diff -ruN iptables.new_without_fluff/Makefile iptables.new/Makefile --- iptables.new_without_fluff/Makefile 2004-06-25 13:18:57.000000000 +0200 +++ iptables.new/Makefile 2004-08-27 03:16:20.000000000 +0200 @@ -26,7 +26,7 @@ # directory for new iptables releases RELEASE_DIR:=/tmp -# Need libc6 for this. FIXME: Should covert to autoconf. +# Need libc6 for this. FIXME: Should convert to autoconf. ifeq ($(shell [ -f /usr/include/netinet/ip6.h ] && echo YES), YES) DO_IPV6:=1 endif diff -ruN iptables.new_without_fluff/include/libiptc/libip6tc.h iptables.new/include/libiptc/libip6tc.h --- iptables.new_without_fluff/include/libiptc/libip6tc.h 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/include/libiptc/libip6tc.h 2004-08-13 12:22:46.000000000 +0200 @@ -20,9 +20,6 @@ /* Transparent handle type. */ typedef struct ip6tc_handle *ip6tc_handle_t; -/* Does this chain exist? */ -int ip6tc_is_chain(const char *chain, const ip6tc_handle_t handle); - /* Take a snapshot of the rules. Returns NULL on error. */ ip6tc_handle_t ip6tc_init(const char *tablename); @@ -48,6 +45,9 @@ const char *ip6tc_get_target(const struct ip6t_entry *e, ip6tc_handle_t *handle); +/* Does this chain exist? */ +int ip6tc_is_chain(const char *chain, const ip6tc_handle_t handle); + /* Is this a built-in chain? */ int ip6tc_builtin(const char *chain, const ip6tc_handle_t handle); diff -ruN iptables.new_without_fluff/include/libiptc/libiptc.h iptables.new/include/libiptc/libiptc.h --- iptables.new_without_fluff/include/libiptc/libiptc.h 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/include/libiptc/libiptc.h 2004-07-23 17:59:21.000000000 +0200 @@ -28,9 +28,6 @@ /* Transparent handle type. */ typedef struct iptc_handle *iptc_handle_t; -/* Does this chain exist? */ -int iptc_is_chain(const char *chain, const iptc_handle_t handle); - /* Take a snapshot of the rules. Returns NULL on error. */ iptc_handle_t iptc_init(const char *tablename); @@ -56,6 +53,9 @@ const char *iptc_get_target(const struct ipt_entry *e, iptc_handle_t *handle); +/* Does this chain exist? */ +int iptc_is_chain(const char *chain, const iptc_handle_t handle); + /* Is this a built-in chain? */ int iptc_builtin(const char *chain, const iptc_handle_t handle); diff -ruN iptables.new_without_fluff/ip6tables-restore.8 iptables.new/ip6tables-restore.8 --- iptables.new_without_fluff/ip6tables-restore.8 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/ip6tables-restore.8 2004-08-27 03:10:54.000000000 +0200 @@ -27,7 +27,7 @@ .PP .B ip6tables-restore is used to restore IPv6 Tables from data specified on STDIN. Use -I/O redirection provided by your shell to read from a file +I/O redirection provided by your shell to read from a file. .TP \fB\-c\fR, \fB\-\-counters\fR restore the values of all packet and byte counters. diff -ruN iptables.new_without_fluff/ip6tables-restore.c iptables.new/ip6tables-restore.c --- iptables.new_without_fluff/ip6tables-restore.c 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/ip6tables-restore.c 2004-08-28 03:37:47.000000000 +0200 @@ -21,7 +21,7 @@ #ifdef DEBUG #define DEBUGP(x, args...) fprintf(stderr, x, ## args) #else -#define DEBUGP(x, args...) +#define DEBUGP(x, args...) #endif static int counters = 0, verbose = 0, noflush = 0; @@ -53,11 +53,10 @@ name, version, name); } -ip6tc_handle_t create_handle(const char *tablename, const char* modprobe, int simulate) +static ip6tc_handle_t +create_handle(const char *tablename, const char* modprobe, int simulate) { - ip6tc_handle_t handle; - - handle = ip6tc_init(tablename); + ip6tc_handle_t handle = ip6tc_init(tablename); if (!handle) { /* try to insmod the module if ip6tc_init failed */ @@ -67,41 +66,49 @@ if (!handle) exit_error(PARAMETER_PROBLEM, "%s: unable to initialize" - "table '%s'\n", program_name, tablename); + "table '%s'\n", program_name, tablename); if (simulate) ip6tc_set_nocommit(&handle); return handle; } -int parse_counters(char *string, struct ip6t_counters *ctr) +static int +parse_counters(const char *string, struct ip6t_counters *ctr) { - return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2); + return (sscanf(string, "[%llu:%llu]", + (unsigned long long *)&ctr->pcnt, + (unsigned long long *)&ctr->bcnt) == 2); } /* global new argv and argc */ static char *newargv[255]; static int newargc; -/* function adding