* Re:?
@ 2003-04-03 3:26 Ian Latter
0 siblings, 0 replies; 28+ messages in thread
From: Ian Latter @ 2003-04-03 3:26 UTC (permalink / raw)
To: Soporte Meranetwork; +Cc: netfilter-devel
Hello Eugen,
I'm sorry but I'm not the H323 author ... and I haven't used netfilter H323
support since ipchains. I have CCd the netfilter list in case someone
there can help.
----- Original Message -----
>From: "Soporte Meranetwork" <mera@fibertel.com.ar>
>To: <Ian.Latter@mq.edu.au>
>Subject: ?
>Date: Mon, 31 Mar 2003 18:56:17 -0300
>
> Good day.I have used IPTabels 1.2.5-3,and dont know that it have or not H323 modul .But
for recive Call from outside(internet) to inside(throught NAT) - Netmeeting(ATA 186) i use
thet rules:
> $IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.0.0/24 -j MASQUERADE
> (intern LAN)
> PORTFWIP="192.168.0.201" ( PC with Netmeting or ATA 186)
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 1720 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 1720 -j DNAT --to
$PORTFWIP:1720
> But i want to use NAT without FORWARD ,PREROUTING with H323 ability for any IP in
LAN.Where i can find IPtables with ability of H323(version) or where is the patch(modul) for
that ability? Thank your.
> Buy,
> Eugen
--
Ian Latter
Internet and Networking Security Officer
Macquarie University
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
[not found] <20050912163005.023FF14F583@ladon.telenet-ops.be>
@ 2005-09-12 20:02 ` David Stes
0 siblings, 0 replies; 28+ messages in thread
From: David Stes @ 2005-09-12 20:02 UTC (permalink / raw)
To: netfilter-devel
> Date: Mon, 12 Sep 2005 16:29:38 +0000
> From: Cory Visi <merlin@gentoo.org>
> Subject: patchlets patch submission
> To: netfilter-devel@lists.netfilter.org
> Message-ID: <20050912162938.GB15843@toucan.gentoo.org>
> Content-Type: text/plain; charset="us-ascii"
>
> I did some work on fixing the conntrack pom addons for the lockhelp.h
> patch (2.6.13 support essentially). I think I got everything setup except
> for 2 files.
>
> Attached is all my work in patch form against a full kernel source. I have
> a feeling you'd prefer I sent this in some other format or in some other
> structure of a diff. This is my first time contributing so just let me
> know how you'd prefer this in the future.
>
> What's left is:
> - rtsp (part of rsh)
Did you also do the RPC modules ? (RPC for UDP/TCP)
I wonder whether the author(s) of RSH/RPC modules are still reading this list.
If they are, then maybe your 2.6.13 patch (and my older 2.6.12 patches)
could be incorporated. If they are not, then maybe it's time to see how
future changes to these modules can be coordinated.
^ permalink raw reply [flat|nested] 28+ messages in thread
* (unknown),
@ 2009-06-26 19:19 Jan Engelhardt
2009-06-26 19:19 ` [PATCH 01/10] iptables: accept multiple IP address specifications for -s, -d Jan Engelhardt
` (10 more replies)
0 siblings, 11 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Hi,
here are a number of patches I am suggesting for the -master branch
(-stable is separate in my view and my management, but see other
discussion thread).
Pullable from
git://dev.medozas.de/iptables master
Jan Engelhardt (9):
libiptc: split v4 and v6
extensions: collapse registration structures
iptables: allow for parse-less extensions
iptables: allow for help-less extensions
extensions: remove empty help and parse functions
xtables: add multi-registration functions
extensions: collapse data variables to use multi-reg calls
xtables: warn of missing version identifier in extensions
COMMIT_NOTES: notice to check for soversion bumps
Michael Granzow (1):
iptables: accept multiple IP address specifications for -s, -d
(Shall I post the entire mergestat, or just the "X files changed" line?)
COMMIT_NOTES | 6 +-
Makefile.am | 35 ++++---
configure.ac | 4 +-
extensions/libip6t_eui64.c | 26 -----
extensions/libipt_MIRROR.c | 20 ----
extensions/libipt_addrtype.c | 58 ++++++------
extensions/libipt_unclean.c | 16 ---
extensions/libxt_CONNMARK.c | 98 +++++++-------------
extensions/libxt_CONNSECMARK.c | 18 +----
extensions/libxt_DSCP.c | 17 +---
extensions/libxt_MARK.c | 106 +++++++++-------------
extensions/libxt_NFLOG.c | 17 +---
extensions/libxt_NFQUEUE.c | 16 +---
extensions/libxt_NOTRACK.c | 33 +-------
extensions/libxt_TCPOPTSTRIP.c | 18 +----
extensions/libxt_TOS.c | 76 ++++++---------
extensions/libxt_TRACE.c | 13 ---
extensions/libxt_comment.c | 17 +---
extensions/libxt_connbytes.c | 17 +---
extensions/libxt_connlimit.c | 60 ++++++------
extensions/libxt_connmark.c | 92 ++++++-------------
extensions/libxt_conntrack.c | 90 +++++++++---------
extensions/libxt_dccp.c | 17 +---
extensions/libxt_dscp.c | 17 +---
extensions/libxt_esp.c | 17 +---
extensions/libxt_hashlimit.c | 113 ++++++++++-------------
extensions/libxt_helper.c | 16 +---
extensions/libxt_iprange.c | 90 +++++++++---------
extensions/libxt_mac.c | 17 +---
extensions/libxt_mark.c | 60 ++++++------
extensions/libxt_multiport.c | 120 ++++++++++++-------------
extensions/libxt_owner.c | 106 +++++++++-------------
extensions/libxt_physdev.c | 17 +---
extensions/libxt_policy.c | 56 ++++++------
extensions/libxt_recent.c | 19 +----
extensions/libxt_sctp.c | 17 +---
extensions/libxt_socket.c | 20 ----
extensions/libxt_standard.c | 12 ---
extensions/libxt_state.c | 17 +---
extensions/libxt_string.c | 64 +++++++-------
extensions/libxt_tcp.c | 17 +---
extensions/libxt_tcpmss.c | 17 +---
extensions/libxt_tos.c | 76 ++++++---------
extensions/libxt_udp.c | 17 +---
include/xtables.h.in | 7 ++
ip6tables.8.in | 3 +
ip6tables.c | 76 ++++++++--------
iptables.8.in | 7 +-
iptables.c | 69 ++++++++-------
xshared.c | 31 ++++++
xshared.h | 10 ++
xtables.c | 199 ++++++++++++++++++++++++++++++++++++++++
52 files changed, 929 insertions(+), 1248 deletions(-)
create mode 100644 xshared.c
create mode 100644 xshared.h
^ permalink raw reply [flat|nested] 28+ messages in thread
* [PATCH 01/10] iptables: accept multiple IP address specifications for -s, -d
2009-06-26 19:19 (unknown), Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 02/10] libiptc: split v4 and v6 Jan Engelhardt
` (9 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
From: Michael Granzow <mgranzow@zeus.com>
libiptc already supports adding and deleting multiple rules with
different addresses, so it only needs to be wired up to the options.
# ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP
References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2
Adjustments made: syntax, removal of unneeded variables, manpage
adjustment, soversion bump.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
configure.ac | 4 +-
include/xtables.h.in | 5 ++
ip6tables.8.in | 3 +
ip6tables.c | 49 +++++++++-----
iptables.8.in | 7 ++-
iptables.c | 42 +++++++++----
xtables.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++
7 files changed, 251 insertions(+), 34 deletions(-)
diff --git a/configure.ac b/configure.ac
index 74c3835..bc74efe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,8 +2,8 @@
AC_INIT([iptables], [1.4.4])
# See libtool.info "Libtool's versioning system"
-libxtables_vcurrent=2
-libxtables_vage=0
+libxtables_vcurrent=3
+libxtables_vage=1
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
diff --git a/include/xtables.h.in b/include/xtables.h.in
index 4d4ca0a..037fae1 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -215,6 +215,7 @@ extern void xtables_init(void);
extern void xtables_set_nfproto(uint8_t);
extern void *xtables_calloc(size_t, size_t);
extern void *xtables_malloc(size_t);
+extern void *xtables_realloc(void *, size_t);
extern int xtables_insmod(const char *, const char *, bool);
extern int xtables_load_ko(const char *, bool);
@@ -260,6 +261,8 @@ extern struct in_addr *xtables_numeric_to_ipaddr(const char *);
extern struct in_addr *xtables_numeric_to_ipmask(const char *);
extern void xtables_ipparse_any(const char *, struct in_addr **,
struct in_addr *, unsigned int *);
+extern void xtables_ipparse_multiple(const char *, struct in_addr **,
+ struct in_addr **, unsigned int *);
extern struct in6_addr *xtables_numeric_to_ip6addr(const char *);
extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *);
@@ -267,6 +270,8 @@ extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *);
extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *);
extern void xtables_ip6parse_any(const char *, struct in6_addr **,
struct in6_addr *, unsigned int *);
+extern void xtables_ip6parse_multiple(const char *, struct in6_addr **,
+ struct in6_addr **, unsigned int *);
/**
* Print the specified value to standard output, quoting dangerous
diff --git a/ip6tables.8.in b/ip6tables.8.in
index a31887e..8037dc7 100644
--- a/ip6tables.8.in
+++ b/ip6tables.8.in
@@ -248,6 +248,9 @@ specifying the number of 1's at the left side of the network mask.
A "!" argument before the address specification inverts the sense of
the address. The flag \fB\-\-src\fP
is an alias for this option.
+Multiple addresses can be specified, but this will \fBexpand to multiple
+rules\fP (when adding with \-A), or will cause multiple rules to be
+deleted (with \-D).
.TP
[\fB!\fP] \fB\-d\fP, \fB\-\-destination\fP \fIaddress\fP[\fB/\fP\fImask\fP]
Destination specification.
diff --git a/ip6tables.c b/ip6tables.c
index 35067f8..31c4b45 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -281,9 +281,9 @@ exit_printhelp(struct xtables_rule_match *matches)
"Options:\n"
"[!] --proto -p proto protocol: by number or name, eg. `tcp'\n"
-"[!] --source -s address[/mask]\n"
+"[!] --source -s address[/mask][,...]\n"
" source specification\n"
-"[!] --destination -d address[/mask]\n"
+"[!] --destination -d address[/mask][,...]\n"
" destination specification\n"
"[!] --in-interface -i input name[+]\n"
" network interface name ([+] for wildcard)\n"
@@ -740,8 +740,10 @@ append_entry(const ip6t_chainlabel chain,
struct ip6t_entry *fw,
unsigned int nsaddrs,
const struct in6_addr saddrs[],
+ const struct in6_addr smasks[],
unsigned int ndaddrs,
const struct in6_addr daddrs[],
+ const struct in6_addr dmasks[],
int verbose,
struct ip6tc_handle *handle)
{
@@ -750,8 +752,10 @@ append_entry(const ip6t_chainlabel chain,
for (i = 0; i < nsaddrs; i++) {
fw->ipv6.src = saddrs[i];
+ fw->ipv6.smsk = smasks[i];
for (j = 0; j < ndaddrs; j++) {
fw->ipv6.dst = daddrs[j];
+ fw->ipv6.dmsk = dmasks[j];
if (verbose)
print_firewall_line(fw, handle);
ret &= ip6tc_append_entry(chain, fw, handle);
@@ -784,8 +788,10 @@ insert_entry(const ip6t_chainlabel chain,
unsigned int rulenum,
unsigned int nsaddrs,
const struct in6_addr saddrs[],
+ const struct in6_addr smasks[],
unsigned int ndaddrs,
const struct in6_addr daddrs[],
+ const struct in6_addr dmasks[],
int verbose,
struct ip6tc_handle *handle)
{
@@ -794,8 +800,10 @@ insert_entry(const ip6t_chainlabel chain,
for (i = 0; i < nsaddrs; i++) {
fw->ipv6.src = saddrs[i];
+ fw->ipv6.smsk = smasks[i];
for (j = 0; j < ndaddrs; j++) {
fw->ipv6.dst = daddrs[j];
+ fw->ipv6.dmsk = dmasks[j];
if (verbose)
print_firewall_line(fw, handle);
ret &= ip6tc_insert_entry(chain, fw, rulenum, handle);
@@ -806,7 +814,7 @@ insert_entry(const ip6t_chainlabel chain,
}
static unsigned char *
-make_delete_mask(struct ip6t_entry *fw, struct xtables_rule_match *matches)
+make_delete_mask(struct xtables_rule_match *matches)
{
/* Establish mask for comparison */
unsigned int size;
@@ -843,8 +851,10 @@ delete_entry(const ip6t_chainlabel chain,
struct ip6t_entry *fw,
unsigned int nsaddrs,
const struct in6_addr saddrs[],
+ const struct in6_addr smasks[],
unsigned int ndaddrs,
const struct in6_addr daddrs[],
+ const struct in6_addr dmasks[],
int verbose,
struct ip6tc_handle *handle,
struct xtables_rule_match *matches)
@@ -853,11 +863,13 @@ delete_entry(const ip6t_chainlabel chain,
int ret = 1;
unsigned char *mask;
- mask = make_delete_mask(fw, matches);
+ mask = make_delete_mask(matches);
for (i = 0; i < nsaddrs; i++) {
fw->ipv6.src = saddrs[i];
+ fw->ipv6.smsk = smasks[i];
for (j = 0; j < ndaddrs; j++) {
fw->ipv6.dst = daddrs[j];
+ fw->ipv6.dmsk = dmasks[j];
if (verbose)
print_firewall_line(fw, handle);
ret &= ip6tc_delete_entry(chain, fw, mask, handle);
@@ -1291,9 +1303,9 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
int invert = 0;
unsigned int nsaddrs = 0, ndaddrs = 0;
struct in6_addr *saddrs = NULL, *daddrs = NULL;
+ struct in6_addr *smasks = NULL, *dmasks = NULL;
int c, verbose = 0;
- unsigned i;
const char *chain = NULL;
const char *shostnetworkmask = NULL, *dhostnetworkmask = NULL;
const char *policy = NULL, *newname = NULL;
@@ -1811,12 +1823,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
}
if (shostnetworkmask)
- xtables_ip6parse_any(shostnetworkmask, &saddrs,
- &fw.ipv6.smsk, &nsaddrs);
+ xtables_ip6parse_multiple(shostnetworkmask, &saddrs,
+ &smasks, &nsaddrs);
if (dhostnetworkmask)
- xtables_ip6parse_any(dhostnetworkmask, &daddrs,
- &fw.ipv6.dmsk, &ndaddrs);
+ xtables_ip6parse_multiple(dhostnetworkmask, &daddrs,
+ &dmasks, &ndaddrs);
if ((nsaddrs > 1 || ndaddrs > 1) &&
(fw.ipv6.invflags & (IP6T_INV_SRCIP | IP6T_INV_DSTIP)))
@@ -1921,13 +1933,15 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
switch (command) {
case CMD_APPEND:
ret = append_entry(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle);
break;
case CMD_DELETE:
ret = delete_entry(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle, matches);
break;
@@ -1941,7 +1955,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
break;
case CMD_INSERT:
ret = insert_entry(chain, e, rulenum - 1,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle);
break;
@@ -2001,12 +2016,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
e = NULL;
}
- for (i = 0; i < nsaddrs; i++)
- free(&saddrs[i]);
-
- for (i = 0; i < ndaddrs; i++)
- free(&daddrs[i]);
-
+ free(saddrs);
+ free(smasks);
+ free(daddrs);
+ free(dmasks);
xtables_free_opts(1);
return ret;
diff --git a/iptables.8.in b/iptables.8.in
index 10dcb73..14fc23a 100644
--- a/iptables.8.in
+++ b/iptables.8.in
@@ -236,7 +236,7 @@ Protocol \fBall\fP
will match with all protocols and is taken as default when this
option is omitted.
.TP
-[\fB!\fP] \fB\-s\fP, \fB\-\-source\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+[\fB!\fP] \fB\-s\fP, \fB\-\-source\fP \fIaddress\fP[\fB/\fP\fImask\fP][\fB,\fP\fI...\fP]
Source specification. \fIAddress\fP
can be either a network name, a hostname (please note that specifying
any name to be resolved with a remote query such as DNS is a really bad idea),
@@ -247,8 +247,11 @@ specifying the number of 1's at the left side of the network mask.
