[PATCH] RFC - introduce xtables-multi

[PATCH] RFC - introduce xtables-multi

[Maciej Żenczykowski]

From: Maciej Żenczykowski <maze@google.com>

I'm posting this mostly to inspire discussion.

I'd like to merge iptables-multi and ip6tables-multi
into a single multi-purpose binary xtables-multi.

I can think of a few ways to do this... any preferences?

a) we delete iptables-multi and ip6tables-multi and only build xtables-multi
which depending on whether we're including v4 and/or v6 has different capabilities
unfortunately we lose support for 'iptables-multi save', since with 'xtables-multi save'
it would not be clear whether ipv4 or ipv6 was meant

b) we add xtables-multi, only build it when both v4 and v6 are enabled, but don't install it
(or at least don't install any symlinks to it)
we leave the existing iptables-multi and ip6tables-multi as is

c) we add xtables-multi, only build it when both v4 and v6 are enabled, and when both
v4 and v6 are enabled we don't build both iptables-multi and ip6tables-multi
(also means we lose 'iptables-multi save' support), the symlinks now point to xtables-multi

d) maybe other ways I can't think of

(a) results in the smallest amount of code
(b) is the most backwards compatible
(c) has less if-def'ery then (a)

[side note: this patch depends on the "move 'int line'" patch I posted earlier today]

Comments?
---
 .gitignore      |    1 +
 Makefile.am     |   20 ++++++++++++++++++++
 xtables-multi.c |   22 ++++++++++++++++++++++
 3 files changed, 43 insertions(+), 0 deletions(-)
 create mode 100644 xtables-multi.c

diff --git a/.gitignore b/.gitignore
index e5d3099..02f9d4e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -51,3 +51,4 @@ Makefile.in
 /iptables-restore
 /iptables-static
 /iptables-xml
+/xtables-multi
diff --git a/Makefile.am b/Makefile.am
index 866ac7e..f4e4587 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -57,6 +57,21 @@ endif
 ip6tables_multi_LDFLAGS   = -rdynamic
 ip6tables_multi_LDADD     = libiptc/libip6tc.la extensions/libext6.a libxtables.la -lm
 
+xtables_multi_SOURCES     = xtables-multi.c \
+                            iptables-save.c iptables-restore.c iptables-xml.c \
+                            iptables-standalone.c iptables.c \
+                            ip6tables-save.c ip6tables-restore.c \
+                            ip6tables-standalone.c ip6tables.c \
+                            xshared.c
+xtables_multi_CFLAGS      = ${AM_CFLAGS} -DIPTABLES_MULTI
+if ENABLE_STATIC
+xtables_multi_CFLAGS     += -DALL_INCLUSIVE
+endif
+xtables_multi_LDFLAGS     = -rdynamic
+xtables_multi_LDADD       = libiptc/libip4tc.la extensions/libext4.a \
+                            libiptc/libip6tc.la extensions/libext6.a \
+                            libxtables.la -lm
+
 sbin_PROGRAMS    =
 man_MANS         = iptables.8 iptables-restore.8 iptables-save.8 \
                    iptables-xml.8 ip6tables.8 ip6tables-restore.8 \
@@ -72,6 +87,11 @@ if ENABLE_IPV6
 sbin_PROGRAMS += ip6tables-multi
 v6_sbin_links  = ip6tables ip6tables-restore ip6tables-save
 endif
+if ENABLE_IPV4
+if ENABLE_IPV6
+sbin_PROGRAMS += xtables-multi
+endif
+endif
 
