From: Peter Warasin <peter@endian.com>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 3/3] iptables-edit: introduces iptables-edit cli tool
Date: Wed, 07 Nov 2007 01:22:43 +0100 [thread overview]
Message-ID: <47310553.1030907@endian.com> (raw)
In-Reply-To: <472FB195.6090202@trash.net>
[-- Attachment #1: Type: text/plain, Size: 298 bytes --]
Hi Patrick
Patrick McHardy wrote:
> The patch has some stylistic problems, see below for a few details.
> I suggest to run it through Lindent.
Fixed it.
Thank's for the advice
peter
--
:: e n d i a n
:: open source - open minds
:: peter warasin
:: http://www.endian.com :: peter@endian.com
[-- Attachment #2: iptables-edit-p3.patch --]
[-- Type: text/x-patch, Size: 9811 bytes --]
introduces the iptables-edit command line tool
Signed-off-by: Peter Warasin <peter@endian.com>
---
Makefile | 19 +++-
iptables-edit.c | 259 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
iptables-multi.c | 4
3 files changed, 279 insertions(+), 3 deletions(-)
Index: iptables-multi.c
===================================================================
--- iptables-multi.c.orig 2007-11-06 22:24:50.000000000 +0100
+++ iptables-multi.c 2007-11-06 22:25:09.000000000 +0100
@@ -6,6 +6,7 @@
int iptables_main(int argc, char **argv);
int iptables_save_main(int argc, char **argv);
int iptables_restore_main(int argc, char **argv);
+int iptables_edit_main(int argc, char **argv);
int iptables_xml_main(int argc, char **argv);
int main(int argc, char **argv) {
@@ -28,6 +29,9 @@
if (!strcmp(progname, "iptables-xml"))
return iptables_xml_main(argc, argv);
+
+ if (!strcmp(progname, "iptables-edit"))
+ return iptables_edit_main(argc, argv);
fprintf(stderr, "iptables multi-purpose version: unknown applet name %s\n", progname);
exit(1);
Index: iptables-edit.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ iptables-edit.c 2007-11-07 01:20:06.000000000 +0100
@@ -0,0 +1,269 @@
+/* Code to apply iptables rules on an iptables dump file generated by iptables-save. */
+/* (C) 2007 by Peter Warasin <peter@endian.com>
+ * based on previous code from Rusty Russell <rusty@linuxcare.com.au>
+ * and Harald Welte <laforge@gnumonks.org>
+ *
+ * This code is distributed under the terms of GNU GPL v2
+ *
+ */
+#include <getopt.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "libiptc/libiptc.h"
+#include "iptables.h"
+#include "iptables-dump.h"
+
+int binary = 0, counters = 0, verbose = 0;
+char *modprobeparam = 0;
+char *dumpfile = 0;
+int commandargc = 0;
+char *commandargv[255];
+
+static struct option options[] = {
+ {"binary", 0, NULL, 'b'},
+ {"counters", 0, NULL, 'c'},
+ {"verbose", 0, NULL, 'v'},
+ {"help", 0, NULL, 'h'},
+ {"modprobe", 1, NULL, 'M'},
+ {"dump-file", 0, NULL, 'i'},
+ {0}
+};
+
+struct handle_list_t {
+ char tablename[IPT_TABLE_MAXNAMELEN + 1];
+ iptc_handle_t handle;
+ struct handle_list_t *next;
+};
+struct handle_list_t *table_handles = NULL;
+
+static void print_usage(const char *name, const char *version)
+ __attribute__ ((noreturn));
+
+static void print_usage(const char *name, const char *version)
+{
+ fprintf(stderr, "Usage: %s [-b] [-c] [-v] [-h] [-M] <-i>\n"
+ " [ --binary ]\n"
+ " [ --counters ]\n"
+ " [ --verbose ]\n"
+ " [ --help ]\n"
+ " [ --modprobe=<command>]\n"
+ " [ --dump-file=<DUMPFILE>]\n", name);
+ exit(1);
+}
+
+void add_handle(const char *tablename, iptc_handle_t handle)
+{
+ struct handle_list_t *tmp;
+ tmp = (struct handle_list_t *)malloc(sizeof(struct handle_list_t));
+ strncpy(tmp->tablename, tablename, IPT_TABLE_MAXNAMELEN);
+ tmp->tablename[IPT_TABLE_MAXNAMELEN] = '\0';
+ tmp->handle = handle;
+ tmp->next = table_handles;