one argument to newargv, updating newargc +/* function adding one argument to newargv, updating newargc * returns true if argument added, false otherwise */ -static int add_argv(char *what) { +static int +add_argv(const char *what) +{ DEBUGP("add_argv: %s\n", what); if (what && ((newargc + 1) < sizeof(newargv)/sizeof(char *))) { newargv[newargc] = strdup(what); newargc++; return 1; - } else + } else return 0; } -static void free_argv(void) { +static void +free_argv(void) +{ int i; for (i = 0; i < newargc; i++) free(newargv[i]); } -int main(int argc, char *argv[]) +int +main(int argc, char *argv[]) { ip6tc_handle_t handle = NULL; char buffer[10240]; @@ -122,32 +129,32 @@ while ((c = getopt_long(argc, argv, "cvt:nM:Sh", options, NULL)) != -1) { switch (c) { - case 'c': - counters = 1; - break; - case 'v': - verbose = 1; - break; - case 't': /* Select specific table. */ - tablename = optarg; - break; - case 'n': - noflush = 1; - break; - case 'M': - modprobe = optarg; - break; - case 'S': - simulate = 1; - break; - case 'h': - print_usage(program_name, IPTABLES_VERSION); - exit(0); - case '?': - exit_tryhelp(PARAMETER_PROBLEM); + case 'c': + counters = 1; + break; + case 'v': + verbose = 1; + break; + case 't': /* Select specific table. */ + tablename = optarg; + break; + case 'n': + noflush = 1; + break; + case 'M': + modprobe = optarg; + break; + case 'S': + simulate = 1; + break; + case 'h': + print_usage(program_name, IPTABLES_VERSION); + exit(0); + case '?': + exit_tryhelp(PARAMETER_PROBLEM); } } - + if (optind == argc - 1) { in = fopen(argv[optind], "r"); if (!in) { @@ -162,7 +169,7 @@ exit(1); } else in = stdin; - + /* Grab standard input. */ while (fgets(buffer, sizeof(buffer), in)) { int ret = 0; /* error by default */ @@ -200,12 +207,12 @@ if (noflush == 0) { DEBUGP("Cleaning all chains of table '%s'\n", table); - for_each_chain(flush_entries, verbose, 1, + for_each_chain(flush_entries, verbose, 1, &handle); - + DEBUGP("Deleting all user-defined chains " "of table '%s'\n", table); - for_each_chain(delete_chain, verbose, 0, + for_each_chain(delete_chain, verbose, 0, &handle) ; } @@ -255,7 +262,7 @@ sizeof(struct ip6t_counters)); DEBUGP("Setting policy of chain %s to %s\n", - chain, policy); + chain, policy); if (!ip6tc_set_policy(chain, policy, &count, &handle)) @@ -310,7 +317,7 @@ add_argv(argv[0]); add_argv("-t"); add_argv((char *) &curtable); - + if (counters && pcnt && bcnt) { add_argv("--set-counters"); add_argv((char *) pcnt); @@ -323,13 +330,13 @@ quote_open = 0; param_start = parsestart; - + for (curchar = parsestart; *curchar; curchar++) { if (*curchar == '"') { /* quote_open cannot be true if there - * was no previous character. Thus, + * was no previous character. Thus, * curchar-1 has to be within bounds */ - if (quote_open && + if (quote_open && *(curchar-1) != '\\') { quote_open = 0; *curchar = ' '; @@ -337,7 +344,7 @@ quote_open = 1; param_start++; } - } + } if (*curchar == ' ' || *curchar == '\t' || * curchar == '\n') { @@ -352,7 +359,7 @@ param_start++; continue; } - + /* end of one parameter */ strncpy(param_buffer, param_start, param_len); @@ -378,7 +385,7 @@ for (a = 0; a < newargc; a++) DEBUGP("argv[%u]: %s\n", a, newargv[a]); - ret = do_command6(newargc, newargv, + ret = do_command6(newargc, newargv, &newargv[2], &handle); free_argv(); @@ -393,7 +400,7 @@ } if (in_table) { fprintf(stderr, "%s: COMMIT expected at line %u\n", - program_name, line + 1); + program_name, line + 1); exit(1); } diff -ruN iptables.new_without_fluff/ip6tables-save.8 iptables.new/ip6tables-save.8 --- iptables.new_without_fluff/ip6tables-save.8 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/ip6tables-save.8 2004-08-27 03:14:28.000000000 +0200 @@ -30,7 +30,7 @@ to STDOUT. Use I/O-redirection provided by your shell to write to a file. .TP \fB\-c\fR, \fB\-\-counters\fR -include the current values of all packet and byte counters in the output +include the current values of all packet and byte counters in the output. .TP \fB\-t\fR, \fB\-\-table\fR \fBtablename\fR restrict output to only one table. If not specified, output includes all diff -ruN iptables.new_without_fluff/ip6tables-save.c iptables.new/ip6tables-save.c --- iptables.new_without_fluff/ip6tables-save.c 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/ip6tables-save.c 2004-08-28 