),
.help = HL_help,
.parse = HL_parse,
.final_check = HL_check,
void _init(void)
{
- register_target6(&hl_target6);
+ xtables_register_target(&hl_tg6_reg);
}
static void LOG_help(void)
{
printf(
-"LOG v%s options:\n"
+"LOG target options:\n"
" --log-level level Level of logging (numeric or see syslog.conf)\n"
-" --log-prefix prefix Prefix log messages with this prefix.\n\n"
-" --log-tcp-sequence Log TCP sequence numbers.\n\n"
-" --log-tcp-options Log TCP options.\n\n"
-" --log-ip-options Log IP options.\n\n"
-" --log-uid Log UID owning the local socket.\n\n",
-IPTABLES_VERSION);
+" --log-prefix prefix Prefix log messages with this prefix.\n"
+" --log-tcp-sequence Log TCP sequence numbers.\n"
+" --log-tcp-options Log TCP options.\n"
+" --log-ip-options Log IP options.\n"
+" --log-uid Log UID owning the local socket.\n");
}
static const struct option LOG_opts[] = {
printf("--log-uid ");
}
-static struct ip6tables_target log_target6 = {
+static struct xtables_target log_tg6_reg = {
.name = "LOG",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_log_info)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_log_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_log_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_log_info)),
.help = LOG_help,
.init = LOG_init,
.parse = LOG_parse,
void _init(void)
{
- register_target6(&log_target6);
+ xtables_register_target(&log_tg6_reg);
}
static void REJECT_help(void)
{
printf(
-"REJECT options:\n"
+"REJECT target options:\n"
"--reject-with type drop input packet and send back\n"
" a reply packet according to type:\n");
printf("--reject-with %s ", reject_table[i].name);
}
-static struct ip6tables_target reject_target6 = {
+static struct xtables_target reject_tg6_reg = {
.name = "REJECT",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_reject_info)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_reject_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_reject_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_reject_info)),
.help = REJECT_help,
.init = REJECT_init,
.parse = REJECT_parse,
void _init(void)
{
- register_target6(&reject_target6);
+ xtables_register_target(&reject_tg6_reg);
}
static void ah_help(void)
{
printf(
-"AH v%s options:\n"
+"ah match options:\n"
" --ahspi [!] spi[:spi] match spi (range)\n"
" --ahlen [!] length total length of this header\n"
-" --ahres check the reserved filed, too\n",
-IPTABLES_VERSION);
+" --ahres check the reserved filed, too\n");
}
static const struct option ah_opts[] = {
printf("--ahres ");
}
-static struct ip6tables_match ah_match6 = {
+static struct xtables_match ah_mt6_reg = {
.name = "ah",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_ah)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_ah)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_ah)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_ah)),
.help = ah_help,
.init = ah_init,
.parse = ah_parse,
void
_init(void)
{
- register_match6(&ah_match6);
+ xtables_register_match(&ah_mt6_reg);
}
static void dst_help(void)
{
printf(
-"dst v%s options:\n"
+"dst match options:\n"
" --dst-len [!] length total length of this header\n"
" --dst-opts TYPE[:LEN][,TYPE[:LEN]...]\n"
" Options and its length (list, max: %d)\n",
-IPTABLES_VERSION, IP6T_OPTS_OPTSNR);
+IP6T_OPTS_OPTSNR);
}
static const struct option dst_opts[] = {
printf("--dst-not-strict ");
}
-static struct ip6tables_match dst_match6 = {
+static struct xtables_match dst_mt6_reg = {
.name = "dst",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_opts)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_opts)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_opts)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_opts)),
.help = dst_help,
.init = dst_init,
.parse = dst_parse,
void
_init(void)
{
- register_match6(&dst_match6);
+ xtables_register_match(&dst_mt6_reg);
}
static void eui64_help(void)
{
printf(
-"eui64 v%s options:\n"
+"eui64 match options:\n"
" This module hasn't got any option\n"
-" This module checks for EUI64 IPv6 addresses\n"
-"\n", IPTABLES_VERSION);
+" This module checks for EUI64 IPv6 addresses\n");
}
/* Function which parses command options; returns true if it
return 0;
}
-static struct ip6tables_match eui64_target6 = {
+static struct xtables_match eui64_mt6_reg = {
.name = "eui64",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(int)),
- .userspacesize = IP6T_ALIGN(sizeof(int)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(int)),
+ .userspacesize = XT_ALIGN(sizeof(int)),
.help = eui64_help,
.parse = eui64_parse,
};
void _init(void)
{
- register_match6(&eui64_target6);
+ xtables_register_match(&eui64_mt6_reg);
}
static void frag_help(void)
{
printf(
-"FRAG v%s options:\n"
+"frag match options:\n"
" --fragid [!] id[:id] match the id (range)\n"
" --fraglen [!] length total length of this header\n"
" --fragres check the reserved filed, too\n"
" --fragfirst matches on the first fragment\n"
" [--fragmore|--fraglast] there are more fragments or this\n"
-" is the last one\n",
-IPTABLES_VERSION);
+" is the last one\n");
}
static const struct option frag_opts[] = {
printf("--fraglast ");
}
-static struct ip6tables_match frag_match6 = {
+static struct xtables_match frag_mt6_reg = {
.name = "frag",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_frag)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_frag)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_frag)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_frag)),
.help = frag_help,
.init = frag_init,
.parse = frag_parse,
void
_init(void)
{
- register_match6(&frag_match6);
+ xtables_register_match(&frag_mt6_reg);
}
static void hbh_help(void)
{
printf(
-"hbh v%s options:\n"
+"hbh match options:\n"
" --hbh-len [!] length total length of this header\n"
" --hbh-opts TYPE[:LEN][,TYPE[:LEN]...] \n"
" Options and its length (list, max: %d)\n",
-IPTABLES_VERSION, IP6T_OPTS_OPTSNR);
+IP6T_OPTS_OPTSNR);
}
static const struct option hbh_opts[] = {
printf("--hbh-not-strict ");
}
-static struct ip6tables_match hbh_match6 = {
+static struct xtables_match hbh_mt6_reg = {
.name = "hbh",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_opts)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_opts)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_opts)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_opts)),
.help = hbh_help,
.init = hbh_init,
.parse = hbh_parse,
void
_init(void)
{
- register_match6(&hbh_match6);
+ xtables_register_match(&hbh_mt6_reg);
}
static void hl_help(void)
{
printf(
-"HL match v%s options:\n"
+"hl match options:\n"
" --hl-eq [!] value Match hop limit value\n"
" --hl-lt value Match HL < value\n"
-" --hl-gt value Match HL > value\n"
-, IPTABLES_VERSION);
+" --hl-gt value Match HL > value\n");
}
static int hl_parse(int c, char **argv, int invert, unsigned int *flags,
{ .name = NULL }
};
-static struct ip6tables_match hl_match6 = {
+static struct xtables_match hl_mt6_reg = {
.name = "hl",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_hl_info)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_hl_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_hl_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_hl_info)),
.help = hl_help,
.parse = hl_parse,
.final_check = hl_check,
void _init(void)
{
- register_match6(&hl_match6);
+ xtables_register_match(&hl_mt6_reg);
}
static void icmp6_help(void)
{
printf(
-"ICMPv6 v%s options:\n"
+"icmpv6 match options:\n"
" --icmpv6-type [!] typename match icmpv6 type\n"
-" (or numeric type or type/code)\n"
-"\n", IPTABLES_VERSION);
+" (or numeric type or type/code)\n");
print_icmpv6types();
}
"icmpv6 match: You must specify `--icmpv6-type'");
}
-static struct ip6tables_match icmp6_match6 = {
+static struct xtables_match icmp6_mt6_reg = {
.name = "icmp6",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_icmp)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_icmp)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_icmp)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_icmp)),
.help = icmp6_help,
.init = icmp6_init,
.parse = icmp6_parse,
void _init(void)
{
- register_match6(&icmp6_match6);
+ xtables_register_match(&icmp6_mt6_reg);
}
static void ipv6header_help(void)
{
printf(
-"ipv6header v%s match options:\n"
+"ipv6header match options:\n"
"--header [!] headers Type of header to match, by name\n"
" names: hop,dst,route,frag,auth,esp,none,proto\n"
" long names: hop-by-hop,ipv6-opts,ipv6-route,\n"
" ipv6-frag,ah,esp,ipv6-nonxt,protocol\n"
" numbers: 0,60,43,44,51,50,59\n"
-"--soft The header CONTAINS the specified extensions\n",
- IPTABLES_VERSION);
+"--soft The header CONTAINS the specified extensions\n");
}
static const struct option ipv6header_opts[] = {
return;
}
-static struct ip6tables_match ipv6header_match6 = {
+static struct xtables_match ipv6header_mt6_reg = {
.name = "ipv6header",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_ipv6header_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_ipv6header_info)),
.help = ipv6header_help,
.init = ipv6header_init,
.parse = ipv6header_parse,
void _init(void)
{
- register_match6(&ipv6header_match6);
+ xtables_register_match(&ipv6header_mt6_reg);
}
static void mh_help(void)
{
printf(
-"MH v%s options:\n"
-" --mh-type [!] type[:type] match mh type\n",
-IPTABLES_VERSION);
+"mh match options:\n"
+" --mh-type [!] type[:type] match mh type\n");
print_types_all();
}
{ .name = NULL }
};
-static struct ip6tables_match mh_match6 = {
+static struct xtables_match mh_mt6_reg = {