+ table_handles = tmp;
+}
+
+iptc_handle_t get_handle(const char *tablename)
+{
+ iptc_handle_t handle;
+ struct handle_list_t *i;
+ if (tablename == NULL)
+ return NULL;
+ for (i = table_handles; i; i = i->next) {
+ if (!i)
+ break;
+ if (strcmp(i->tablename, tablename) == 0)
+ return i->handle;
+ }
+
+ handle = iptc_init(tablename);
+ add_handle(tablename, handle);
+ return handle;
+}
+
+static int for_each_table(int (*func) (const char *tablename))
+{
+ int ret = 1;
+ FILE *procfile;
+ char tablename[IPT_TABLE_MAXNAMELEN + 1];
+
+ procfile = fopen("/proc/net/ip_tables_names", "r");
+ if (!procfile)
+ return 0;
+
+ while (fgets(tablename, sizeof(tablename), procfile)) {
+ if (tablename[strlen(tablename) - 1] != '\n')
+ exit_error(OTHER_PROBLEM,
+ "Badly formed tablename `%s'\n", tablename);
+ tablename[strlen(tablename) - 1] = '\0';
+ ret &= func(tablename);
+ }
+
+ return ret;
+}
+
+int restore_from_file(const char *tablename)
+{
+ iptc_handle_t handle = get_handle(tablename);
+ if (verbose)
+ fprintf(stderr, "Restoring table '%s'\n", tablename);
+ if (!handle) {
+ fprintf(stderr,
+ "Could not get netfilter handle for table '%s' while restoring\n",
+ tablename);
+ return 0;
+ }
+ return restore_dump(tablename, handle, modprobeparam, dumpfile, binary,
+ counters, verbose, 0, 1);
+}
+
+int save_handles(const char *tablename)
+{
+ iptc_handle_t handle = get_handle(tablename);
+ if (verbose)
+ fprintf(stderr, "Saving table '%s'\n", tablename);
+ if (!handle) {
+ fprintf(stderr,
+ "Could not get netfilter handle for table '%s' while saving\n",
+ tablename);
+ return 0;
+ }
+ return create_dump(tablename, handle, binary, counters);
+}
+
+/* function adding one argument to newargv, updating newargc
+ * returns true if argument added, false otherwise */
+static int add_argv(char *what)
+{
+ if (what && ((commandargc + 1) < sizeof(commandargv) / sizeof(char *))) {
+ commandargv[commandargc] = strdup(what);
+ commandargc++;
+ return 1;
+ } else
+ return 0;
+}
+
+static void free_argv(void)
+{
+ int i;
+
+ for (i = 0; i < commandargc; i++) {
+ free(commandargv[i]);
+ commandargv[i] = NULL;
+ }
+ commandargc = 0;
+}
+
+#ifdef IPTABLES_MULTI
+int iptables_edit_main(int argc, char *argv[])
+#else
+int main(int argc, char *argv[])
+#endif
+{
+ int c;
+ int ret = 0;
+ char buffer[10240];
+ int i = 0;
+
+ program_name = "iptables";
+ program_version = IPTABLES_VERSION;
+
+ lib_dir = getenv("IPTABLES_LIB_DIR");
+ if (!lib_dir)
+ lib_dir = IPT_LIB_DIR;
+
+#ifdef NO_SHARED_LIBS
+ init_extensions();
+#endif
+
+ while ((c = getopt_long(argc, argv, "bcvhM:i:", options, NULL)) != -1) {
+ switch (c) {
+ case 'b':
+ binary = 1;
+ break;
+ case 'c':
+ counters = 1;
+ break;
+ case 'v':
+ verbose = 1;
+ break;
+ case 'h':
+ print_usage("iptables-edit", IPTABLES_VERSION);
+ break;
+ case 'M':
+ modprobeparam = optarg;
+ break;
+ case 'i':
+ dumpfile = optarg;
+ break;
+ }
+ }
+
+ if (optind < argc) {
+ fprintf(stderr, "Unknown arguments found on commandline\n");
+ exit(1);
+ }
+
+ if (!dumpfile) {
+ fprintf(stderr, "No dump file (-i) specified!\n");
+ exit(1);
+ }
+
+ if ((ret = for_each_table(restore_from_file)) != 0)
+ return ret;
+
+ if (verbose)
+ fprintf(stderr, "Accept commands\n");
+
+ /* Grab standard input. */
+ while (fgets(buffer, sizeof(buffer), stdin)) {
+ char *token;
+ iptc_handle_t handle;
+ char *thistable = "filter";
+
+ i++;
+ buffer[strlen(buffer) - 1] = '\0';
+ if (buffer[0] == '#')
+ continue;
+ if (verbose)
+ fprintf(stderr, "Line %d: Process command '%s'\n", i,
+ buffer);
+
+ if ((token = strtok(buffer, " \t\n")) == NULL)
+ continue;
+ free_argv();