03:41:08.000000000 +0200 @@ -1,7 +1,7 @@ /* Code to save the ip6tables state, in human readable-form. */ /* Author: Andras Kis-Szabo * Original code: iptables-save - * Authors: Paul 'Rusty' Russel and + * Authors: Paul 'Rusty' Russell and * Harald Welte * This code is distributed under the terms of GNU GPL v2 */ @@ -57,15 +57,15 @@ if (iface[i] != '\0') printf("%c", iface[i]); } else { - /* we can access iface[i-1] here, because + /* we can access iface[i-1] here, because * a few lines above we make sure that mask[0] != 0 */ if (iface[i-1] != '\0') - printf("+"); + putchar('+'); break; } } - printf(" "); + putchar(' '); } /* These are hardcoded backups in ip6tables.c, so they are safe */ @@ -83,17 +83,17 @@ }; /* The ip6tables looks up the /etc/protocols. */ -static void print_proto(u_int16_t proto, int invert) +static void +print_proto(u_int16_t proto, int invert) { if (proto) { unsigned int i; const char *invertstr = invert ? "! " : ""; - struct protoent *pent = getprotobynumber(proto); - if (pent) { - printf("-p %s%s ", - invertstr, pent->p_name); - return; + struct protoent *pent = getprotobynumber(proto); + if (pent) { + printf("-p %s%s ", invertstr, pent->p_name); + return; } for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++) @@ -107,8 +107,8 @@ } } -static int print_match(const struct ip6t_entry_match *e, - const struct ip6t_ip6 *ip) +static int +print_match(const struct ip6t_entry_match *e, const struct ip6t_ip6 *ip) { struct ip6tables_match *match = find_match(e->u.user.name, TRY_LOAD, NULL); @@ -131,7 +131,9 @@ } /* print a given ip including mask if neccessary */ -static void print_ip(char *prefix, const struct in6_addr *ip, const struct in6_addr *mask, int invert) +static void +print_ip(const char *prefix, const struct in6_addr *ip, + const struct in6_addr *mask, int invert) { char buf[51]; int l = ipv6_prefix_length(mask); @@ -152,22 +154,25 @@ /* We want this to be readable, so only print out neccessary fields. * Because that's the kind of world I want to live in. */ -static void print_rule(const struct ip6t_entry *e, - ip6tc_handle_t *h, const char *chain, int counters) +static void +print_rule(const struct ip6t_entry *e, ip6tc_handle_t *h, const char *chain, + int counters) { struct ip6t_entry_target *t; const char *target_name; /* print counters */ if (counters) - printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt); + printf("[%llu:%llu] ", + (unsigned long long)e->counters.pcnt, + (unsigned long long)e->counters.bcnt); /* print chain name */ printf("-A %s ", chain); /* Print IP part. */ print_ip("-s", &(e->ipv6.src), &(e->ipv6.smsk), - e->ipv6.invflags & IP6T_INV_SRCIP); + e->ipv6.invflags & IP6T_INV_SRCIP); print_ip("-d", &(e->ipv6.dst), &(e->ipv6.dmsk), e->ipv6.invflags & IP6T_INV_DSTIP); @@ -190,7 +195,7 @@ if (e->ipv6.flags & IP6T_F_TOS) printf("%s-? %d ", - e->ipv6.invflags & IP6T_INV_TOS ? "! " : "", + e->ipv6.invflags & IP6T_INV_TOS ? "! " : "", e->ipv6.tos); /* Print matchinfo part */ @@ -198,7 +203,7 @@ IP6T_MATCH_ITERATE(e, print_match, &e->ipv6); } - /* Print target name */ + /* Print target name */ target_name = ip6tc_get_target(e, h); if (target_name && (*target_name != '\0')) printf("-j %s ", target_name); @@ -221,7 +226,7 @@ /* If the target size is greater than ip6t_entry_target * there is something to be saved, we just don't know * how to print it */ - if (t->u.target_size != + if (t->u.target_size != sizeof(struct ip6t_entry_target)) { fprintf(stderr, "Target `%s' is missing " "save function\n", @@ -230,11 +235,11 @@ } } } - printf("\n"); + putchar('\n'); } -/* Debugging prototype. */ -static int for_each_table(int (*func)(const char *tablename)) +static int +for_each_table(int (*func)(const char *tablename)) { int ret = 1; FILE *procfile = NULL; @@ -246,7 +251,7 @@ while (fgets(tablename, sizeof(tablename), procfile)) { if (tablename[strlen(tablename) - 1] != '\n') - exit_error(OTHER_PROBLEM, + exit_error(OTHER_PROBLEM, "Badly formed tablename `%s'\n", tablename); tablename[strlen(tablename) - 1] = '\0'; @@ -255,9 +260,9 @@ return ret; } - -static int do_output(const char *tablename) +static int +do_output(const char *tablename) { ip6tc_handle_t h; const char *chain = NULL; @@ -316,7 +321,6 @@ } ip6tc_free(&h); - return 1; } @@ -324,7 +328,8 @@ * :Chain name POLICY packets bytes * rule */ -int main(int argc, char *argv[]) +int +main(int argc, char *argv[]) { const char *tablename = NULL; int c; @@ -341,8 +346,7 @@ case 'c': counters = 1; break; - case 't': - /* Select specific table. */ + case 't': /* Select specific table. */ tablename = optarg; break; case 'C': diff -ruN iptables.new_without_fluff/ip6tables.8.in iptables.new/ip6tables.8.in --- iptables.new_without_fluff/ip6tables.8.in 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/ip6tables.8.in 2004-08-27 03:12:23.000000000 +0200 @@ -398,7 +398,7 @@ This .B ip6tables is very similar to ipchains by Rusty Russell. The main difference is -that the chains +that the chains .B INPUT and .B OUTPUT @@ -408,7 +408,7 @@ involves both INPUT and OUTPUT chains); previously a forwarded packet would pass through all three. .PP -The other main difference is that +The other main difference is that .B -i refers to the input interface; .B -o diff -ruN iptables.new_without_fluff/ip6tables.c iptables.new/ip6tables.c --- iptables.new_without_fluff/ip6tables.c 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/ip6tables.c 2004-08-27 03:05:09.000000000 +0200 @@ -367,12 +367,12 @@ results. So we call help for all specified matches & targets */ for (t = ip6tables_targets; t; t = t->next) { if (t->used) { - printf("\n"); + putchar('\n'); t->help(); } } for (matchp = matches; matchp; matchp = matchp->next) { - printf("\n"); + putchar('\n'); matchp->match->help(); } exit(0); @@ -712,7 +712,8 @@ } struct ip6tables_match * -find_match(const char *name, enum ip6t_tryload tryload, struct ip6tables_rule_match **matches) +find_match(const char *name, enum ip6t_tryload tryload, + struct ip6tables_rule_match **matches) { struct ip6tables_match *ptr; int icmphack = 0; @@ -787,7 +788,8 @@ /* Christophe Burki wants `-p 6' to imply `-m tcp'. */ static struct ip6tables_match * -find_proto(const char *pname, enum ip6t_tryload tryload, int nolookup, struct ip6tables_rule_match **matches) +find_proto(const char *pname, enum ip6t_tryload tryload, int nolookup, + struct ip6tables_rule_match **matches) { unsigned int proto; @@ -906,8 +908,8 @@ } int -string_to_number_ll(const char *s, unsigned long long min, unsigned long long max, - unsigned long long *ret) +string_to_number_ll(const char *s, unsigned long long min, + unsigned long long max, unsigned long long *ret) { unsigned long long number; char *end; @@ -927,7 +929,7 @@ int string_to_number_l(const char *s, unsigned long min, unsigned long max, - unsigned long *ret) + unsigned long *ret) { int result; unsigned long long number; @@ -939,7 +941,7 @@ } int string_to_number(const char *s, unsigned int min, unsigned int max, - unsigned int *ret) + unsigned int *ret) { int result; unsigned long number; @@ -1182,13 +1184,12 @@ } printf(FMT(" %-19s ","%s "), "source"); printf(FMT(" %-19s "," %s "), "destination"); - printf("\n"); + putchar('\n'); } static int -print_match(const struct ip6t_entry_match *m, - const struct ip6t_ip6 *ip, +print_match(const struct ip6t_entry_match *m, const struct ip6t_ip6 *ip, int numeric) { struct ip6tables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL); @@ -1329,8 +1330,7 @@ } static void -print_firewall_line(const struct ip6t_entry *fw, - const ip6tc_handle_t h) +print_firewall_line(const struct ip6t_entry *fw, const ip6tc_handle_t h) { struct ip6t_entry_target *t; @@ -1418,7 +1418,8 @@ size = sizeof(struct ip6t_entry); for (matchp = matches; matchp; matchp = matchp->next) - size += IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + matchp->match->size; + size += IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + + matchp->match->size; mask = fw_calloc(1, size + IP6T_ALIGN(sizeof(struct ip6t_entry_target)) @@ -1431,7 +1432,8 @@ memset(mptr, 0xFF, IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + matchp->match->userspacesize); - mptr += IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + matchp->match->size; + mptr += IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + + matchp->match->size; } memset(mptr, 0xFF, @@ -1508,8 +1510,7 @@ } int -flush_entries(const ip6t_chainlabel chain, int verbose, - ip6tc_handle_t *handle) +flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle) { if (!chain) return for_each_chain(flush_entries, verbose, 1, handle); @@ -1520,8 +1521,7 @@ } static int -zero_entries(const