Thus, a mask of \fI24\fP is equivalent to \fI255.255.255.0\fP.
A "!" argument before the address specification inverts the sense of
the address. The flag \fB\-\-src\fP is an alias for this option.
+Multiple addresses can be specified, but this will \fBexpand to multiple
+rules\fP (when adding with \-A), or will cause multiple rules to be
+deleted (with \-D).
.TP
-[\fB!\fP] \fB\-d\fP, \fB\-\-destination\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+[\fB!\fP] \fB\-d\fP, \fB\-\-destination\fP \fIaddress\fP[\fB/\fP\fImask\fP][\fB,\fP\fI...\fP]
Destination specification.
See the description of the \fB\-s\fP
(source) flag for a detailed description of the syntax. The flag
diff --git a/iptables.c b/iptables.c
index 649baf4..7c075da 100644
--- a/iptables.c
+++ b/iptables.c
@@ -294,9 +294,9 @@ exit_printhelp(struct xtables_rule_match *matches)
"Options:\n"
"[!] --proto -p proto protocol: by number or name, eg. `tcp'\n"
-"[!] --source -s address[/mask]\n"
+"[!] --source -s address[/mask][...]\n"
" source specification\n"
-"[!] --destination -d address[/mask]\n"
+"[!] --destination -d address[/mask][...]\n"
" destination specification\n"
"[!] --in-interface -i input name[+]\n"
" network interface name ([+] for wildcard)\n"
@@ -742,8 +742,10 @@ append_entry(const ipt_chainlabel chain,
struct ipt_entry *fw,
unsigned int nsaddrs,
const struct in_addr saddrs[],
+ const struct in_addr smasks[],
unsigned int ndaddrs,
const struct in_addr daddrs[],
+ const struct in_addr dmasks[],
int verbose,
struct iptc_handle *handle)
{
@@ -752,8 +754,10 @@ append_entry(const ipt_chainlabel chain,
for (i = 0; i < nsaddrs; i++) {
fw->ip.src.s_addr = saddrs[i].s_addr;
+ fw->ip.smsk.s_addr = smasks[i].s_addr;
for (j = 0; j < ndaddrs; j++) {
fw->ip.dst.s_addr = daddrs[j].s_addr;
+ fw->ip.dmsk.s_addr = dmasks[j].s_addr;
if (verbose)
print_firewall_line(fw, handle);
ret &= iptc_append_entry(chain, fw, handle);
@@ -786,8 +790,10 @@ insert_entry(const ipt_chainlabel chain,
unsigned int rulenum,
unsigned int nsaddrs,
const struct in_addr saddrs[],
+ const struct in_addr smasks[],
unsigned int ndaddrs,
const struct in_addr daddrs[],
+ const struct in_addr dmasks[],
int verbose,
struct iptc_handle *handle)
{
@@ -796,8 +802,10 @@ insert_entry(const ipt_chainlabel chain,
for (i = 0; i < nsaddrs; i++) {
fw->ip.src.s_addr = saddrs[i].s_addr;
+ fw->ip.smsk.s_addr = smasks[i].s_addr;
for (j = 0; j < ndaddrs; j++) {
fw->ip.dst.s_addr = daddrs[j].s_addr;
+ fw->ip.dmsk.s_addr = dmasks[j].s_addr;
if (verbose)
print_firewall_line(fw, handle);
ret &= iptc_insert_entry(chain, fw, rulenum, handle);
@@ -808,7 +816,7 @@ insert_entry(const ipt_chainlabel chain,
}
static unsigned char *
-make_delete_mask(struct ipt_entry *fw, struct xtables_rule_match *matches)
+make_delete_mask(struct xtables_rule_match *matches)
{
/* Establish mask for comparison */
unsigned int size;
@@ -845,8 +853,10 @@ delete_entry(const ipt_chainlabel chain,
struct ipt_entry *fw,
unsigned int nsaddrs,
const struct in_addr saddrs[],
+ const struct in_addr smasks[],
unsigned int ndaddrs,
const struct in_addr daddrs[],
+ const struct in_addr dmasks[],
int verbose,
struct iptc_handle *handle,
struct xtables_rule_match *matches)
@@ -855,11 +865,13 @@ delete_entry(const ipt_chainlabel chain,
int ret = 1;
unsigned char *mask;
- mask = make_delete_mask(fw, matches);
+ mask = make_delete_mask(matches);
for (i = 0; i < nsaddrs; i++) {
fw->ip.src.s_addr = saddrs[i].s_addr;
+ fw->ip.smsk.s_addr = smasks[i].s_addr;
for (j = 0; j < ndaddrs; j++) {
fw->ip.dst.s_addr = daddrs[j].s_addr;
+ fw->ip.dmsk.s_addr = dmasks[j].s_addr;
if (verbose)
print_firewall_line(fw, handle);
ret &= iptc_delete_entry(chain, fw, mask, handle);
@@ -1313,7 +1325,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
struct ipt_entry fw, *e = NULL;
int invert = 0;
unsigned int nsaddrs = 0, ndaddrs = 0;
- struct in_addr *saddrs = NULL, *daddrs = NULL;
+ struct in_addr *saddrs = NULL, *smasks = NULL;
+ struct in_addr *daddrs = NULL, *dmasks = NULL;
int c, verbose = 0;
const char *chain = NULL;
@@ -1848,12 +1861,12 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
}
if (shostnetworkmask)
- xtables_ipparse_any(shostnetworkmask, &saddrs,
- &fw.ip.smsk, &nsaddrs);
+ xtables_ipparse_multiple(shostnetworkmask, &saddrs,
+ &smasks, &nsaddrs);
if (dhostnetworkmask)
- xtables_ipparse_any(dhostnetworkmask, &daddrs,
- &fw.ip.dmsk, &ndaddrs);
+ xtables_ipparse_multiple(dhostnetworkmask, &daddrs,
+ &dmasks, &ndaddrs);
if ((nsaddrs > 1 || ndaddrs > 1) &&
(fw.ip.invflags & (IPT_INV_SRCIP | IPT_INV_DSTIP)))
@@ -1961,13 +1974,15 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
switch (command) {
case CMD_APPEND:
ret = append_entry(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle);
break;
case CMD_DELETE:
ret = delete_entry(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle, matches);
break;
@@ -1981,7 +1996,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
break;
case CMD_INSERT:
ret = insert_entry(chain, e, rulenum - 1,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle);
break;
@@ -2042,7 +2058,9 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
}
free(saddrs);
+ free(smasks);
free(daddrs);
+ free(dmasks);
xtables_free_opts(1);
return ret;
diff --git a/xtables.c b/xtables.c
index e018331..05154dd 100644
--- a/xtables.c
+++ b/xtables.c
@@ -271,6 +271,18 @@ void *xtables_malloc(size_t size)
return p;
}
+void *xtables_realloc(void *ptr, size_t size)
+{
+ void *p;
+
+ if ((p = realloc(ptr, size)) == NULL) {
+ perror("ip[6]tables: realloc failed");
+ exit(1);
+ }
+
+ return p;
+}
+
static char *get_modprobe(void)
{
int procfile;
@@ -1133,6 +1145,86 @@ static struct in_addr *parse_ipmask(const char *mask)
return &maskaddr;
}
+void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp,
+ struct in_addr **maskpp, unsigned int *naddrs)
+{
+ struct in_addr *addrp;
+ char buf[256], *p;
+ unsigned int len, i, j, n, count = 1;
+ const char *loop = name;
+
+ while ((loop = strchr(loop, ',')) != NULL) {
+ ++count;
+ ++loop; /* skip ',' */
+ }
+
+ *addrpp = xtables_malloc(sizeof(struct in_addr) * count);
+ *maskpp = xtables_malloc(sizeof(struct in_addr) * count);
+
+ loop = name;
+
+ for (i = 0; i < count; ++i) {
+ if (loop == NULL)
+ break;
+ if (*loop == ',')
+ ++loop;
+ if (*loop == '\0')
+ break;
+ p = strchr(loop, ',');
+ if (p != NULL)
+ len = p - loop;
+ else
+ len = strlen(loop);
+ if (len == 0 || sizeof(buf) - 1 < len)
+ break;
+
+ strncpy(buf, loop, len);
+ buf[len] = '\0';
+ loop += len;
+ if ((p = strrchr(buf, '/')) != NULL) {
+ *p = '\0';
+ addrp = parse_ipmask(p + 1);
+ } else {
+ addrp = parse_ipmask(NULL);
+ }
+ memcpy(*maskpp + i, addrp, sizeof(*addrp));
+
+ /* if a null mask is given, the name is ignored, like in "any/0" */
+ if ((*maskpp + i)->s_addr == 0)
+ /*
+ * A bit pointless to process multiple addresses
+ * in this case...
+ */
+ strcpy(buf, "0.0.0.0");
+
+ addrp = ipparse_hostnetwork(buf, &n);
+ if (n > 1) {
+ count += n - 1;
+ *addrpp = xtables_realloc(*addrpp,
+ sizeof(struct in_addr) * count);
+ *maskpp = xtables_realloc(*maskpp,
+ sizeof(struct in_addr) * count);
+ for (j = 0; j < n; ++j)
+ /* for each new addr */
+ memcpy(*addrpp + i + j, addrp + j,
+ sizeof(*addrp));
+ for (j = 1; j < n; ++j)
+ /* for each new mask */
+ memcpy(*maskpp + i + j, *maskpp + i,
+ sizeof(*addrp));
+ i += n - 1;
+ } else {
+ memcpy(*addrpp + i, addrp, sizeof(*addrp));
+ }
+ /* free what ipparse_hostnetwork had allocated: */
+ free(addrp);
+ }
+ *naddrs = count;
+ for (i = 0; i < n; ++i)
+ (*addrpp+i)->s_addr &= (*maskpp+i)->s_addr;
+}
+
+
/**
* xtables_ipparse_any - transform arbitrary name to in_addr
*
@@ -1364,6 +1456,89 @@ static struct in6_addr *parse_ip6mask(char *mask)
return &maskaddr;
}
+void
+xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
+ struct in6_addr **maskpp, unsigned int *naddrs)
+{
+ struct in6_addr *addrp;
+ char buf[256], *p;
+ unsigned int len, i, j, n, count = 1;
+ const char *loop = name;
+
+ while ((loop = strchr(loop, ',')) != NULL) {
+ ++count;
+ ++loop; /* skip ',' */
+ }
+
+ *addrpp = xtables_malloc(sizeof(struct in6_addr) * count);
+ *maskpp = xtables_malloc(sizeof(struct in6_addr) * count);
+
+ loop = name;
+
+ for (i = 0; i < count /*NB: count can grow*/; ++i) {
+ if (loop == NULL)
+ break;
+ if (*loop == ',')
+ ++loop;
+ if (*loop == '\0')
+ break;
+ p = strchr(loop, ',');
+ if (p != NULL)
+ len = p - loop;
+ else
+ len = strlen(loop);
+ if (len == 0 || sizeof(buf) - 1 < len)
+ break;
+
+ strncpy(buf, loop, len);
+ buf[len] = '\0';
+ loop += len;
+ if ((p = strrchr(buf, '/')) != NULL) {
+ *p = '\0';
+ addrp = parse_ip6mask(p + 1);
+ } else {
+ addrp = parse_ip6mask(NULL);
+ }
+ memcpy(*maskpp + i, addrp, sizeof(*addrp));
+
+ /* if a null mask is given, the name is ignored, like in "any/0" */
+ if (memcmp(*maskpp + i, &in6addr_any, sizeof(in6addr_any)) == 0)
+ strcpy(buf, "::");
+
+ addrp = ip6parse_hostnetwork(buf, &n);
+ /* ip6parse_hostnetwork only ever returns one IP
+ address (it exits if the resolution fails).
+ Therefore, n will always be 1 here. Leaving the
+ code below in anyway in case ip6parse_hostnetwork
+ is improved some day to behave like
+ ipparse_hostnetwork: */
+ if (n > 1) {
+ count += n - 1;
+ *addrpp = xtables_realloc(*addrpp,
+ sizeof(struct in6_addr) * count);
+ *maskpp = xtables_realloc(*maskpp,
+ sizeof(struct in6_addr) * count);
+ for (j = 0; j < n; ++j)
+ /* for each new addr */
+ memcpy(*addrpp + i + j, addrp + j,
+ sizeof(*addrp));
+ for (j = 1; j < n; ++j)
+ /* for each new mask */
+ memcpy(*maskpp + i + j, *maskpp + i,
+ sizeof(*addrp));
+ i += n - 1;
+ } else {
+ memcpy(*addrpp + i, addrp, sizeof(*addrp));
+ }
+ /* free what ip6parse_hostnetwork had allocated: */
+ free(addrp);
+ }
+ *naddrs = count;
+ for (i = 0; i < n; ++i)
+ for (j = 0; j < 4; ++j)
+ (*addrpp+i)->s6_addr32[j] &= (*maskpp+i)->s6_addr32[j];
+}
+
void xtables_ip6parse_any(const char *name, struct in6_addr **addrpp,
struct in6_addr *maskp, unsigned int *naddrs)
{
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PATCH 02/10] libiptc: split v4 and v6
2009-06-26 19:19 (unknown), Jan Engelhardt
2009-06-26 19:19 ` [PATCH 01/10] iptables: accept multiple IP address specifications for -s, -d Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 03/10] extensions: collapse registration structures Jan Engelhardt
` (8 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
The split can save some diskspace for constrained systems running
which are only running one protocol.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
Makefile.am | 19 ++++++++++++-------
1 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index fd99098..445717e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -14,9 +14,14 @@ endif
lib_LTLIBRARIES =
# libiptc
-lib_LTLIBRARIES += libiptc/libiptc.la
-libiptc_libiptc_la_SOURCES = libiptc/libip4tc.c libiptc/libip6tc.c
-libiptc_libiptc_la_LDFLAGS = -version-info 0:0:0
+lib_LTLIBRARIES += libiptc/libiptc.la libiptc/libip4tc.la libiptc/libip6tc.la
+libiptc_libiptc_la_SOURCES =
+libiptc_libiptc_la_LIBADD = libiptc/libip4tc.la libiptc/libip6tc.la
+libiptc_libiptc_la_LDFLAGS = -version-info 0:0:0
+libiptc_libip4tc_la_SOURCES = libiptc/libip4tc.c
+libiptc_libip4tc_la_LDFLAGS = -version-info 0:0:0
+libiptc_libip6tc_la_SOURCES = libiptc/libip6tc.c
+libiptc_libip6tc_la_LDFLAGS = -version-info 0:0:0
lib_LTLIBRARIES += libxtables.la
libxtables_la_SOURCES = xtables.c
@@ -26,7 +31,7 @@ libxtables_la_LIBADD = -ldl
# iptables, dynamic
iptables_SOURCES = iptables-standalone.c iptables.c
iptables_LDFLAGS = -rdynamic
-iptables_LDADD = libiptc/libiptc.la extensions/libext4.a libxtables.la -lm
+iptables_LDADD = libiptc/libip4tc.la extensions/libext4.a libxtables.la -lm
iptables_xml_LDADD = libxtables.la
iptables_multi_SOURCES = iptables-multi.c iptables-save.c \
@@ -47,14 +52,14 @@ iptables_save_LDADD = ${iptables_LDADD}
# iptables-multi, semi-static
iptables_static_SOURCES = ${iptables_multi_SOURCES} xtables.c
iptables_static_CFLAGS = ${iptables_multi_CFLAGS} -DNO_SHARED_LIBS=1
-iptables_static_LDADD = libiptc/libiptc.la extensions/libext4.a -lm
+iptables_static_LDADD = libiptc/libip4tc.la extensions/libext4.a -lm
iptables_xml_SOURCES = iptables-xml.c
# ip6tables, dynamic
ip6tables_SOURCES = ip6tables-standalone.c ip6tables.c
ip6tables_LDFLAGS = -rdynamic
-ip6tables_LDADD = libiptc/libiptc.la extensions/libext6.a libxtables.la -lm
+ip6tables_LDADD = libiptc/libip6tc.la extensions/libext6.a libxtables.la -lm
ip6tables_multi_SOURCES = ip6tables-multi.c ip6tables-save.c \
ip6tables-restore.c ip6tables-standalone.c \
@@ -74,7 +79,7 @@ ip6tables_save_LDADD = ${ip6tables_LDADD}
# iptables-multi, semi-static
ip6tables_static_SOURCES = ${ip6tables_multi_SOURCES} xtables.c
ip6tables_static_CFLAGS = ${ip6tables_multi_CFLAGS} -DNO_SHARED_LIBS=1
-ip6tables_static_LDADD = libiptc/libiptc.la extensions/libext6.a -lm
+ip6tables_static_LDADD = libiptc/libip6tc.la extensions/libext6.a -lm
bin_PROGRAMS = iptables-xml
sbin_PROGRAMS =
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PATCH 03/10] extensions: collapse registration structures
2009-06-26 19:19 (unknown), Jan Engelhardt
2009-06-26 19:19 ` [PATCH 01/10] iptables: accept multiple IP address specifications for -s, -d Jan Engelhardt
2009-06-26 19:19 ` [PATCH 02/10] libiptc: split v4 and v6 Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 04/10] iptables: allow for parse-less extensions Jan Engelhardt
` (7 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
There are no different code paths between IPV4 and IPV6, so
data can be consolidated here.
