libxtables: prefix names and order it #1

libxtables: prefix names and order it #1

[Jan Engelhardt]

As previously mentioned, libxtables needs some goodtime cleanup first.
Now let me throw patches (unspecified number as of yet) at it-


---8<---
parent ea268e19a8b820cce4bab3318e656efa51134487 (v1.4.3-rc1-22-gea268e1)
commit d6c2522895ff2906cd905bd2ef728bf388bdaa77
Author: Jan Engelhardt <jengelh@medozas.de>
Date:   Tue Jan 27 14:58:41 2009 +0100

libxtables: prefix names and order it #1

It is good practice to prefix names in a library some way so that
it does not clash with external programs' variable names right
on the first try.

This change: rename fw_[cm]alloc to xtables_[cm]alloc and
move the definition from internal.h to xtables.h to avoid
potential compiler warnings.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 Makefile.am                |    2 +-
 include/xtables.h.in       |    3 +++
 include/xtables/internal.h |    3 ---
 ip6tables.c                |   14 +++++++-------
 iptables.c                 |   14 +++++++-------
 xtables.c                  |   19 +++++++++++--------
 6 files changed, 29 insertions(+), 26 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 4852d2a..83ab3bb 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -14,7 +14,7 @@ libiptc_libiptc_a_SOURCES = libiptc/libip4tc.c libiptc/libip6tc.c
 
 lib_LTLIBRARIES       = libxtables.la
 libxtables_la_SOURCES = xtables.c
-libxtables_la_LDFLAGS = -version 0:0:0
+libxtables_la_LDFLAGS = -version-info 1:0:0
 
 # iptables, dynamic
 iptables_SOURCES          = iptables-standalone.c iptables.c
diff --git a/include/xtables.h.in b/include/xtables.h.in
index 8327c42..e63d171 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -140,6 +140,9 @@ struct xtables_target
 #endif
 };
 
+extern void *xtables_calloc(size_t, size_t);
+extern void *xtables_malloc(size_t);
+
 /* Your shared library should call one of these. */
 extern void xtables_register_match(struct xtables_match *me);
 extern void xtables_register_target(struct xtables_target *me);
diff --git a/include/xtables/internal.h b/include/xtables/internal.h
index 24a5078..6b78d3a 100644
--- a/include/xtables/internal.h
+++ b/include/xtables/internal.h
@@ -43,9 +43,6 @@ struct xtables_rule_match {
 
 extern char *lib_dir;
 
-extern void *fw_calloc(size_t count, size_t size);
-extern void *fw_malloc(size_t size);
-
 extern const char *modprobe_program;
 extern int xtables_insmod(const char *modname, const char *modprobe, int quiet);
 extern int load_xtables_ko(const char *modprobe, int quiet);
diff --git a/ip6tables.c b/ip6tables.c
index 3c45c07..59c1011 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -939,7 +939,7 @@ make_delete_mask(struct ip6t_entry *fw, struct ip6tables_rule_match *matches)
 	for (matchp = matches; matchp; matchp = matchp->next)
 		size += IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + matchp->match->size;
 
-	mask = fw_calloc(1, size
+	mask = xtables_calloc(1, size
 			 + IP6T_ALIGN(sizeof(struct ip6t_entry_target))
 			 + xtables_targets->size);
 
@@ -1005,7 +1005,7 @@ for_each_chain(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *),
 		chain = ip6tc_next_chain(handle);
 	}
 
-	chains = fw_malloc(sizeof(ip6t_chainlabel) * chaincount);
+	chains = xtables_malloc(sizeof(ip6t_chainlabel) * chaincount);
 	i = 0;
 	chain = ip6tc_first_chain(handle);
 	while (chain) {
@@ -1371,7 +1371,7 @@ generate_entry(const struct ip6t_entry *fw,
 	for (matchp = matches; matchp; matchp = matchp->next)
 		size += matchp->match->m->u.match_size;
 
-	e = fw_malloc(size + target->u.target_size);
+	e = xtables_malloc(size + target->u.target_size);
 	*e = *fw;
 	e->target_offset = size;
 	e->next_offset = size + target->u.target_size;
@@ -1674,7 +1674,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 				size = IP6T_ALIGN(sizeof(struct ip6t_entry_target))
 					+ target->size;
 
-				target->t = fw_calloc(1, size);
+				target->t = xtables_calloc(1, size);
 				target->t->u.target_size = size;
 				strcpy(target->t->u.user.name, jumpto);
 				set_revision(target->t->u.user.name,
@@ -1726,7 +1726,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 			m = find_match(optarg, LOAD_MUST_SUCCEED, &matches);
 			size = IP6T_ALIGN(sizeof(struct ip6t_entry_match))
 					 + m->size;
-			m->m = fw_calloc(1, size);
+			m->m = xtables_calloc(1, size);
 			m->m->u.match_size = size;
 			strcpy(m->m->u.user.name, m->name);
 			set_revision(m->m->u.user.name, m->revision);
@@ -1873,7 +1873,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 					size = IP6T_ALIGN(sizeof(struct ip6t_entry_match))
 							 + m->size;
 
-					m->m = fw_calloc(1, size);
+					m->m = xtables_calloc(1, size);
 					m->m->u.match_size = size;
 					strcpy(m->m->u.user.name, m->name);
 					set_revision(m->m->u.user.name,
@@ -2022,7 +2022,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 
 			size = sizeof(struct ip6t_entry_target)
 				+ target->size;
-			target->t = fw_calloc(1, size);
+			target->t = xtables_calloc(1, size);
 			target->t->u.target_size = size;
 			strcpy(target->t->u.user.name, jumpto);
 			if (target->init != NULL)
diff --git a/iptables.c b/iptables.c
index b75df87..0b7edd8 100644
--- a/iptables.c
+++ b/iptables.c
@@ -932,7 +932,7 @@ make_delete_mask(struct ipt_entry *fw, struct iptables_rule_match *matches)
 	for (matchp = matches; matchp; matchp = matchp->next)
 		size += IPT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size;
 
-	mask = fw_calloc(1, size
+	mask = xtables_calloc(1, size
 			 + IPT_ALIGN(sizeof(struct ipt_entry_target))
 			 + xtables_targets->size);
 
@@ -998,7 +998,7 @@ for_each_chain(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
 		chain = iptc_next_chain(handle);
         }
 
-	chains = fw_malloc(sizeof(ipt_chainlabel) * chaincount);
+	chains = xtables_malloc(sizeof(ipt_chainlabel) * chaincount);
 	i = 0;
 	chain = iptc_first_chain(handle);
 	while (chain) {
@@ -1370,7 +1370,7 @@ generate_entry(const struct ipt_entry *fw,
 	for (matchp = matches; matchp; matchp = matchp->next)
 		size += matchp->match->m->u.match_size;
 