ip6t_chainlabel chain, int verbose, - ip6tc_handle_t *handle) +zero_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle) { if (!chain) return for_each_chain(zero_entries, verbose, 1, handle); @@ -1532,8 +1532,7 @@ } int -delete_chain(const ip6t_chainlabel chain, int verbose, - ip6tc_handle_t *handle) +delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle) { if (!chain) return for_each_chain(delete_chain, verbose, 0, handle); @@ -1575,7 +1574,7 @@ if (chain && strcmp(chain, this) != 0) continue; - if (found) printf("\n"); + if (found) putchar('\n'); print_header(format, this, handle); i = ip6tc_first_rule(this, handle); @@ -1890,7 +1889,7 @@ *protocol = tolower(*protocol); protocol = argv[optind-1]; - if ( strcmp(protocol,"ipv6-icmp") == 0) + if (strcmp(protocol, "ipv6-icmp") == 0) protocol = icmp6p; fw.ipv6.proto = parse_protocol(protocol); fw.ipv6.flags |= IP6T_F_PROTO; @@ -1935,7 +1934,8 @@ target->t->u.target_size = size; strcpy(target->t->u.user.name, jumpto); target->init(target->t, &fw.nfcache); - opts = merge_options(opts, target->extra_opts, &target->option_offset); + opts = merge_options(opts, target->extra_opts, + &target->option_offset); } break; @@ -2132,7 +2132,6 @@ optind--; continue; } - if (!m) exit_error(PARAMETER_PROBLEM, "Unknown arg `%s'", @@ -2202,8 +2201,8 @@ if (!*handle) exit_error(VERSION_PROBLEM, - "can't initialize ip6tables table `%s': %s", - *table, ip6tc_strerror(errno)); + "can't initialize ip6tables table `%s': %s", + *table, ip6tc_strerror(errno)); if (simulate) ip6tc_set_nocommit(handle); diff -ruN iptables.new_without_fluff/iptables-multi.c iptables.new/iptables-multi.c --- iptables.new_without_fluff/iptables-multi.c 2004-06-27 03:12:07.000000000 +0200 +++ iptables.new/iptables-multi.c 2004-08-28 03:43:38.000000000 +0200 @@ -7,7 +7,9 @@ int iptables_save_main(int argc, char **argv); int iptables_restore_main(int argc, char **argv); -int main(int argc, char **argv) { +int +main(int argc, char **argv) +{ char *progname; if (argc == 0) { diff -ruN iptables.new_without_fluff/iptables-restore.8 iptables.new/iptables-restore.8 --- iptables.new_without_fluff/iptables-restore.8 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/iptables-restore.8 2004-08-27 03:09:48.000000000 +0200 @@ -27,7 +27,7 @@ .PP .B iptables-restore is used to restore IP Tables from data specified on STDIN. Use -I/O redirection provided by your shell to read from a file +I/O redirection provided by your shell to read from a file. .TP \fB\-c\fR, \fB\-\-counters\fR restore the values of all packet and byte counters. diff -ruN iptables.new_without_fluff/iptables-restore.c iptables.new/iptables-restore.c --- iptables.new_without_fluff/iptables-restore.c 2004-08-28 03:51:35.000000000 +0200 +++ iptables.new/iptables-restore.c 2004-08-28 03:38:20.000000000 +0200 @@ -1,4 +1,4 @@ -/* Code to restore the iptables state, from file by iptables-save. +/* Code to restore the iptables state, from file by iptables-save. * (C) 2000-2002 by Harald Welte * based on previous code from Rusty Russell * @@ -18,7 +18,7 @@ #ifdef DEBUG #define DEBUGP(x, args...) fprintf(stderr, x, ## args) #else -#define DEBUGP(x, args...) +#define DEBUGP(x, args...) #endif static int counters = 0, verbose = 0, noflush = 0; @@ -50,11 +50,10 @@ name, version, name); } -iptc_handle_t create_handle(const char *tablename, const char* modprobe, int simulate) +static iptc_handle_t +create_handle(const char *tablename, const char* modprobe, int simulate) { - iptc_handle_t handle; - - handle = iptc_init(tablename); + iptc_handle_t handle = iptc_init(tablename); if (!handle) { /* try to insmod the module if iptc_init failed */ @@ -70,28 +69,35 @@ return handle; } -int parse_counters(char *string, struct ipt_counters *ctr) +static int +parse_counters(const char *string, struct ipt_counters *ctr) { - return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2); + return (sscanf(string, "[%llu:%llu]", + (unsigned long long *)&ctr->pcnt, + (unsigned long long *)&ctr->bcnt) == 2); } /* global new argv and argc */ static char *newargv[255]; static int newargc; -/* function adding one argument to newargv, updating newargc +/* function adding one argument to newargv, updating newargc * returns true if argument added, false otherwise */ -static int add_argv(char *what) { +static int +add_argv(const char *what) +{ DEBUGP("add_argv: %s\n", what); if (what && ((newargc + 1) < sizeof(newargv)/sizeof(char *))) { newargv[newargc] = strdup(what); newargc++; return 1; - } else + } else return 0; } -static void free_argv(void) { +static void +free_argv(void) +{ int i; for (i = 0; i < newargc; i++) @@ -125,32 +131,32 @@ while ((c = getopt_long(argc, argv, "cvt:nM:Sh", options, NULL)) != -1) { switch (c) { - case 'c': - counters = 1; - break; - case 'v': - verbose = 1; - break; - case 't': /* Select specific table. */ - tablename = optarg; - break; - case 'n': - noflush = 1; - break; - case 'M': - modprobe = optarg; - break; - case 'S': - simulate = 1; - break; - case 'h': - print_usage(program_name, IPTABLES_VERSION); - exit(0); - case '?': - exit_tryhelp(PARAMETER_PROBLEM); + case 'c': + counters = 1; + break; + case 'v': + verbose = 1; + break; + case 't': /* Select specific table. */ + tablename = optarg; + break; + case 'n': + noflush = 1; + break; + case 'M': + modprobe = optarg; + break; + case 'S': + simulate = 1; + break; + case 'h': + print_usage(program_name, IPTABLES_VERSION); + exit(0); + case '?': + exit_tryhelp(PARAMETER_PROBLEM); } } - + if (optind == argc - 1) { in = fopen(argv[optind], "r"); if (!in) { @@ -165,7 +171,7 @@ exit(1); } else in = stdin; - + /* Grab standard input. */ while (fgets(buffer, sizeof(buffer), in)) { int ret = 0; /* error by default */ @@ -203,12 +209,12 @@ if (noflush == 0) { DEBUGP("Cleaning all chains of table '%s'\n", table); - for_each_chain(flush_entries, verbose, 1, + for_each_chain(flush_entries, verbose, 1, &handle); - + DEBUGP("Deleting all user-defined chains " "of table '%s'\n", table); - for_each_chain(delete_chain, verbose, 0, + for_each_chain(delete_chain, verbose, 0, &handle) ; } @@ -226,8 +232,8 @@ if (!iptc_builtin(chain, handle)) { DEBUGP("Creating new chain '%s'\n", chain); - if (!iptc_create_chain(chain, &handle)) - exit_error(PARAMETER_PROBLEM, + if (!iptc_create_chain(chain, &handle)) + exit_error(PARAMETER_PROBLEM, "error creating chain " "'%s':%s\n", chain, iptc_strerror(errno)); @@ -258,7 +264,7 @@ sizeof(struct ipt_counters)); DEBUGP("Setting policy of chain %s to %s\n", - chain, policy); + chain, policy); if (!iptc_set_policy(chain, policy, &count, &handle)) @@ -313,7 +319,7 @@ add_argv(argv[0]); add_argv("-t"); add_argv((char *) &curtable); - + if (counters && pcnt && bcnt) { add_argv("--set-counters"); add_argv((char *) pcnt); @@ -326,13 +332,13 @@ quote_open = 0; param_start = parsestart; - + for (curchar = parsestart; *curchar; curchar++) { if (*curchar == '"') { /* quote_open cannot be true if there - * was no previous character. Thus, + * was no previous character. Thus, * curchar-1 has to be within bounds */ - if (quote_open && + if (quote_open && *(curchar-1) != '\\') { quote_open = 0; *curchar = ' '; @@ -340,7 +346,7 @@ quote_open = 1; param_start++; } - } + } if (*curchar == ' ' || *curchar == '\t' || * curchar == '\n') { @@ -355,7 +361,7 @@ param_start++; continue; } - + /* end of one parameter */ strncpy(param_buffer, param_start, param_len); @@ -364,7 +370,7 @@ /* check if table name specified */ if (!strncmp(param_buffer, "-t", 3) || !strncmp(param_buffer, "--table", 8)) - exit_error(PARAMETER_PROBLEM, + exit_error(PARAMETER_PROBLEM, "Line %u seems to have a " "-t table option.\n", line); @@ -381,7 +387,7 @@ for (a = 0; a < newargc; a++) DEBUGP("argv[%u]: %s\n", a, newargv[a]); - ret = do_command(newargc, newargv, + ret = do_command(newargc, newargv, &newargv[2], &handle); free_argv(); @@ -396,7 +402,7 @@ } if (in_table) { fprintf(stderr, "%s: COMMIT expected at line %u\n", - program_name, line + 1); + program_name, line + 1); exit(1); } diff -ruN iptables.new_without_fluff/iptables-save.8 iptables.new/iptables-save.8 --- iptables.new_without_fluff/iptables-save.8 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/iptables-save.8 2004-08-20 21:44:28.000000000 +0200 @@ -30,7 +30,7 @@ to STDOUT. Use I/O-redirection provided by your shell to write to a file. .TP \fB\-c\fR, \fB\-\-counters\fR -include the current values of all packet and byte counters in the output +include the current values of all packet and byte counters in the output. .TP \fB\-t\fR, \fB\-\-table\fR \fBtablename\fR restrict output to only one table. If not specified, output includes