 iptables.8: ${srcdir}/iptables.8.in extensions/matches4.man extensions/targets4.man
 	${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches4.man' -e '/@TARGET@/ r extensions/targets4.man' $< >$@;
diff --git a/xtables-multi.c b/xtables-multi.c
new file mode 100644
index 0000000..61060d3
--- /dev/null
+++ b/xtables-multi.c
@@ -0,0 +1,22 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "xshared.h"
+#include "iptables-multi.h"
+#include "ip6tables-multi.h"
+
+static const struct subcommand multi_subcommands[] = {
+	{"iptables",          iptables_main},
+	{"iptables-save",     iptables_save_main},
+	{"iptables-restore",  iptables_restore_main},
+	{"iptables-xml",      iptables_xml_main},
+	{"ip6tables",         ip6tables_main},
+	{"ip6tables-save",    ip6tables_save_main},
+	{"ip6tables-restore", ip6tables_restore_main},
+	{NULL},
+};
+
+int main(int argc, char **argv)
+{
+	return subcmd_main(argc, argv, multi_subcommands);
+}
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] RFC - introduce xtables-multi

[Jan Engelhardt]

On Tuesday 2011-04-05 11:49, Maciej Żenczykowski wrote:

>From: Maciej Żenczykowski <maze@google.com>
>
>I'm posting this mostly to inspire discussion.
>
>I'd like to merge iptables-multi and ip6tables-multi
>into a single multi-purpose binary xtables-multi.
>
>I can think of a few ways to do this... any preferences?
>
>a) we delete iptables-multi and ip6tables-multi and only build xtables-multi
>which depending on whether we're including v4 and/or v6 has different capabilities
>unfortunately we lose support for 'iptables-multi save', since with 'xtables-multi save'
>it would not be clear whether ipv4 or ipv6 was meant

There is only one time when you want to use `iptables-multi save`, and 
that is when you are running it from within the object directory you 
just compiled. In a standard system, i.e. where iptables is in 
/usr/sbin, the symlinks will be used.

Since iptables/iptables-save/iptables-restore are currently symlinks to 
iptables-multi, and the action is determined by looking at argv[0],
changing iptables-multi into xtables-multi merely means augmenting the 
name checks. (/usr/sbin/)iptables-multi and ip6tables-multi can then 
simply be removed.

As for the in-object-dir build, just add recognition for a "save6" 
string.

>+	{"iptables",          iptables_main},
>+	{"iptables-save",     iptables_save_main},
>+	{"iptables-restore",  iptables_restore_main},
>+	{"iptables-xml",      iptables_xml_main},
>+	{"ip6tables",         ip6tables_main},
>+	{"ip6tables-save",    ip6tables_save_main},
>+	{"ip6tables-restore", ip6tables_restore_main},
>+	{NULL},

Just like this.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] combine ip6?tables-multi into xtables-multi

[Maciej Żenczykowski]

From: Maciej Żenczykowski <maze@google.com>

Signed-off-by: Maciej Zenczykowski <maze@google.com>
---
 .gitignore        |    3 +--
 Makefile.am       |   46 +++++++++++++++++++++++-----------------------
 ip6tables-multi.c |   20 --------------------
 iptables-multi.c  |   22 ----------------------
 xtables-multi.c   |   39 +++++++++++++++++++++++++++++++++++++++
 5 files changed, 63 insertions(+), 67 deletions(-)
 delete mode 100644 ip6tables-multi.c
 delete mode 100644 iptables-multi.c
 create mode 100644 xtables-multi.c

diff --git a/.gitignore b/.gitignore
index e5d3099..377339d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,14 +40,13 @@ Makefile.in
 
 /ip6tables
 /ip6tables.8
-/ip6tables-multi
 /ip6tables-save
 /ip6tables-restore
 /ip6tables-static
 /iptables
 /iptables.8
-/iptables-multi
 /iptables-save
 /iptables-restore
 /iptables-static
 /iptables-xml
+/xtables-multi
diff --git a/Makefile.am b/Makefile.am
index 866ac7e..7348a8a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -17,7 +17,7 @@ endif
 lib_LTLIBRARIES =
 