-	e = fw_malloc(size + target->u.target_size);
+	e = xtables_malloc(size + target->u.target_size);
 	*e = *fw;
 	e->target_offset = size;
 	e->next_offset = size + target->u.target_size;
@@ -1679,7 +1679,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 				size = IPT_ALIGN(sizeof(struct ipt_entry_target))
 					+ target->size;
 
-				target->t = fw_calloc(1, size);
+				target->t = xtables_calloc(1, size);
 				target->t->u.target_size = size;
 				strcpy(target->t->u.user.name, jumpto);
 				set_revision(target->t->u.user.name,
@@ -1737,7 +1737,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 			m = find_match(optarg, LOAD_MUST_SUCCEED, &matches);
 			size = IPT_ALIGN(sizeof(struct ipt_entry_match))
 					 + m->size;
-			m->m = fw_calloc(1, size);
+			m->m = xtables_calloc(1, size);
 			m->m->u.match_size = size;
 			strcpy(m->m->u.user.name, m->name);
 			set_revision(m->m->u.user.name, m->revision);
@@ -1891,7 +1891,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 					size = IPT_ALIGN(sizeof(struct ipt_entry_match))
 							 + m->size;
 
-					m->m = fw_calloc(1, size);
+					m->m = xtables_calloc(1, size);
 					m->m->u.match_size = size;
 					strcpy(m->m->u.user.name, m->name);
 					set_revision(m->m->u.user.name,
@@ -2051,7 +2051,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 
 			size = sizeof(struct ipt_entry_target)
 				+ target->size;
-			target->t = fw_calloc(1, size);
+			target->t = xtables_calloc(1, size);
 			target->t->u.target_size = size;
 			strcpy(target->t->u.user.name, jumpto);
 			if (!iptc_is_chain(jumpto, *handle))
diff --git a/xtables.c b/xtables.c
index abdd283..83c72ee 100644
--- a/xtables.c
+++ b/xtables.c
@@ -53,7 +53,10 @@ const char *modprobe_program = NULL;
 struct xtables_match *xtables_matches;
 struct xtables_target *xtables_targets;
 
-void *fw_calloc(size_t count, size_t size)
+/**
+ * xtables_*alloc - wrappers that exit on failure
+ */
+void *xtables_calloc(size_t count, size_t size)
 {
 	void *p;
 
@@ -65,7 +68,7 @@ void *fw_calloc(size_t count, size_t size)
 	return p;
 }
 
-void *fw_malloc(size_t size)
+void *xtables_malloc(size_t size)
 {
 	void *p;
 
@@ -379,7 +382,7 @@ struct xtables_match *find_match(const char *name, enum xt_tryload tryload,
 				break;
 
 			/* Second and subsequent clones */
-			clone = fw_malloc(sizeof(struct xtables_match));
+			clone = xtables_malloc(sizeof(struct xtables_match));
 			memcpy(clone, ptr, sizeof(struct xtables_match));
 			clone->mflags = 0;
 			/* This is a clone: */
@@ -416,7 +419,7 @@ struct xtables_match *find_match(const char *name, enum xt_tryload tryload,
 		struct xtables_rule_match **i;
 		struct xtables_rule_match *newentry;
 
-		newentry = fw_malloc(sizeof(struct xtables_rule_match));
+		newentry = xtables_malloc(sizeof(struct xtables_rule_match));
 
 		for (i = matches; *i; i = &(*i)->next) {
 			if (strcmp(name, (*i)->match->name) == 0)
@@ -876,7 +879,7 @@ static struct in_addr *host_to_ipaddr(const char *name, unsigned int *naddr)
 
 		while (host->h_addr_list[*naddr] != NULL)
 			++*naddr;
-		addr = fw_calloc(*naddr, sizeof(struct in_addr) * *naddr);
+		addr = xtables_calloc(*naddr, sizeof(struct in_addr) * *naddr);
 		for (i = 0; i < *naddr; i++)
 			memcpy(&addr[i], host->h_addr_list[i],
 			       sizeof(struct in_addr));
@@ -893,7 +896,7 @@ ipparse_hostnetwork(const char *name, unsigned int *naddrs)
 
 	if ((addrptmp = numeric_to_ipaddr(name)) != NULL ||
 	    (addrptmp = network_to_ipaddr(name)) != NULL) {
-		addrp = fw_malloc(sizeof(struct in_addr));
+		addrp = xtables_malloc(sizeof(struct in_addr));
 		memcpy(addrp, addrptmp, sizeof(*addrp));
 		*naddrs = 1;
 		return addrp;
@@ -1089,7 +1092,7 @@ host_to_ip6addr(const char *name, unsigned int *naddr)
 		        ip6addr_to_numeric(&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr));
 #endif
 		/* Get the first element of the address-chain */
-		addr = fw_malloc(sizeof(struct in6_addr));
+		addr = xtables_malloc(sizeof(struct in6_addr));
 		memcpy(addr, &((const struct sockaddr_in6 *)res->ai_addr)->sin6_addr,
 		       sizeof(struct in6_addr));
 		freeaddrinfo(res);
@@ -1115,7 +1118,7 @@ ip6parse_hostnetwork(const char *name, unsigned int *naddrs)
 
 	if ((addrptmp = numeric_to_ip6addr(name)) != NULL ||
 	    (addrptmp = network_to_ip6addr(name)) != NULL) {
-		addrp = fw_malloc(sizeof(struct in6_addr));
+		addrp = xtables_malloc(sizeof(struct in6_addr));
 		memcpy(addrp, addrptmp, sizeof(*addrp));
 		*naddrs = 1;
 		return addrp;
-- 
# Created with git-export-patch

libxtables: prefix names and order it #2

[Jan Engelhardt]

parent d6c2522895ff2906cd905bd2ef728bf388bdaa77 (v1.4.3-rc1-23-gd6c2522)
commit 8759aeb8e8531f26df72ee15fbcab921ca4f361f
Author: Jan Engelhardt <jengelh@medozas.de>
Date:   Tue Jan 27 15:10:05 2009 +0100

libxtables: prefix names and order it #2

This change affects:
	load_xtables_ko -> xtables_load_ko
	modprobe_program -> xtables_modprobe_program
Now uses bool for the "quiet" flag.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/xtables.h.in       |    5 +++++
 include/xtables/internal.h |    4 ----
 ip6tables-restore.c        |    5 +++--
 ip6tables.c                |    5 +++--
 iptables-restore.c         |    5 +++--
 iptables.c                 |    5 +++--
 xtables.c                  |   10 +++++-----
 7 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/include/xtables.h.in b/include/xtables.h.in
index e63d171..2512d79 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -140,9 +140,14 @@ struct xtables_target
 #endif
 };
 