text data bss dec hex filename
243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586]
243613 9428 2576 255617 3e681 ip6tables-static[after.i586]
-144 -2784
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_CONNMARK.c | 38 ++------------------------------------
extensions/libxt_CONNSECMARK.c | 18 +-----------------
extensions/libxt_DSCP.c | 17 +----------------
extensions/libxt_MARK.c | 18 +-----------------
extensions/libxt_NFLOG.c | 17 +----------------
extensions/libxt_NFQUEUE.c | 16 +---------------
extensions/libxt_NOTRACK.c | 13 +------------
extensions/libxt_TCPOPTSTRIP.c | 18 +-----------------
extensions/libxt_TOS.c | 18 +-----------------
| 17 +----------------
extensions/libxt_connbytes.c | 17 +----------------
extensions/libxt_connmark.c | 36 ++----------------------------------
extensions/libxt_dccp.c | 17 +----------------
extensions/libxt_dscp.c | 17 +----------------
extensions/libxt_esp.c | 17 +----------------
extensions/libxt_hashlimit.c | 19 +------------------
extensions/libxt_helper.c | 16 +---------------
extensions/libxt_mac.c | 17 +----------------
extensions/libxt_owner.c | 18 +-----------------
extensions/libxt_physdev.c | 17 +----------------
extensions/libxt_recent.c | 19 +------------------
extensions/libxt_sctp.c | 17 +----------------
extensions/libxt_state.c | 17 +----------------
extensions/libxt_tcp.c | 17 +----------------
extensions/libxt_tcpmss.c | 17 +----------------
extensions/libxt_tos.c | 18 +-----------------
extensions/libxt_udp.c | 17 +----------------
27 files changed, 29 insertions(+), 474 deletions(-)
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 6e42898..5e9c374 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -399,23 +399,7 @@ connmark_tg_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target connmark_target = {
- .family = NFPROTO_IPV4,
- .name = "CONNMARK",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
- .help = CONNMARK_help,
- .init = CONNMARK_init,
- .parse = CONNMARK_parse,
- .final_check = connmark_tg_check,
- .print = CONNMARK_print,
- .save = CONNMARK_save,
- .extra_opts = CONNMARK_opts,
-};
-
-static struct xtables_target connmark_target6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "CONNMARK",
.revision = 0,
.version = XTABLES_VERSION,
@@ -434,23 +418,7 @@ static struct xtables_target connmark_tg_reg = {
.version = XTABLES_VERSION,
.name = "CONNMARK",
.revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
- .help = connmark_tg_help,
- .init = connmark_tg_init,
- .parse = connmark_tg_parse,
- .final_check = connmark_tg_check,
- .print = connmark_tg_print,
- .save = connmark_tg_save,
- .extra_opts = connmark_tg_opts,
-};
-
-static struct xtables_target connmark_tg6_reg = {
- .version = XTABLES_VERSION,
- .name = "CONNMARK",
- .revision = 1,
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
.help = connmark_tg_help,
@@ -465,7 +433,5 @@ static struct xtables_target connmark_tg6_reg = {
void _init(void)
{
xtables_register_target(&connmark_target);
- xtables_register_target(&connmark_target6);
xtables_register_target(&connmark_tg_reg);
- xtables_register_target(&connmark_tg6_reg);
}
diff --git a/extensions/libxt_CONNSECMARK.c b/extensions/libxt_CONNSECMARK.c
index 11ec01a..d95339f 100644
--- a/extensions/libxt_CONNSECMARK.c
+++ b/extensions/libxt_CONNSECMARK.c
@@ -107,22 +107,7 @@ CONNSECMARK_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target connsecmark_target = {
- .family = NFPROTO_IPV4,
- .name = "CONNSECMARK",
- .version = XTABLES_VERSION,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
- .parse = CONNSECMARK_parse,
- .help = CONNSECMARK_help,
- .final_check = CONNSECMARK_check,
- .print = CONNSECMARK_print,
- .save = CONNSECMARK_save,
- .extra_opts = CONNSECMARK_opts,
-};
-
-static struct xtables_target connsecmark_target6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "CONNSECMARK",
.version = XTABLES_VERSION,
.revision = 0,
@@ -139,5 +124,4 @@ static struct xtables_target connsecmark_target6 = {
void _init(void)
{
xtables_register_target(&connsecmark_target);
- xtables_register_target(&connsecmark_target6);
}
diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c
index ddb9c99..82ac10c 100644
--- a/extensions/libxt_DSCP.c
+++ b/extensions/libxt_DSCP.c
@@ -130,21 +130,7 @@ static void DSCP_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target dscp_target = {
- .family = NFPROTO_IPV4,
- .name = "DSCP",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_DSCP_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_DSCP_info)),
- .help = DSCP_help,
- .parse = DSCP_parse,
- .final_check = DSCP_check,
- .print = DSCP_print,
- .save = DSCP_save,
- .extra_opts = DSCP_opts,
-};
-
-static struct xtables_target dscp_target6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "DSCP",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_DSCP_info)),
@@ -160,5 +146,4 @@ static struct xtables_target dscp_target6 = {
void _init(void)
{
xtables_register_target(&dscp_target);
- xtables_register_target(&dscp_target6);
}
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index ff48a76..cab052b 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -278,7 +278,7 @@ static void mark_tg_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target mark_target_v0 = {
- .family = NFPROTO_IPV4,
+ .family = NFPROTO_UNSPEC,
.name = "MARK",
.version = XTABLES_VERSION,
.revision = 0,
@@ -307,21 +307,6 @@ static struct xtables_target mark_target_v1 = {
.extra_opts = MARK_opts,
};
-static struct xtables_target mark_target6_v0 = {
- .family = NFPROTO_IPV6,
- .name = "MARK",
- .version = XTABLES_VERSION,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct xt_mark_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
- .help = MARK_help,
- .parse = MARK_parse_v0,
- .final_check = MARK_check,
- .print = MARK_print_v0,
- .save = MARK_save_v0,
- .extra_opts = MARK_opts,
-};
-
static struct xtables_target mark_tg_reg_v2 = {
.version = XTABLES_VERSION,
.name = "MARK",
@@ -341,6 +326,5 @@ void _init(void)
{
xtables_register_target(&mark_target_v0);
xtables_register_target(&mark_target_v1);
- xtables_register_target(&mark_target6_v0);
xtables_register_target(&mark_tg_reg_v2);
}
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 007c7b4..0768e88 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -139,21 +139,7 @@ static void NFLOG_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target nflog_target = {
- .family = NFPROTO_IPV4,
- .name = "NFLOG",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_nflog_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_nflog_info)),
- .help = NFLOG_help,
- .init = NFLOG_init,
- .parse = NFLOG_parse,
- .print = NFLOG_print,
- .save = NFLOG_save,
- .extra_opts = NFLOG_opts,
-};
-
-static struct xtables_target nflog_target6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "NFLOG",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_nflog_info)),
@@ -169,5 +155,4 @@ static struct xtables_target nflog_target6 = {
void _init(void)
{
xtables_register_target(&nflog_target);
- xtables_register_target(&nflog_target6);
}
diff --git a/extensions/libxt_NFQUEUE.c b/extensions/libxt_NFQUEUE.c
index 3ca2239..53ecf1c 100644
--- a/extensions/libxt_NFQUEUE.c
+++ b/extensions/libxt_NFQUEUE.c
@@ -78,7 +78,7 @@ static void NFQUEUE_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target nfqueue_target = {
- .family = NFPROTO_IPV4,
+ .family = NFPROTO_UNSPEC,
.name = "NFQUEUE",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_NFQ_info)),
@@ -90,21 +90,7 @@ static struct xtables_target nfqueue_target = {
.extra_opts = NFQUEUE_opts
};
-static struct xtables_target nfqueue_target6 = {
- .family = NFPROTO_IPV6,
- .name = "NFQUEUE",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_NFQ_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info)),
- .help = NFQUEUE_help,
- .parse = NFQUEUE_parse,
- .print = NFQUEUE_print,
- .save = NFQUEUE_save,
- .extra_opts = NFQUEUE_opts,
-};
-
void _init(void)
{
xtables_register_target(&nfqueue_target);
- xtables_register_target(&nfqueue_target6);
}
diff --git a/extensions/libxt_NOTRACK.c b/extensions/libxt_NOTRACK.c
index ef26654..d997d84 100644
--- a/extensions/libxt_NOTRACK.c
+++ b/extensions/libxt_NOTRACK.c
@@ -20,17 +20,7 @@ NOTRACK_parse(int c, char **argv, int invert, unsigned int *flags,
}
static struct xtables_target notrack_target = {
- .family = NFPROTO_IPV4,
- .name = "NOTRACK",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(0),
- .userspacesize = XT_ALIGN(0),
- .help = NOTRACK_help,
- .parse = NOTRACK_parse,
-};
-
-static struct xtables_target notrack_target6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "NOTRACK",
.version = XTABLES_VERSION,
.size = XT_ALIGN(0),
@@ -42,5 +32,4 @@ static struct xtables_target notrack_target6 = {
void _init(void)
{
xtables_register_target(¬rack_target);
- xtables_register_target(¬rack_target6);
}
diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c
index cf946fc..a063d0d 100644
--- a/extensions/libxt_TCPOPTSTRIP.c
+++ b/extensions/libxt_TCPOPTSTRIP.c
@@ -180,22 +180,7 @@ tcpoptstrip_tg_save(const void *ip, const struct xt_entry_target *target)
static struct xtables_target tcpoptstrip_tg_reg = {
.version = XTABLES_VERSION,
.name = "TCPOPTSTRIP",
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
- .help = tcpoptstrip_tg_help,
- .init = tcpoptstrip_tg_init,
- .parse = tcpoptstrip_tg_parse,
- .final_check = tcpoptstrip_tg_check,
- .print = tcpoptstrip_tg_print,
- .save = tcpoptstrip_tg_save,
- .extra_opts = tcpoptstrip_tg_opts,
-};
-
-static struct xtables_target tcpoptstrip_tg6_reg = {
- .version = XTABLES_VERSION,
- .name = "TCPOPTSTRIP",
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
.help = tcpoptstrip_tg_help,
@@ -210,5 +195,4 @@ static struct xtables_target tcpoptstrip_tg6_reg = {
void _init(void)
{
xtables_register_target(&tcpoptstrip_tg_reg);
- xtables_register_target(&tcpoptstrip_tg6_reg);
}
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index c08f53b..e6382e1 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -224,22 +224,7 @@ static struct xtables_target tos_tg_reg = {
.version = XTABLES_VERSION,
.name = "TOS",
.revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .help = tos_tg_help,
- .parse = tos_tg_parse,
- .final_check = tos_tg_check,
- .print = tos_tg_print,
- .save = tos_tg_save,
- .extra_opts = tos_tg_opts,
-};
-
-static struct xtables_target tos_tg6_reg = {
- .version = XTABLES_VERSION,
- .name = "TOS",
- .family = NFPROTO_IPV6,
- .revision = 1,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.help = tos_tg_help,
@@ -254,5 +239,4 @@ void _init(void)
{
xtables_register_target(&tos_tg_reg_v0);
xtables_register_target(&tos_tg_reg);
- xtables_register_target(&tos_tg6_reg);
}
--git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
index 5f393bb..2e665b1 100644
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -89,21 +89,7 @@ comment_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match comment_match = {
- .family = NFPROTO_IPV4,
- .name = "comment",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_comment_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_comment_info)),
- .help = comment_help,
- .parse = comment_parse,
- .final_check = comment_check,
- .print = comment_print,
- .save = comment_save,
- .extra_opts = comment_opts,
-};
-
-static struct xtables_match comment_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "comment",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_comment_info)),
@@ -119,5 +105,4 @@ static struct xtables_match comment_match6 = {
void _init(void)
{
xtables_register_match(&comment_match);
- xtables_register_match(&comment_match6);
}
diff --git a/extensions/libxt_connbytes.c b/extensions/libxt_connbytes.c
index c7bdff0..d6c3b1b 100644
--- a/extensions/libxt_connbytes.c
+++ b/extensions/libxt_connbytes.c
@@ -180,21 +180,7 @@ static void connbytes_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match connbytes_match = {
- .family = NFPROTO_IPV4,
- .name = "connbytes",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connbytes_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connbytes_info)),
- .help = connbytes_help,
- .parse = connbytes_parse,
- .final_check = connbytes_check,
- .print = connbytes_print,
- .save = connbytes_save,
- .extra_opts = connbytes_opts,
-};
-
-static struct xtables_match connbytes_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "connbytes",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connbytes_info)),
@@ -210,5 +196,4 @@ static struct xtables_match connbytes_match6 = {
void _init(void)
{
xtables_register_match(&connbytes_match);
- xtables_register_match(&connbytes_match6);
}
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c
index ce2002c..db7c3a1 100644
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -164,22 +164,7 @@ connmark_mt_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match connmark_mt_reg_v0 = {
- .family = NFPROTO_IPV4,
- .name = "connmark",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connmark_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
- .help = connmark_mt_help,
- .parse = connmark_parse,
- .final_check = connmark_mt_check,
- .print = connmark_print,
- .save = connmark_save,
- .extra_opts = connmark_mt_opts,
-};
-
-static struct xtables_match connmark_mt6_reg_v0 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "connmark",
.revision = 0,
.version = XTABLES_VERSION,
@@ -197,22 +182,7 @@ static struct xtables_match connmark_mt_reg = {
.version = XTABLES_VERSION,
.name = "connmark",
.revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
- .help = connmark_mt_help,
- .parse = connmark_mt_parse,
- .final_check = connmark_mt_check,
- .print = connmark_mt_print,
- .save = connmark_mt_save,
- .extra_opts = connmark_mt_opts,
-};
-
-static struct xtables_match connmark_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "connmark",
- .revision = 1,
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
.help = connmark_mt_help,
@@ -226,7 +196,5 @@ static struct xtables_match connmark_mt6_reg = {
void _init(void)
{
xtables_register_match(&connmark_mt_reg_v0);
- xtables_register_match(&connmark_mt6_reg_v0);
xtables_register_match(&connmark_mt_reg);
- xtables_register_match(&connmark_mt6_reg);
}
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index 7321145..ae23225 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -336,21 +336,7 @@ static void dccp_save(const void *ip, const struct xt_entry_match *match)
static struct xtables_match dccp_match = {
.name = "dccp",
- .family = NFPROTO_IPV4,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_dccp_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_dccp_info)),
- .help = dccp_help,
- .init = dccp_init,
- .parse = dccp_parse,
- .print = dccp_print,
- .save = dccp_save,
- .extra_opts = dccp_opts,
-};
-
-static struct xtables_match dccp_match6 = {
- .name = "dccp",
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_dccp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_dccp_info)),
@@ -365,5 +351,4 @@ static struct xtables_match dccp_match6 = {
void _init(void)
{
xtables_register_match(&dccp_match);
- xtables_register_match(&dccp_match6);
}
diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c
index 62fa6af..306643e 100644
--- a/extensions/libxt_dscp.c
+++ b/extensions/libxt_dscp.c
@@ -131,21 +131,7 @@ static void dscp_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match dscp_match = {
- .family = NFPROTO_IPV4,
- .name = "dscp",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_dscp_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_dscp_info)),
- .help = dscp_help,
- .parse = dscp_parse,
- .final_check = dscp_check,
- .print = dscp_print,
- .save = dscp_save,
- .extra_opts = dscp_opts,
-};
-
-static struct xtables_match dscp_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "dscp",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_dscp_info)),
@@ -161,5 +147,4 @@ static struct xtables_match dscp_match6 = {
void _init(void)
{
xtables_register_match(&dscp_match);
- xtables_register_match(&dscp_match6);
}
diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c
index 5769edb..89c3fb4 100644
--- a/extensions/libxt_esp.c
+++ b/extensions/libxt_esp.c
@@ -149,21 +149,7 @@ static void esp_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match esp_match = {
- .family = NFPROTO_IPV4,
- .name = "esp",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_esp)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_esp)),
- .help = esp_help,
- .init = esp_init,
- .parse = esp_parse,
- .print = esp_print,
- .save = esp_save,
- .extra_opts = esp_opts,
-};
-
-static struct xtables_match esp_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "esp",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_esp)),
@@ -180,5 +166,4 @@ void
_init(void)
{
xtables_register_match(&esp_match);
- xtables_register_match(&esp_match6);
}
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 84dd786..9d8c86a 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -660,23 +660,7 @@ hashlimit_mt6_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match hashlimit_match = {
- .family = NFPROTO_IPV4,
- .name = "hashlimit",
- .version = XTABLES_VERSION,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct xt_hashlimit_info)),
- .userspacesize = offsetof(struct xt_hashlimit_info, hinfo),
- .help = hashlimit_help,
- .init = hashlimit_init,
- .parse = hashlimit_parse,
- .final_check = hashlimit_check,
- .print = hashlimit_print,
- .save = hashlimit_save,
- .extra_opts = hashlimit_opts,
-};
-
-static struct xtables_match hashlimit_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "hashlimit",
.version = XTABLES_VERSION,
.revision = 0,
@@ -726,7 +710,6 @@ static struct xtables_match hashlimit_mt6_reg = {
void _init(void)
{
xtables_register_match(&hashlimit_match);
- xtables_register_match(&hashlimit_match6);
xtables_register_match(&hashlimit_mt_reg);
xtables_register_match(&hashlimit_mt6_reg);
}
diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c