all diff -ruN iptables.new_without_fluff/iptables-save.c iptables.new/iptables-save.c --- iptables.new_without_fluff/iptables-save.c 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/iptables-save.c 2004-08-28 03:41:49.000000000 +0200 @@ -64,15 +64,15 @@ if (iface[i] != '\0') printf("%c", iface[i]); } else { - /* we can access iface[i-1] here, because + /* we can access iface[i-1] here, because * a few lines above we make sure that mask[0] != 0 */ if (iface[i-1] != '\0') - printf("+"); + putchar('+'); break; } } - printf(" "); + putchar(' '); } /* These are hardcoded backups in iptables.c, so they are safe */ @@ -91,7 +91,8 @@ { "sctp", IPPROTO_SCTP }, }; -static void print_proto(u_int16_t proto, int invert) +static void +print_proto(u_int16_t proto, int invert) { if (proto) { unsigned int i; @@ -115,7 +116,8 @@ } #if 0 -static int non_zero(const void *ptr, size_t size) +static int +non_zero(const void *ptr, size_t size) { unsigned int i; @@ -127,8 +129,8 @@ } #endif -static int print_match(const struct ipt_entry_match *e, - const struct ipt_ip *ip) +static int +print_match(const struct ipt_entry_match *e, const struct ipt_ip *ip) { struct iptables_match *match = find_match(e->u.user.name, TRY_LOAD, NULL); @@ -151,7 +153,8 @@ } /* print a given ip including mask if neccessary */ -static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert) +static void +print_ip(const char *prefix, u_int32_t ip, u_int32_t mask, int invert) { if (!mask && !ip) return; @@ -161,30 +164,33 @@ invert ? "! " : "", IP_PARTS(ip)); - if (mask != 0xffffffff) + if (mask != 0xffffffff) printf("/%u.%u.%u.%u ", IP_PARTS(mask)); else - printf(" "); + putchar(' '); } /* We want this to be readable, so only print out neccessary fields. * Because that's the kind of world I want to live in. */ -static void print_rule(const struct ipt_entry *e, - iptc_handle_t *h, const char *chain, int counters) +static void +print_rule(const struct ipt_entry *e, iptc_handle_t *h, + const char *chain, int counters) { struct ipt_entry_target *t; const char *target_name; /* print counters */ if (counters) - printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt); + printf("[%llu:%llu] ", + (unsigned long long)e->counters.pcnt, + (unsigned long long)e->counters.bcnt); /* print chain name */ printf("-A %s ", chain); /* Print IP part. */ print_ip("-s", e->ip.src.s_addr,e->ip.smsk.s_addr, - e->ip.invflags & IPT_INV_SRCIP); + e->ip.invflags & IPT_INV_SRCIP); print_ip("-d", e->ip.dst.s_addr, e->ip.dmsk.s_addr, e->ip.invflags & IPT_INV_DSTIP); @@ -206,7 +212,7 @@ IPT_MATCH_ITERATE(e, print_match, &e->ip); } - /* Print target name */ + /* Print target name */ target_name = iptc_get_target(e, h); if (target_name && (*target_name != '\0')) printf("-j %s ", target_name); @@ -229,7 +235,7 @@ /* If the target size is greater than ipt_entry_target * there is something to be saved, we just don't know * how to print it */ - if (t->u.target_size != + if (t->u.target_size != sizeof(struct ipt_entry_target)) { fprintf(stderr, "Target `%s' is missing " "save function\n", @@ -238,11 +244,11 @@ } } } - printf("\n"); + putchar('\n'); } -/* Debugging prototype. */ -static int for_each_table(int (*func)(const char *tablename)) +static int +for_each_table(int (*func)(const char *tablename)) { int ret = 1; FILE *procfile = NULL; @@ -254,7 +260,7 @@ while (fgets(tablename, sizeof(tablename), procfile)) { if (tablename[strlen(tablename) - 1] != '\n') - exit_error(OTHER_PROBLEM, + exit_error(OTHER_PROBLEM, "Badly formed tablename `%s'\n", tablename); tablename[strlen(tablename) - 1] = '\0'; @@ -263,9 +269,9 @@ return ret; } - -static int do_output(const char *tablename) +static int +do_output(const char *tablename) { iptc_handle_t h; const char *chain = NULL; @@ -324,7 +330,6 @@ } iptc_free(&h); - return 1; } @@ -355,8 +360,7 @@ case 'c': counters = 1; break; - case 't': - /* Select specific table. */ + case 't': /* Select specific table. */ tablename = optarg; break; case 'C': diff -ruN iptables.new_without_fluff/iptables.8.in iptables.new/iptables.8.in --- iptables.new_without_fluff/iptables.8.in 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/iptables.8.in 2004-08-27 03:11:36.000000000 +0200 @@ -280,7 +280,7 @@ .TP .BR "-i, --in-interface " "[!] \fIname\fP" Name of an interface via which a packet was received (only for -packets entering the +packets entering the .BR INPUT , .B FORWARD and diff -ruN iptables.new_without_fluff/iptables.c iptables.new/iptables.c --- iptables.new_without_fluff/iptables.c 2004-08-28 03:28:39.000000000 +0200 +++ iptables.new/iptables.c 2004-08-26 15:50:55.000000000 +0200 @@ -421,12 +421,12 @@ results. So we call help for all specified matches & targets */ for (t = iptables_targets; t ;t = t->next) { if (t->used) { - printf("\n"); + putchar('\n'); t->help(); } } for (matchp = matches; matchp; matchp = matchp->next) { - printf("\n"); + putchar('\n'); matchp->match->help(); } exit(0); @@ -669,7 +669,8 @@ } struct iptables_match * -find_match(const char *name, enum ipt_tryload tryload, struct iptables_rule_match **matches) +find_match(const char *name, enum ipt_tryload tryload, + struct iptables_rule_match **matches) { struct iptables_match *ptr; @@ -727,7 +728,8 @@ /* Christophe Burki wants `-p 6' to imply `-m tcp'. */ static struct iptables_match * -find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct iptables_rule_match **matches) +find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, + struct iptables_rule_match **matches) { unsigned int proto; @@ -906,8 +908,8 @@ } int -string_to_number_ll(const char *s, unsigned long long min, unsigned long long max, - unsigned long long *ret) +string_to_number_ll(const char *s, unsigned long long min, + unsigned long long max, unsigned long long *ret) { unsigned long long number; char *end; @@ -927,7 +929,7 @@ int string_to_number_l(const char *s, unsigned long min, unsigned long max, - unsigned long *ret) + unsigned long *ret) { int result; unsigned long long number; @@ -939,7 +941,7 @@ } int string_to_number(const char *s, unsigned int min, unsigned int max, - unsigned int *ret) + unsigned int *ret) { int result; unsigned long number; @@ -1182,13 +1184,12 @@ } printf(FMT(" %-19s ","%s "), "source"); printf(FMT(" %-19s "," %s "), "destination"); - printf("\n"); + putchar('\n'); } static int -print_match(const struct ipt_entry_match *m, - const struct ipt_ip *ip, +print_match(const struct ipt_entry_match *m, const struct ipt_ip *ip, int numeric) { struct iptables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL); @@ -1327,8 +1328,7 @@ } static void -print_firewall_line(const struct ipt_entry *fw, - const iptc_handle_t h) +print_firewall_line(const struct ipt_entry *fw, const iptc_handle_t h) { struct ipt_entry_target *t; @@ -1416,7 +1416,8 @@ size = sizeof(struct ipt_entry); for (matchp = matches; matchp; matchp = matchp->next) - size += IPT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size; + size += IPT_ALIGN(sizeof(struct ipt_entry_match)) + + matchp->match->size; mask = fw_calloc(1, size + IPT_ALIGN(sizeof(struct ipt_entry_target)) @@ -1429,7 +1430,8 @@ memset(mptr, 0xFF, IPT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->userspacesize); - mptr += IPT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size; + mptr += IPT_ALIGN(sizeof(struct ipt_entry_match)) + + matchp->match->size; } memset(mptr, 0xFF, @@ -1506,8 +1508,7 @@ } int -flush_entries(const ipt_chainlabel chain, int verbose, - iptc_handle_t *handle) +flush_entries(const ipt_chainlabel chain, int verbose, iptc_handle_t *handle) { if (!chain) return for_each_chain(flush_entries, verbose, 1, handle); @@ -1518,8 +1519,7 @@ } static int -zero_entries(const ipt_chainlabel chain, int verbose, - iptc_handle_t *handle) +zero_entries(const ipt_chainlabel chain, int verbose, iptc_handle_t *handle) { if (!chain) return for_each_chain(zero_entries, verbose, 1, handle); @@ -1530,8 +1530,7 @@ } int -delete_chain(const ipt_chainlabel chain, int verbose, - iptc_handle_t *handle) +delete_chain(const ipt_chainlabel chain, int verbose, iptc_handle_t *handle) { if (!chain) return for_each_chain(delete_chain, verbose, 0, handle); @@ -1573,7 +1572,7 @@ if (chain && strcmp(chain, this) != 0) continue; - if (found) printf("\n"); + if (found) putchar('\n'); print_header(format, this, handle); i = iptc_first_rule(this, handle); @@ -1929,7 +1928,8 @@ target->t->u.target_size = size; strcpy(target->t->u.user.name, jumpto); target->init(target->t, &fw.nfcache); - opts = merge_options(opts, target->extra_opts, &target->option_offset); + opts = merge_options(opts, target->extra_opts, + &target->option_offset); } break;