+extern const char *xtables_modprobe_program;
+
 extern void *xtables_calloc(size_t, size_t);
 extern void *xtables_malloc(size_t);
 
+extern int xtables_insmod(const char *, const char *, bool);
+extern int xtables_load_ko(const char *, bool);
+
 /* Your shared library should call one of these. */
 extern void xtables_register_match(struct xtables_match *me);
 extern void xtables_register_target(struct xtables_target *me);
diff --git a/include/xtables/internal.h b/include/xtables/internal.h
index 6b78d3a..62fe2ed 100644
--- a/include/xtables/internal.h
+++ b/include/xtables/internal.h
@@ -43,10 +43,6 @@ struct xtables_rule_match {
 
 extern char *lib_dir;
 
-extern const char *modprobe_program;
-extern int xtables_insmod(const char *modname, const char *modprobe, int quiet);
-extern int load_xtables_ko(const char *modprobe, int quiet);
-
 /* This is decleared in ip[6]tables.c */
 extern struct afinfo afinfo;
 
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index a84c2e3..097711f 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -12,6 +12,7 @@
 
 #include <getopt.h>
 #include <sys/errno.h>
+#include <stdbool.h>
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -64,7 +65,7 @@ static struct ip6tc_handle *create_handle(const char *tablename)
 
 	if (!handle) {
 		/* try to insmod the module if iptc_init failed */
-		load_xtables_ko(modprobe_program, 0);
+		xtables_load_ko(xtables_modprobe_program, false);
 		handle = ip6tc_init(tablename);
 	}
 
@@ -165,7 +166,7 @@ int main(int argc, char *argv[])
 				noflush = 1;
 				break;
 			case 'M':
-				modprobe_program = optarg;
+				xtables_modprobe_program = optarg;
 				break;
 		}
 	}
diff --git a/ip6tables.c b/ip6tables.c
index 59c1011..580a644 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -33,6 +33,7 @@
 #include <stdlib.h>
 #include <ctype.h>
 #include <stdarg.h>
+#include <stdbool.h>
 #include <limits.h>
 #include <ip6tables.h>
 #include <xtables.h>
@@ -1769,7 +1770,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 			break;
 
 		case 'M':
-			modprobe_program = optarg;
+			xtables_modprobe_program = optarg;
 			break;
 
 		case 'c':
@@ -1967,7 +1968,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 		*handle = ip6tc_init(*table);
 
 	/* try to insmod the module if iptc_init failed */
-	if (!*handle && load_xtables_ko(modprobe_program, 0) != -1)
+	if (!*handle && xtables_load_ko(xtables_modprobe_program, false) != -1)
 		*handle = ip6tc_init(*table);
 
 	if (!*handle)
diff --git a/iptables-restore.c b/iptables-restore.c
index 7cc6d6d..3fbc908 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -9,6 +9,7 @@
 
 #include <getopt.h>
 #include <sys/errno.h>
+#include <stdbool.h>
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -63,7 +64,7 @@ static struct iptc_handle *create_handle(const char *tablename)
 
 	if (!handle) {
 		/* try to insmod the module if iptc_init failed */
-		load_xtables_ko(modprobe_program, 0);
+		xtables_load_ko(xtables_modprobe_program, false);
 		handle = iptc_init(tablename);
 	}
 
@@ -167,7 +168,7 @@ main(int argc, char *argv[])
 				noflush = 1;
 				break;
 			case 'M':
-				modprobe_program = optarg;
+				xtables_modprobe_program = optarg;
 				break;
 			case 'T':
 				tablename = optarg;
diff --git a/iptables.c b/iptables.c
index 0b7edd8..61e7aab 100644
--- a/iptables.c
+++ b/iptables.c
@@ -29,6 +29,7 @@
 #include <string.h>
 #include <netdb.h>
 #include <errno.h>
+#include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <ctype.h>
@@ -1786,7 +1787,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 			break;
 
 		case 'M':
-			modprobe_program = optarg;
+			xtables_modprobe_program = optarg;
 			break;
 
 		case 'c':
@@ -1996,7 +1997,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 		*handle = iptc_init(*table);
 
 	/* try to insmod the module if iptc_init failed */
-	if (!*handle && load_xtables_ko(modprobe_program, 0) != -1)
+	if (!*handle && xtables_load_ko(xtables_modprobe_program, false) != -1)
 		*handle = iptc_init(*table);
 
 	if (!*handle)
diff --git a/xtables.c b/xtables.c
index 83c72ee..94ea764 100644
--- a/xtables.c
+++ b/xtables.c
@@ -47,7 +47,7 @@
 char *lib_dir;
 
 /* the path to command to load kernel module */
-const char *modprobe_program = NULL;
+const char *xtables_modprobe_program;
 
 /* Keeping track of external matches and targets: linked lists.  */
 struct xtables_match *xtables_matches;
@@ -108,7 +108,7 @@ static char *get_modprobe(void)
 	return NULL;
 }
 
-int xtables_insmod(const char *modname, const char *modprobe, int quiet)
+int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
 {
 	char *buf = NULL;
 	char *argv[4];
@@ -150,9 +150,9 @@ int xtables_insmod(const char *modname, const char *modprobe, int quiet)
 	return -1;
 }
 
-int load_xtables_ko(const char *modprobe, int quiet)
+int xtables_load_ko(const char *modprobe, bool quiet)
 {
-	static int loaded = 0;
+	static bool loaded = false;
 	static int ret = -1;
 
 	if (!loaded) {
@@ -502,7 +502,7 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
 		exit(1);
 	}
 
-	load_xtables_ko(modprobe_program, 1);
+	xtables_load_ko(xtables_modprobe_program, true);
 
 	strcpy(rev.name, name);
 	rev.revision = revision;
-- 
# Created with git-export-patch

Re: libxtables: prefix names and order it #1

[jamal]

On Tue, 2009-01-27 at 15:01 +0100, Jan Engelhardt wrote:
> As previously mentioned, libxtables needs some goodtime cleanup first.
> Now let me throw patches (unspecified number as of yet) at it-

Ok, no problem - let me know when you are done.


cheers,
jamal

libxtables: prefix names and order #3

[Jan Engelhardt]

parent 8759aeb8e8531f26df72ee15fbcab921ca4f361f (v1.4.3-rc1-24-g8759aeb)
commit 1ec3f7612119d65d26d2774414ee92fdabec214a
Author: Jan Engelhardt <jengelh@medozas.de>
Date:   Tue Jan 27 15:23:01 2009 +0100

libxtables: prefix names and order #3

This change affects:
	find_{match,target} -> xtables_find_{match,target}
	enum xt_tryload -> enum xtables_tryload
	loose flags like DONT_LOAD -> XTF_DONT_LOAD