.name = "mh",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_mh)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_mh)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_mh)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_mh)),
.help = mh_help,
.init = mh_init,
.parse = mh_parse,
void _init(void)
{
- register_match6(&mh_match6);
+ xtables_register_match(&mh_mt6_reg);
}
static void policy_help(void)
{
printf(
-"policy v%s options:\n"
+"policy match options:\n"
" --dir in|out match policy applied during decapsulation/\n"
" policy to be applied during encapsulation\n"
" --pol none|ipsec match policy\n"
"[!] --mode mode match mode (transport/tunnel)\n"
"[!] --tunnel-src addr/masklen match tunnel source\n"
"[!] --tunnel-dst addr/masklen match tunnel destination\n"
-" --next begin next element in policy\n",
- IPTABLES_VERSION);
+" --next begin next element in policy\n");
}
static const struct option policy_opts[] =
}
}
-static struct ip6tables_match policy_match6 = {
+static struct xtables_match policy_mt6_reg = {
.name = "policy",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_policy_info)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_policy_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_policy_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_policy_info)),
.help = policy_help,
.parse = policy_parse,
.final_check = policy_check,
void _init(void)
{
- register_match6(&policy_match6);
+ xtables_register_match(&policy_mt6_reg);
}
static void rt_help(void)
{
printf(
-"RT v%s options:\n"
+"rt match options:\n"
" --rt-type [!] type match the type\n"
" --rt-segsleft [!] num[:num] match the Segments Left field (range)\n"
" --rt-len [!] length total length of this header\n"
" --rt-0-res check the reserved filed, too (type 0)\n"
" --rt-0-addrs ADDR[,ADDR...] Type=0 addresses (list, max: %d)\n"
" --rt-0-not-strict List of Type=0 addresses not a strict list\n",
-IPTABLES_VERSION, IP6T_RT_HOPS);
+IP6T_RT_HOPS);
}
static const struct option rt_opts[] = {
}
-static struct ip6tables_match rt_match6 = {
+static struct xtables_match rt_mt6_reg = {
.name = "rt",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_rt)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_rt)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET6,
+ .size = XT_ALIGN(sizeof(struct ip6t_rt)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_rt)),
.help = rt_help,
.init = rt_init,
.parse = rt_parse,
void
_init(void)
{
- register_match6(&rt_match6);
+ xtables_register_match(&rt_mt6_reg);
}
static void CLUSTERIP_help(void)
{
printf(
-"CLUSTERIP target v%s options:\n"
+"CLUSTERIP target options:\n"
" --new Create a new ClusterIP\n"
" --hashmode <mode> Specify hashing mode\n"
" sourceip\n"
" --clustermac <mac> Set clusterIP MAC address\n"
" --total-nodes <num> Set number of total nodes in cluster\n"
" --local-node <num> Set the local node number\n"
-" --hash-init <num> Set init value of the Jenkins hash\n"
-"\n",
-IPTABLES_VERSION);
+" --hash-init <num> Set init value of the Jenkins hash\n");
}
#define PARAM_NEW 0x0001
cipinfo->hash_initval);
}
-static struct iptables_target clusterip_target = {
+static struct xtables_target clusterip_tg_reg = {
.name = "CLUSTERIP",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_clusterip_tgt_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_clusterip_tgt_info)),
.userspacesize = offsetof(struct ipt_clusterip_tgt_info, config),
.help = CLUSTERIP_help,
.parse = CLUSTERIP_parse,
void _init(void)
{
- register_target(&clusterip_target);
+ xtables_register_target(&clusterip_tg_reg);
}
static void DNAT_help(void)
{
printf(
-"DNAT v%s options:\n"
+"DNAT target options:\n"
" --to-destination <ipaddr>[-<ipaddr>][:port-port]\n"
" Address to map destination to.\n"
-"[--random]\n"
-"\n",
-IPTABLES_VERSION);
+"[--random]\n");
}
static const struct option DNAT_opts[] = {
unsigned int size;
/* One rangesize already in struct ipt_natinfo */
- size = IPT_ALIGN(sizeof(*info) + info->mr.rangesize * sizeof(*range));
+ size = XT_ALIGN(sizeof(*info) + info->mr.rangesize * sizeof(*range));
info = realloc(info, size);
if (!info)
}
}
-static struct iptables_target dnat_target = {
+static struct xtables_target dnat_tg_reg = {
.name = "DNAT",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = DNAT_help,
.parse = DNAT_parse,
.final_check = DNAT_check,
void _init(void)
{
- register_target(&dnat_target);
+ xtables_register_target(&dnat_tg_reg);
}
static void ECN_help(void)
{
printf(
-"ECN target v%s options\n"
-" --ecn-tcp-remove Remove all ECN bits from TCP header\n",
- IPTABLES_VERSION);
+"ECN target options\n"
+" --ecn-tcp-remove Remove all ECN bits from TCP header\n");
}
#if 0
}
}
-static struct iptables_target ecn_target = {
+static struct xtables_target ecn_tg_reg = {
.name = "ECN",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ECN_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ECN_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_ECN_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ECN_info)),
.help = ECN_help,
.parse = ECN_parse,
.final_check = ECN_check,
void _init(void)
{
- register_target(&ecn_target);
+ xtables_register_target(&ecn_tg_reg);
}
static void LOG_help(void)
{
printf(
-"LOG v%s options:\n"
+"LOG target options:\n"
" --log-level level Level of logging (numeric or see syslog.conf)\n"
" --log-prefix prefix Prefix log messages with this prefix.\n\n"
" --log-tcp-sequence Log TCP sequence numbers.\n\n"
" --log-tcp-options Log TCP options.\n\n"
" --log-ip-options Log IP options.\n\n"
-" --log-uid Log UID owning the local socket.\n\n",
-IPTABLES_VERSION);
+" --log-uid Log UID owning the local socket.\n\n");
}
static const struct option LOG_opts[] = {
printf("--log-uid ");
}
-static struct iptables_target log_target = {
+static struct xtables_target log_tg_reg = {
.name = "LOG",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_log_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_log_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_log_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_log_info)),
.help = LOG_help,
.init = LOG_init,
.parse = LOG_parse,
void _init(void)
{
- register_target(&log_target);
+ xtables_register_target(&log_tg_reg);
}
static void MASQUERADE_help(void)
{
printf(
-"MASQUERADE v%s options:\n"
+"MASQUERADE target options:\n"
" --to-ports <port>[-<port>]\n"
" Port (range) to map to.\n"
" --random\n"
-" Randomize source port.\n"
-"\n"
-,
-IPTABLES_VERSION);
+" Randomize source port.\n");
}
static const struct option MASQUERADE_opts[] = {
printf("--random ");
}
-static struct iptables_target masquerade_target = {
+static struct xtables_target masquerade_tg_reg = {
.name = "MASQUERADE",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = MASQUERADE_help,
.init = MASQUERADE_init,
.parse = MASQUERADE_parse,
void _init(void)
{
- register_target(&masquerade_target);
+ xtables_register_target(&masquerade_tg_reg);
}
/* Function which prints out usage message. */
static void MIRROR_help(void)
{
- printf(
-"MIRROR target v%s takes no options\n",
-IPTABLES_VERSION);
+ printf("MIRROR target takes no options\n");
}
/* Function which parses command options; returns true if it
return 0;
}
-static struct iptables_target mirror_target = {
+static struct xtables_target mirror_tg_reg = {
.name = "MIRROR",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(0),
- .userspacesize = IPT_ALIGN(0),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(0),
+ .userspacesize = XT_ALIGN(0),
.help = MIRROR_help,
.parse = MIRROR_parse,
.print = NULL,
void _init(void)
{
- register_target(&mirror_target);
+ xtables_register_target(&mirror_tg_reg);
}
/* Function which prints out usage message. */
static void NETMAP_help(void)
{
- printf(MODULENAME" v%s options:\n"
+ printf(MODULENAME" target options:\n"
" --%s address[/mask]\n"
" Network address to map to.\n\n",
- IPTABLES_VERSION, NETMAP_opts[0].name);
+ NETMAP_opts[0].name);
}
static u_int32_t
NETMAP_print(ip, target, 0);
}
-static struct iptables_target netmap_target = {
+static struct xtables_target netmap_tg_reg = {
.name = MODULENAME,
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = NETMAP_help,
.init = NETMAP_init,
.parse = NETMAP_parse,
void _init(void)
{
- register_target(&netmap_target);
+ xtables_register_target(&netmap_tg_reg);
}
static void REDIRECT_help(void)
{
printf(
-"REDIRECT v%s options:\n"
+"REDIRECT target options:\n"
" --to-ports <port>[-<port>]\n"
-" Port (range) to map to.\n\n",
-IPTABLES_VERSION);
+" Port (range) to map to.\n");
}
static const struct option REDIRECT_opts[] = {
}
}
-static struct iptables_target redirect_target = {
+static struct xtables_target redirect_tg_reg = {
.name = "REDIRECT",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = REDIRECT_help,
.init = REDIRECT_init,
.parse = REDIRECT_parse,
void _init(void)
{
- register_target(&redirect_target);
+ xtables_register_target(&redirect_tg_reg);
}
static void REJECT_help(void)
{
printf(
-"REJECT options:\n"
+"REJECT target options:\n"
"--reject-with type drop input packet and send back\n"
" a reply packet according to type:\n");
printf("--reject-with %s ", reject_table[i].name);
}
-static struct iptables_target reject_target = {
+static struct xtables_target reject_tg_reg = {
.name = "REJECT",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_reject_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_reject_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_reject_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_reject_info)),