+ add_argv(token);
+ while ((token = strtok(NULL, " \t\n")) != NULL) {
+ add_argv(token);
+ }
+
+ if ((commandargv[1] != NULL)
+ && strcmp(commandargv[1], "-t") == 0) {
+ if (commandargv[2] == NULL) {
+ fprintf(stderr,
+ "Line %d: -t parameter needs an argument!\n",
+ i);
+ return 1;
+ }
+ thistable = commandargv[2];
+ }
+
+ handle = get_handle(thistable);
+ if (handle == NULL) {
+ fprintf(stderr,
+ "Line %d: Could not get netfilter handle for table '%s' while performing command\n",
+ i, thistable);
+ return 1;
+ }
+
+ if (!do_command(commandargc, commandargv, &thistable, &handle)) {
+
+ fprintf(stderr, "Line %d: Command failed: %s\n", i,
+ iptc_strerror(errno));
+ return 1;
+ }
+ }
+
+ return !for_each_table(save_handles);
+}
Index: Makefile
===================================================================
--- Makefile.orig 2007-11-06 22:24:50.000000000 +0100
+++ Makefile 2007-11-06 22:25:09.000000000 +0100
@@ -54,9 +54,9 @@
# No longer experimental.
ifneq ($(DO_MULTI), 1)
-EXTRAS+=iptables-save iptables-restore iptables-xml
+EXTRAS+=iptables-save iptables-restore iptables-xml iptables-edit
endif
-EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(BINDIR)/iptables-xml $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8
+EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(BINDIR)/iptables-xml $(DESTDIR)$(BINDIR)/iptables-edit $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8
ifeq ($(DO_IPV6), 1)
EXTRAS+=ip6tables ip6tables.o ip6tables.8
@@ -109,7 +109,7 @@
$(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $<
ifeq ($(DO_MULTI), 1)
-iptables: iptables-multi.c iptables-save.c iptables-restore.c iptables-xml.c iptables-standalone.c iptables.o xtables.o iptables-dump.o $(STATIC_LIBS) libiptc/libiptc.a
+iptables: iptables-multi.c iptables-save.c iptables-restore.c iptables-xml.c iptables-edit.c iptables-standalone.c iptables.o xtables.o iptables-dump.o $(STATIC_LIBS) libiptc/libiptc.a
$(CC) $(CFLAGS) -DIPTABLES_MULTI -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
else
iptables: iptables-standalone.c iptables.o xtables.o $(STATIC_LIBS) libiptc/libiptc.a
@@ -159,6 +159,19 @@
cp $< $@
endif
+iptables-edit: iptables-edit.c iptables.o xtables.o iptables-dump.o $(STATIC_LIBS) libiptc/libiptc.a
+ $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+ifeq ($(DO_MULTI), 1)
+$(DESTDIR)$(BINDIR)/iptables-edit: iptables
+ @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
+ ln -sf $< $@
+else
+$(DESTDIR)$(BINDIR)/iptables-edit: iptables-edit
+ @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
+ cp $< $@
+endif
+
ip6tables.o: ip6tables.c
$(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $<
[-- Attachment #3: peter.vcf --]
[-- Type: text/x-vcard, Size: 279 bytes --]
begin:vcard
fn:Peter Warasin
n:;Peter Warasin
org:Endian GmbH/Srl
adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia
email;internet:peter@endian.com
tel;work:+39 0471 631763
tel;fax:+39 0471 631764
x-mozilla-html:FALSE
url:http://www.endian.com
version:2.1
end:vcard
next prev parent reply other threads:[~2007-11-07 0:22 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-05 0:14 [PATCH 3/3] iptables-edit: introduces iptables-edit cli tool Peter Warasin
2007-11-06 0:13 ` Patrick McHardy
2007-11-07 0:22 ` Peter Warasin [this message]
2007-11-07 10:56 ` Jan Engelhardt
2007-11-07 20:55 ` Peter Warasin
-- strict thread matches above, loose matches on Subject: below --
2007-10-20 0:57 Peter Warasin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47310553.1030907@endian.com \
--to=peter@endian.com \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).