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/xtables.h.in       |   22 +++++++++++++++++
 include/xtables/internal.h |   23 ------------------
 ip6tables.c                |   45 ++++++++++++++++++++----------------
 iptables.c                 |   45 ++++++++++++++++++++----------------
 xtables.c                  |   41 +++++++++++++++++---------------
 5 files changed, 94 insertions(+), 82 deletions(-)

diff --git a/include/xtables.h.in b/include/xtables.h.in
index 2512d79..02a832d 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -140,7 +140,24 @@ struct xtables_target
 #endif
 };
 
+struct xtables_rule_match {
+	struct xtables_rule_match *next;
+	struct xtables_match *match;
+	/* Multiple matches of the same type: the ones before
+	   the current one are completed from parsing point of view */
+	bool completed;
+};
+
+enum xtables_tryload {
+	XTF_DONT_LOAD,
+	XTF_DURING_LOAD,
+	XTF_TRY_LOAD,
+	XTF_LOAD_MUST_SUCCEED,
+};
+
 extern const char *xtables_modprobe_program;
+extern struct xtables_match *xtables_matches;
+extern struct xtables_target *xtables_targets;
 
 extern void *xtables_calloc(size_t, size_t);
 extern void *xtables_malloc(size_t);
@@ -148,6 +165,11 @@ extern void *xtables_malloc(size_t);
 extern int xtables_insmod(const char *, const char *, bool);
 extern int xtables_load_ko(const char *, bool);
 
+extern struct xtables_match *xtables_find_match(const char *name,
+	enum xtables_tryload, struct xtables_rule_match **match);
+extern struct xtables_target *xtables_find_target(const char *name,
+	enum xtables_tryload);
+
 /* Your shared library should call one of these. */
 extern void xtables_register_match(struct xtables_match *me);
 extern void xtables_register_target(struct xtables_target *me);
diff --git a/include/xtables/internal.h b/include/xtables/internal.h
index 62fe2ed..60375cd 100644
--- a/include/xtables/internal.h
+++ b/include/xtables/internal.h
@@ -26,34 +26,11 @@ struct afinfo {
 	int so_rev_target;
 };
 
-enum xt_tryload {
-	DONT_LOAD,
-	DURING_LOAD,
-	TRY_LOAD,
-	LOAD_MUST_SUCCEED
-};
-
-struct xtables_rule_match {
-	struct xtables_rule_match *next;
-	struct xtables_match *match;
-	/* Multiple matches of the same type: the ones before
-	   the current one are completed from parsing point of view */
-	unsigned int completed;
-};
-
 extern char *lib_dir;
 
 /* This is decleared in ip[6]tables.c */
 extern struct afinfo afinfo;
 
-/* Keeping track of external matches and targets: linked lists.  */
-extern struct xtables_match *xtables_matches;
-extern struct xtables_target *xtables_targets;
-
-extern struct xtables_match *find_match(const char *name, enum xt_tryload,
-					struct xtables_rule_match **match);
-extern struct xtables_target *find_target(const char *name, enum xt_tryload);
-
 extern void _init(void);
 
 #endif /* _XTABLES_INTERNAL_H */
diff --git a/ip6tables.c b/ip6tables.c
index 580a644..0a6f75b 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -481,7 +481,8 @@ check_inverse(const char option[], int *invert, int *my_optind, int argc)
 
 /* Christophe Burki wants `-p 6' to imply `-m tcp'.  */
 static struct xtables_match *
-find_proto(const char *pname, enum ip6t_tryload tryload, int nolookup, struct ip6tables_rule_match **matches)
+find_proto(const char *pname, enum xtables_tryload tryload,
+	   int nolookup, struct ip6tables_rule_match **matches)
 {
 	unsigned int proto;
 
@@ -489,9 +490,9 @@ find_proto(const char *pname, enum ip6t_tryload tryload, int nolookup, struct ip
 		char *protoname = proto_to_name(proto, nolookup);
 
 		if (protoname)
-			return find_match(protoname, tryload, matches);
+			return xtables_find_match(protoname, tryload, matches);
 	} else
-		return find_match(pname, tryload, matches);
+		return xtables_find_match(pname, tryload, matches);
 
 	return NULL;
 }
@@ -706,7 +707,8 @@ print_match(const struct ip6t_entry_match *m,
 	    const struct ip6t_ip6 *ip,
 	    int numeric)
 {
-	struct xtables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL);
+	struct xtables_match *match =
+		xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL);
 
 	if (match) {
 		if (match->print)
@@ -735,9 +737,10 @@ print_firewall(const struct ip6t_entry *fw,
 	char buf[BUFSIZ];
 
 	if (!ip6tc_is_chain(targname, handle))
-		target = find_target(targname, TRY_LOAD);
+		target = xtables_find_target(targname, XTF_TRY_LOAD);
 	else
-		target = find_target(IP6T_STANDARD_TARGET, LOAD_MUST_SUCCEED);
+		target = xtables_find_target(IP6T_STANDARD_TARGET,
+		         XTF_LOAD_MUST_SUCCEED);
 
 	t = ip6t_get_target((struct ip6t_entry *)fw);
 	flags = fw->ipv6.flags;
@@ -1175,8 +1178,8 @@ static void print_proto(u_int16_t proto, int invert)
 static int print_match_save(const struct ip6t_entry_match *e,
 			const struct ip6t_ip6 *ip)
 {
-	struct xtables_match *match
-		= find_match(e->u.user.name, TRY_LOAD, NULL);
+	struct xtables_match *match =
+		xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
 
 	if (match) {
 		printf("-m %s ", e->u.user.name);
@@ -1279,8 +1282,8 @@ void print_rule(const struct ip6t_entry *e,
 	/* Print targinfo part */
 	t = ip6t_get_target((struct ip6t_entry *)e);
 	if (t->u.user.name[0]) {
-		struct xtables_target *target
-			= find_target(t->u.user.name, TRY_LOAD);
+		struct xtables_target *target =
+			xtables_find_target(t->u.user.name, XTF_TRY_LOAD);
 
 		if (!target) {
 			fprintf(stderr, "Can't find library for target `%s'\n",
@@ -1555,7 +1558,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 				exit_error(PARAMETER_PROBLEM,
 					   "chain name not allowed to start "
 					   "with `%c'\n", *optarg);
-			if (find_target(optarg, TRY_LOAD))
+			if (xtables_find_target(optarg, XTF_TRY_LOAD))
 				exit_error(PARAMETER_PROBLEM,
 					   "chain name may not clash "
 					   "with target name\n");
@@ -1606,7 +1609,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 
 			/* ip6tables -p icmp -h */
 			if (!matches && protocol)
-				find_match(protocol, TRY_LOAD, &matches);
+				xtables_find_match(protocol, XTF_TRY_LOAD,
+					&matches);
 
 			exit_printhelp(matches);
 