 # libiptc
-lib_LTLIBRARIES           += libiptc/libip4tc.la libiptc/libip6tc.la libiptc/libiptc.la
+lib_LTLIBRARIES            += libiptc/libip4tc.la libiptc/libip6tc.la libiptc/libiptc.la
 libiptc_libiptc_la_SOURCES  =
 libiptc_libiptc_la_LIBADD   = libiptc/libip4tc.la libiptc/libip6tc.la
 libiptc_libiptc_la_LDFLAGS  = -version-info 0:0:0 ${libiptc_LDFLAGS2}
@@ -37,39 +37,39 @@ libxtables_la_CFLAGS  = ${AM_CFLAGS} -DNO_SHARED_LIBS=1
 libxtables_la_LIBADD  =
 endif
 
-iptables_multi_SOURCES    = iptables-multi.c iptables-save.c \
-                            iptables-restore.c iptables-xml.c \
-                            iptables-standalone.c iptables.c xshared.c
-iptables_multi_CFLAGS     = ${AM_CFLAGS} -DIPTABLES_MULTI
+xtables_multi_SOURCES  = xtables-multi.c
+xtables_multi_CFLAGS   = ${AM_CFLAGS} -DIPTABLES_MULTI
+xtables_multi_LDFLAGS  = -rdynamic
+xtables_multi_LDADD    =
 if ENABLE_STATIC
-iptables_multi_CFLAGS    += -DALL_INCLUSIVE
+xtables_multi_CFLAGS  += -DALL_INCLUSIVE
 endif
-iptables_multi_LDFLAGS    = -rdynamic
-iptables_multi_LDADD      = libiptc/libip4tc.la extensions/libext4.a libxtables.la -lm
-
-ip6tables_multi_SOURCES   = ip6tables-multi.c ip6tables-save.c \
-                            ip6tables-restore.c ip6tables-standalone.c \
-                            ip6tables.c xshared.c
-ip6tables_multi_CFLAGS    = ${AM_CFLAGS} -DIPTABLES_MULTI
-if ENABLE_STATIC
-ip6tables_multi_CFLAGS   += -DALL_INCLUSIVE
+if ENABLE_IPV4
+xtables_multi_SOURCES += iptables-save.c iptables-restore.c iptables-xml.c \
+                         iptables-standalone.c iptables.c
+xtables_multi_CFLAGS  += -DENABLE_IPV4
+xtables_multi_LDADD   += libiptc/libip4tc.la extensions/libext4.a
+endif
+if ENABLE_IPV6
+xtables_multi_SOURCES += ip6tables-save.c ip6tables-restore.c \
+                          ip6tables-standalone.c ip6tables.c
+xtables_multi_CFLAGS  += -DENABLE_IPV6
+xtables_multi_LDADD   += libiptc/libip6tc.la extensions/libext6.a
 endif
-ip6tables_multi_LDFLAGS   = -rdynamic
-ip6tables_multi_LDADD     = libiptc/libip6tc.la extensions/libext6.a libxtables.la -lm
+xtables_multi_SOURCES += xshared.c
+xtables_multi_LDADD   += libxtables.la -lm
 
-sbin_PROGRAMS    =
+sbin_PROGRAMS    = xtables-multi
 man_MANS         = iptables.8 iptables-restore.8 iptables-save.8 \
                    iptables-xml.8 ip6tables.8 ip6tables-restore.8 \
                    ip6tables-save.8
 CLEANFILES       = iptables.8 ip6tables.8
 
 if ENABLE_IPV4
-sbin_PROGRAMS += iptables-multi
 v4_bin_links   = iptables-xml
 v4_sbin_links  = iptables iptables-restore iptables-save
 endif
 if ENABLE_IPV6
-sbin_PROGRAMS += ip6tables-multi
 v6_sbin_links  = ip6tables ip6tables-restore ip6tables-save
 endif
 