index 7b56bef..22c3113 100644
--- a/extensions/libxt_helper.c
+++ b/extensions/libxt_helper.c
@@ -69,20 +69,7 @@ static void helper_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match helper_match = {
- .family = NFPROTO_IPV4,
- .name = "helper",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_helper_info)),
- .help = helper_help,
- .parse = helper_parse,
- .final_check = helper_check,
- .print = helper_print,
- .save = helper_save,
- .extra_opts = helper_opts,
-};
-
-static struct xtables_match helper_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "helper",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_helper_info)),
@@ -97,5 +84,4 @@ static struct xtables_match helper_match6 = {
void _init(void)
{
xtables_register_match(&helper_match);
- xtables_register_match(&helper_match6);
}
diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c
index a57e341..449fff9 100644
--- a/extensions/libxt_mac.c
+++ b/extensions/libxt_mac.c
@@ -112,21 +112,7 @@ static void mac_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match mac_match = {
- .family = NFPROTO_IPV4,
- .name = "mac",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_mac_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mac_info)),
- .help = mac_help,
- .parse = mac_parse,
- .final_check = mac_check,
- .print = mac_print,
- .save = mac_save,
- .extra_opts = mac_opts,
-};
-
-static struct xtables_match mac_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "mac",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_mac_info)),
@@ -142,5 +128,4 @@ static struct xtables_match mac_match6 = {
void _init(void)
{
xtables_register_match(&mac_match);
- xtables_register_match(&mac_match6);
}
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index d27b3ae..f1d6b4a 100644
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -567,22 +567,7 @@ static struct xtables_match owner_mt_reg = {
.version = XTABLES_VERSION,
.name = "owner",
.revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_owner_match_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)),
- .help = owner_mt_help,
- .parse = owner_mt_parse,
- .final_check = owner_mt_check,
- .print = owner_mt_print,
- .save = owner_mt_save,
- .extra_opts = owner_mt_opts,
-};
-
-static struct xtables_match owner_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "owner",
- .revision = 1,
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_owner_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)),
.help = owner_mt_help,
@@ -598,5 +583,4 @@ void _init(void)
xtables_register_match(&owner_mt_reg_v0);
xtables_register_match(&owner_mt6_reg_v0);
xtables_register_match(&owner_mt_reg);
- xtables_register_match(&owner_mt6_reg);
}
diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c
index 5522a32..74d311d 100644
--- a/extensions/libxt_physdev.c
+++ b/extensions/libxt_physdev.c
@@ -161,21 +161,7 @@ static void physdev_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match physdev_match = {
- .family = NFPROTO_IPV4,
- .name = "physdev",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_physdev_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_physdev_info)),
- .help = physdev_help,
- .parse = physdev_parse,
- .final_check = physdev_check,
- .print = physdev_print,
- .save = physdev_save,
- .extra_opts = physdev_opts,
-};
-
-static struct xtables_match physdev_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "physdev",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_physdev_info)),
@@ -191,5 +177,4 @@ static struct xtables_match physdev_match6 = {
void _init(void)
{
xtables_register_match(&physdev_match);
- xtables_register_match(&physdev_match6);
}
diff --git a/extensions/libxt_recent.c b/extensions/libxt_recent.c
index 47c35ff..d503685 100644
--- a/extensions/libxt_recent.c
+++ b/extensions/libxt_recent.c
@@ -215,7 +215,7 @@ static void recent_save(const void *ip, const struct xt_entry_match *match)
static struct xtables_match recent_mt_reg = {
.name = "recent",
.version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
.userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
.help = recent_help,
@@ -227,24 +227,7 @@ static struct xtables_match recent_mt_reg = {
.extra_opts = recent_opts,
};
-static struct xtables_match recent_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "recent",
- .revision = 0,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
- .help = recent_help,
- .init = recent_init,
- .parse = recent_parse,
- .final_check = recent_check,
- .print = recent_print,
- .save = recent_save,
- .extra_opts = recent_opts,
-};
-
void _init(void)
{
xtables_register_match(&recent_mt_reg);
- xtables_register_match(&recent_mt6_reg);
}
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index 829eade..dfa72d3 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -496,21 +496,7 @@ static void sctp_save(const void *ip, const struct xt_entry_match *match)
static struct xtables_match sctp_match = {
.name = "sctp",
- .family = NFPROTO_IPV4,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_sctp_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_sctp_info)),
- .help = sctp_help,
- .init = sctp_init,
- .parse = sctp_parse,
- .print = sctp_print,
- .save = sctp_save,
- .extra_opts = sctp_opts,
-};
-
-static struct xtables_match sctp_match6 = {
- .name = "sctp",
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_sctp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_sctp_info)),
@@ -525,5 +511,4 @@ static struct xtables_match sctp_match6 = {
void _init(void)
{
xtables_register_match(&sctp_match);
- xtables_register_match(&sctp_match6);
}
diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c
index 7387e26..c8a7454 100644
--- a/extensions/libxt_state.c
+++ b/extensions/libxt_state.c
@@ -139,21 +139,7 @@ static void state_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match state_match = {
- .family = NFPROTO_IPV4,
- .name = "state",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_state_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_state_info)),
- .help = state_help,
- .parse = state_parse,
- .final_check = state_final_check,
- .print = state_print,
- .save = state_save,
- .extra_opts = state_opts,
-};
-
-static struct xtables_match state_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "state",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_state_info)),
@@ -169,5 +155,4 @@ static struct xtables_match state_match6 = {
void _init(void)
{
xtables_register_match(&state_match);
- xtables_register_match(&state_match6);
}
diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c
index 5ea9ebd..7abecc1 100644
--- a/extensions/libxt_tcp.c
+++ b/extensions/libxt_tcp.c
@@ -375,21 +375,7 @@ static void tcp_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match tcp_match = {
- .family = NFPROTO_IPV4,
- .name = "tcp",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_tcp)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tcp)),
- .help = tcp_help,
- .init = tcp_init,
- .parse = tcp_parse,
- .print = tcp_print,
- .save = tcp_save,
- .extra_opts = tcp_opts,
-};
-
-static struct xtables_match tcp_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "tcp",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_tcp)),
@@ -406,5 +392,4 @@ void
_init(void)
{
xtables_register_match(&tcp_match);
- xtables_register_match(&tcp_match6);
}
diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c
index 46529f9..36785a3 100644
--- a/extensions/libxt_tcpmss.c
+++ b/extensions/libxt_tcpmss.c
@@ -109,21 +109,7 @@ static void tcpmss_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match tcpmss_match = {
- .family = NFPROTO_IPV4,
- .name = "tcpmss",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
- .help = tcpmss_help,
- .parse = tcpmss_parse,
- .final_check = tcpmss_check,
- .print = tcpmss_print,
- .save = tcpmss_save,
- .extra_opts = tcpmss_opts,
-};
-
-static struct xtables_match tcpmss_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "tcpmss",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
@@ -139,5 +125,4 @@ static struct xtables_match tcpmss_match6 = {
void _init(void)
{
xtables_register_match(&tcpmss_match);
- xtables_register_match(&tcpmss_match6);
}
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index b810ea6..1f7b2cd 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -155,22 +155,7 @@ static struct xtables_match tos_mt_reg_v0 = {
static struct xtables_match tos_mt_reg = {
.version = XTABLES_VERSION,
.name = "tos",
- .family = NFPROTO_IPV4,
- .revision = 1,
- .size = XT_ALIGN(sizeof(struct xt_tos_match_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tos_match_info)),
- .help = tos_mt_help,
- .parse = tos_mt_parse,
- .final_check = tos_mt_check,
- .print = tos_mt_print,
- .save = tos_mt_save,
- .extra_opts = tos_mt_opts,
-};
-
-static struct xtables_match tos_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "tos",
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.revision = 1,
.size = XT_ALIGN(sizeof(struct xt_tos_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tos_match_info)),
@@ -186,5 +171,4 @@ void _init(void)
{
xtables_register_match(&tos_mt_reg_v0);
xtables_register_match(&tos_mt_reg);
- xtables_register_match(&tos_mt6_reg);
}
diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
index 4b4e84f..bf0b34f 100644
--- a/extensions/libxt_udp.c
+++ b/extensions/libxt_udp.c
@@ -191,21 +191,7 @@ static void udp_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match udp_match = {
- .family = NFPROTO_IPV4,
- .name = "udp",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_udp)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_udp)),
- .help = udp_help,
- .init = udp_init,
- .parse = udp_parse,
- .print = udp_print,
- .save = udp_save,
- .extra_opts = udp_opts,
-};
-
-static struct xtables_match udp_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "udp",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_udp)),
@@ -222,5 +208,4 @@ void
_init(void)
{
xtables_register_match(&udp_match);
- xtables_register_match(&udp_match6);
}
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PATCH 04/10] iptables: allow for parse-less extensions
2009-06-26 19:19 (unknown), Jan Engelhardt
` (2 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 03/10] extensions: collapse registration structures Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 05/10] iptables: allow for help-less extensions Jan Engelhardt
` (6 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
This means we can do some code removal in extensions.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables.c | 9 +++++----
iptables.c | 9 +++++----
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/ip6tables.c b/ip6tables.c
index 31c4b45..71ff46f 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1699,13 +1699,14 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
exit_tryhelp(2);
default:
- if (!target
- || !(target->parse(c - target->option_offset,
+ if (target == NULL || target->parse == NULL ||
+ !target->parse(c - target->option_offset,
argv, invert,
&target->tflags,
- &fw, &target->t))) {
+ &fw, &target->t)) {
for (matchp = matches; matchp; matchp = matchp->next) {
- if (matchp->completed)
+ if (matchp->completed ||
+ matchp->match->parse == NULL)
continue;
if (matchp->match->parse(c - matchp->match->option_offset,
argv, invert,
diff --git a/iptables.c b/iptables.c
index 7c075da..cc17576 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1727,13 +1727,14 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
exit_tryhelp(2);
default:
- if (!target
- || !(target->parse(c - target->option_offset,
+ if (target == NULL || target->parse == NULL ||
+ !target->parse(c - target->option_offset,
argv, invert,
&target->tflags,
- &fw, &target->t))) {
+ &fw, &target->t)) {
for (matchp = matches; matchp; matchp = matchp->next) {
- if (matchp->completed)
+ if (matchp->completed ||
+ matchp->match->parse == NULL)
continue;
if (matchp->match->parse(c - matchp->match->option_offset,
argv, invert,
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PATCH 05/10] iptables: allow for help-less extensions
2009-06-26 19:19 (unknown), Jan Engelhardt
` (3 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 04/10] iptables: allow for parse-less extensions Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 06/10] extensions: remove empty help and parse functions Jan Engelhardt
` (5 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
This is for extensions that do not take any options, and which
subsequently do not offer any help text either.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
Makefile.am | 16 ++++++++--------
ip6tables.c | 18 ++----------------
iptables.c | 18 ++----------------
xshared.c | 31 +++++++++++++++++++++++++++++++
xshared.h | 10 ++++++++++
5 files changed, 53 insertions(+), 40 deletions(-)
create mode 100644 xshared.c
create mode 100644 xshared.h
diff --git a/Makefile.am b/Makefile.am
index 445717e..a9e3ad3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -29,23 +29,23 @@ libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage
libxtables_la_LIBADD = -ldl
# iptables, dynamic
-iptables_SOURCES = iptables-standalone.c iptables.c
+iptables_SOURCES = iptables-standalone.c iptables.c xshared.c
iptables_LDFLAGS = -rdynamic
iptables_LDADD = libiptc/libip4tc.la extensions/libext4.a libxtables.la -lm
iptables_xml_LDADD = libxtables.la
iptables_multi_SOURCES = iptables-multi.c iptables-save.c \
iptables-restore.c iptables-xml.c \
- iptables-standalone.c iptables.c
+ iptables-standalone.c iptables.c xshared.c
iptables_multi_CFLAGS = ${AM_CFLAGS} -DIPTABLES_MULTI
iptables_multi_LDFLAGS = ${iptables_LDFLAGS}
iptables_multi_LDADD = ${iptables_LDADD}
-iptables_restore_SOURCES = iptables-restore.c iptables.c
+iptables_restore_SOURCES = iptables-restore.c iptables.c xshared.c
iptables_restore_LDFLAGS = ${iptables_LDFLAGS}
iptables_restore_LDADD = ${iptables_LDADD}
-iptables_save_SOURCES = iptables-save.c iptables.c
+iptables_save_SOURCES = iptables-save.c iptables.c xshared.c
iptables_save_LDFLAGS = ${iptables_LDFLAGS}
iptables_save_LDADD = ${iptables_LDADD}
@@ -57,22 +57,22 @@ iptables_static_LDADD = libiptc/libip4tc.la extensions/libext4.a -lm
iptables_xml_SOURCES = iptables-xml.c
# ip6tables, dynamic
-ip6tables_SOURCES = ip6tables-standalone.c ip6tables.c
+ip6tables_SOURCES = ip6tables-standalone.c ip6tables.c xshared.c
ip6tables_LDFLAGS = -rdynamic
ip6tables_LDADD = libiptc/libip6tc.la extensions/libext6.a libxtables.la -lm
ip6tables_multi_SOURCES = ip6tables-multi.c ip6tables-save.c \
ip6tables-restore.c ip6tables-standalone.c \
- ip6tables.c
+ ip6tables.c xshared.c
ip6tables_multi_CFLAGS = ${AM_CFLAGS} -DIPTABLES_MULTI
ip6tables_multi_LDFLAGS = ${ip6tables_LDFLAGS}
ip6tables_multi_LDADD = ${ip6tables_LDADD}
-ip6tables_restore_SOURCES = ip6tables-restore.c ip6tables.c
+ip6tables_restore_SOURCES = ip6tables-restore.c ip6tables.c xshared.c
ip6tables_restore_LDFLAGS = ${ip6tables_LDFLAGS}
ip6tables_restore_LDADD = ${ip6tables_LDADD}
-ip6tables_save_SOURCES = ip6tables-save.c ip6tables.c
+ip6tables_save_SOURCES = ip6tables-save.c ip6tables.c xshared.c
ip6tables_save_LDFLAGS = ${ip6tables_LDFLAGS}
ip6tables_save_LDADD = ${ip6tables_LDADD}
diff --git a/ip6tables.c b/ip6tables.c
index 71ff46f..f974fb1 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -43,6 +43,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include "ip6tables-multi.h"
+#include "xshared.h"
#ifndef TRUE
#define TRUE 1
@@ -235,9 +236,6 @@ exit_tryhelp(int status)
static void
exit_printhelp(struct xtables_rule_match *matches)
{
- struct xtables_rule_match *matchp = NULL;
- struct xtables_target *t = NULL;
-
printf("%s v%s\n\n"
"Usage: %s -[AD] chain rule-specification [options]\n"
" %s -I chain [rulenum] rule-specification [options]\n"
@@ -307,19 +305,7 @@ exit_printhelp(struct xtables_rule_match *matches)
" --set-counters PKTS BYTES set the counter during insert/append\n"
"[!] --version -V print package version.\n");
- /* Print out any special helps. A user might like to be able to add a --help
- to the commandline, and see expected results. So we call help for all
- specified matches & targets */
- for (t = xtables_targets; t; t = t->next) {
- if (t->used) {
- printf("\n");
- t->help();
- }
- }
- for (matchp = matches; matchp; matchp = matchp->next) {
- printf("\n");
- matchp->match->help();
- }
+ print_extension_helps(xtables_targets, matches);
exit(0);
}
diff --git a/iptables.c b/iptables.c
index cc17576..a229c35 100644
--- a/iptables.c
+++ b/iptables.c
@@ -40,6 +40,7 @@
#include <xtables.h>
#include <fcntl.h>
#include <sys/utsname.h>
+#include "xshared.h"
#ifndef TRUE
#define TRUE 1
@@ -248,9 +249,6 @@ exit_tryhelp(int status)
static void
exit_printhelp(struct xtables_rule_match *matches)
{
- struct xtables_rule_match *matchp = NULL;
- struct xtables_target *t = NULL;
-
printf("%s v%s\n\n"
"Usage: %s -[AD] chain rule-specification [options]\n"
" %s -I chain [rulenum] rule-specification [options]\n"
@@ -320,19 +318,7 @@ exit_printhelp(struct xtables_rule_match *matches)
" --set-counters PKTS BYTES set the counter during insert/append\n"
"[!] --version -V print package version.\n");
- /* Print out any special helps. A user might like to be able
- to add a --help to the commandline, and see expected
- results. So we call help for all specified matches & targets */
- for (t = xtables_targets; t ;t = t->next) {
- if (t->used) {
- printf("\n");
- t->help();
- }
- }
- for (matchp = matches; matchp; matchp = matchp->next) {
- printf("\n");
- matchp->match->help();
- }
+ print_extension_helps(xtables_targets, matches);
exit(0);
}
diff --git a/xshared.c b/xshared.c
new file mode 100644
index 0000000..21b5b2c
--- /dev/null
+++ b/xshared.c
@@ -0,0 +1,31 @@
+#include <stdio.h>
+#include <xtables.h>
+#include "xshared.h"
+
+/*
+ * Print out any special helps. A user might like to be able to add a --help
+ * to the commandline, and see expected results. So we call help for all
+ * specified matches and targets.