@@ -1667,7 +1671,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 				   invert);
 			jumpto = parse_target(optarg);
 			/* TRY_LOAD (may be chain name) */
-			target = find_target(jumpto, TRY_LOAD);
+			target = xtables_find_target(jumpto, XTF_TRY_LOAD);
 
 			if (target) {
 				size_t size;
@@ -1724,7 +1728,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 				exit_error(PARAMETER_PROBLEM,
 					   "unexpected ! flag before --match");
 
-			m = find_match(optarg, LOAD_MUST_SUCCEED, &matches);
+			m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED,
+			    &matches);
 			size = IP6T_ALIGN(sizeof(struct ip6t_entry_match))
 					 + m->size;
 			m->m = xtables_calloc(1, size);
@@ -1858,13 +1863,13 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 				 */
 				if (m == NULL
 				    && protocol
-				    && (!find_proto(protocol, DONT_LOAD,
+				    && (!find_proto(protocol, XTF_DONT_LOAD,
 						   options&OPT_NUMERIC, NULL)
-					|| (find_proto(protocol, DONT_LOAD,
+					|| (find_proto(protocol, XTF_DONT_LOAD,
 							options&OPT_NUMERIC, NULL)
 					    && (proto_used == 0))
 				       )
-				    && (m = find_proto(protocol, TRY_LOAD,
+				    && (m = find_proto(protocol, XTF_TRY_LOAD,
 						       options&OPT_NUMERIC, &matches))) {
 					/* Try loading protocol */
 					size_t size;
@@ -2018,8 +2023,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 			|| ip6tc_is_chain(jumpto, *handle))) {
 			size_t size;
 
-			target = find_target(IP6T_STANDARD_TARGET,
-					     LOAD_MUST_SUCCEED);
+			target = xtables_find_target(IP6T_STANDARD_TARGET,
+					XTF_LOAD_MUST_SUCCEED);
 
 			size = sizeof(struct ip6t_entry_target)
 				+ target->size;
@@ -2040,7 +2045,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 				exit_error(PARAMETER_PROBLEM,
 						"goto '%s' is not a chain\n", jumpto);
 #endif
-			find_target(jumpto, LOAD_MUST_SUCCEED);
+			xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED);
 		} else {
 			e = generate_entry(&fw, matches, target->t);
 			free(target->t);
diff --git a/iptables.c b/iptables.c
index 61e7aab..7b8d239 100644
--- a/iptables.c
+++ b/iptables.c
@@ -483,7 +483,8 @@ check_inverse(const char option[], int *invert, int *my_optind, int argc)
 
 /* Christophe Burki wants `-p 6' to imply `-m tcp'.  */
 static struct xtables_match *
-find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct iptables_rule_match **matches)
+find_proto(const char *pname, enum xtables_tryload tryload,
+	   int nolookup, struct iptables_rule_match **matches)
 {
 	unsigned int proto;
 
@@ -491,9 +492,9 @@ find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct ipt
 		char *protoname = proto_to_name(proto, nolookup);
 
 		if (protoname)
-			return find_match(protoname, tryload, matches);
+			return xtables_find_match(protoname, tryload, matches);
 	} else
-		return find_match(pname, tryload, matches);
+		return xtables_find_match(pname, tryload, matches);
 
 	return NULL;
 }
@@ -701,7 +702,8 @@ print_match(const struct ipt_entry_match *m,
 	    const struct ipt_ip *ip,
 	    int numeric)
 {
-	struct xtables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL);
+	struct xtables_match *match =
+		xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL);
 
 	if (match) {
 		if (match->print)
@@ -730,9 +732,10 @@ print_firewall(const struct ipt_entry *fw,
 	char buf[BUFSIZ];
 
 	if (!iptc_is_chain(targname, handle))
-		target = find_target(targname, TRY_LOAD);
+		target = xtables_find_target(targname, XTF_TRY_LOAD);
 	else
-		target = find_target(IPT_STANDARD_TARGET, LOAD_MUST_SUCCEED);
+		target = xtables_find_target(IPT_STANDARD_TARGET,
+		         XTF_LOAD_MUST_SUCCEED);
 
 	t = ipt_get_target((struct ipt_entry *)fw);
 	flags = fw->ip.flags;
@@ -1174,8 +1177,8 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
 static int print_match_save(const struct ipt_entry_match *e,
 			const struct ipt_ip *ip)
 {
-	struct xtables_match *match
-		= find_match(e->u.user.name, TRY_LOAD, NULL);
+	struct xtables_match *match =
+		xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
 
 	if (match) {
 		printf("-m %s ", e->u.user.name);
@@ -1278,8 +1281,8 @@ void print_rule(const struct ipt_entry *e,
 	/* Print targinfo part */
 	t = ipt_get_target((struct ipt_entry *)e);
 	if (t->u.user.name[0]) {
-		struct xtables_target *target
-			= find_target(t->u.user.name, TRY_LOAD);
+		struct xtables_target *target =
+			xtables_find_target(t->u.user.name, XTF_TRY_LOAD);
 
 		if (!target) {
 			fprintf(stderr, "Can't find library for target `%s'\n",
@@ -1568,7 +1571,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 				exit_error(PARAMETER_PROBLEM,
 					   "chain name not allowed to start "
 					   "with `%c'\n", *optarg);
-			if (find_target(optarg, TRY_LOAD))
+			if (xtables_find_target(optarg, XTF_TRY_LOAD))
 				exit_error(PARAMETER_PROBLEM,
 					   "chain name may not clash "
 					   "with target name\n");
@@ -1619,7 +1622,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 
 			/* iptables -p icmp -h */
 			if (!matches && protocol)
-				find_match(protocol, TRY_LOAD, &matches);
+				xtables_find_match(protocol,
+					XTF_TRY_LOAD, &matches);
 
 			exit_printhelp(matches);
 
@@ -1672,7 +1676,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 				   invert);
 			jumpto = parse_target(optarg);
 			/* TRY_LOAD (may be chain name) */
-			target = find_target(jumpto, TRY_LOAD);
+			target = xtables_find_target(jumpto, XTF_TRY_LOAD);
 
 			if (target) {
 				size_t size;
@@ -1735,7 +1739,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 				exit_error(PARAMETER_PROBLEM,
 					   "unexpected ! flag before --match");
 