@@ -96,9 +96,9 @@ config.status: extensions/GNUmakefile.in \
 install-exec-hook:
 	-if test -z "${DESTDIR}"; then /sbin/ldconfig; fi;
 	${INSTALL} -dm0755 "${DESTDIR}${bindir}";
-	for i in ${v4_bin_links}; do ${LN_S} -f "${sbindir}/iptables-multi" "${DESTDIR}${bindir}/$$i"; done;
-	for i in ${v4_sbin_links}; do ${LN_S} -f iptables-multi "${DESTDIR}${sbindir}/$$i"; done;
-	for i in ${v6_sbin_links}; do ${LN_S} -f ip6tables-multi "${DESTDIR}${sbindir}/$$i"; done;
+	for i in ${v4_bin_links}; do ${LN_S} -f "${sbindir}/xtables-multi" "${DESTDIR}${bindir}/$$i"; done;
+	for i in ${v4_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
+	for i in ${v6_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
 
 gitclean: distclean
 	rm -f Makefile.in aclocal.m4 compile config.guess config.h.in config.h.in~ config.sub configure depcomp include/Makefile.in install-sh libipq/Makefile.in ltmain.sh missing utils/Makefile.in;
diff --git a/ip6tables-multi.c b/ip6tables-multi.c
deleted file mode 100644
index 40ce37b..0000000
--- a/ip6tables-multi.c
+++ /dev/null
@@ -1,20 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "xshared.h"
-#include "ip6tables-multi.h"
-
-static const struct subcommand multi6_subcommands[] = {
-	{"ip6tables",         ip6tables_main},
-	{"main",              ip6tables_main},
-	{"ip6tables-save",    ip6tables_save_main},
-	{"save",              ip6tables_save_main},
-	{"ip6tables-restore", ip6tables_restore_main},
-	{"restore",           ip6tables_restore_main},
-	{NULL},
-};
-
-int main(int argc, char **argv)
-{
-	return subcmd_main(argc, argv, multi6_subcommands);
-}
diff --git a/iptables-multi.c b/iptables-multi.c
deleted file mode 100644
index 14579e0..0000000
--- a/iptables-multi.c
+++ /dev/null
@@ -1,22 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "xshared.h"
-#include "iptables-multi.h"
-
-static const struct subcommand multi4_subcommands[] = {
-	{"iptables",         iptables_main},
-	{"main",             iptables_main},
-	{"iptables-save",    iptables_save_main},
-	{"save",             iptables_save_main},
-	{"iptables-restore", iptables_restore_main},
-	{"restore",          iptables_restore_main},
-	{"iptables-xml",     iptables_xml_main},
-	{"xml",              iptables_xml_main},
-	{NULL},
-};
-
-int main(int argc, char **argv)
-{
-	return subcmd_main(argc, argv, multi4_subcommands);
-}
diff --git a/xtables-multi.c b/xtables-multi.c
new file mode 100644
index 0000000..c712b2a
--- /dev/null
+++ b/xtables-multi.c
@@ -0,0 +1,39 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "xshared.h"
+
+#ifdef ENABLE_IPV4
+#include "iptables-multi.h"
+#endif
+
+#ifdef ENABLE_IPV6
+#include "ip6tables-multi.h"
+#endif
+
+static const struct subcommand multi_subcommands[] = {
+#ifdef ENABLE_IPV4
+	{"iptables",          iptables_main},
+	{"main4",             iptables_main},
+	{"iptables-save",     iptables_save_main},
+	{"save4",             iptables_save_main},
+	{"iptables-restore",  iptables_restore_main},
+	{"restore4",          iptables_restore_main},
+	{"iptables-xml",      iptables_xml_main},
+	{"xml4",              iptables_xml_main},
+#endif
+#ifdef ENABLE_IPV6
+	{"ip6tables",         ip6tables_main},
+	{"main6",             ip6tables_main},
+	{"ip6tables-save",    ip6tables_save_main},
+	{"save6",             ip6tables_save_main},
+	{"ip6tables-restore", ip6tables_restore_main},
+	{"restore6",          ip6tables_restore_main},
+#endif
+	{NULL},
+};
+
+int main(int argc, char **argv)
+{
+	return subcmd_main(argc, argv, multi_subcommands);
+}
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html