.help = REJECT_help,
.init = REJECT_init,
.parse = REJECT_parse,
void _init(void)
{
- register_target(&reject_target);
+ xtables_register_target(&reject_tg_reg);
}
static void SAME_help(void)
{
printf(
-"SAME v%s options:\n"
+"SAME target options:\n"
" --to <ipaddr>-<ipaddr>\n"
" Addresses to map source to.\n"
" May be specified more than\n"
" Don't use destination-ip in\n"
" source selection\n"
" --random\n"
-" Randomize source port\n"
-,
-IPTABLES_VERSION);
+" Randomize source port\n");
}
static const struct option SAME_opts[] = {
printf("--random ");
}
-static struct iptables_target same_target = {
+static struct xtables_target same_tg_reg = {
.name = "SAME",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_same_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_same_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_same_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_same_info)),
.help = SAME_help,
.init = SAME_init,
.parse = SAME_parse,
void _init(void)
{
- register_target(&same_target);
+ xtables_register_target(&same_tg_reg);
}
/* Function which prints out usage message. */
static void SET_help(void)
{
- printf("SET v%s options:\n"
+ printf("SET target options:\n"
" --add-set name flags\n"
" --del-set name flags\n"
" add/del src/dst IP/port from/to named sets,\n"
" where flags are the comma separated list of\n"
- " 'src' and 'dst'.\n"
- "\n", IPTABLES_VERSION);
+ " 'src' and 'dst'.\n");
}
static const struct option SET_opts[] = {
print_target("--del-set", &info->del_set);
}
-static struct iptables_target set_target = {
+static struct xtables_target set_tg_reg = {
.name = "SET",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_set_info_target)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_set_info_target)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_set_info_target)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_set_info_target)),
.help = SET_help,
.init = SET_init,
.parse = SET_parse,
void _init(void)
{
- register_target(&set_target);
+ xtables_register_target(&set_tg_reg);
}
static void SNAT_help(void)
{
printf(
-"SNAT v%s options:\n"
+"SNAT target options:\n"
" --to-source <ipaddr>[-<ipaddr>][:port-port]\n"
" Address to map source to.\n"
-"[--random]\n"
-"\n",
-IPTABLES_VERSION);
+"[--random]\n");
}
static const struct option SNAT_opts[] = {
unsigned int size;
/* One rangesize already in struct ipt_natinfo */
- size = IPT_ALIGN(sizeof(*info) + info->mr.rangesize * sizeof(*range));
+ size = XT_ALIGN(sizeof(*info) + info->mr.rangesize * sizeof(*range));
info = realloc(info, size);
if (!info)
}
}
-static struct iptables_target snat_target = {
+static struct xtables_target snat_tg_reg = {
.name = "SNAT",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = SNAT_help,
.parse = SNAT_parse,
.final_check = SNAT_check,
void _init(void)
{
- register_target(&snat_target);
+ xtables_register_target(&snat_tg_reg);
}
static void TTL_help(void)
{
printf(
-"TTL target v%s options\n"
+"TTL target options\n"
" --ttl-set value Set TTL to <value 0-255>\n"
" --ttl-dec value Decrement TTL by <value 1-255>\n"
-" --ttl-inc value Increment TTL by <value 1-255>\n"
-, IPTABLES_VERSION);
+" --ttl-inc value Increment TTL by <value 1-255>\n");
}
static int TTL_parse(int c, char **argv, int invert, unsigned int *flags,
{ .name = NULL }
};
-static struct iptables_target ttl_target = {
- .next = NULL,
+static struct xtables_target ttl_tg_reg = {
.name = "TTL",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_TTL_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_TTL_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_TTL_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_TTL_info)),
.help = TTL_help,
.parse = TTL_parse,
.final_check = TTL_check,
void _init(void)
{
- register_target(&ttl_target);
+ xtables_register_target(&ttl_tg_reg);
}
/* Function which prints out usage message. */
static void ULOG_help(void)
{
- printf("ULOG v%s options:\n"
+ printf("ULOG target options:\n"
" --ulog-nlgroup nlgroup NETLINK group used for logging\n"
" --ulog-cprange size Bytes of each packet to be passed\n"
" --ulog-qthreshold Threshold of in-kernel queue\n"
- " --ulog-prefix prefix Prefix log messages with this prefix.\n\n",
- IPTABLES_VERSION);
+ " --ulog-prefix prefix Prefix log messages with this prefix.\n");
}
static const struct option ULOG_opts[] = {
printf("queue_threshold %u ", (unsigned int)loginfo->qthreshold);
}
-static struct iptables_target ulog_target = {
+static struct xtables_target ulog_tg_reg = {
.name = "ULOG",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ulog_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ulog_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_ulog_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ulog_info)),
.help = ULOG_help,
.init = ULOG_init,
.parse = ULOG_parse,
void _init(void)
{
- register_target(&ulog_target);
+ xtables_register_target(&ulog_tg_reg);
}
static void addrtype_help(void)
{
printf(
-"Address type match v%s options:\n"
+"Address type match options:\n"
" [!] --src-type type[,...] Match source address type\n"
" [!] --dst-type type[,...] Match destination address type\n"
"\n"
-"Valid types: \n"
-, IPTABLES_VERSION);
+"Valid types: \n");
addrtype_help_types();
}
{ .name = NULL }
};
-static struct iptables_match addrtype_match = {
+static struct xtables_match addrtype_mt_reg = {
.name = "addrtype",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_addrtype_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_addrtype_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
.help = addrtype_help,
.parse = addrtype_parse,
.final_check = addrtype_check,
void _init(void)
{
- register_match(&addrtype_match);
+ xtables_register_match(&addrtype_mt_reg);
}
static void ah_help(void)
{
printf(
-"AH v%s options:\n"
+"ah match options:\n"
" --ahspi [!] spi[:spi]\n"
-" match spi (range)\n",
-IPTABLES_VERSION);
+" match spi (range)\n");
}
static const struct option ah_opts[] = {
}
-static struct iptables_match ah_match = {
+static struct xtables_match ah_mt_reg = {
.name = "ah",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ah)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ah)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_ah)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ah)),
.help = ah_help,
.init = ah_init,
.parse = ah_parse,
void
_init(void)
{
- register_match(&ah_match);
+ xtables_register_match(&ah_mt_reg);
}
static void ecn_help(void)
{
printf(
-"ECN match v%s options\n"
+"ECN match options\n"
"[!] --ecn-tcp-cwr Match CWR bit of TCP header\n"
"[!] --ecn-tcp-ece Match ECE bit of TCP header\n"
-"[!] --ecn-ip-ect [0..3] Match ECN codepoint in IPv4 header\n",
- IPTABLES_VERSION);
+"[!] --ecn-ip-ect [0..3] Match ECN codepoint in IPv4 header\n");
}
static const struct option ecn_opts[] = {
}
}
-static struct iptables_match ecn_match = {
+static struct xtables_match ecn_mt_reg = {
.name = "ecn",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ecn_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ecn_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_ecn_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ecn_info)),
.help = ecn_help,
.parse = ecn_parse,
.final_check = ecn_check,
void _init(void)
{
- register_match(&ecn_match);
+ xtables_register_match(&ecn_mt_reg);
}
static void icmp_help(void)
{
printf(
-"ICMP v%s options:\n"
+"icmp match options:\n"
" --icmp-type [!] typename match icmp type\n"
-" (or numeric type or type/code)\n"
-"\n", IPTABLES_VERSION);
+" (or numeric type or type/code)\n");
print_icmptypes();
}
}
}
-static struct iptables_match icmp_match = {
+static struct xtables_match icmp_mt_reg = {
.name = "icmp",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_icmp)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_icmp)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_icmp)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_icmp)),
.help = icmp_help,
.init = icmp_init,
.parse = icmp_parse,
void _init(void)
{
- register_match(&icmp_match);
+ xtables_register_match(&icmp_mt_reg);
}
static void policy_help(void)
{
printf(
-"policy v%s options:\n"
+"policy match options:\n"
" --dir in|out match policy applied during decapsulation/\n"
" policy to be applied during encapsulation\n"
" --pol none|ipsec match policy\n"
"[!] --mode mode match mode (transport/tunnel)\n"
"[!] --tunnel-src addr/mask match tunnel source\n"
"[!] --tunnel-dst addr/mask match tunnel destination\n"
-" --next begin next element in policy\n",
- IPTABLES_VERSION);
+" --next begin next element in policy\n");
}
static const struct option policy_opts[] =
}
}
-static struct iptables_match policy_match = {
+static struct xtables_match policy_mt_reg = {
.name = "policy",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_policy_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_policy_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_policy_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_policy_info)),
.help = policy_help,
.parse = policy_parse,
.final_check = policy_check,
void _init(void)
{
- register_match(&policy_match);
+ xtables_register_match(&policy_mt_reg);
}
static void realm_help(void)
{
printf(
-"realm v%s options:\n"
+"realm match options:\n"
" --realm [!] value[/mask]\n"
-" Match realm\n"
-"\n", IPTABLES_VERSION);
+" Match realm\n");
}
static const struct option realm_opts[] = {
"realm match: You must specify `--realm'");
}
-static struct iptables_match realm_match = {