-			m = find_match(optarg, LOAD_MUST_SUCCEED, &matches);
+			m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED,
+			    &matches);
 			size = IPT_ALIGN(sizeof(struct ipt_entry_match))
 					 + m->size;
 			m->m = xtables_calloc(1, size);
@@ -1876,13 +1881,13 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 				 */
 				if (m == NULL
 				    && protocol
-				    && (!find_proto(protocol, DONT_LOAD,
+				    && (!find_proto(protocol, XTF_DONT_LOAD,
 						   options&OPT_NUMERIC, NULL)
-					|| (find_proto(protocol, DONT_LOAD,
+					|| (find_proto(protocol, XTF_DONT_LOAD,
 							options&OPT_NUMERIC, NULL)
 					    && (proto_used == 0))
 				       )
-				    && (m = find_proto(protocol, TRY_LOAD,
+				    && (m = find_proto(protocol, XTF_TRY_LOAD,
 						       options&OPT_NUMERIC, &matches))) {
 					/* Try loading protocol */
 					size_t size;
@@ -2047,8 +2052,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 			|| iptc_is_chain(jumpto, *handle))) {
 			size_t size;
 
-			target = find_target(IPT_STANDARD_TARGET,
-					     LOAD_MUST_SUCCEED);
+			target = xtables_find_target(IPT_STANDARD_TARGET,
+					 XTF_LOAD_MUST_SUCCEED);
 
 			size = sizeof(struct ipt_entry_target)
 				+ target->size;
@@ -2072,7 +2077,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 				exit_error(PARAMETER_PROBLEM,
 					   "goto '%s' is not a chain\n", jumpto);
 #endif
-			find_target(jumpto, LOAD_MUST_SUCCEED);
+			xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED);
 		} else {
 			e = generate_entry(&fw, matches, target->t);
 			free(target->t);
diff --git a/xtables.c b/xtables.c
index 94ea764..849dc7d 100644
--- a/xtables.c
+++ b/xtables.c
@@ -329,9 +329,10 @@ static void *load_extension(const char *search_path, const char *prefix,
 			/* Found library.  If it didn't register itself,
 			   maybe they specified target as match. */
 			if (is_target)
-				ptr = find_target(name, DONT_LOAD);
+				ptr = xtables_find_target(name, XTF_DONT_LOAD);
 			else
-				ptr = find_match(name, DONT_LOAD, NULL);
+				ptr = xtables_find_match(name,
+				      XTF_DONT_LOAD, NULL);
 		} else if (stat(path, &sb) == 0) {
 			fprintf(stderr, "%s: %s\n", path, dlerror());
 		}
@@ -343,9 +344,10 @@ static void *load_extension(const char *search_path, const char *prefix,
 		         (unsigned int)(next - dir), dir, prefix, name);
 		if (dlopen(path, RTLD_NOW) != NULL) {
 			if (is_target)
-				ptr = find_target(name, DONT_LOAD);
+				ptr = xtables_find_target(name, XTF_DONT_LOAD);
 			else
-				ptr = find_match(name, DONT_LOAD, NULL);
+				ptr = xtables_find_match(name,
+				      XTF_DONT_LOAD, NULL);
 		} else if (stat(path, &sb) == 0) {
 			fprintf(stderr, "%s: %s\n", path, dlerror());
 		}
@@ -360,8 +362,9 @@ static void *load_extension(const char *search_path, const char *prefix,
 }
 #endif
 
-struct xtables_match *find_match(const char *name, enum xt_tryload tryload,
-				 struct xtables_rule_match **matches)
+struct xtables_match *
+xtables_find_match(const char *name, enum xtables_tryload tryload,
+		   struct xtables_rule_match **matches)
 {
 	struct xtables_match *ptr;
 	const char *icmp6 = "icmp6";
@@ -394,22 +397,22 @@ struct xtables_match *find_match(const char *name, enum xt_tryload tryload,
 	}
 
 #ifndef NO_SHARED_LIBS
-	if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
+	if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) {
 		ptr = load_extension(lib_dir, afinfo.libprefix, name, false);
 
-		if (ptr == NULL && tryload == LOAD_MUST_SUCCEED)
+		if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED)
 			exit_error(PARAMETER_PROBLEM,
 				   "Couldn't load match `%s':%s\n",
 				   name, dlerror());
 	}
 #else
 	if (ptr && !ptr->loaded) {
-		if (tryload != DONT_LOAD)
+		if (tryload != XTF_DONT_LOAD)
 			ptr->loaded = 1;
 		else
 			ptr = NULL;
 	}
-	if(!ptr && (tryload == LOAD_MUST_SUCCEED)) {
+	if(!ptr && (tryload == XTF_LOAD_MUST_SUCCEED)) {
 		exit_error(PARAMETER_PROBLEM,
 			   "Couldn't find match `%s'\n", name);
 	}
@@ -423,10 +426,10 @@ struct xtables_match *find_match(const char *name, enum xt_tryload tryload,
 
 		for (i = matches; *i; i = &(*i)->next) {
 			if (strcmp(name, (*i)->match->name) == 0)
-				(*i)->completed = 1;
+				(*i)->completed = true;
 		}
 		newentry->match = ptr;
-		newentry->completed = 0;
+		newentry->completed = false;
 		newentry->next = NULL;
 		*i = newentry;
 	}
@@ -434,8 +437,8 @@ struct xtables_match *find_match(const char *name, enum xt_tryload tryload,
 	return ptr;
 }
 
-
-struct xtables_target *find_target(const char *name, enum xt_tryload tryload)
+struct xtables_target *
+xtables_find_target(const char *name, enum xtables_tryload tryload)
 {
 	struct xtables_target *ptr;
 
@@ -453,17 +456,17 @@ struct xtables_target *find_target(const char *name, enum xt_tryload tryload)
 	}
 
 #ifndef NO_SHARED_LIBS
-	if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
+	if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) {
 		ptr = load_extension(lib_dir, afinfo.libprefix, name, true);
 
-		if (ptr == NULL && tryload == LOAD_MUST_SUCCEED)
+		if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED)
 			exit_error(PARAMETER_PROBLEM,
 				   "Couldn't load target `%s':%s\n",
 				   name, dlerror());
 	}
 #else
 	if (ptr && !ptr->loaded) {
-		if (tryload != DONT_LOAD)
+		if (tryload != XTF_DONT_LOAD)
 			ptr->loaded = 1;
 		else
 			ptr = NULL;
@@ -566,7 +569,7 @@ void xtables_register_match(struct xtables_match *me)
 	if (me->family != afinfo.family && me->family != AF_UNSPEC)
 		return;
 
-	old = find_match(me->name, DURING_LOAD, NULL);
+	old = xtables_find_match(me->name, XTF_DURING_LOAD, NULL);
 	if (old) {
 		if (old->revision == me->revision &&
 		    old->family == me->family) {
@@ -637,7 +640,7 @@ void xtables_register_target(struct xtables_target *me)
 	if (me->family != afinfo.family && me->family != AF_UNSPEC)
 		return;
 
-	old = find_target(me->name, DURING_LOAD);
+	old = xtables_find_target(me->name, XTF_DURING_LOAD);
 	if (old) {
 		struct xtables_target **i;
 
-- 
# Created with git-export-patch

Re: libxtables: prefix names and order it #1

[jamal]

On Tue, 2009-01-27 at 09:19 -0500, jamal wrote:

> Ok, no problem - let me know when you are done.