+ */
+void print_extension_helps(const struct xtables_target *t,
+ const struct xtables_rule_match *m)
+{
+ for (; t != NULL; t = t->next) {
+ if (t->used) {
+ printf("\n");
+ if (t->help == NULL)
+ printf("%s does not take any options\n",
+ t->name);
+ else
+ t->help();
+ }
+ }
+ for (; m != NULL; m = m->next) {
+ printf("\n");
+ if (m->match->help == NULL)
+ printf("%s does not take any options\n",
+ m->match->name);
+ else
+ m->match->help();
+ }
+}
diff --git a/xshared.h b/xshared.h
new file mode 100644
index 0000000..c53b618
--- /dev/null
+++ b/xshared.h
@@ -0,0 +1,10 @@
+#ifndef IPTABLES_XSHARED_H
+#define IPTABLES_XSHARED_H 1
+
+struct xtables_rule_match;
+struct xtables_target;
+
+extern void print_extension_helps(const struct xtables_target *,
+ const struct xtables_rule_match *);
+
+#endif /* IPTABLES_XSHARED_H */
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PATCH 06/10] extensions: remove empty help and parse functions
2009-06-26 19:19 (unknown), Jan Engelhardt
` (4 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 05/10] iptables: allow for help-less extensions Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 07/10] xtables: add multi-registration functions Jan Engelhardt
` (4 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libip6t_eui64.c | 26 --------------------------
extensions/libipt_MIRROR.c | 20 --------------------
extensions/libipt_unclean.c | 16 ----------------
extensions/libxt_NOTRACK.c | 20 --------------------
extensions/libxt_TRACE.c | 13 -------------
extensions/libxt_socket.c | 20 --------------------
extensions/libxt_standard.c | 12 ------------
7 files changed, 0 insertions(+), 127 deletions(-)
diff --git a/extensions/libip6t_eui64.c b/extensions/libip6t_eui64.c
index c92c868..607bf86 100644
--- a/extensions/libip6t_eui64.c
+++ b/extensions/libip6t_eui64.c
@@ -1,38 +1,12 @@
/* Shared library add-on to ip6tables to add EUI64 address checking support. */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#if defined(__GLIBC__) && __GLIBC__ == 2
-#include <net/ethernet.h>
-#else
-#include <linux/if_ether.h>
-#endif
#include <xtables.h>
-static void eui64_help(void)
-{
- printf(
-"eui64 match options:\n"
-" This module hasn't got any option\n"
-" This module checks for EUI64 IPv6 addresses\n");
-}
-
-static int eui64_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- return 0;
-}
-
static struct xtables_match eui64_mt6_reg = {
.name = "eui64",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV6,
.size = XT_ALIGN(sizeof(int)),
.userspacesize = XT_ALIGN(sizeof(int)),
- .help = eui64_help,
- .parse = eui64_parse,
};
void _init(void)
diff --git a/extensions/libipt_MIRROR.c b/extensions/libipt_MIRROR.c
index 81964dd..fb78751 100644
--- a/extensions/libipt_MIRROR.c
+++ b/extensions/libipt_MIRROR.c
@@ -1,32 +1,12 @@
/* Shared library add-on to iptables to add MIRROR target support. */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
-static void MIRROR_help(void)
-{
- printf("MIRROR target takes no options\n");
-}
-
-static int MIRROR_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- return 0;
-}
-
static struct xtables_target mirror_tg_reg = {
.name = "MIRROR",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
- .help = MIRROR_help,
- .parse = MIRROR_parse,
- .print = NULL,
- .save = NULL,
};
void _init(void)
diff --git a/extensions/libipt_unclean.c b/extensions/libipt_unclean.c
index 93d9013..bc4a4a0 100644
--- a/extensions/libipt_unclean.c
+++ b/extensions/libipt_unclean.c
@@ -1,28 +1,12 @@
/* Shared library add-on to iptables for unclean. */
-#include <stdio.h>
-#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
-static void unclean_help(void)
-{
- printf("unclean match takes no options\n");
-}
-
-static int unclean_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- return 0;
-}
-
static struct xtables_match unclean_mt_reg = {
.name = "unclean",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
- .help = unclean_help,
- .parse = unclean_parse,
};
void _init(void)
diff --git a/extensions/libxt_NOTRACK.c b/extensions/libxt_NOTRACK.c
index d997d84..ca58700 100644
--- a/extensions/libxt_NOTRACK.c
+++ b/extensions/libxt_NOTRACK.c
@@ -1,23 +1,5 @@
/* Shared library add-on to iptables to add NOTRACK target support. */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
-#include <linux/netfilter/x_tables.h>
-
-static void NOTRACK_help(void)
-{
- printf("NOTRACK target takes no options\n");
-}
-
-static int
-NOTRACK_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- return 0;
-}
static struct xtables_target notrack_target = {
.family = NFPROTO_UNSPEC,
@@ -25,8 +7,6 @@ static struct xtables_target notrack_target = {
.version = XTABLES_VERSION,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
- .help = NOTRACK_help,
- .parse = NOTRACK_parse,
};
void _init(void)
diff --git a/extensions/libxt_TRACE.c b/extensions/libxt_TRACE.c
index 344b80d..0282e6f 100644
--- a/extensions/libxt_TRACE.c
+++ b/extensions/libxt_TRACE.c
@@ -7,25 +7,12 @@
#include <xtables.h>
#include <linux/netfilter/x_tables.h>
-static void TRACE_help(void)
-{
- printf("TRACE target takes no options\n");
-}
-
-static int TRACE_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- return 0;
-}
-
static struct xtables_target trace_target = {
.family = NFPROTO_UNSPEC,
.name = "TRACE",
.version = XTABLES_VERSION,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
- .help = TRACE_help,
- .parse = TRACE_parse,
};
void _init(void)
diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c
index eebc7c5..1490473 100644
--- a/extensions/libxt_socket.c
+++ b/extensions/libxt_socket.c
@@ -3,34 +3,14 @@
*
* Copyright (C) 2007 BalaBit IT Ltd.
*/
-#include <stdio.h>
-#include <getopt.h>
#include <xtables.h>
-static void socket_mt_help(void)
-{
- printf("socket v%s has no options\n\n", XTABLES_VERSION);
-}
-
-static int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- return 0;
-}
-
-static void socket_mt_check(unsigned int flags)
-{
-}
-
static struct xtables_match socket_mt_reg = {
.name = "socket",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
- .parse = socket_mt_parse,
- .final_check = socket_mt_check,
- .help = socket_mt_help,
};
void _init(void)
diff --git a/extensions/libxt_standard.c b/extensions/libxt_standard.c
index 56dc2d2..c64ba29 100644
--- a/extensions/libxt_standard.c
+++ b/extensions/libxt_standard.c
@@ -1,10 +1,5 @@
/* Shared library add-on to iptables for standard target support. */
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <limits.h>
-#include <getopt.h>
#include <xtables.h>
static void standard_help(void)
@@ -14,12 +9,6 @@ static void standard_help(void)
"(If target is DROP, ACCEPT, RETURN or nothing)\n");
}
-static int standard_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- return 0;
-}
-
static struct xtables_target standard_target = {
.family = NFPROTO_UNSPEC,
.name = "standard",
@@ -27,7 +16,6 @@ static struct xtables_target standard_target = {
.size = XT_ALIGN(sizeof(int)),
.userspacesize = XT_ALIGN(sizeof(int)),
.help = standard_help,
- .parse = standard_parse,
};
void _init(void)
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PATCH 07/10] xtables: add multi-registration functions
2009-06-26 19:19 (unknown), Jan Engelhardt
` (5 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 06/10] extensions: remove empty help and parse functions Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 08/10] extensions: collapse data variables to use multi-reg calls Jan Engelhardt
` (3 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Similar to the ones that are present in the kernel.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/xtables.h.in | 2 ++
xtables.c | 14 ++++++++++++++
2 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/include/xtables.h.in b/include/xtables.h.in
index 037fae1..222e2a9 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -233,7 +233,9 @@ extern struct xtables_target *xtables_find_target(const char *name,
/* Your shared library should call one of these. */
extern void xtables_register_match(struct xtables_match *me);
+extern void xtables_register_matches(struct xtables_match *, unsigned int);
extern void xtables_register_target(struct xtables_target *me);
+extern void xtables_register_targets(struct xtables_target *, unsigned int);
extern bool xtables_strtoul(const char *, char **, unsigned long *,
unsigned long, unsigned long);
diff --git a/xtables.c b/xtables.c
index 05154dd..1ff6e82 100644
--- a/xtables.c
+++ b/xtables.c
@@ -794,6 +794,13 @@ void xtables_register_match(struct xtables_match *me)
me->mflags = 0;
}
+void xtables_register_matches(struct xtables_match *match, unsigned int n)
+{
+ do {
+ xtables_register_match(&match[--n]);
+ } while (n > 0);
+}
+
void xtables_register_target(struct xtables_target *me)
{
struct xtables_target *old;
@@ -868,6 +875,13 @@ void xtables_register_target(struct xtables_target *me)
me->tflags = 0;
}
+void xtables_register_targets(struct xtables_target *target, unsigned int n)
+{
+ do {
+ xtables_register_target(&target[--n]);
+ } while (n > 0);
+}
+
/**
* xtables_param_act - act on condition
* @status: a constant from enum xtables_exittype
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PATCH 08/10] extensions: collapse data variables to use multi-reg calls
2009-06-26 19:19 (unknown), Jan Engelhardt
` (6 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 07/10] xtables: add multi-registration functions Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 09/10] xtables: warn of missing version identifier in extensions Jan Engelhardt
` (2 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libipt_addrtype.c | 58 ++++++++++----------
extensions/libxt_CONNMARK.c | 64 +++++++++++-----------
extensions/libxt_MARK.c | 90 +++++++++++++++----------------
extensions/libxt_TOS.c | 60 ++++++++++----------
extensions/libxt_connlimit.c | 60 ++++++++++----------
extensions/libxt_connmark.c | 60 ++++++++++----------
extensions/libxt_conntrack.c | 90 +++++++++++++++----------------
extensions/libxt_hashlimit.c | 96 ++++++++++++++++-----------------
extensions/libxt_iprange.c | 90 +++++++++++++++----------------
extensions/libxt_mark.c | 60 ++++++++++----------
extensions/libxt_multiport.c | 120 ++++++++++++++++++++----------------------
extensions/libxt_owner.c | 90 +++++++++++++++----------------
extensions/libxt_policy.c | 56 ++++++++++----------
extensions/libxt_string.c | 64 +++++++++++-----------
extensions/libxt_tos.c | 60 ++++++++++----------
15 files changed, 552 insertions(+), 566 deletions(-)
diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c
index ecd51b5..cda7051 100644
--- a/extensions/libipt_addrtype.c
+++ b/extensions/libipt_addrtype.c
@@ -323,38 +323,38 @@ static const struct option addrtype_opts_v1[] = {
{ .name = NULL }
};
-static struct xtables_match addrtype_mt_reg_v0 = {
- .name = "addrtype",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
- .help = addrtype_help_v0,
- .parse = addrtype_parse_v0,
- .final_check = addrtype_check_v0,
- .print = addrtype_print_v0,
- .save = addrtype_save_v0,
- .extra_opts = addrtype_opts_v0,
-};
-
-static struct xtables_match addrtype_mt_reg_v1 = {
- .name = "addrtype",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
- .help = addrtype_help_v1,
- .parse = addrtype_parse_v1,
- .final_check = addrtype_check_v1,
- .print = addrtype_print_v1,
- .save = addrtype_save_v1,
- .extra_opts = addrtype_opts_v1,
- .revision = 1,
+static struct xtables_match addrtype_mt_reg[] = {
+ {
+ .name = "addrtype",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
+ .help = addrtype_help_v0,
+ .parse = addrtype_parse_v0,
+ .final_check = addrtype_check_v0,
+ .print = addrtype_print_v0,
+ .save = addrtype_save_v0,
+ .extra_opts = addrtype_opts_v0,
+ },
+ {
+ .name = "addrtype",
+ .revision = 1,
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
+ .help = addrtype_help_v1,
+ .parse = addrtype_parse_v1,
+ .final_check = addrtype_check_v1,
+ .print = addrtype_print_v1,
+ .save = addrtype_save_v1,
+ .extra_opts = addrtype_opts_v1,
+ },
};
void _init(void)
{
- xtables_register_match(&addrtype_mt_reg_v0);
- xtables_register_match(&addrtype_mt_reg_v1);
+ xtables_register_matches(addrtype_mt_reg, ARRAY_SIZE(addrtype_mt_reg));
}
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 5e9c374..3cf62f0 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -398,40 +398,40 @@ connmark_tg_save(const void *ip, const struct xt_entry_target *target)
}
}
-static struct xtables_target connmark_target = {
- .family = NFPROTO_UNSPEC,
- .name = "CONNMARK",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
- .help = CONNMARK_help,
- .init = CONNMARK_init,
- .parse = CONNMARK_parse,
- .final_check = connmark_tg_check,
- .print = CONNMARK_print,
- .save = CONNMARK_save,
- .extra_opts = CONNMARK_opts,
-};
-
-static struct xtables_target connmark_tg_reg = {
- .version = XTABLES_VERSION,
- .name = "CONNMARK",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
- .help = connmark_tg_help,
- .init = connmark_tg_init,
- .parse = connmark_tg_parse,
- .final_check = connmark_tg_check,
- .print = connmark_tg_print,
- .save = connmark_tg_save,
- .extra_opts = connmark_tg_opts,
+static struct xtables_target connmark_tg_reg[] = {
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "CONNMARK",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
+ .help = CONNMARK_help,
+ .init = CONNMARK_init,
+ .parse = CONNMARK_parse,
+ .final_check = connmark_tg_check,
+ .print = CONNMARK_print,
+ .save = CONNMARK_save,
+ .extra_opts = CONNMARK_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "CONNMARK",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
+ .help = connmark_tg_help,
+ .init = connmark_tg_init,
+ .parse = connmark_tg_parse,
+ .final_check = connmark_tg_check,
+ .print = connmark_tg_print,
+ .save = connmark_tg_save,
+ .extra_opts = connmark_tg_opts,
+ },
};
void _init(void)
{
- xtables_register_target(&connmark_target);
- xtables_register_target(&connmark_tg_reg);
+ xtables_register_targets(connmark_tg_reg, ARRAY_SIZE(connmark_tg_reg));
}
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index cab052b..f6a2c5c 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -277,54 +277,52 @@ static void mark_tg_save(const void *ip, const struct xt_entry_target *target)
printf("--set-xmark 0x%x/0x%x ", info->mark, info->mask);
}
-static struct xtables_target mark_target_v0 = {
- .family = NFPROTO_UNSPEC,
- .name = "MARK",
- .version = XTABLES_VERSION,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct xt_mark_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
- .help = MARK_help,
- .parse = MARK_parse_v0,
- .final_check = MARK_check,
- .print = MARK_print_v0,
- .save = MARK_save_v0,
- .extra_opts = MARK_opts,
-};
-
-static struct xtables_target mark_target_v1 = {
- .family = NFPROTO_IPV4,
- .name = "MARK",
- .version = XTABLES_VERSION,
- .revision = 1,
- .size = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
- .help = MARK_help,
- .parse = MARK_parse_v1,
- .final_check = MARK_check,
- .print = MARK_print_v1,
- .save = MARK_save_v1,
- .extra_opts = MARK_opts,
-};
-
-static struct xtables_target mark_tg_reg_v2 = {
- .version = XTABLES_VERSION,
- .name = "MARK",
- .revision = 2,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
- .help = mark_tg_help,
- .parse = mark_tg_parse,
- .final_check = mark_tg_check,
- .print = mark_tg_print,
- .save = mark_tg_save,
- .extra_opts = mark_tg_opts,
+static struct xtables_target mark_tg_reg[] = {
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "MARK",
+ .version = XTABLES_VERSION,
+ .revision = 0,
+ .size = XT_ALIGN(sizeof(struct xt_mark_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
+ .help = MARK_help,
+ .parse = MARK_parse_v0,