+static struct xtables_match realm_mt_reg = {
.name = "realm",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_realm_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_realm_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_realm_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_realm_info)),
.help = realm_help,
.parse = realm_parse,
.final_check = realm_check,
void _init(void)
{
- register_match(&realm_match);
+ xtables_register_match(&realm_mt_reg);
}
static void recent_help(void)
{
printf(
-"recent v%s options:\n"
+"recent match options:\n"
"[!] --set Add source address to list, always matches.\n"
"[!] --rcheck Match if source address in list.\n"
"[!] --update Match if source address in list, also update last-seen time.\n"
" --name name Name of the recent list to be used. DEFAULT used if none given.\n"
" --rsource Match/Save the source address of each packet in the recent list table (default).\n"
" --rdest Match/Save the destination address of each packet in the recent list table.\n"
-RECENT_NAME " " RECENT_VER ": Stephen Frost <sfrost@snowman.net>. http://snowman.net/projects/ipt_recent/\n"
-,
-IPTABLES_VERSION);
-
+RECENT_NAME " " RECENT_VER ": Stephen Frost <sfrost@snowman.net>. http://snowman.net/projects/ipt_recent/\n");
}
/* Initialize the match. */
}
/* Structure for iptables to use to communicate with module */
-static struct iptables_match recent_match = {
+static struct xtables_match recent_mt_reg = {
.name = "recent",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_recent_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_recent_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_recent_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_recent_info)),
.help = recent_help,
.init = recent_init,
.parse = recent_parse,
void _init(void)
{
- register_match(&recent_match);
+ xtables_register_match(&recent_mt_reg);
}
/* Function which prints out usage message. */
static void set_help(void)
{
- printf("set v%s options:\n"
+ printf("set match options:\n"
" [!] --set name flags\n"
" 'name' is the set name from to match,\n"
" 'flags' are the comma separated list of\n"
- " 'src' and 'dst'.\n"
- "\n", IPTABLES_VERSION);
+ " 'src' and 'dst'.\n");
}
static const struct option set_opts[] = {
print_match("--set", &info->match_set);
}
-static struct iptables_match set_match = {
+static struct xtables_match set_mt_reg = {
.name = "set",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_set_info_match)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_set_info_match)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_set_info_match)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_set_info_match)),
.help = set_help,
.init = set_init,
.parse = set_parse,
void _init(void)
{
- register_match(&set_match);
+ xtables_register_match(&set_mt_reg);
}
static void ttl_help(void)
{
printf(
-"TTL match v%s options:\n"
+"ttl match options:\n"
" --ttl-eq value Match time to live value\n"
" --ttl-lt value Match TTL < value\n"
-" --ttl-gt value Match TTL > value\n"
-, IPTABLES_VERSION);
+" --ttl-gt value Match TTL > value\n");
}
static int ttl_parse(int c, char **argv, int invert, unsigned int *flags,
{ .name = NULL }
};
-static struct iptables_match ttl_match = {
+static struct xtables_match ttl_mt_reg = {
.name = "ttl",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ttl_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ttl_info)),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_ttl_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ttl_info)),
.help = ttl_help,
.parse = ttl_parse,
.final_check = ttl_check,
void _init(void)
{
- register_match(&ttl_match);
+ xtables_register_match(&ttl_mt_reg);
}
/* Function which prints out usage message. */
static void unclean_help(void)
{
- printf(
-"unclean v%s takes no options\n"
-"\n", IPTABLES_VERSION);
+ printf("unclean match takes no options\n");
}
/* Function which parses command options; returns true if it
return 0;
}
-static struct iptables_match unclean_match = {
+static struct xtables_match unclean_mt_reg = {
.name = "unclean",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(0),
- .userspacesize = IPT_ALIGN(0),
+ .version = XTABLES_VERSION,
+ .family = PF_INET,
+ .size = XT_ALIGN(0),
+ .userspacesize = XT_ALIGN(0),
.help = unclean_help,
.parse = unclean_parse,
};
void _init(void)
{
- register_match(&unclean_match);
+ xtables_register_match(&unclean_mt_reg);
}
CLASSIFY_help(void)
{
printf(
-"CLASSIFY target v%s options:\n"
-" --set-class [MAJOR:MINOR] Set skb->priority value\n"
-"\n",
-IPTABLES_VERSION);
+"CLASSIFY target options:\n"
+" --set-class [MAJOR:MINOR] Set skb->priority value\n");
}
static const struct option CLASSIFY_opts[] = {
static struct xtables_target classify_target = {
.family = AF_UNSPEC,
.name = "CLASSIFY",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_classify_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_classify_target_info)),
.help = CLASSIFY_help,
static void CONNMARK_help(void)
{
printf(
-"CONNMARK target v%s options:\n"
+"CONNMARK target options:\n"
" --set-mark value[/mask] Set conntrack mark value\n"
" --save-mark [--mask mask] Save the packet nfmark in the connection\n"
-" --restore-mark [--mask mask] Restore saved nfmark value\n"
-"\n",
-IPTABLES_VERSION);
+" --restore-mark [--mask mask] Restore saved nfmark value\n");
}
static const struct option CONNMARK_opts[] = {
.family = AF_INET,
.name = "CONNMARK",
.revision = 0,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
.help = CONNMARK_help,
.family = AF_INET6,
.name = "CONNMARK",
.revision = 0,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
.help = CONNMARK_help,
};
static struct xtables_target connmark_tg_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "CONNMARK",
.revision = 1,
.family = AF_INET,
};
static struct xtables_target connmark_tg6_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "CONNMARK",
.revision = 1,
.family = AF_INET6,
static void CONNSECMARK_help(void)
{
printf(
-"CONNSECMARK target v%s options:\n"
+"CONNSECMARK target options:\n"
" --save Copy security mark from packet to conntrack\n"
-" --restore Copy security mark from connection to packet\n"
-"\n",
-IPTABLES_VERSION);
+" --restore Copy security mark from connection to packet\n");
}
static const struct option CONNSECMARK_opts[] = {
static struct xtables_target connsecmark_target = {
.family = AF_INET,
.name = "CONNSECMARK",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.revision = 0,
.size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
static struct xtables_target connsecmark_target6 = {
.family = AF_INET6,
.name = "CONNSECMARK",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.revision = 0,
.size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
static struct xtables_target dscp_target = {
.family = AF_INET,
.name = "DSCP",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_DSCP_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_DSCP_info)),
.help = DSCP_help,
static struct xtables_target dscp_target6 = {
.family = AF_INET6,
.name = "DSCP",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_DSCP_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_DSCP_info)),
.help = DSCP_help,
static void MARK_help(void)
{
printf(
-"MARK target v%s options:\n"
+"MARK target options:\n"
" --set-mark value Set nfmark value\n"
" --and-mark value Binary AND the nfmark with value\n"
-" --or-mark value Binary OR the nfmark with value\n"
-"\n",
-IPTABLES_VERSION);
+" --or-mark value Binary OR the nfmark with value\n");
}
static const struct option MARK_opts[] = {
static struct xtables_target mark_target_v0 = {
.family = AF_INET,
.name = "MARK",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.revision = 0,
.size = XT_ALIGN(sizeof(struct xt_mark_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
static struct xtables_target mark_target_v1 = {
.family = AF_INET,
.name = "MARK",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.revision = 1,
.size = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
static struct xtables_target mark_target6_v0 = {
.family = AF_INET6,
.name = "MARK",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.revision = 0,
.size = XT_ALIGN(sizeof(struct xt_mark_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
};
static struct xtables_target mark_tg_reg_v2 = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "MARK",
.revision = 2,
.family = AF_UNSPEC,
static void NFLOG_help(void)
{
- printf("NFLOG v%s options:\n"
+ printf("NFLOG target options:\n"
" --nflog-group NUM NETLINK group used for logging\n"
" --nflog-range NUM Number of byte to copy\n"
" --nflog-threshold NUM Message threshold of in-kernel queue\n"
- " --nflog-prefix STRING Prefix string for log messages\n\n",
- IPTABLES_VERSION);
+ " --nflog-prefix STRING Prefix string for log messages\n");
}
static void NFLOG_init(struct xt_entry_target *t)
static struct xtables_target nflog_target = {
.family = AF_INET,
.name = "NFLOG",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_nflog_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_nflog_info)),
.help = NFLOG_help,
static struct xtables_target nflog_target6 = {
.family = AF_INET6,
.name = "NFLOG",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_nflog_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_nflog_info)),
.help = NFLOG_help,
static struct xtables_target nfqueue_target = {
.family = AF_INET,
.name = "NFQUEUE",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_NFQ_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info)),