BTW, it would be nice if you commit those patches to the git tree and i
pull them.

cheers,
jamal

Re: libxtables: prefix names and order it #1

[Jan Engelhardt]

On Tuesday 2009-01-27 15:29, jamal wrote:

>On Tue, 2009-01-27 at 09:19 -0500, jamal wrote:
>
>> Ok, no problem - let me know when you are done.
>
>BTW, it would be nice if you commit those patches to the git tree and i
>pull them.

The patches first have to pass Patrick's scrutiny tests ;-)

Re: libxtables: prefix names and order it #1

[Patrick McHardy]

Jan Engelhardt wrote:
> On Tuesday 2009-01-27 15:29, jamal wrote:
> 
>> On Tue, 2009-01-27 at 09:19 -0500, jamal wrote:
>>
>>> Ok, no problem - let me know when you are done.
>> BTW, it would be nice if you commit those patches to the git tree and i
>> pull them.
> 
> The patches first have to pass Patrick's scrutiny tests ;-)

I'll apply them once you're done with your changes.

Re: libxtables: prefix names and order it #1

[Jan Engelhardt]

On Tuesday 2009-01-27 15:29, jamal wrote:
>On Tue, 2009-01-27 at 09:19 -0500, jamal wrote:
>
>> Ok, no problem - let me know when you are done.
>
>BTW, it would be nice if you commit those patches to the git tree and i
>pull them.

The proposed changes are at

	git://dev.medozas.de/iptables master

	92 files changed, 1063 insertions(+), 1135 deletions(-)

They are pretty broad, but repetitive.

There are a few functions left. Like exit_error, which still has ties
to the origin program (iptables, ip6tables), to do option freeing for
example. Have not yet thought of how to resolve that. Ideas welcome.

Re: libxtables: prefix names and order it #1

[jamal]

[-- Attachment #1: Type: text/plain, Size: 898 bytes --]

On Fri, 2009-01-30 at 05:52 +0100, Jan Engelhardt wrote:

> The proposed changes are at
> 
> 	git://dev.medozas.de/iptables master
> 
> 	92 files changed, 1063 insertions(+), 1135 deletions(-)
> 
> They are pretty broad, but repetitive.
> 

Thanks for the effort. Unfortunately i am stuck on something else i
started on for a few more days. I will jump on this when i am done.

> There are a few functions left. Like exit_error, which still has ties
> to the origin program (iptables, ip6tables), to do option freeing for
> example. Have not yet thought of how to resolve that. Ideas welcome.

I think it makes sense to make those type functions re-entrant/
independent of origin_program or original_opts and just have the app
like ipt/iptables pass them. 
As an example, here's is what i started doing with original_opts the
last time i started to move things before your changes..

cheers,
jamal

[-- Attachment #2: fix-ipt-freeopts --]
[-- Type: text/x-patch, Size: 5559 bytes --]

diff --git a/include/xtables/internal.h b/include/xtables/internal.h
index 24a5078..f04b3e2 100644
--- a/include/xtables/internal.h
+++ b/include/xtables/internal.h
@@ -45,6 +45,7 @@ extern char *lib_dir;
 
 extern void *fw_calloc(size_t count, size_t size);
 extern void *fw_malloc(size_t size);
+extern void free_opts(int reset_offset,  struct option *original_opts);
 
 extern const char *modprobe_program;
 extern int xtables_insmod(const char *modname, const char *modprobe, int quiet);
@@ -52,7 +53,8 @@ extern int load_xtables_ko(const char *modprobe, int quiet);
 
 /* This is decleared in ip[6]tables.c */
 extern struct afinfo afinfo;
-
+extern struct option *opts;
+extern unsigned int global_option_offset;
 /* Keeping track of external matches and targets: linked lists.  */
 extern struct xtables_match *xtables_matches;
 extern struct xtables_target *xtables_targets;
diff --git a/ip6tables.c b/ip6tables.c
index 3c45c07..1866732 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -142,8 +142,8 @@ static struct option original_opts[] = {
  * magic number of -1 */
 int line = -1;
 
-static struct option *opts = original_opts;
-static unsigned int global_option_offset = 0;
+struct option *opts = original_opts;
+unsigned int global_option_offset = 0;
 
 /* Table of legal combinations of commands and options.  If any of the
  * given commands make an option legal, that option is legal (applies to
@@ -252,16 +252,6 @@ proto_to_name(u_int8_t proto, int nolookup)
 	return NULL;
 }
 
-static void free_opts(int reset_offset)
-{
-	if (opts != original_opts) {
-		free(opts);
-		opts = original_opts;
-		if (reset_offset)
-			global_option_offset = 0;
-	}
-}
-
 static void
 exit_tryhelp(int status)
 {
@@ -269,7 +259,7 @@ exit_tryhelp(int status)
 		fprintf(stderr, "Error occurred at line: %d\n", line);
 	fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
 			program_name, program_name );
-	free_opts(1);
+	free_opts(1, original_opts);
 	exit(status);
 }
 
@@ -379,7 +369,7 @@ exit_error(enum exittype status, const char *msg, ...)
 		fprintf(stderr,
 			"Perhaps ip6tables or your kernel needs to be upgraded.\n");
 	/* On error paths, make sure that we don't leak memory */
-	free_opts(1);
+	free_opts(1, original_opts);
 	exit(status);
 }
 
@@ -614,7 +604,7 @@ merge_options(struct option *oldopts, const struct option *newopts,
 
 	merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
 	memcpy(merge, oldopts, num_old * sizeof(struct option));
-	free_opts(0); /* Release previous options merged if any */
+	free_opts(0, original_opts); /* Release any merged options */
 	for (i = 0; i < num_new; i++) {
 		merge[num_old + i] = newopts[i];
 		merge[num_old + i].val += *option_offset;
@@ -2135,7 +2125,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 	for (i = 0; i < ndaddrs; i++)
 		free(&daddrs[i]);
 
-	free_opts(1);
+	free_opts(1, original_opts);
 
 	return ret;
 }
diff --git a/iptables.c b/iptables.c
index b75df87..ad21111 100644
--- a/iptables.c
+++ b/iptables.c
@@ -141,8 +141,8 @@ static struct option original_opts[] = {
  * magic number of -1 */
 int line = -1;
 
-static struct option *opts = original_opts;
-static unsigned int global_option_offset = 0;
+struct option *opts = original_opts;
+unsigned int global_option_offset = 0;
 