+ .final_check = MARK_check,
+ .print = MARK_print_v0,
+ .save = MARK_save_v0,
+ .extra_opts = MARK_opts,
+ },
+ {
+ .family = NFPROTO_IPV4,
+ .name = "MARK",
+ .version = XTABLES_VERSION,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
+ .help = MARK_help,
+ .parse = MARK_parse_v1,
+ .final_check = MARK_check,
+ .print = MARK_print_v1,
+ .save = MARK_save_v1,
+ .extra_opts = MARK_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "MARK",
+ .revision = 2,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
+ .help = mark_tg_help,
+ .parse = mark_tg_parse,
+ .final_check = mark_tg_check,
+ .print = mark_tg_print,
+ .save = mark_tg_save,
+ .extra_opts = mark_tg_opts,
+ },
};
void _init(void)
{
- xtables_register_target(&mark_target_v0);
- xtables_register_target(&mark_target_v1);
- xtables_register_target(&mark_tg_reg_v2);
+ xtables_register_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
}
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index e6382e1..bf751a4 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -205,38 +205,38 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target)
printf("--set-tos 0x%02x/0x%02x ", info->tos_value, info->tos_mask);
}
-static struct xtables_target tos_tg_reg_v0 = {
- .version = XTABLES_VERSION,
- .name = "TOS",
- .revision = 0,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .help = tos_tg_help_v0,
- .parse = tos_tg_parse_v0,
- .final_check = tos_tg_check,
- .print = tos_tg_print_v0,
- .save = tos_tg_save_v0,
- .extra_opts = tos_tg_opts_v0,
-};
-
-static struct xtables_target tos_tg_reg = {
- .version = XTABLES_VERSION,
- .name = "TOS",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .help = tos_tg_help,
- .parse = tos_tg_parse,
- .final_check = tos_tg_check,
- .print = tos_tg_print,
- .save = tos_tg_save,
- .extra_opts = tos_tg_opts,
+static struct xtables_target tos_tg_reg[] = {
+ {
+ .version = XTABLES_VERSION,
+ .name = "TOS",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
+ .help = tos_tg_help_v0,
+ .parse = tos_tg_parse_v0,
+ .final_check = tos_tg_check,
+ .print = tos_tg_print_v0,
+ .save = tos_tg_save_v0,
+ .extra_opts = tos_tg_opts_v0,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "TOS",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
+ .help = tos_tg_help,
+ .parse = tos_tg_parse,
+ .final_check = tos_tg_check,
+ .print = tos_tg_print,
+ .save = tos_tg_save,
+ .extra_opts = tos_tg_opts,
+ },
};
void _init(void)
{
- xtables_register_target(&tos_tg_reg_v0);
- xtables_register_target(&tos_tg_reg);
+ xtables_register_targets(tos_tg_reg, ARRAY_SIZE(tos_tg_reg));
}
diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c
index 403e7e6..1698561 100644
--- a/extensions/libxt_connlimit.c
+++ b/extensions/libxt_connlimit.c
@@ -179,38 +179,38 @@ static void connlimit_save6(const void *ip, const struct xt_entry_match *match)
count_bits6(info->v6_mask));
}
-static struct xtables_match connlimit_match = {
- .name = "connlimit",
- .family = NFPROTO_IPV4,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
- .userspacesize = offsetof(struct xt_connlimit_info, data),
- .help = connlimit_help,
- .init = connlimit_init,
- .parse = connlimit_parse4,
- .final_check = connlimit_check,
- .print = connlimit_print4,
- .save = connlimit_save4,
- .extra_opts = connlimit_opts,
-};
-
-static struct xtables_match connlimit_match6 = {
- .name = "connlimit",
- .family = NFPROTO_IPV6,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
- .userspacesize = offsetof(struct xt_connlimit_info, data),
- .help = connlimit_help,
- .init = connlimit_init,
- .parse = connlimit_parse6,
- .final_check = connlimit_check,
- .print = connlimit_print6,
- .save = connlimit_save6,
- .extra_opts = connlimit_opts,
+static struct xtables_match connlimit_mt_reg[] = {
+ {
+ .name = "connlimit",
+ .family = NFPROTO_IPV4,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
+ .userspacesize = offsetof(struct xt_connlimit_info, data),
+ .help = connlimit_help,
+ .init = connlimit_init,
+ .parse = connlimit_parse4,
+ .final_check = connlimit_check,
+ .print = connlimit_print4,
+ .save = connlimit_save4,
+ .extra_opts = connlimit_opts,
+ },
+ {
+ .name = "connlimit",
+ .family = NFPROTO_IPV6,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
+ .userspacesize = offsetof(struct xt_connlimit_info, data),
+ .help = connlimit_help,
+ .init = connlimit_init,
+ .parse = connlimit_parse6,
+ .final_check = connlimit_check,
+ .print = connlimit_print6,
+ .save = connlimit_save6,
+ .extra_opts = connlimit_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&connlimit_match);
- xtables_register_match(&connlimit_match6);
+ xtables_register_matches(connlimit_mt_reg, ARRAY_SIZE(connlimit_mt_reg));
}
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c
index db7c3a1..48c10b5 100644
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -163,38 +163,38 @@ connmark_mt_save(const void *ip, const struct xt_entry_match *match)
print_mark(info->mark, info->mask);
}
-static struct xtables_match connmark_mt_reg_v0 = {
- .family = NFPROTO_UNSPEC,
- .name = "connmark",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connmark_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
- .help = connmark_mt_help,
- .parse = connmark_parse,
- .final_check = connmark_mt_check,
- .print = connmark_print,
- .save = connmark_save,
- .extra_opts = connmark_mt_opts,
-};
-
-static struct xtables_match connmark_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "connmark",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
- .help = connmark_mt_help,
- .parse = connmark_mt_parse,
- .final_check = connmark_mt_check,
- .print = connmark_mt_print,
- .save = connmark_mt_save,
- .extra_opts = connmark_mt_opts,
+static struct xtables_match connmark_mt_reg[] = {
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "connmark",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connmark_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
+ .help = connmark_mt_help,
+ .parse = connmark_parse,
+ .final_check = connmark_mt_check,
+ .print = connmark_print,
+ .save = connmark_save,
+ .extra_opts = connmark_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "connmark",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
+ .help = connmark_mt_help,
+ .parse = connmark_mt_parse,
+ .final_check = connmark_mt_check,
+ .print = connmark_mt_print,
+ .save = connmark_mt_save,
+ .extra_opts = connmark_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&connmark_mt_reg_v0);
- xtables_register_match(&connmark_mt_reg);
+ xtables_register_matches(connmark_mt_reg, ARRAY_SIZE(connmark_mt_reg));
}
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 96ea3ec..edcaaa8 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -1034,54 +1034,52 @@ static void conntrack_mt6_save(const void *ip,
conntrack_dump((const void *)match->data, "--", NFPROTO_IPV6, true);
}
-static struct xtables_match conntrack_match = {
- .version = XTABLES_VERSION,
- .name = "conntrack",
- .revision = 0,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_conntrack_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_info)),
- .help = conntrack_mt_help,
- .parse = conntrack_parse,
- .final_check = conntrack_mt_check,
- .print = conntrack_print,
- .save = conntrack_save,
- .extra_opts = conntrack_mt_opts_v0,
-};
-
-static struct xtables_match conntrack_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "conntrack",
- .revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
- .help = conntrack_mt_help,
- .parse = conntrack_mt4_parse,
- .final_check = conntrack_mt_check,
- .print = conntrack_mt_print,
- .save = conntrack_mt_save,
- .extra_opts = conntrack_mt_opts,
-};
-
-static struct xtables_match conntrack_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "conntrack",
- .revision = 1,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
- .help = conntrack_mt_help,
- .parse = conntrack_mt6_parse,
- .final_check = conntrack_mt_check,
- .print = conntrack_mt6_print,
- .save = conntrack_mt6_save,
- .extra_opts = conntrack_mt_opts,
+static struct xtables_match conntrack_mt_reg[] = {
+ {
+ .version = XTABLES_VERSION,
+ .name = "conntrack",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_conntrack_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_info)),
+ .help = conntrack_mt_help,
+ .parse = conntrack_parse,
+ .final_check = conntrack_mt_check,
+ .print = conntrack_print,
+ .save = conntrack_save,
+ .extra_opts = conntrack_mt_opts_v0,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "conntrack",
+ .revision = 1,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
+ .help = conntrack_mt_help,
+ .parse = conntrack_mt4_parse,
+ .final_check = conntrack_mt_check,
+ .print = conntrack_mt_print,
+ .save = conntrack_mt_save,
+ .extra_opts = conntrack_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "conntrack",
+ .revision = 1,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
+ .help = conntrack_mt_help,
+ .parse = conntrack_mt6_parse,
+ .final_check = conntrack_mt_check,
+ .print = conntrack_mt6_print,
+ .save = conntrack_mt6_save,
+ .extra_opts = conntrack_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&conntrack_match);
- xtables_register_match(&conntrack_mt_reg);
- xtables_register_match(&conntrack_mt6_reg);
+ xtables_register_matches(conntrack_mt_reg, ARRAY_SIZE(conntrack_mt_reg));
}
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 9d8c86a..cdb407a 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -659,57 +659,55 @@ hashlimit_mt6_save(const void *ip, const struct xt_entry_match *match)
hashlimit_mt_save(info, 128);
}
-static struct xtables_match hashlimit_match = {
- .family = NFPROTO_UNSPEC,
- .name = "hashlimit",
- .version = XTABLES_VERSION,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct xt_hashlimit_info)),
- .userspacesize = offsetof(struct xt_hashlimit_info, hinfo),
- .help = hashlimit_help,
- .init = hashlimit_init,
- .parse = hashlimit_parse,
- .final_check = hashlimit_check,
- .print = hashlimit_print,
- .save = hashlimit_save,
- .extra_opts = hashlimit_opts,
-};
-
-static struct xtables_match hashlimit_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "hashlimit",
- .revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
- .userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
- .help = hashlimit_mt_help,
- .init = hashlimit_mt4_init,
- .parse = hashlimit_mt4_parse,
- .final_check = hashlimit_mt_check,
- .print = hashlimit_mt4_print,
- .save = hashlimit_mt4_save,
- .extra_opts = hashlimit_mt_opts,
-};
-
-static struct xtables_match hashlimit_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "hashlimit",
- .revision = 1,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
- .userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
- .help = hashlimit_mt_help,
- .init = hashlimit_mt6_init,
- .parse = hashlimit_mt6_parse,
- .final_check = hashlimit_mt_check,
- .print = hashlimit_mt6_print,
- .save = hashlimit_mt6_save,
- .extra_opts = hashlimit_mt_opts,
+static struct xtables_match hashlimit_mt_reg[] = {
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "hashlimit",
+ .version = XTABLES_VERSION,
+ .revision = 0,
+ .size = XT_ALIGN(sizeof(struct xt_hashlimit_info)),
+ .userspacesize = offsetof(struct xt_hashlimit_info, hinfo),
+ .help = hashlimit_help,
+ .init = hashlimit_init,
+ .parse = hashlimit_parse,
+ .final_check = hashlimit_check,
+ .print = hashlimit_print,
+ .save = hashlimit_save,
+ .extra_opts = hashlimit_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "hashlimit",
+ .revision = 1,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
+ .userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
+ .help = hashlimit_mt_help,
+ .init = hashlimit_mt4_init,
+ .parse = hashlimit_mt4_parse,
+ .final_check = hashlimit_mt_check,
+ .print = hashlimit_mt4_print,
+ .save = hashlimit_mt4_save,
+ .extra_opts = hashlimit_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "hashlimit",
+ .revision = 1,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
+ .userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
+ .help = hashlimit_mt_help,
+ .init = hashlimit_mt6_init,
+ .parse = hashlimit_mt6_parse,
+ .final_check = hashlimit_mt_check,
+ .print = hashlimit_mt6_print,
+ .save = hashlimit_mt6_save,
+ .extra_opts = hashlimit_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&hashlimit_match);
- xtables_register_match(&hashlimit_mt_reg);
- xtables_register_match(&hashlimit_mt6_reg);
+ xtables_register_matches(hashlimit_mt_reg, ARRAY_SIZE(hashlimit_mt_reg));
}
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index bc5b2ae..7b3ccc2 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -344,54 +344,52 @@ static void iprange_mt6_save(const void *ip, const struct xt_entry_match *match)
}
}
-static struct xtables_match iprange_match = {
- .version = XTABLES_VERSION,
- .name = "iprange",
- .revision = 0,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_iprange_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_iprange_info)),
- .help = iprange_mt_help,
- .parse = iprange_parse,
- .final_check = iprange_mt_check,
- .print = iprange_print,
- .save = iprange_save,
- .extra_opts = iprange_mt_opts,
-};
-
-static struct xtables_match iprange_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "iprange",
- .revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
- .help = iprange_mt_help,
- .parse = iprange_mt4_parse,
- .final_check = iprange_mt_check,
- .print = iprange_mt4_print,
- .save = iprange_mt4_save,
- .extra_opts = iprange_mt_opts,
-};
-
-static struct xtables_match iprange_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "iprange",
- .revision = 1,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
- .help = iprange_mt_help,
- .parse = iprange_mt6_parse,
- .final_check = iprange_mt_check,
- .print = iprange_mt6_print,
- .save = iprange_mt6_save,
- .extra_opts = iprange_mt_opts,
+static struct xtables_match iprange_mt_reg[] = {
+ {
+ .version = XTABLES_VERSION,
+ .name = "iprange",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct ipt_iprange_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_iprange_info)),
+ .help = iprange_mt_help,
+ .parse = iprange_parse,
+ .final_check = iprange_mt_check,
+ .print = iprange_print,
+ .save = iprange_save,
+ .extra_opts = iprange_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "iprange",
+ .revision = 1,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
+ .help = iprange_mt_help,
+ .parse = iprange_mt4_parse,
+ .final_check = iprange_mt_check,
+ .print = iprange_mt4_print,
+ .save = iprange_mt4_save,
+ .extra_opts = iprange_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "iprange",
+ .revision = 1,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
+ .help = iprange_mt_help,
+ .parse = iprange_mt6_parse,
+ .final_check = iprange_mt_check,
+ .print = iprange_mt6_print,
+ .save = iprange_mt6_save,
+ .extra_opts = iprange_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&iprange_match);
- xtables_register_match(&iprange_mt_reg);
- xtables_register_match(&iprange_mt6_reg);
+ xtables_register_matches(iprange_mt_reg, ARRAY_SIZE(iprange_mt_reg));
}
diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c
index 6f8cc57..fc3d646 100644
--- a/extensions/libxt_mark.c
+++ b/extensions/libxt_mark.c
@@ -143,38 +143,38 @@ mark_save(const void *ip, const struct xt_entry_match *match)
print_mark(info->mark, info->mask);
}
-static struct xtables_match mark_match = {
- .family = NFPROTO_UNSPEC,
- .name = "mark",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_mark_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)),
- .help = mark_mt_help,
- .parse = mark_parse,
- .final_check = mark_mt_check,
- .print = mark_print,
- .save = mark_save,
- .extra_opts = mark_mt_opts,
-};
-