.help = NFQUEUE_help,
static struct xtables_target nfqueue_target6 = {
.family = AF_INET6,
.name = "NFQUEUE",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_NFQ_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info)),
.help = NFQUEUE_help,
/* Function which prints out usage message. */
static void NOTRACK_help(void)
{
- printf(
-"NOTRACK target v%s takes no options\n",
-IPTABLES_VERSION);
+ printf("NOTRACK target takes no options\n");
}
/* Function which parses command options; returns true if it
static struct xtables_target notrack_target = {
.family = AF_INET,
.name = "NOTRACK",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
.help = NOTRACK_help,
static struct xtables_target notrack_target6 = {
.family = AF_INET6,
.name = "NOTRACK",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
.help = NOTRACK_help,
"RATEEST target options:\n"
" --rateest-name name Rate estimator name\n"
" --rateest-interval sec Rate measurement interval in seconds\n"
-" --rateest-ewmalog value Rate measurement averaging time constant\n"
-"\n");
+" --rateest-ewmalog value Rate measurement averaging time constant\n");
}
enum RATEEST_options {
static struct xtables_target rateest_tg_reg = {
.family = AF_UNSPEC,
.name = "RATEEST",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_rateest_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_rateest_target_info)),
.help = RATEEST_help,
static void SECMARK_help(void)
{
printf(
-"SECMARK target v%s options:\n"
-" --selctx value Set the SELinux security context\n"
-"\n",
-IPTABLES_VERSION);
+"SECMARK target options:\n"
+" --selctx value Set the SELinux security context\n");
}
static const struct option SECMARK_opts[] = {
static struct xtables_target secmark_target = {
.family = AF_UNSPEC,
.name = "SECMARK",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.revision = 0,
.size = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
static void __TCPMSS_help(int hdrsize)
{
printf(
-"TCPMSS target v%s mutually-exclusive options:\n"
+"TCPMSS target mutually-exclusive options:\n"
" --set-mss value explicitly set MSS option to specified value\n"
" --clamp-mss-to-pmtu automatically clamp MSS value to (path_MTU - %d)\n",
-IPTABLES_VERSION, hdrsize);
+hdrsize);
}
static void TCPMSS_help(void)
static struct xtables_target tcpmss_target = {
.family = AF_INET,
.name = "TCPMSS",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
.help = TCPMSS_help,
static struct xtables_target tcpmss_target6 = {
.family = AF_INET6,
.name = "TCPMSS",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_info)),
.help = TCPMSS_help6,
}
static struct xtables_target tcpoptstrip_tg_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "TCPOPTSTRIP",
.family = AF_INET,
.size = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
};
static struct xtables_target tcpoptstrip_tg6_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "TCPOPTSTRIP",
.family = AF_INET6,
.size = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
" --set-tos symbol Set TOS field (IPv4 only) by symbol\n"
" (this zeroes the 4-bit Precedence part!)\n"
" Accepted symbolic names for value are:\n",
-IPTABLES_VERSION);
+XTABLES_VERSION);
for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol)
printf(" (0x%02x) %2u %s\n",
}
static struct xtables_target tos_tg_reg_v0 = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "TOS",
.revision = 0,
.family = AF_INET,
};
static struct xtables_target tos_tg_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "TOS",
.revision = 1,
.family = AF_INET,
};
static struct xtables_target tos_tg6_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "TOS",
.family = AF_INET6,
.revision = 1,
/* Function which prints out usage message. */
static void TRACE_help(void)
{
- printf(
-"TRACE target v%s takes no options\n",
-IPTABLES_VERSION);
+ printf("TRACE target takes no options\n");
}
/* Function which parses command options; returns true if it
static struct xtables_target trace_target = {
.family = AF_UNSPEC,
.name = "TRACE",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
.help = TRACE_help,
static void comment_help(void)
{
printf(
- "COMMENT match options:\n"
- "--comment COMMENT Attach a comment to a rule\n\n"
- );
+ "comment match options:\n"
+ "--comment COMMENT Attach a comment to a rule\n");
}
static const struct option comment_opts[] = {
static struct xtables_match comment_match = {
.family = AF_INET,
.name = "comment",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_comment_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_comment_info)),
.help = comment_help,
static struct xtables_match comment_match6 = {
.family = AF_INET6,
.name = "comment",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_comment_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_comment_info)),
.help = comment_help,
static void connbytes_help(void)
{
printf(
-"connbytes v%s options:\n"
+"connbytes match options:\n"
" [!] --connbytes from:[to]\n"
" --connbytes-dir [original, reply, both]\n"
-" --connbytes-mode [packets, bytes, avgpkt]\n"
-"\n", IPTABLES_VERSION);
+" --connbytes-mode [packets, bytes, avgpkt]\n");
}
static const struct option connbytes_opts[] = {
static struct xtables_match connbytes_match = {
.family = AF_INET,
.name = "connbytes",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connbytes_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connbytes_info)),
.help = connbytes_help,
static struct xtables_match connbytes_match6 = {
.family = AF_INET6,
.name = "connbytes",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connbytes_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connbytes_info)),
.help = connbytes_help,
static void connlimit_help(void)
{
printf(
-"connlimit v%s options:\n"
+"connlimit match options:\n"
"[!] --connlimit-above n match if the number of existing "
" connections is (not) above n\n"
-" --connlimit-mask n group hosts using mask\n"
-"\n", IPTABLES_VERSION);
+" --connlimit-mask n group hosts using mask\n");
}
static const struct option connlimit_opts[] = {
static struct xtables_match connlimit_match = {
.name = "connlimit",
.family = AF_INET,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
.userspacesize = offsetof(struct xt_connlimit_info, data),
.help = connlimit_help,
static struct xtables_match connlimit_match6 = {
.name = "connlimit",
.family = AF_INET6,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
.userspacesize = offsetof(struct xt_connlimit_info, data),
.help = connlimit_help,
{
printf(
"connmark match options:\n"
-"[!] --mark value[/mask] Match ctmark value with optional mask\n"
-"\n");
+"[!] --mark value[/mask] Match ctmark value with optional mask\n");
}
static const struct option connmark_mt_opts[] = {
.family = AF_INET,
.name = "connmark",
.revision = 0,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connmark_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
.help = connmark_mt_help,
.family = AF_INET6,
.name = "connmark",
.revision = 0,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connmark_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
.help = connmark_mt_help,
};
static struct xtables_match connmark_mt_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "connmark",
.revision = 1,
.family = AF_INET,
};
static struct xtables_match connmark_mt6_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "connmark",
.revision = 1,
.family = AF_INET6,
" Status(es) to match\n"
"[!] --ctexpire time[:time] Match remaining lifetime in seconds against\n"
" value or range of values (inclusive)\n"
-" --ctdir {ORIGINAL|REPLY} Flow direction of packet\n"
-"\n");
+" --ctdir {ORIGINAL|REPLY} Flow direction of packet\n");
}
static const struct option conntrack_mt_opts_v0[] = {
}
static struct xtables_match conntrack_match = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "conntrack",
.revision = 0,
.family = AF_INET,
};
static struct xtables_match conntrack_mt_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "conntrack",
.revision = 1,
.family = AF_INET,
};
static struct xtables_match conntrack_mt6_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "conntrack",
.revision = 1,
.family = AF_INET6,
static void dccp_help(void)
{
printf(
-"DCCP match v%s options\n"
+"dccp match options\n"
" --source-port [!] port[:port] match source port(s)\n"
" --sport ...\n"
" --destination-port [!] port[:port] match destination port(s)\n"
-" --dport ...\n"
-,
- IPTABLES_VERSION);
+" --dport ...\n");
}
static const struct option dccp_opts[] = {
static struct xtables_match dccp_match = {
.name = "dccp",
.family = AF_INET,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_dccp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_dccp_info)),
.help = dccp_help,
static struct xtables_match dccp_match6 = {
.name = "dccp",
.family = AF_INET6,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_dccp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_dccp_info)),
.help = dccp_help,
static void dscp_help(void)
{
printf(
-"DSCP match v%s options\n"
+"dscp match options\n"
"[!] --dscp value Match DSCP codepoint with numerical value\n"
" This value can be in decimal (ex: 32)\n"
" or in hex (ex: 0x20)\n"
"[!] --dscp-class name Match the DiffServ class. This value may\n"
" be any of the BE,EF, AFxx or CSx classes\n"
"\n"
-" These two options are mutually exclusive !\n"
- , IPTABLES_VERSION
-);
+" These two options are mutually exclusive !\n");
}
static const struct option dscp_opts[] = {
static struct xtables_match dscp_match = {
.family = AF_INET,
.name = "dscp",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_dscp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_dscp_info)),
.help = dscp_help,
static struct xtables_match dscp_match6 = {
.family = AF_INET6,
.name = "dscp",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_dscp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_dscp_info)),
.help = dscp_help,
static void esp_help(void)
{
printf(
-"ESP v%s options:\n"
+"esp match options:\n"
" --espspi [!] spi[:spi]\n"
-" match spi (range)\n",
-IPTABLES_VERSION);
+" match spi (range)\n");
}
static const struct option esp_opts[] = {
static struct xtables_match esp_match = {
.family = AF_INET,
.name = "esp",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_esp)),
.userspacesize = XT_ALIGN(sizeof(struct xt_esp)),
.help = esp_help,
static struct xtables_match esp_match6 = {
.family = AF_INET6,
.name = "esp",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_esp)),
.userspacesize = XT_ALIGN(sizeof(struct xt_esp)),
.help = esp_help,
static void hashlimit_help(void)
{
printf(
-"hashlimit v%s options:\n"
+"hashlimit match options:\n"
"--hashlimit <avg> max average match rate\n"
" [Packets per second unless followed by \n"
" /sec /minute /hour /day postfixes]\n"
"[--hashlimit-htable-size <num>] number of hashtable buckets\n"
"[--hashlimit-htable-max <num>] number of hashtable entries\n"
"[--hashlimit-htable-gcinterval] interval between garbage collection runs\n"
-"[--hashlimit-htable-expire] after which time are idle entries expired?\n"
-"\n", IPTABLES_VERSION, XT_HASHLIMIT_BURST);
+"[--hashlimit-htable-expire] after which time are idle entries expired?\n",
+XT_HASHLIMIT_BURST);
}
static void hashlimit_mt_help(void)
static struct xtables_match hashlimit_match = {
.family = AF_INET,
.name = "hashlimit",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.revision = 0,
.size = XT_ALIGN(sizeof(struct xt_hashlimit_info)),
.userspacesize = offsetof(struct xt_hashlimit_info, hinfo),
static struct xtables_match hashlimit_match6 = {
.family = AF_INET6,
.name = "hashlimit",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.revision = 0,
.size = XT_ALIGN(sizeof(struct xt_hashlimit_info)),
.userspacesize = offsetof(struct xt_hashlimit_info, hinfo),
};
static struct xtables_match hashlimit_mt_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "hashlimit",
.revision = 1,
.family = AF_INET,
};
static struct xtables_match hashlimit_mt6_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "hashlimit",
.revision = 1,
.family = AF_INET6,
static void helper_help(void)
{
printf(
-"helper match v%s options:\n"
-"[!] --helper string Match helper identified by string\n"
-"\n",
-IPTABLES_VERSION);
+"helper match options:\n"
+"[!] --helper string Match helper identified by string\n");
}
static const struct option helper_opts[] = {
static struct xtables_match helper_match = {
.family = AF_INET,
.name = "helper",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_helper_info)),
.help = helper_help,
.parse = helper_parse,
static struct xtables_match helper_match6 = {
.family = AF_INET6,
.name = "helper",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_helper_info)),
.help = helper_help,
.parse = helper_parse,
printf(
"iprange match options:\n"
"[!] --src-range ip-ip Match source IP in the specified range\n"
-"[!] --dst-range ip-ip Match destination IP in the specified range\n"
-"\n");
+"[!] --dst-range ip-ip Match destination IP in the specified range\n");
}
static const struct option iprange_mt_opts[] = {
}
static struct xtables_match iprange_match = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "iprange",
.revision = 0,
.family = AF_INET,
};
static struct xtables_match iprange_mt_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "iprange",
.revision = 1,
.family = AF_INET,
};
static struct xtables_match iprange_mt6_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "iprange",
.revision = 1,
.family = AF_INET6,
static void length_help(void)
{
printf(
-"length v%s options:\n"
+"length match options:\n"
"[!] --length length[:length] Match packet length against value or range\n"
-" of values (inclusive)\n",
-IPTABLES_VERSION);
-
+" of values (inclusive)\n");
}
static const struct option length_opts[] = {
static struct xtables_match length_match = {
.family = AF_UNSPEC,
.name = "length",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_length_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_length_info)),
.help = length_help,
static void limit_help(void)
{
printf(
-"limit v%s options:\n"
+"limit match options:\n"
"--limit avg max average match rate: default "XT_LIMIT_AVG"\n"
" [Packets per second unless followed by \n"
" /sec /minute /hour /day postfixes]\n"
-"--limit-burst number number to match in a burst, default %u\n"
-"\n", IPTABLES_VERSION, XT_LIMIT_BURST);
+"--limit-burst number number to match in a burst, default %u\n",
+XT_LIMIT_BURST);
}
static const struct option limit_opts[] = {
static struct xtables_match limit_match = {
.family = AF_UNSPEC,
.name = "limit",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_rateinfo)),
.userspacesize = offsetof(struct xt_rateinfo, prev),
.help = limit_help,
static void mac_help(void)
{
printf(
-"MAC v%s options:\n"
+"mac match options:\n"
" --mac-source [!] XX:XX:XX:XX:XX:XX\n"
-" Match source MAC address\n"
-"\n", IPTABLES_VERSION);
+" Match source MAC address\n");
}
static const struct option mac_opts[] = {
static struct xtables_match mac_match = {
.family = AF_INET,
.name = "mac",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_mac_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mac_info)),
.help = mac_help,
static struct xtables_match mac_match6 = {
.family = AF_INET6,
.name = "mac",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_mac_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mac_info)),
.help = mac_help,
{
printf(
"mark match options:\n"
-"[!] --mark value[/mask] Match nfmark value with optional mask\n"
-"\n");
+"[!] --mark value[/mask] Match nfmark value with optional mask\n");
}
static const struct option mark_mt_opts[] = {
.family = AF_UNSPEC,
.name = "mark",
.revision = 0,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_mark_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)),
.help = mark_mt_help,
};
static struct xtables_match mark_mt_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "mark",
.revision = 1,
.family = AF_UNSPEC,
static void multiport_help(void)
{
printf(
-"multiport v%s options:\n"
+"multiport match options:\n"
" --source-ports port[,port,port...]\n"
" --sports ...\n"
" match source port(s)\n"
" match destination port(s)\n"
" --ports port[,port,port]\n"
" match both source and destination port(s)\n"
-" NOTE: this kernel does not support port ranges in multiport.\n",
-IPTABLES_VERSION);
+" NOTE: this kernel does not support port ranges in multiport.\n");
}
static void multiport_help_v1(void)
{
printf(
-"multiport v%s options:\n"
+"multiport match options:\n"
" --source-ports [!] port[,port:port,port...]\n"
" --sports ...\n"
" match source port(s)\n"
" --dports ...\n"
" match destination port(s)\n"
" --ports [!] port[,port:port,port]\n"
-" match both source and destination port(s)\n",
-IPTABLES_VERSION);
+" match both source and destination port(s)\n");
}
static const struct option multiport_opts[] = {
.family = AF_INET,
.name = "multiport",
.revision = 0,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_multiport)),
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
.help = multiport_help,
.family = AF_INET6,
.name = "multiport",
.revision = 0,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_multiport)),
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
.help = multiport_help,
static struct xtables_match multiport_match_v1 = {
.family = AF_INET,
.name = "multiport",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.revision = 1,
.size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
static struct xtables_match multiport_match6_v1 = {
.family = AF_INET6,
.name = "multiport",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.revision = 1,
.size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
"[!] --pid-owner processid Match local PID\n"
"[!] --sid-owner sessionid Match local SID\n"
"[!] --cmd-owner name Match local command name\n"
-"NOTE: PID, SID and command matching are broken on SMP\n"
-"\n");
+"NOTE: PID, SID and command matching are broken on SMP\n");
#else
printf(
"owner match options:\n"
"[!] --gid-owner groupid Match local GID\n"
"[!] --pid-owner processid Match local PID\n"
"[!] --sid-owner sessionid Match local SID\n"
-"NOTE: PID and SID matching are broken on SMP\n"
-"\n");
+"NOTE: PID and SID matching are broken on SMP\n");
#endif /* IPT_OWNER_COMM */
}
"[!] --gid-owner groupid Match local GID\n"
"[!] --pid-owner processid Match local PID\n"
"[!] --sid-owner sessionid Match local SID\n"
-"NOTE: PID and SID matching are broken on SMP\n"
-"\n");
+"NOTE: PID and SID matching are broken on SMP\n");
}
static void owner_mt_help(void)
"owner match options:\n"
"[!] --uid-owner userid[-userid] Match local UID\n"
"[!] --gid-owner groupid[-groupid] Match local GID\n"
-"[!] --socket-exists Match if socket exists\n"
-"\n");
+"[!] --socket-exists Match if socket exists\n");
}
static const struct option owner_mt_opts_v0[] = {
}
static struct xtables_match owner_mt_reg_v0 = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "owner",
.revision = 0,
.family = AF_INET,
};
static struct xtables_match owner_mt6_reg_v0 = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "owner",
.revision = 0,
.family = AF_INET6,
};
static struct xtables_match owner_mt_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "owner",
.revision = 1,
.family = AF_INET,
};
static struct xtables_match owner_mt6_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "owner",
.revision = 1,
.family = AF_INET6,
static void physdev_help(void)
{
printf(
-"physdev v%s options:\n"
+"physdev match options:\n"
" --physdev-in [!] input name[+] bridge port name ([+] for wildcard)\n"
" --physdev-out [!] output name[+] bridge port name ([+] for wildcard)\n"
" [!] --physdev-is-in arrived on a bridge device\n"
" [!] --physdev-is-out will leave on a bridge device\n"
-" [!] --physdev-is-bridged it's a bridged packet\n"
-"\n", IPTABLES_VERSION);
+" [!] --physdev-is-bridged it's a bridged packet\n");
}
static const struct option physdev_opts[] = {
static struct xtables_match physdev_match = {
.family = AF_INET,
.name = "physdev",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_physdev_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_physdev_info)),
.help = physdev_help,
static struct xtables_match physdev_match6 = {
.family = AF_INET6,
.name = "physdev",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_physdev_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_physdev_info)),
.help = physdev_help,
static void pkttype_help(void)
{
printf(
-"pkttype v%s options:\n"
-" --pkt-type [!] packettype\tmatch packet type\n"
-"\n", PKTTYPE_VERSION);
+"pkttype match options:\n"
+" --pkt-type [!] packettype\tmatch packet type\n");
print_types();
}
static struct xtables_match pkttype_match = {
.family = AF_UNSPEC,
.name = "pkttype",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_pkttype_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_pkttype_info)),
.help = pkttype_help,
/* print usage */
static void quota_help(void)
{
- printf("quota options:\n"
- " --quota quota quota (bytes)\n" "\n");
+ printf("quota match options:\n"
+ " --quota quota quota (bytes)\n");
}
/* print matchinfo */
struct xtables_match quota_match = {
.family = AF_UNSPEC,
.name = "quota",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof (struct xt_quota_info)),
.userspacesize = offsetof(struct xt_quota_info, quota),
.help = quota_help,
static void rateest_help(void)
{
printf(
-"rateest match v%s options:\n"
+"rateest match options:\n"
" --rateest1 name Rate estimator name\n"
" --rateest2 name Rate estimator name\n"
" --rateest-delta Compare difference(s) to given rate(s)\n"
" --rateest-pps2 [pps] Compare pps\n"
" [!] --rateest-lt Match if rate is less than given rate/estimator\n"
" [!] --rateest-gt Match if rate is greater than given rate/estimator\n"
-" [!] --rateest-eq Match if rate is equal to given rate/estimator\n"
-"\n",
- IPTABLES_VERSION);
+" [!] --rateest-eq Match if rate is equal to given rate/estimator\n");
}
enum rateest_options {
static struct xtables_match rateest_mt_reg = {
.family = AF_UNSPEC,
.name = "rateest",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_rateest_match_info)),
.userspacesize = XT_ALIGN(offsetof(struct xt_rateest_match_info, est1)),
.help = rateest_help,
static void sctp_help(void)
{
printf(
-"SCTP match v%s options\n"
+"sctp match options\n"
" --source-port [!] port[:port] match source port(s)\n"
" --sport ...\n"
" --destination-port [!] port[:port] match destination port(s)\n"
" --dport ...\n"
" --chunk-types [!] (all|any|none) (chunktype[:flags])+ match if all, any or none of\n"
" chunktypes are present\n"
-"chunktypes - DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE ASCONF ASCONF_ACK ALL NONE\n",
- IPTABLES_VERSION);
+"chunktypes - DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE ASCONF ASCONF_ACK ALL NONE\n");
}
static const struct option sctp_opts[] = {
static struct xtables_match sctp_match = {
.name = "sctp",
.family = AF_INET,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_sctp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_sctp_info)),
.help = sctp_help,
static struct xtables_match sctp_match6 = {
.name = "sctp",
.family = AF_INET6,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_sctp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_sctp_info)),
.help = sctp_help,
static void standard_help(void)
{
printf(
-"Standard v%s options:\n"
-"(If target is DROP, ACCEPT, RETURN or nothing)\n", IPTABLES_VERSION);
+"standard match options:\n"
+"(If target is DROP, ACCEPT, RETURN or nothing)\n");
}
/* Function which parses command options; returns true if it
static struct xtables_target standard_target = {
.family = AF_UNSPEC,
.name = "standard",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(int)),
.userspacesize = XT_ALIGN(sizeof(int)),
.help = standard_help,
state_help(void)
{
printf(
-"state v%s options:\n"
+"state match options:\n"
" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n"
-" State(s) to match\n"
-"\n", IPTABLES_VERSION);
+" State(s) to match\n");
}
static const struct option state_opts[] = {
static struct xtables_match state_match = {
.family = AF_INET,
.name = "state",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_state_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_state_info)),
.help = state_help,
static struct xtables_match state_match6 = {
.family = AF_INET6,
.name = "state",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_state_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_state_info)),
.help = state_help,
static void statistic_help(void)
{
printf(
-"statistic match v%s options:\n"
+"statistic match options:\n"
" --mode mode Match mode (random, nth)\n"
" random mode:\n"
" --probability p Probability\n"
" nth mode:\n"
" --every n Match every nth packet\n"
-" --packet p Initial counter value (0 <= p <= n-1, default 0)\n"
-"\n",
-IPTABLES_VERSION);
+" --packet p Initial counter value (0 <= p <= n-1, default 0)\n");
}
static const struct option statistic_opts[] = {
static struct xtables_match statistic_match = {
.family = AF_UNSPEC,
.name = "statistic",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_statistic_info)),
.userspacesize = offsetof(struct xt_statistic_info, u.nth.count),
.init = statistic_mt_init,
static void string_help(void)
{
printf(
-"STRING match v%s options:\n"
+"string match options:\n"
"--from Offset to start searching from\n"
"--to Offset to stop searching\n"
"--algo Algorithm\n"
"--string [!] string Match a string in a packet\n"
-"--hex-string [!] string Match a hex string in a packet\n",
-IPTABLES_VERSION);
+"--hex-string [!] string Match a hex string in a packet\n");
}
static const struct option string_opts[] = {
static struct xtables_match string_match = {
.name = "string",
.family = AF_UNSPEC,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_string_info)),
.userspacesize = offsetof(struct xt_string_info, config),
.help = string_help,
static void tcp_help(void)
{
printf(
-"TCP v%s options:\n"
+"tcp match options:\n"
" --tcp-flags [!] mask comp match when TCP flags & mask == comp\n"
" (Flags: SYN ACK FIN RST URG PSH ALL NONE)\n"
"[!] --syn match when only SYN flag set\n"
" --destination-port [!] port[:port]\n"
" --dport ...\n"
" match destination port(s)\n"
-" --tcp-option [!] number match if TCP option set\n\n",
-IPTABLES_VERSION);
+" --tcp-option [!] number match if TCP option set\n");
}
static const struct option tcp_opts[] = {
static struct xtables_match tcp_match = {
.family = AF_INET,
.name = "tcp",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_tcp)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tcp)),
.help = tcp_help,
static struct xtables_match tcp_match6 = {
.family = AF_INET6,
.name = "tcp",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_tcp)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tcp)),
.help = tcp_help,
static void tcpmss_help(void)
{
printf(
-"tcpmss match v%s options:\n"
+"tcpmss match options:\n"
"[!] --mss value[:value] Match TCP MSS range.\n"
-" (only valid for TCP SYN or SYN/ACK packets)\n",
-IPTABLES_VERSION);
+" (only valid for TCP SYN or SYN/ACK packets)\n");
}
static const struct option tcpmss_opts[] = {
static struct xtables_match tcpmss_match = {
.family = AF_INET,
.name = "tcpmss",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
.help = tcpmss_help,
static struct xtables_match tcpmss_match6 = {
.family = AF_INET6,
.name = "tcpmss",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
.help = tcpmss_help,
static void time_help(void)
{
printf(
-"TIME v%s options:\n"
+"time match options:\n"
" --datestart time Start and stop time, to be given in ISO 8601\n"
" --datestop time (YYYY[-MM[-DD[Thh[:mm[:ss]]]]])\n"
" --timestart time Start and stop daytime (hh:mm[:ss])\n"
" --weekdays value List of weekdays on which to match, sep. by comma\n"
" (Possible days: Mon,Tue,Wed,Thu,Fri,Sat,Sun or 1 to 7\n"
" Defaults to all weekdays.)\n"
-" --localtz/--utc Time is interpreted as UTC/local time\n",
-IPTABLES_VERSION);
+" --localtz/--utc Time is interpreted as UTC/local time\n");
}
static void time_init(struct xt_entry_match *m)
static struct xtables_match time_match = {
.name = "time",
.family = AF_UNSPEC,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_time_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_time_info)),
.help = time_help,
}
static struct xtables_match tos_mt_reg_v0 = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "tos",
.family = AF_INET,
.revision = 0,
};
static struct xtables_match tos_mt_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "tos",
.family = AF_INET,
.revision = 1,
};
static struct xtables_match tos_mt6_reg = {
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.name = "tos",
.family = AF_INET6,
.revision = 1,
static void u32_help(void)
{
printf(
- "u32 v%s options:\n"
+ "u32 match options:\n"
"[!] --u32 tests\n"
"\t\t""tests := location \"=\" value | tests \"&&\" location \"=\" value\n"
"\t\t""value := range | value \",\" range\n"
"\t\t""range := number | number \":\" number\n"
"\t\t""location := number | location operator number\n"
- "\t\t""operator := \"&\" | \"<<\" | \">>\" | \"@\"\n",
- IPTABLES_VERSION);
- return;
+ "\t\t""operator := \"&\" | \"<<\" | \">>\" | \"@\"\n");
}
static void u32_dump(const struct xt_u32 *data)
static struct xtables_match u32_match = {
.name = "u32",
.family = AF_UNSPEC,
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_u32)),
.userspacesize = XT_ALIGN(sizeof(struct xt_u32)),
.help = u32_help,
static void udp_help(void)
{
printf(
-"UDP v%s options:\n"
+"udp match options:\n"
" --source-port [!] port[:port]\n"
" --sport ...\n"
" match source port(s)\n"
" --destination-port [!] port[:port]\n"
" --dport ...\n"
-" match destination port(s)\n",
-IPTABLES_VERSION);
+" match destination port(s)\n");
}
static const struct option udp_opts[] = {
static struct xtables_match udp_match = {
.family = AF_INET,
.name = "udp",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_udp)),
.userspacesize = XT_ALIGN(sizeof(struct xt_udp)),
.help = udp_help,
static struct xtables_match udp_match6 = {
.family = AF_INET6,
.name = "udp",
- .version = IPTABLES_VERSION,
+ .version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_udp)),
.userspacesize = XT_ALIGN(sizeof(struct xt_udp)),
.help = udp_help,
#endif /* IP6T_SO_GET_REVISION_MATCH Old kernel source */
#define ip6tables_rule_match xtables_rule_match
-#define ip6tables_match xtables_match
-#define ip6tables_target xtables_target
#define ip6t_tryload xt_tryload
extern int line;
/* Your shared library should call one of these. */
-extern void register_match6(struct ip6tables_match *me);
-extern void register_target6(struct ip6tables_target *me);
-
extern int do_command6(int argc, char *argv[], char **table,
ip6tc_handle_t *handle);
#endif /* IPT_SO_GET_REVISION_MATCH Old kernel source */
#define iptables_rule_match xtables_rule_match
-#define iptables_match xtables_match
-#define iptables_target xtables_target
#define ipt_tryload xt_tryload
extern int line;
/* Your shared library should call one of these. */
-extern void register_match(struct iptables_match *me);
-extern void register_target(struct iptables_target *me);
-
extern int do_command(int argc, char *argv[], char **table,
iptc_handle_t *handle);
extern int delete_chain(const ipt_chainlabel chain, int verbose,
int in_table = 0, testing = 0;
program_name = "ip6tables-restore";
- program_version = IPTABLES_VERSION;
+ program_version = XTABLES_VERSION;
line = 0;
lib_dir = getenv("XTABLES_LIBDIR");
break;
case 'h':
print_usage("ip6tables-restore",
- IPTABLES_VERSION);
+ XTABLES_VERSION);
break;
case 'n':
noflush = 1;
static int print_match(const struct ip6t_entry_match *e,
const struct ip6t_ip6 *ip)
{
- struct ip6tables_match *match
+ struct xtables_match *match
= find_match(e->u.user.name, TRY_LOAD, NULL);
if (match) {
/* Print targinfo part */
t = ip6t_get_target((struct ip6t_entry *)e);
if (t->u.user.name[0]) {
- struct ip6tables_target *target
+ struct xtables_target *target
= find_target(t->u.user.name, TRY_LOAD);
if (!target) {
time_t now = time(NULL);
printf("# Generated by ip6tables-save v%s on %s",
- IPTABLES_VERSION, ctime(&now));
+ XTABLES_VERSION, ctime(&now));
printf("*%s\n", tablename);
/* Dump out chain names first,
int c;
program_name = "ip6tables-save";
- program_version = IPTABLES_VERSION;
+ program_version = XTABLES_VERSION;
lib_dir = getenv("XTABLES_LIBDIR");
if (lib_dir == NULL) {
ip6tc_handle_t handle = NULL;
program_name = "ip6tables";
- program_version = IPTABLES_VERSION;
+ program_version = XTABLES_VERSION;
lib_dir = getenv("XTABLES_LIBDIR");
if (lib_dir == NULL) {
exit_printhelp(struct ip6tables_rule_match *matches)
{
struct ip6tables_rule_match *matchp = NULL;
- struct ip6tables_target *t = NULL;
+ struct xtables_target *t = NULL;
printf("%s v%s\n\n"
"Usage: %s -[AD] chain rule-specification [options]\n"
*/
/* Christophe Burki wants `-p 6' to imply `-m tcp'. */
-static struct ip6tables_match *
+static struct xtables_match *
find_proto(const char *pname, enum ip6t_tryload tryload, int nolookup, struct ip6tables_rule_match **matches)
{
unsigned int proto;
return merge;
}
-void register_match6(struct ip6tables_match *me)
-{
- me->family = AF_INET6;
- xtables_register_match(me);
-}
-
-void register_target6(struct ip6tables_target *me)
-{
- me->family = AF_INET6;
- xtables_register_target(me);
-}
-
static void
print_num(u_int64_t number, unsigned int format)
{
const struct ip6t_ip6 *ip,
int numeric)
{
- struct ip6tables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL);
+ struct xtables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL);
if (match) {
if (match->print)
unsigned int format,
const ip6tc_handle_t handle)
{
- struct ip6tables_target *target = NULL;
+ struct xtables_target *target = NULL;
const struct ip6t_entry_target *t;
u_int8_t flags;
char buf[BUFSIZ];
unsigned int rulenum = 0, options = 0, command = 0;
const char *pcnt = NULL, *bcnt = NULL;
int ret = 1;
- struct ip6tables_match *m;
+ struct xtables_match *m;
struct ip6tables_rule_match *matches = NULL;
struct ip6tables_rule_match *matchp;
- struct ip6tables_target *target = NULL;
- struct ip6tables_target *t;
+ struct xtables_target *target = NULL;
+ struct xtables_target *t;
const char *jumpto = "";
char *protocol = NULL;
int proto_used = 0;
const char *tablename = 0;
program_name = "iptables-restore";
- program_version = IPTABLES_VERSION;
+ program_version = XTABLES_VERSION;
line = 0;
lib_dir = getenv("XTABLES_LIBDIR");
break;
case 'h':
print_usage("iptables-restore",
- IPTABLES_VERSION);
+ XTABLES_VERSION);
break;
case 'n':
noflush = 1;
static int print_match(const struct ipt_entry_match *e,
const struct ipt_ip *ip)
{
- struct iptables_match *match
+ struct xtables_match *match
= find_match(e->u.user.name, TRY_LOAD, NULL);
if (match) {
/* Print targinfo part */
t = ipt_get_target((struct ipt_entry *)e);
if (t->u.user.name[0]) {
- struct iptables_target *target
+ struct xtables_target *target
= find_target(t->u.user.name, TRY_LOAD);
if (!target) {
time_t now = time(NULL);
printf("# Generated by iptables-save v%s on %s",
- IPTABLES_VERSION, ctime(&now));
+ XTABLES_VERSION, ctime(&now));
printf("*%s\n", tablename);
/* Dump out chain names first,
int c;
program_name = "iptables-save";
- program_version = IPTABLES_VERSION;
+ program_version = XTABLES_VERSION;
lib_dir = getenv("XTABLES_LIBDIR");
if (lib_dir == NULL) {
iptc_handle_t handle = NULL;
program_name = "iptables";
- program_version = IPTABLES_VERSION;
+ program_version = XTABLES_VERSION;
lib_dir = getenv("XTABLES_LIBDIR");
if (lib_dir == NULL) {
FILE *in;
program_name = "iptables-xml";
- program_version = IPTABLES_VERSION;
+ program_version = XTABLES_VERSION;
line = 0;
while ((c = getopt_long(argc, argv, "cvh", options, NULL)) != -1) {
verbose = 1;
break;
case 'h':
- print_usage("iptables-xml", IPTABLES_VERSION);
+ print_usage("iptables-xml", XTABLES_VERSION);
break;
}
}
exit_printhelp(struct iptables_rule_match *matches)
{
struct iptables_rule_match *matchp = NULL;
- struct iptables_target *t = NULL;
+ struct xtables_target *t = NULL;
printf("%s v%s\n\n"
"Usage: %s -[AD] chain rule-specification [options]\n"
*/
/* Christophe Burki wants `-p 6' to imply `-m tcp'. */
-static struct iptables_match *
+static struct xtables_match *
find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct iptables_rule_match **matches)
{
unsigned int proto;
return merge;
}
-void register_match(struct iptables_match *me)
-{
- me->family = PF_INET;
- xtables_register_match(me);
-}
-
-void register_target(struct iptables_target *me)
-{
- me->family = PF_INET;
- xtables_register_target(me);
-}
-
static void
print_num(u_int64_t number, unsigned int format)
{
const struct ipt_ip *ip,
int numeric)
{
- struct iptables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL);
+ struct xtables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL);
if (match) {
if (match->print)
unsigned int format,
const iptc_handle_t handle)
{
- struct iptables_target *target = NULL;
+ struct xtables_target *target = NULL;
const struct ipt_entry_target *t;
u_int8_t flags;
char buf[BUFSIZ];
unsigned int rulenum = 0, options = 0, command = 0;
const char *pcnt = NULL, *bcnt = NULL;
int ret = 1;
- struct iptables_match *m;
+ struct xtables_match *m;
struct iptables_rule_match *matches = NULL;
struct iptables_rule_match *matchp;
- struct iptables_target *target = NULL;
- struct iptables_target *t;
+ struct xtables_target *target = NULL;
+ struct xtables_target *t;
const char *jumpto = "";
char *protocol = NULL;
int proto_used = 0;
*/
#include <sys/types.h>
#include <sys/socket.h>
+#include <xtables.h>
#include "linux_list.h"
CHECK(handle);
printf("libiptc v%s. %u bytes.\n",
- IPTABLES_VERSION, handle->entries->size);
+ XTABLES_VERSION, handle->entries->size);
printf("Table `%s'\n", handle->info.name);
printf("Hooks: pre/in/fwd/out/post = %u/%u/%u/%u/%u\n",
handle->info.hook_entry[HOOK_PRE_ROUTING],
projects / thirdparty / iptables.git / commitdiff
