iptables: support for match aliases

This patch allows for match names listed on the command line to be
rewritten to new names and revisions, like we did for targets before.

Signed-off-by: Jan Engelhardt <jengelh@inai.de>

diff --git a/include/xtables.h b/include/xtables.h
index 7bdc331c53973a21e41a7c65d421fa3e72ae483c..2cc1a0289a7bb37cb9b168ab7e32fa608f501f32 100644 (file)
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -213,6 +213,7 @@ struct xtables_match
        struct xtables_match *next;
 
        const char *name;
+       const char *real_name;
 
        /* Revision of match (0 by default). */
        u_int8_t revision;

diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 752cf033f1834e38425332adfa5b5c93c0ab398b..f93bfb33142339f8b4c6352be476171c472ae58e 100644 (file)
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -1319,8 +1319,12 @@ static void command_match(struct iptables_command_state *cs)
        size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
        m->m = xtables_calloc(1, size);
        m->m->u.match_size = size;
-       strcpy(m->m->u.user.name, m->name);
+       strcpy(m->m->u.user.name, m->real_name);
        m->m->u.user.revision = m->revision;
+       if (m->real_name != m->name)
+               fprintf(stderr, "WARNING: The %s match is obsolete. "
+                       "Use %s instead.\n", m->name, m->real_name);
+
        xs_init_match(m);
        if (m == m->next)
                return;

diff --git a/iptables/iptables.c b/iptables/iptables.c
index a237e93c7fcfda02e9abfa822e7ef58a3f21888d..5786bfdd39164e4a52eaaad41b39fffadb000247 100644 (file)
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -1330,8 +1330,12 @@ static void command_match(struct iptables_command_state *cs)
        size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
        m->m = xtables_calloc(1, size);
        m->m->u.match_size = size;
-       strcpy(m->m->u.user.name, m->name);
+       strcpy(m->m->u.user.name, m->real_name);
        m->m->u.user.revision = m->revision;
+       if (m->real_name != m->name)
+               fprintf(stderr, "WARNING: The %s match is obsolete. "
+                       "Use %s instead.\n", m->name, m->real_name);
+
        xs_init_match(m);
        if (m == m->next)
                return;

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index a2b24c5a0876b0e39a1b24de488a5e4fe32e1eef..82c3643b0f989593c4925ca10be20d47bec6812c 100644 (file)
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -848,6 +848,8 @@ void xtables_register_match(struct xtables_match *me)
                exit(1);
        }
 
+       if (me->real_name == NULL)
+               me->real_name = me->name;
        if (me->x6_options != NULL)
                xtables_option_metavalidate(me->name, me->x6_options);
        if (me->extra_opts != NULL)
@@ -903,8 +905,10 @@ xtables_mt_prefer(bool a_alias, unsigned int a_rev, unsigned int a_fam,
 static int xtables_match_prefer(const struct xtables_match *a,
                                const struct xtables_match *b)
 {
-       return xtables_mt_prefer(false, a->revision, a->family,
-                                false, b->revision, b->family);
+       return xtables_mt_prefer(a->name != a->real_name,
+                                a->revision, a->family,
+                                b->name != b->real_name,
+                                b->revision, b->family);
 }
 
 static int xtables_target_prefer(const struct xtables_target *a,
@@ -938,11 +942,11 @@ static void xtables_fully_register_pending_match(struct xtables_match *me)
 
                /* Now we have two (or more) options, check compatibility. */
                if (compare > 0 &&
-                   compatible_match_revision(old->name, old->revision))
+                   compatible_match_revision(old->real_name, old->revision))
                        return;
 
                /* See if new match can be used. */
-               if (!compatible_match_revision(me->name, me->revision))
+               if (!compatible_match_revision(me->real_name, me->revision))
                        return;
 
                /* Delete old one. */