-static struct xtables_match mark_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "mark",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
- .help = mark_mt_help,
- .parse = mark_mt_parse,
- .final_check = mark_mt_check,
- .print = mark_mt_print,
- .save = mark_mt_save,
- .extra_opts = mark_mt_opts,
+static struct xtables_match mark_mt_reg[] = {
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "mark",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_mark_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)),
+ .help = mark_mt_help,
+ .parse = mark_parse,
+ .final_check = mark_mt_check,
+ .print = mark_print,
+ .save = mark_save,
+ .extra_opts = mark_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "mark",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
+ .help = mark_mt_help,
+ .parse = mark_mt_parse,
+ .final_check = mark_mt_check,
+ .print = mark_mt_print,
+ .save = mark_mt_save,
+ .extra_opts = mark_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&mark_match);
- xtables_register_match(&mark_mt_reg);
+ xtables_register_matches(mark_mt_reg, ARRAY_SIZE(mark_mt_reg));
}
diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c
index 9959a20..d9b6e74 100644
--- a/extensions/libxt_multiport.c
+++ b/extensions/libxt_multiport.c
@@ -509,71 +509,67 @@ static void multiport_save6_v1(const void *ip_void,
__multiport_save_v1(match, ip->proto);
}
-static struct xtables_match multiport_match = {
- .family = NFPROTO_IPV4,
- .name = "multiport",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_multiport)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
- .help = multiport_help,
- .parse = multiport_parse,
- .final_check = multiport_check,
- .print = multiport_print,
- .save = multiport_save,
- .extra_opts = multiport_opts,
-};
-
-static struct xtables_match multiport_match6 = {
- .family = NFPROTO_IPV6,
- .name = "multiport",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_multiport)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
- .help = multiport_help,
- .parse = multiport_parse6,
- .final_check = multiport_check,
- .print = multiport_print6,
- .save = multiport_save6,
- .extra_opts = multiport_opts,
-};
-
-static struct xtables_match multiport_match_v1 = {
- .family = NFPROTO_IPV4,
- .name = "multiport",
- .version = XTABLES_VERSION,
- .revision = 1,
- .size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
- .help = multiport_help_v1,
- .parse = multiport_parse_v1,
- .final_check = multiport_check,
- .print = multiport_print_v1,
- .save = multiport_save_v1,
- .extra_opts = multiport_opts,
-};
-
-static struct xtables_match multiport_match6_v1 = {
- .family = NFPROTO_IPV6,
- .name = "multiport",
- .version = XTABLES_VERSION,
- .revision = 1,
- .size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
- .help = multiport_help_v1,
- .parse = multiport_parse6_v1,
- .final_check = multiport_check,
- .print = multiport_print6_v1,
- .save = multiport_save6_v1,
- .extra_opts = multiport_opts,
+static struct xtables_match multiport_mt_reg[] = {
+ {
+ .family = NFPROTO_IPV4,
+ .name = "multiport",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_multiport)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
+ .help = multiport_help,
+ .parse = multiport_parse,
+ .final_check = multiport_check,
+ .print = multiport_print,
+ .save = multiport_save,
+ .extra_opts = multiport_opts,
+ },
+ {
+ .family = NFPROTO_IPV6,
+ .name = "multiport",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_multiport)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
+ .help = multiport_help,
+ .parse = multiport_parse6,
+ .final_check = multiport_check,
+ .print = multiport_print6,
+ .save = multiport_save6,
+ .extra_opts = multiport_opts,
+ },
+ {
+ .family = NFPROTO_IPV4,
+ .name = "multiport",
+ .version = XTABLES_VERSION,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
+ .help = multiport_help_v1,
+ .parse = multiport_parse_v1,
+ .final_check = multiport_check,
+ .print = multiport_print_v1,
+ .save = multiport_save_v1,
+ .extra_opts = multiport_opts,
+ },
+ {
+ .family = NFPROTO_IPV6,
+ .name = "multiport",
+ .version = XTABLES_VERSION,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
+ .help = multiport_help_v1,
+ .parse = multiport_parse6_v1,
+ .final_check = multiport_check,
+ .print = multiport_print6_v1,
+ .save = multiport_save6_v1,
+ .extra_opts = multiport_opts,
+ },
};
void
_init(void)
{
- xtables_register_match(&multiport_match);
- xtables_register_match(&multiport_match6);
- xtables_register_match(&multiport_match_v1);
- xtables_register_match(&multiport_match6_v1);
+ xtables_register_matches(multiport_mt_reg, ARRAY_SIZE(multiport_mt_reg));
}
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index f1d6b4a..2544138 100644
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -533,54 +533,52 @@ static void owner_mt_save(const void *ip, const struct xt_entry_match *match)
owner_mt_print_item(info, "--gid-owner", XT_OWNER_GID, false);
}
-static struct xtables_match owner_mt_reg_v0 = {
- .version = XTABLES_VERSION,
- .name = "owner",
- .revision = 0,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_owner_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_owner_info)),
- .help = owner_mt_help_v0,
- .parse = owner_mt_parse_v0,
- .final_check = owner_mt_check,
- .print = owner_mt_print_v0,
- .save = owner_mt_save_v0,
- .extra_opts = owner_mt_opts_v0,
-};
-
-static struct xtables_match owner_mt6_reg_v0 = {
- .version = XTABLES_VERSION,
- .name = "owner",
- .revision = 0,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct ip6t_owner_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ip6t_owner_info)),
- .help = owner_mt6_help_v0,
- .parse = owner_mt6_parse_v0,
- .final_check = owner_mt_check,
- .print = owner_mt6_print_v0,
- .save = owner_mt6_save_v0,
- .extra_opts = owner_mt6_opts_v0,
-};
-
-static struct xtables_match owner_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "owner",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_owner_match_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)),
- .help = owner_mt_help,
- .parse = owner_mt_parse,
- .final_check = owner_mt_check,
- .print = owner_mt_print,
- .save = owner_mt_save,
- .extra_opts = owner_mt_opts,
+static struct xtables_match owner_mt_reg[] = {
+ {
+ .version = XTABLES_VERSION,
+ .name = "owner",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct ipt_owner_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_owner_info)),
+ .help = owner_mt_help_v0,
+ .parse = owner_mt_parse_v0,
+ .final_check = owner_mt_check,
+ .print = owner_mt_print_v0,
+ .save = owner_mt_save_v0,
+ .extra_opts = owner_mt_opts_v0,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "owner",
+ .revision = 0,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct ip6t_owner_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_owner_info)),
+ .help = owner_mt6_help_v0,
+ .parse = owner_mt6_parse_v0,
+ .final_check = owner_mt_check,
+ .print = owner_mt6_print_v0,
+ .save = owner_mt6_save_v0,
+ .extra_opts = owner_mt6_opts_v0,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "owner",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_owner_match_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)),
+ .help = owner_mt_help,
+ .parse = owner_mt_parse,
+ .final_check = owner_mt_check,
+ .print = owner_mt_print,
+ .save = owner_mt_save,
+ .extra_opts = owner_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&owner_mt_reg_v0);
- xtables_register_match(&owner_mt6_reg_v0);
- xtables_register_match(&owner_mt_reg);
+ xtables_register_matches(owner_mt_reg, ARRAY_SIZE(owner_mt_reg));
}
diff --git a/extensions/libxt_policy.c b/extensions/libxt_policy.c
index d17b1bb..858eaaa 100644
--- a/extensions/libxt_policy.c
+++ b/extensions/libxt_policy.c
@@ -478,36 +478,36 @@ static void policy6_save(const void *ip, const struct xt_entry_match *match)
}
}
-static struct xtables_match policy_mt_reg = {
- .name = "policy",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_policy_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
- .help = policy_help,
- .parse = policy4_parse,
- .final_check = policy_check,
- .print = policy4_print,
- .save = policy4_save,
- .extra_opts = policy_opts,
-};
-
-static struct xtables_match policy_mt6_reg = {
- .name = "policy",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct xt_policy_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
- .help = policy_help,
- .parse = policy6_parse,
- .final_check = policy_check,
- .print = policy6_print,
- .save = policy6_save,
- .extra_opts = policy_opts,
+static struct xtables_match policy_mt_reg[] = {
+ {
+ .name = "policy",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_policy_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
+ .help = policy_help,
+ .parse = policy4_parse,
+ .final_check = policy_check,
+ .print = policy4_print,
+ .save = policy4_save,
+ .extra_opts = policy_opts,
+ },
+ {
+ .name = "policy",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_policy_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
+ .help = policy_help,
+ .parse = policy6_parse,
+ .final_check = policy_check,
+ .print = policy6_print,
+ .save = policy6_save,
+ .extra_opts = policy_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&policy_mt_reg);
- xtables_register_match(&policy_mt6_reg);
+ xtables_register_matches(policy_mt_reg, ARRAY_SIZE(policy_mt_reg));
}
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index 18e3ed2..62c3a97 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -350,40 +350,40 @@ static void string_save(const void *ip, const struct xt_entry_match *match)
}
-static struct xtables_match string_match = {
- .name = "string",
- .revision = 0,
- .family = NFPROTO_UNSPEC,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_string_info)),
- .userspacesize = offsetof(struct xt_string_info, config),
- .help = string_help,
- .init = string_init,
- .parse = string_parse,
- .final_check = string_check,
- .print = string_print,
- .save = string_save,
- .extra_opts = string_opts,
-};
-
-static struct xtables_match string_match_v1 = {
- .name = "string",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_string_info)),
- .userspacesize = offsetof(struct xt_string_info, config),
- .help = string_help,
- .init = string_init,
- .parse = string_parse,
- .final_check = string_check,
- .print = string_print,
- .save = string_save,
- .extra_opts = string_opts,
+static struct xtables_match string_mt_reg[] = {
+ {
+ .name = "string",
+ .revision = 0,
+ .family = NFPROTO_UNSPEC,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_string_info)),
+ .userspacesize = offsetof(struct xt_string_info, config),
+ .help = string_help,
+ .init = string_init,
+ .parse = string_parse,
+ .final_check = string_check,
+ .print = string_print,
+ .save = string_save,
+ .extra_opts = string_opts,
+ },
+ {
+ .name = "string",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_string_info)),
+ .userspacesize = offsetof(struct xt_string_info, config),
+ .help = string_help,
+ .init = string_init,
+ .parse = string_parse,
+ .final_check = string_check,
+ .print = string_print,
+ .save = string_save,
+ .extra_opts = string_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&string_match);
- xtables_register_match(&string_match_v1);
+ xtables_register_matches(string_mt_reg, ARRAY_SIZE(string_mt_reg));
}
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index 1f7b2cd..0a81f46 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -137,38 +137,38 @@ static void tos_mt_save(const void *ip, const struct xt_entry_match *match)
printf("--tos 0x%02x/0x%02x ", info->tos_value, info->tos_mask);
}
-static struct xtables_match tos_mt_reg_v0 = {
- .version = XTABLES_VERSION,
- .name = "tos",
- .family = NFPROTO_IPV4,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct ipt_tos_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_tos_info)),
- .help = tos_mt_help,
- .parse = tos_mt_parse_v0,
- .final_check = tos_mt_check,
- .print = tos_mt_print_v0,
- .save = tos_mt_save_v0,
- .extra_opts = tos_mt_opts,
-};
-
-static struct xtables_match tos_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "tos",
- .family = NFPROTO_UNSPEC,
- .revision = 1,
- .size = XT_ALIGN(sizeof(struct xt_tos_match_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tos_match_info)),
- .help = tos_mt_help,
- .parse = tos_mt_parse,
- .final_check = tos_mt_check,
- .print = tos_mt_print,
- .save = tos_mt_save,
- .extra_opts = tos_mt_opts,
+static struct xtables_match tos_mt_reg[] = {
+ {
+ .version = XTABLES_VERSION,
+ .name = "tos",
+ .family = NFPROTO_IPV4,
+ .revision = 0,
+ .size = XT_ALIGN(sizeof(struct ipt_tos_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_tos_info)),
+ .help = tos_mt_help,
+ .parse = tos_mt_parse_v0,
+ .final_check = tos_mt_check,
+ .print = tos_mt_print_v0,
+ .save = tos_mt_save_v0,
+ .extra_opts = tos_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "tos",
+ .family = NFPROTO_UNSPEC,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct xt_tos_match_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tos_match_info)),
+ .help = tos_mt_help,
+ .parse = tos_mt_parse,
+ .final_check = tos_mt_check,
+ .print = tos_mt_print,
+ .save = tos_mt_save,
+ .extra_opts = tos_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&tos_mt_reg_v0);
- xtables_register_match(&tos_mt_reg);
+ xtables_register_matches(tos_mt_reg, ARRAY_SIZE(tos_mt_reg));
}
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PATCH 09/10] xtables: warn of missing version identifier in extensions
2009-06-26 19:19 (unknown), Jan Engelhardt
` (7 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 08/10] extensions: collapse data variables to use multi-reg calls Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 10/10] COMMIT_NOTES: notice to check for soversion bumps Jan Engelhardt
2009-06-29 12:56 ` Patrick McHardy
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
xtables.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/xtables.c b/xtables.c
index 1ff6e82..41e0b87 100644
--- a/xtables.c
+++ b/xtables.c
@@ -724,6 +724,11 @@ void xtables_register_match(struct xtables_match *me)
{
struct xtables_match **i, *old;
+ if (me->version == NULL) {
+ fprintf(stderr, "%s: match %s<%u> is missing a version\n",
+ xt_params->program_name, me->name, me->revision);
+ exit(1);
+ }
if (strcmp(me->version, XTABLES_VERSION) != 0) {
fprintf(stderr, "%s: match \"%s\" has version \"%s\", "
"but \"%s\" is required.\n",
@@ -805,6 +810,11 @@ void xtables_register_target(struct xtables_target *me)
{
struct xtables_target *old;
+ if (me->version == NULL) {
+ fprintf(stderr, "%s: target %s<%u> is missing a version\n",
+ xt_params->program_name, me->name, me->revision);
+ exit(1);
+ }
if (strcmp(me->version, XTABLES_VERSION) != 0) {
fprintf(stderr, "%s: target \"%s\" has version \"%s\", "
"but \"%s\" is required.\n",
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [PATCH 10/10] COMMIT_NOTES: notice to check for soversion bumps
2009-06-26 19:19 (unknown), Jan Engelhardt
` (8 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 09/10] xtables: warn of missing version identifier in extensions Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-29 12:56 ` Patrick McHardy
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
COMMIT_NOTES | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/COMMIT_NOTES b/COMMIT_NOTES
index 7583fac..592808c 100644
--- a/COMMIT_NOTES
+++ b/COMMIT_NOTES
@@ -11,5 +11,9 @@ A quick list of rules for committing stuff into netfilter git:
- If you touch any parts of libxtables (xtables.c, include/xtables.h.in),
make sure the so-version is updated _appropriately_ (i.e. read the
- libtool manual about Versioning:: first if need be) in configure.ac.
+ libtool manual about Versioning:: first, if need be) in configure.ac.
Adding fields to a struct always entails a vcurrent bump.
+
+ - Check, whether a bump (vcurrent,vage) has already been made since the
+ last release (no more than one per release), e.g.:
+ git log v1.4.4.. configure.ac
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread
* Re:
2009-06-26 19:19 (unknown), Jan Engelhardt
` (9 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 10/10] COMMIT_NOTES: notice to check for soversion bumps Jan Engelhardt
@ 2009-06-29 12:56 ` Patrick McHardy
10 siblings, 0 replies; 28+ messages in thread
From: Patrick McHardy @ 2009-06-29 12:56 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
Jan Engelhardt wrote:
> Hi,
>
>
> here are a number of patches I am suggesting for the -master branch
> (-stable is separate in my view and my management, but see other
> discussion thread).
> Pullable from
> git://dev.medozas.de/iptables master
>
>
> Jan Engelhardt (9):
> libiptc: split v4 and v6
> extensions: collapse registration structures
> iptables: allow for parse-less extensions
> iptables: allow for help-less extensions
> extensions: remove empty help and parse functions
> xtables: add multi-registration functions
> extensions: collapse data variables to use multi-reg calls
> xtables: warn of missing version identifier in extensions
> COMMIT_NOTES: notice to check for soversion bumps
>
> Michael Granzow (1):
> iptables: accept multiple IP address specifications for -s, -d
Looks good, pulled and pushed out again, thanks.
> (Shall I post the entire mergestat, or just the "X files changed" line?)
This is fine, I mainly want something comparable to the git pull output.
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
2009-07-25 20:22 (unknown), Jan Engelhardt
@ 2009-08-03 13:45 ` Patrick McHardy
0 siblings, 0 replies; 28+ messages in thread
From: Patrick McHardy @ 2009-08-03 13:45 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
Jan Engelhardt wrote:
> Hi Patrick,
>
> Please pull from
> git://dev.medozas.de/iptables master
>
> which contains a pack of patches to build iptables without libdl,
> obsoleting iptables-static (leaving -multi) and using the -multi
> program exclusively.
Pulled and pushed out again, thanks.
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
2009-08-05 16:22 (unknown), Jan Engelhardt
@ 2009-08-10 9:04 ` Patrick McHardy
0 siblings, 0 replies; 28+ messages in thread
From: Patrick McHardy @ 2009-08-10 9:04 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
Jan Engelhardt wrote:
> Please pull from
> git://dev.medozas.de/iptables master
>
> to receive
>
> Jan Engelhardt (2+1):
> xt_conntrack: revision 2 for enlarged state_mask member
> libxt_helper: fix invalid passed option to check_inverse
Pulled and pushed back out again, thanks.
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
2009-10-29 18:11 (unknown), Jan Engelhardt
@ 2009-10-29 22:26 ` Patrick McHardy
2009-10-29 22:51 ` Re: Jan Engelhardt
0 siblings, 1 reply; 28+ messages in thread
From: Patrick McHardy @ 2009-10-29 22:26 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
Jan Engelhardt wrote:
> here are three commits that fix bugzilla entries and/or other
> problems encountered. There are also two extra commits prepended
> without any changes, which only provide missing log entries for
> already-merged commits.
Just to clarify before I apply this - how does adding changelog
entries afterwards work? Am I correct to assume that this won't
affect this history of the tree and existing clones?
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
2009-10-29 22:26 ` Patrick McHardy
@ 2009-10-29 22:51 ` Jan Engelhardt
2009-10-29 22:55 ` Re: Patrick McHardy
0 siblings, 1 reply; 28+ messages in thread
From: Jan Engelhardt @ 2009-10-29 22:51 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
On Thursday 2009-10-29 23:26, Patrick McHardy wrote:
>Jan Engelhardt wrote:
>> here are three commits that fix bugzilla entries and/or other
>> problems encountered. There are also two extra commits prepended
>> without any changes, which only provide missing log entries for
>> already-merged commits.
>
>Just to clarify before I apply this - how does adding changelog
>entries afterwards work? Am I correct to assume that this won't
>affect this history of the tree and existing clones?
I just used `git commit --allow-empty -e` to record a plain commit on
top, just without any change in the tree object. Take a look in
git-forest/gitk if in doubt ;-)
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
2009-10-29 22:51 ` Re: Jan Engelhardt
@ 2009-10-29 22:55 ` Patrick McHardy
0 siblings, 0 replies; 28+ messages in thread
From: Patrick McHardy @ 2009-10-29 22:55 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
Jan Engelhardt wrote:
> On Thursday 2009-10-29 23:26, Patrick McHardy wrote:
>
>> Jan Engelhardt wrote:
>>> here are three commits that fix bugzilla entries and/or other
>>> problems encountered. There are also two extra commits prepended
>>> without any changes, which only provide missing log entries for
>>> already-merged commits.
>> Just to clarify before I apply this - how does adding changelog
>> entries afterwards work? Am I correct to assume that this won't
>> affect this history of the tree and existing clones?
>
> I just used `git commit --allow-empty -e` to record a plain commit on
> top, just without any change in the tree object. Take a look in
> git-forest/gitk if in doubt ;-)
Nice. Pulled and pushed out again, thanks.
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
@ 2010-04-10 0:33 William Wilcox
0 siblings, 0 replies; 28+ messages in thread
From: William Wilcox @ 2010-04-10 0:33 UTC (permalink / raw)
Good day!
My name is Sir William Wilcox,I work with the Euro Lottery. I can help you
win 4,528,000 GBP.But I charge 40% of the winning.Can we do this deal
together? Email me; william.wilcox98@gmail.com
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
[not found] <20101010012607.zl4aj162o0004ok0@webmail.eon.net.au>
@ 2010-10-09 21:56 ` Mistick Levi
0 siblings, 0 replies; 28+ messages in thread
From: Mistick Levi @ 2010-10-09 21:56 UTC (permalink / raw)
To: netfilter-devel
What's up with all those mail's about business proposal's that are
sent to the mailing list?!
On Sat, Oct 9, 2010 at 7:26 PM, Mr.Young Chang <info@yahoo.com> wrote:
> My name is Mr.Young Chang,Credit officer MEVAS BANK,HK.I have a Business
> Proposal of $19.7 million usd for you to handle with me.Are you interested?
>
>
>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
@ 2011-12-11 8:41 James Brown
0 siblings, 0 replies; 28+ messages in thread
From: James Brown @ 2011-12-11 8:41 UTC (permalink / raw)
To: mail1
https://docs.google.com/document/d/1yAkUys2osN7co_KbzphWLLsoe-TPq7ELZhoySYvzjF0/edit
^ permalink raw reply [flat|nested] 28+ messages in thread
* RE:
@ 2014-07-03 16:30 W. Cheung
0 siblings, 0 replies; 28+ messages in thread
From: W. Cheung @ 2014-07-03 16:30 UTC (permalink / raw)
To: jrobinson
I have a very lucrative business transaction which requires the utmost discretion. If you are interested, kindly contact me ASAP for full details.
Warm Regards,
William Cheung
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
@ 2015-08-19 14:04 christain147
0 siblings, 0 replies; 28+ messages in thread
From: christain147 @ 2015-08-19 14:04 UTC (permalink / raw)
To: Recipients
Good day,hoping you read this email and respond to me in good time.I do not intend to solicit for funds but your time and energy in using my own resources to assist the less privileged.I am medically confined at the moment hence I request your indulgence.
I will give you a comprehensive brief once I hear from you.
Please forward your response to my private email address:
gudworks104@yahoo.com
Thanks and reply.
Robert Grondahl
^ permalink raw reply [flat|nested] 28+ messages in thread
* RE:
@ 2015-10-24 5:02 JO Bower
0 siblings, 0 replies; 28+ messages in thread
From: JO Bower @ 2015-10-24 5:02 UTC (permalink / raw)
To: Recipients
Your email address has brought you an unexpected luck, which was selected in The Euro Millions Lottery and subsequently won you the sum of €1,000,000.00 Euros. Contact Monica Torres Email: monicatorresesp@gmail.com to claim your prize.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 28+ messages in thread
* RE:
@ 2017-02-23 15:10 Qin's Yanjun
0 siblings, 0 replies; 28+ messages in thread
From: Qin's Yanjun @ 2017-02-23 15:10 UTC (permalink / raw)
----
How are you today and your family? I require your attention and honest
co-operation about some issues which i will really want to discuss with you
which. Looking forward to read from you soon.
Qin's
______________________________
Sky Silk, http://aknet.kz
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
@ 2017-11-13 14:56 Amos Kalonzo
0 siblings, 0 replies; 28+ messages in thread
From: Amos Kalonzo @ 2017-11-13 14:56 UTC (permalink / raw)
Attn:
I am wondering why You haven't respond to my email for some days now.
reference to my client's contract balance payment of (11.7M,USD)
Kindly get back to me for more details.
Best Regards
Amos Kalonzo
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re:
2025-08-27 14:43 ` Zhang Tengfei
@ 2025-08-27 21:37 ` Pablo Neira Ayuso
0 siblings, 0 replies; 28+ messages in thread
From: Pablo Neira Ayuso @ 2025-08-27 21:37 UTC (permalink / raw)
To: Zhang Tengfei
Cc: ja, coreteam, davem, dsahern, edumazet, fw, horms, kadlec, kuba,
lvs-devel, netfilter-devel, pabeni, syzbot+1651b5234028c294c339
On Wed, Aug 27, 2025 at 10:43:42PM +0800, Zhang Tengfei wrote:
> Hi everyone,
>
> Here is the v2 patch that incorporates the feedback.
Patch without subject will not fly too far, I'm afraid you will have
to resubmit. One more comment below.
> Many thanks to Julian for his thorough review and for providing
> the detailed plan for this new version, and thanks to Florian
> and Eric for suggestions.
>
> Subject: [PATCH v2] net/netfilter/ipvs: Use READ_ONCE/WRITE_ONCE for
> ipvs->enable
>
> KCSAN reported a data-race on the `ipvs->enable` flag, which is
> written in the control path and read concurrently from many other
> contexts.
>
> Following a suggestion by Julian, this patch fixes the race by
> converting all accesses to use `WRITE_ONCE()/READ_ONCE()`.
> This lightweight approach ensures atomic access and acts as a
> compiler barrier, preventing unsafe optimizations where the flag
> is checked in loops (e.g., in ip_vs_est.c).
>
> Additionally, the now-obsolete `enable` checks in the fast path
> hooks (`ip_vs_in_hook`, `ip_vs_out_hook`, `ip_vs_forward_icmp`)
> are removed. These are unnecessary since commit 857ca89711de
> ("ipvs: register hooks only with services").
>
> Reported-by: syzbot+1651b5234028c294c339@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=1651b5234028c294c339
> Suggested-by: Julian Anastasov <ja@ssi.bg>
> Link: https://lore.kernel.org/lvs-devel/2189fc62-e51e-78c9-d1de-d35b8e3657e3@ssi.bg/
> Signed-off-by: Zhang Tengfei <zhtfdev@gmail.com>
>
> ---
> v2:
> - Switched from atomic_t to the suggested READ_ONCE()/WRITE_ONCE().
> - Removed obsolete checks from the packet processing hooks.
> - Polished commit message based on feedback.
> ---
> net/netfilter/ipvs/ip_vs_conn.c | 4 ++--
> net/netfilter/ipvs/ip_vs_core.c | 11 ++++-------
> net/netfilter/ipvs/ip_vs_ctl.c | 6 +++---
> net/netfilter/ipvs/ip_vs_est.c | 16 ++++++++--------
> 4 files changed, 17 insertions(+), 20 deletions(-)
[...]
> diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
> index c7a8a08b7..5ea7ab8bf 100644
> --- a/net/netfilter/ipvs/ip_vs_core.c
> +++ b/net/netfilter/ipvs/ip_vs_core.c
> @@ -1353,9 +1353,6 @@ ip_vs_out_hook(void *priv, struct sk_buff *skb, const struct nf_hook_state *stat
> if (unlikely(!skb_dst(skb)))
> return NF_ACCEPT;
>
> - if (!ipvs->enable)
> - return NF_ACCEPT;
Patch does say why is this going away? If you think this is not
necessary, then make a separated patch and example why this is needed?
Thanks
> ip_vs_fill_iph_skb(af, skb, false, &iph);
> #ifdef CONFIG_IP_VS_IPV6
> if (af == AF_INET6) {
^ permalink raw reply [flat|nested] 28+ messages in thread
end of thread, other threads:[~2025-08-27 21:38 UTC | newest]
Thread overview: 28+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-06-26 19:19 (unknown), Jan Engelhardt
2009-06-26 19:19 ` [PATCH 01/10] iptables: accept multiple IP address specifications for -s, -d Jan Engelhardt
2009-06-26 19:19 ` [PATCH 02/10] libiptc: split v4 and v6 Jan Engelhardt
2009-06-26 19:19 ` [PATCH 03/10] extensions: collapse registration structures Jan Engelhardt
2009-06-26 19:19 ` [PATCH 04/10] iptables: allow for parse-less extensions Jan Engelhardt
2009-06-26 19:19 ` [PATCH 05/10] iptables: allow for help-less extensions Jan Engelhardt
2009-06-26 19:19 ` [PATCH 06/10] extensions: remove empty help and parse functions Jan Engelhardt
2009-06-26 19:19 ` [PATCH 07/10] xtables: add multi-registration functions Jan Engelhardt
2009-06-26 19:19 ` [PATCH 08/10] extensions: collapse data variables to use multi-reg calls Jan Engelhardt
2009-06-26 19:19 ` [PATCH 09/10] xtables: warn of missing version identifier in extensions Jan Engelhardt
2009-06-26 19:19 ` [PATCH 10/10] COMMIT_NOTES: notice to check for soversion bumps Jan Engelhardt
2009-06-29 12:56 ` Patrick McHardy
-- strict thread matches above, loose matches on Subject: below --
2025-08-27 6:48 [PATCH] net/netfilter/ipvs: Fix data-race in ip_vs_add_service / ip_vs_out_hook Julian Anastasov
2025-08-27 14:43 ` Zhang Tengfei
2025-08-27 21:37 ` Pablo Neira Ayuso
2017-11-13 14:56 Re: Amos Kalonzo
2017-02-23 15:10 Qin's Yanjun
2015-10-24 5:02 RE: JO Bower
2015-08-19 14:04 christain147
2014-07-03 16:30 W. Cheung
2011-12-11 8:41 James Brown
[not found] <20101010012607.zl4aj162o0004ok0@webmail.eon.net.au>
2010-10-09 21:56 ` Re: Mistick Levi
2010-04-10 0:33 Re: William Wilcox
2009-10-29 18:11 (unknown), Jan Engelhardt
2009-10-29 22:26 ` Patrick McHardy
2009-10-29 22:51 ` Re: Jan Engelhardt
2009-10-29 22:55 ` Re: Patrick McHardy
2009-08-05 16:22 (unknown), Jan Engelhardt
2009-08-10 9:04 ` Patrick McHardy
2009-07-25 20:22 (unknown), Jan Engelhardt
2009-08-03 13:45 ` Patrick McHardy
[not found] <20050912163005.023FF14F583@ladon.telenet-ops.be>
2005-09-12 20:02 ` Re: David Stes
2003-04-03 3:26 Ian Latter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).