 /* Table of legal combinations of commands and options.  If any of the
  * given commands make an option legal, that option is legal (applies to
@@ -254,16 +254,6 @@ enum {
 	IPT_DOTTED_MASK
 };
 
-static void free_opts(int reset_offset)
-{
-	if (opts != original_opts) {
-		free(opts);
-		opts = original_opts;
-		if (reset_offset)
-			global_option_offset = 0;
-	}
-}
-
 static void
 exit_tryhelp(int status)
 {
@@ -271,7 +261,7 @@ exit_tryhelp(int status)
 		fprintf(stderr, "Error occurred at line: %d\n", line);
 	fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
 			program_name, program_name );
-	free_opts(1);
+	free_opts(1, original_opts);
 	exit(status);
 }
 
@@ -381,7 +371,7 @@ exit_error(enum exittype status, const char *msg, ...)
 		fprintf(stderr,
 			"Perhaps iptables or your kernel needs to be upgraded.\n");
 	/* On error paths, make sure that we don't leak memory */
-	free_opts(1);
+	free_opts(1, original_opts);
 	exit(status);
 }
 
@@ -609,7 +599,7 @@ merge_options(struct option *oldopts, const struct option *newopts,
 	if (merge == NULL)
 		return NULL;
 	memcpy(merge, oldopts, num_old * sizeof(struct option));
-	free_opts(0); /* Release previous options merged if any */
+	free_opts(0, original_opts); /* Release any merged options */
 	for (i = 0; i < num_new; i++) {
 		merge[num_old + i] = newopts[i];
 		merge[num_old + i].val += *option_offset;
@@ -1421,7 +1411,7 @@ get_kernel_version(void) {
 
 	if (uname(&uts) == -1) {
 		fprintf(stderr, "Unable to retrieve kernel version.\n");
-		free_opts(1);
+		free_opts(1, original_opts);
 		exit(1);
 	}
 
@@ -2163,7 +2153,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 
 	free(saddrs);
 	free(daddrs);
-	free_opts(1);
+	free_opts(1, original_opts);
 
 	return ret;
 }
diff --git a/xtables.c b/xtables.c
index abdd283..e4a4adb 100644
--- a/xtables.c
+++ b/xtables.c
@@ -77,6 +77,17 @@ void *fw_malloc(size_t size)
 	return p;
 }
 
+void free_opts(int reset_offset, struct option *original_opts)
+{
+	if (opts != original_opts) {
+		free(opts);
+		opts = original_opts;
+		if (reset_offset)
+			global_option_offset = 0;
+	}
+}
+
+
 static char *get_modprobe(void)
 {
 	int procfile;

Re: libxtables: prefix names and order it #1

[Pablo Neira Ayuso]

Jan Engelhardt wrote:
> As previously mentioned, libxtables needs some goodtime cleanup first.
> Now let me throw patches (unspecified number as of yet) at it-

Applied. Thanks. I have added a comment telling that this patch is
intended to fix Jamal's tc ipt dependencies with iptables.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: libxtables: prefix names and order it #2

[Pablo Neira Ayuso]

Jan Engelhardt wrote:
> diff --git a/ip6tables-restore.c b/ip6tables-restore.c
> index a84c2e3..097711f 100644
> --- a/ip6tables-restore.c
> +++ b/ip6tables-restore.c
> @@ -12,6 +12,7 @@
>  
>  #include <getopt.h>
>  #include <sys/errno.h>
> +#include <stdbool.h>
>  #include <string.h>
>  #include <stdio.h>
>  #include <stdlib.h>

Aie. I was reverting this C99-specific thing but then I have noticed
that there's already one reference to it in the tree. I'm going to
revert it.

This break the compilation in many existing setups (like some of mine)
that don't have the stdbool.h header. BTW, iptables is being compiled
with gcc89 dialect, at least by now.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: libxtables: prefix names and order it #1

[Pablo Neira Ayuso]

Jan Engelhardt wrote:
> On Tuesday 2009-01-27 15:29, jamal wrote:
>> On Tue, 2009-01-27 at 09:19 -0500, jamal wrote:
>>
>>> Ok, no problem - let me know when you are done.
>> BTW, it would be nice if you commit those patches to the git tree and i
>> pull them.
> 
> The proposed changes are at
> 
> 	git://dev.medozas.de/iptables master
> 
> 	92 files changed, 1063 insertions(+), 1135 deletions(-)
> 
> They are pretty broad, but repetitive.
> 
> There are a few functions left. Like exit_error, which still has ties
> to the origin program (iptables, ip6tables), to do option freeing for
> example. Have not yet thought of how to resolve that. Ideas welcome.

I think that you can move functions that are common to iptables and
ip6tables like exit_error(), merge_options(), ... and so on to
libxtables. I think that the purpose of this libxtables library should be:

1) To provide an API for jamal's tc ipt and your xtables-addon thing
(anyone willing to compile their .so files without recompiling iptables).
2) To factorize some code which is common to iptables and ip6tables.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: libxtables: prefix names and order it #2

[Pablo Neira Ayuso]

Pablo Neira Ayuso wrote:
> Jan Engelhardt wrote:
>> diff --git a/ip6tables-restore.c b/ip6tables-restore.c
>> index a84c2e3..097711f 100644
>> --- a/ip6tables-restore.c
>> +++ b/ip6tables-restore.c
>> @@ -12,6 +12,7 @@
>>  
>>  #include <getopt.h>
>>  #include <sys/errno.h>
>> +#include <stdbool.h>
>>  #include <string.h>
>>  #include <stdio.h>
>>  #include <stdlib.h>
> 
> Aie. I was reverting this C99-specific thing but then I have noticed
> that there's already one reference to it in the tree. I'm going to
> revert it.
> 
> This break the compilation in many existing setups (like some of mine)
> that don't have the stdbool.h header. BTW, iptables is being compiled
> with gcc89 dialect, at least by now.

Forget this. gnu89 contains some c99 extensions like bool so this is
fine. I was confused by one problem spot in the compilation of iptables
in my setup. I have applied this patch. Thanks Jan.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: libxtables: prefix names and order #3

[Pablo Neira Ayuso]

Jan Engelhardt wrote:
> parent 8759aeb8e8531f26df72ee15fbcab921ca4f361f (v1.4.3-rc1-24-g8759aeb)
> commit 1ec3f7612119d65d26d2774414ee92fdabec214a
> Author: Jan Engelhardt <jengelh@medozas.de>
> Date:   Tue Jan 27 15:23:01 2009 +0100
> 
> libxtables: prefix names and order #3
> 
> This change affects:
> 	find_{match,target} -> xtables_find_{match,target}
> 	enum xt_tryload -> enum xtables_tryload
> 	loose flags like DONT_LOAD -> XTF_DONT_LOAD

Also applied. Thanks.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers