* [PATCH 01/10] iptables: accept multiple IP address specifications for -s, -d
2009-06-26 19:19 (unknown), Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 02/10] libiptc: split v4 and v6 Jan Engelhardt
` (9 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
From: Michael Granzow <mgranzow@zeus.com>
libiptc already supports adding and deleting multiple rules with
different addresses, so it only needs to be wired up to the options.
# ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP
References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2
Adjustments made: syntax, removal of unneeded variables, manpage
adjustment, soversion bump.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
configure.ac | 4 +-
include/xtables.h.in | 5 ++
ip6tables.8.in | 3 +
ip6tables.c | 49 +++++++++-----
iptables.8.in | 7 ++-
iptables.c | 42 +++++++++----
xtables.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++
7 files changed, 251 insertions(+), 34 deletions(-)
diff --git a/configure.ac b/configure.ac
index 74c3835..bc74efe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,8 +2,8 @@
AC_INIT([iptables], [1.4.4])
# See libtool.info "Libtool's versioning system"
-libxtables_vcurrent=2
-libxtables_vage=0
+libxtables_vcurrent=3
+libxtables_vage=1
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
diff --git a/include/xtables.h.in b/include/xtables.h.in
index 4d4ca0a..037fae1 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -215,6 +215,7 @@ extern void xtables_init(void);
extern void xtables_set_nfproto(uint8_t);
extern void *xtables_calloc(size_t, size_t);
extern void *xtables_malloc(size_t);
+extern void *xtables_realloc(void *, size_t);
extern int xtables_insmod(const char *, const char *, bool);
extern int xtables_load_ko(const char *, bool);
@@ -260,6 +261,8 @@ extern struct in_addr *xtables_numeric_to_ipaddr(const char *);
extern struct in_addr *xtables_numeric_to_ipmask(const char *);
extern void xtables_ipparse_any(const char *, struct in_addr **,
struct in_addr *, unsigned int *);
+extern void xtables_ipparse_multiple(const char *, struct in_addr **,
+ struct in_addr **, unsigned int *);
extern struct in6_addr *xtables_numeric_to_ip6addr(const char *);
extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *);
@@ -267,6 +270,8 @@ extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *);
extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *);
extern void xtables_ip6parse_any(const char *, struct in6_addr **,
struct in6_addr *, unsigned int *);
+extern void xtables_ip6parse_multiple(const char *, struct in6_addr **,
+ struct in6_addr **, unsigned int *);
/**
* Print the specified value to standard output, quoting dangerous
diff --git a/ip6tables.8.in b/ip6tables.8.in
index a31887e..8037dc7 100644
--- a/ip6tables.8.in
+++ b/ip6tables.8.in
@@ -248,6 +248,9 @@ specifying the number of 1's at the left side of the network mask.
A "!" argument before the address specification inverts the sense of
the address. The flag \fB\-\-src\fP
is an alias for this option.
+Multiple addresses can be specified, but this will \fBexpand to multiple
+rules\fP (when adding with \-A), or will cause multiple rules to be
+deleted (with \-D).
.TP
[\fB!\fP] \fB\-d\fP, \fB\-\-destination\fP \fIaddress\fP[\fB/\fP\fImask\fP]
Destination specification.
diff --git a/ip6tables.c b/ip6tables.c
index 35067f8..31c4b45 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -281,9 +281,9 @@ exit_printhelp(struct xtables_rule_match *matches)
"Options:\n"
"[!] --proto -p proto protocol: by number or name, eg. `tcp'\n"
-"[!] --source -s address[/mask]\n"
+"[!] --source -s address[/mask][,...]\n"
" source specification\n"
-"[!] --destination -d address[/mask]\n"
+"[!] --destination -d address[/mask][,...]\n"
" destination specification\n"
"[!] --in-interface -i input name[+]\n"
" network interface name ([+] for wildcard)\n"
@@ -740,8 +740,10 @@ append_entry(const ip6t_chainlabel chain,
struct ip6t_entry *fw,
unsigned int nsaddrs,
const struct in6_addr saddrs[],
+ const struct in6_addr smasks[],
unsigned int ndaddrs,
const struct in6_addr daddrs[],
+ const struct in6_addr dmasks[],
int verbose,
struct ip6tc_handle *handle)
{
@@ -750,8 +752,10 @@ append_entry(const ip6t_chainlabel chain,
for (i = 0; i < nsaddrs; i++) {
fw->ipv6.src = saddrs[i];
+ fw->ipv6.smsk = smasks[i];
for (j = 0; j < ndaddrs; j++) {
fw->ipv6.dst = daddrs[j];
+ fw->ipv6.dmsk = dmasks[j];
if (verbose)
print_firewall_line(fw, handle);
ret &= ip6tc_append_entry(chain, fw, handle);
@@ -784,8 +788,10 @@ insert_entry(const ip6t_chainlabel chain,
unsigned int rulenum,
unsigned int nsaddrs,
const struct in6_addr saddrs[],
+ const struct in6_addr smasks[],
unsigned int ndaddrs,
const struct in6_addr daddrs[],
+ const struct in6_addr dmasks[],
int verbose,
struct ip6tc_handle *handle)
{
@@ -794,8 +800,10 @@ insert_entry(const ip6t_chainlabel chain,
for (i = 0; i < nsaddrs; i++) {
fw->ipv6.src = saddrs[i];
+ fw->ipv6.smsk = smasks[i];
for (j = 0; j < ndaddrs; j++) {
fw->ipv6.dst = daddrs[j];
+ fw->ipv6.dmsk = dmasks[j];
if (verbose)
print_firewall_line(fw, handle);
ret &= ip6tc_insert_entry(chain, fw, rulenum, handle);
@@ -806,7 +814,7 @@ insert_entry(const ip6t_chainlabel chain,
}
static unsigned char *
-make_delete_mask(struct ip6t_entry *fw, struct xtables_rule_match *matches)
+make_delete_mask(struct xtables_rule_match *matches)
{
/* Establish mask for comparison */
unsigned int size;
@@ -843,8 +851,10 @@ delete_entry(const ip6t_chainlabel chain,
struct ip6t_entry *fw,
unsigned int nsaddrs,
const struct in6_addr saddrs[],
+ const struct in6_addr smasks[],
unsigned int ndaddrs,
const struct in6_addr daddrs[],
+ const struct in6_addr dmasks[],
int verbose,
struct ip6tc_handle *handle,
struct xtables_rule_match *matches)
@@ -853,11 +863,13 @@ delete_entry(const ip6t_chainlabel chain,
int ret = 1;
unsigned char *mask;
- mask = make_delete_mask(fw, matches);
+ mask = make_delete_mask(matches);
for (i = 0; i < nsaddrs; i++) {
fw->ipv6.src = saddrs[i];
+ fw->ipv6.smsk = smasks[i];
for (j = 0; j < ndaddrs; j++) {
fw->ipv6.dst = daddrs[j];
+ fw->ipv6.dmsk = dmasks[j];
if (verbose)
print_firewall_line(fw, handle);
ret &= ip6tc_delete_entry(chain, fw, mask, handle);
@@ -1291,9 +1303,9 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
int invert = 0;
unsigned int nsaddrs = 0, ndaddrs = 0;
struct in6_addr *saddrs = NULL, *daddrs = NULL;
+ struct in6_addr *smasks = NULL, *dmasks = NULL;
int c, verbose = 0;
- unsigned i;
const char *chain = NULL;
const char *shostnetworkmask = NULL, *dhostnetworkmask = NULL;
const char *policy = NULL, *newname = NULL;
@@ -1811,12 +1823,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
}
if (shostnetworkmask)
- xtables_ip6parse_any(shostnetworkmask, &saddrs,
- &fw.ipv6.smsk, &nsaddrs);
+ xtables_ip6parse_multiple(shostnetworkmask, &saddrs,
+ &smasks, &nsaddrs);
if (dhostnetworkmask)
- xtables_ip6parse_any(dhostnetworkmask, &daddrs,
- &fw.ipv6.dmsk, &ndaddrs);
+ xtables_ip6parse_multiple(dhostnetworkmask, &daddrs,
+ &dmasks, &ndaddrs);
if ((nsaddrs > 1 || ndaddrs > 1) &&
(fw.ipv6.invflags & (IP6T_INV_SRCIP | IP6T_INV_DSTIP)))
@@ -1921,13 +1933,15 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
switch (command) {
case CMD_APPEND:
ret = append_entry(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle);
break;
case CMD_DELETE:
ret = delete_entry(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle, matches);
break;
@@ -1941,7 +1955,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
break;
case CMD_INSERT:
ret = insert_entry(chain, e, rulenum - 1,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle);
break;
@@ -2001,12 +2016,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
e = NULL;
}
- for (i = 0; i < nsaddrs; i++)
- free(&saddrs[i]);
-
- for (i = 0; i < ndaddrs; i++)
- free(&daddrs[i]);
-
+ free(saddrs);
+ free(smasks);
+ free(daddrs);
+ free(dmasks);
xtables_free_opts(1);
return ret;
diff --git a/iptables.8.in b/iptables.8.in
index 10dcb73..14fc23a 100644
--- a/iptables.8.in
+++ b/iptables.8.in
@@ -236,7 +236,7 @@ Protocol \fBall\fP
will match with all protocols and is taken as default when this
option is omitted.
.TP
-[\fB!\fP] \fB\-s\fP, \fB\-\-source\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+[\fB!\fP] \fB\-s\fP, \fB\-\-source\fP \fIaddress\fP[\fB/\fP\fImask\fP][\fB,\fP\fI...\fP]
Source specification. \fIAddress\fP
can be either a network name, a hostname (please note that specifying
any name to be resolved with a remote query such as DNS is a really bad idea),
@@ -247,8 +247,11 @@ specifying the number of 1's at the left side of the network mask.
Thus, a mask of \fI24\fP is equivalent to \fI255.255.255.0\fP.
A "!" argument before the address specification inverts the sense of
the address. The flag \fB\-\-src\fP is an alias for this option.
+Multiple addresses can be specified, but this will \fBexpand to multiple
+rules\fP (when adding with \-A), or will cause multiple rules to be
+deleted (with \-D).
.TP
-[\fB!\fP] \fB\-d\fP, \fB\-\-destination\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+[\fB!\fP] \fB\-d\fP, \fB\-\-destination\fP \fIaddress\fP[\fB/\fP\fImask\fP][\fB,\fP\fI...\fP]
Destination specification.
See the description of the \fB\-s\fP
(source) flag for a detailed description of the syntax. The flag
diff --git a/iptables.c b/iptables.c
index 649baf4..7c075da 100644
--- a/iptables.c
+++ b/iptables.c
@@ -294,9 +294,9 @@ exit_printhelp(struct xtables_rule_match *matches)
"Options:\n"
"[!] --proto -p proto protocol: by number or name, eg. `tcp'\n"
-"[!] --source -s address[/mask]\n"
+"[!] --source -s address[/mask][...]\n"
" source specification\n"
-"[!] --destination -d address[/mask]\n"
+"[!] --destination -d address[/mask][...]\n"
" destination specification\n"
"[!] --in-interface -i input name[+]\n"
" network interface name ([+] for wildcard)\n"
@@ -742,8 +742,10 @@ append_entry(const ipt_chainlabel chain,
struct ipt_entry *fw,
unsigned int nsaddrs,
const struct in_addr saddrs[],
+ const struct in_addr smasks[],
unsigned int ndaddrs,
const struct in_addr daddrs[],
+ const struct in_addr dmasks[],
int verbose,
struct iptc_handle *handle)
{
@@ -752,8 +754,10 @@ append_entry(const ipt_chainlabel chain,
for (i = 0; i < nsaddrs; i++) {
fw->ip.src.s_addr = saddrs[i].s_addr;
+ fw->ip.smsk.s_addr = smasks[i].s_addr;
for (j = 0; j < ndaddrs; j++) {
fw->ip.dst.s_addr = daddrs[j].s_addr;
+ fw->ip.dmsk.s_addr = dmasks[j].s_addr;
if (verbose)
print_firewall_line(fw, handle);
ret &= iptc_append_entry(chain, fw, handle);
@@ -786,8 +790,10 @@ insert_entry(const ipt_chainlabel chain,
unsigned int rulenum,
unsigned int nsaddrs,
const struct in_addr saddrs[],
+ const struct in_addr smasks[],
unsigned int ndaddrs,
const struct in_addr daddrs[],
+ const struct in_addr dmasks[],
int verbose,
struct iptc_handle *handle)
{
@@ -796,8 +802,10 @@ insert_entry(const ipt_chainlabel chain,
for (i = 0; i < nsaddrs; i++) {
fw->ip.src.s_addr = saddrs[i].s_addr;
+ fw->ip.smsk.s_addr = smasks[i].s_addr;
for (j = 0; j < ndaddrs; j++) {
fw->ip.dst.s_addr = daddrs[j].s_addr;
+ fw->ip.dmsk.s_addr = dmasks[j].s_addr;
if (verbose)
print_firewall_line(fw, handle);
ret &= iptc_insert_entry(chain, fw, rulenum, handle);
@@ -808,7 +816,7 @@ insert_entry(const ipt_chainlabel chain,
}
static unsigned char *
-make_delete_mask(struct ipt_entry *fw, struct xtables_rule_match *matches)
+make_delete_mask(struct xtables_rule_match *matches)
{
/* Establish mask for comparison */
unsigned int size;
@@ -845,8 +853,10 @@ delete_entry(const ipt_chainlabel chain,
struct ipt_entry *fw,
unsigned int nsaddrs,
const struct in_addr saddrs[],
+ const struct in_addr smasks[],
unsigned int ndaddrs,
const struct in_addr daddrs[],
+ const struct in_addr dmasks[],
int verbose,
struct iptc_handle *handle,
struct xtables_rule_match *matches)
@@ -855,11 +865,13 @@ delete_entry(const ipt_chainlabel chain,
int ret = 1;
unsigned char *mask;
- mask = make_delete_mask(fw, matches);
+ mask = make_delete_mask(matches);
for (i = 0; i < nsaddrs; i++) {
fw->ip.src.s_addr = saddrs[i].s_addr;
+ fw->ip.smsk.s_addr = smasks[i].s_addr;
for (j = 0; j < ndaddrs; j++) {
fw->ip.dst.s_addr = daddrs[j].s_addr;
+ fw->ip.dmsk.s_addr = dmasks[j].s_addr;
if (verbose)
print_firewall_line(fw, handle);
ret &= iptc_delete_entry(chain, fw, mask, handle);
@@ -1313,7 +1325,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
struct ipt_entry fw, *e = NULL;
int invert = 0;
unsigned int nsaddrs = 0, ndaddrs = 0;
- struct in_addr *saddrs = NULL, *daddrs = NULL;
+ struct in_addr *saddrs = NULL, *smasks = NULL;
+ struct in_addr *daddrs = NULL, *dmasks = NULL;
int c, verbose = 0;
const char *chain = NULL;
@@ -1848,12 +1861,12 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
}
if (shostnetworkmask)
- xtables_ipparse_any(shostnetworkmask, &saddrs,
- &fw.ip.smsk, &nsaddrs);
+ xtables_ipparse_multiple(shostnetworkmask, &saddrs,
+ &smasks, &nsaddrs);
if (dhostnetworkmask)
- xtables_ipparse_any(dhostnetworkmask, &daddrs,
- &fw.ip.dmsk, &ndaddrs);
+ xtables_ipparse_multiple(dhostnetworkmask, &daddrs,
+ &dmasks, &ndaddrs);
if ((nsaddrs > 1 || ndaddrs > 1) &&
(fw.ip.invflags & (IPT_INV_SRCIP | IPT_INV_DSTIP)))
@@ -1961,13 +1974,15 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
switch (command) {
case CMD_APPEND:
ret = append_entry(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle);
break;
case CMD_DELETE:
ret = delete_entry(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle, matches);
break;
@@ -1981,7 +1996,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
break;
case CMD_INSERT:
ret = insert_entry(chain, e, rulenum - 1,
- nsaddrs, saddrs, ndaddrs, daddrs,
+ nsaddrs, saddrs, smasks,
+ ndaddrs, daddrs, dmasks,
options&OPT_VERBOSE,
*handle);
break;
@@ -2042,7 +2058,9 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
}
free(saddrs);
+ free(smasks);
free(daddrs);
+ free(dmasks);
xtables_free_opts(1);
return ret;
diff --git a/xtables.c b/xtables.c
index e018331..05154dd 100644
--- a/xtables.c
+++ b/xtables.c
@@ -271,6 +271,18 @@ void *xtables_malloc(size_t size)
return p;
}
+void *xtables_realloc(void *ptr, size_t size)
+{
+ void *p;
+
+ if ((p = realloc(ptr, size)) == NULL) {
+ perror("ip[6]tables: realloc failed");
+ exit(1);
+ }
+
+ return p;
+}
+
static char *get_modprobe(void)
{
int procfile;
@@ -1133,6 +1145,86 @@ static struct in_addr *parse_ipmask(const char *mask)
return &maskaddr;
}
+void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp,
+ struct in_addr **maskpp, unsigned int *naddrs)
+{
+ struct in_addr *addrp;
+ char buf[256], *p;
+ unsigned int len, i, j, n, count = 1;
+ const char *loop = name;
+
+ while ((loop = strchr(loop, ',')) != NULL) {
+ ++count;
+ ++loop; /* skip ',' */
+ }
+
+ *addrpp = xtables_malloc(sizeof(struct in_addr) * count);
+ *maskpp = xtables_malloc(sizeof(struct in_addr) * count);
+
+ loop = name;
+
+ for (i = 0; i < count; ++i) {
+ if (loop == NULL)
+ break;
+ if (*loop == ',')
+ ++loop;
+ if (*loop == '\0')
+ break;
+ p = strchr(loop, ',');
+ if (p != NULL)
+ len = p - loop;
+ else
+ len = strlen(loop);
+ if (len == 0 || sizeof(buf) - 1 < len)
+ break;
+
+ strncpy(buf, loop, len);
+ buf[len] = '\0';
+ loop += len;
+ if ((p = strrchr(buf, '/')) != NULL) {
+ *p = '\0';
+ addrp = parse_ipmask(p + 1);
+ } else {
+ addrp = parse_ipmask(NULL);
+ }
+ memcpy(*maskpp + i, addrp, sizeof(*addrp));
+
+ /* if a null mask is given, the name is ignored, like in "any/0" */
+ if ((*maskpp + i)->s_addr == 0)
+ /*
+ * A bit pointless to process multiple addresses
+ * in this case...
+ */
+ strcpy(buf, "0.0.0.0");
+
+ addrp = ipparse_hostnetwork(buf, &n);
+ if (n > 1) {
+ count += n - 1;
+ *addrpp = xtables_realloc(*addrpp,
+ sizeof(struct in_addr) * count);
+ *maskpp = xtables_realloc(*maskpp,
+ sizeof(struct in_addr) * count);
+ for (j = 0; j < n; ++j)
+ /* for each new addr */
+ memcpy(*addrpp + i + j, addrp + j,
+ sizeof(*addrp));
+ for (j = 1; j < n; ++j)
+ /* for each new mask */
+ memcpy(*maskpp + i + j, *maskpp + i,
+ sizeof(*addrp));
+ i += n - 1;
+ } else {
+ memcpy(*addrpp + i, addrp, sizeof(*addrp));
+ }
+ /* free what ipparse_hostnetwork had allocated: */
+ free(addrp);
+ }
+ *naddrs = count;
+ for (i = 0; i < n; ++i)
+ (*addrpp+i)->s_addr &= (*maskpp+i)->s_addr;
+}
+
+
/**
* xtables_ipparse_any - transform arbitrary name to in_addr
*
@@ -1364,6 +1456,89 @@ static struct in6_addr *parse_ip6mask(char *mask)
return &maskaddr;
}
+void
+xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
+ struct in6_addr **maskpp, unsigned int *naddrs)
+{
+ struct in6_addr *addrp;
+ char buf[256], *p;
+ unsigned int len, i, j, n, count = 1;
+ const char *loop = name;
+
+ while ((loop = strchr(loop, ',')) != NULL) {
+ ++count;
+ ++loop; /* skip ',' */
+ }
+
+ *addrpp = xtables_malloc(sizeof(struct in6_addr) * count);
+ *maskpp = xtables_malloc(sizeof(struct in6_addr) * count);
+
+ loop = name;
+
+ for (i = 0; i < count /*NB: count can grow*/; ++i) {
+ if (loop == NULL)
+ break;
+ if (*loop == ',')
+ ++loop;
+ if (*loop == '\0')
+ break;
+ p = strchr(loop, ',');
+ if (p != NULL)
+ len = p - loop;
+ else
+ len = strlen(loop);
+ if (len == 0 || sizeof(buf) - 1 < len)
+ break;
+
+ strncpy(buf, loop, len);
+ buf[len] = '\0';
+ loop += len;
+ if ((p = strrchr(buf, '/')) != NULL) {
+ *p = '\0';
+ addrp = parse_ip6mask(p + 1);
+ } else {
+ addrp = parse_ip6mask(NULL);
+ }
+ memcpy(*maskpp + i, addrp, sizeof(*addrp));
+
+ /* if a null mask is given, the name is ignored, like in "any/0" */
+ if (memcmp(*maskpp + i, &in6addr_any, sizeof(in6addr_any)) == 0)
+ strcpy(buf, "::");
+
+ addrp = ip6parse_hostnetwork(buf, &n);
+ /* ip6parse_hostnetwork only ever returns one IP
+ address (it exits if the resolution fails).
+ Therefore, n will always be 1 here. Leaving the
+ code below in anyway in case ip6parse_hostnetwork
+ is improved some day to behave like
+ ipparse_hostnetwork: */
+ if (n > 1) {
+ count += n - 1;
+ *addrpp = xtables_realloc(*addrpp,
+ sizeof(struct in6_addr) * count);
+ *maskpp = xtables_realloc(*maskpp,
+ sizeof(struct in6_addr) * count);
+ for (j = 0; j < n; ++j)
+ /* for each new addr */
+ memcpy(*addrpp + i + j, addrp + j,
+ sizeof(*addrp));
+ for (j = 1; j < n; ++j)
+ /* for each new mask */
+ memcpy(*maskpp + i + j, *maskpp + i,
+ sizeof(*addrp));
+ i += n - 1;
+ } else {
+ memcpy(*addrpp + i, addrp, sizeof(*addrp));
+ }
+ /* free what ip6parse_hostnetwork had allocated: */
+ free(addrp);
+ }
+ *naddrs = count;
+ for (i = 0; i < n; ++i)
+ for (j = 0; j < 4; ++j)
+ (*addrpp+i)->s6_addr32[j] &= (*maskpp+i)->s6_addr32[j];
+}
+
void xtables_ip6parse_any(const char *name, struct in6_addr **addrpp,
struct in6_addr *maskp, unsigned int *naddrs)
{
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread* [PATCH 02/10] libiptc: split v4 and v6
2009-06-26 19:19 (unknown), Jan Engelhardt
2009-06-26 19:19 ` [PATCH 01/10] iptables: accept multiple IP address specifications for -s, -d Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 03/10] extensions: collapse registration structures Jan Engelhardt
` (8 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
The split can save some diskspace for constrained systems running
which are only running one protocol.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
Makefile.am | 19 ++++++++++++-------
1 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index fd99098..445717e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -14,9 +14,14 @@ endif
lib_LTLIBRARIES =
# libiptc
-lib_LTLIBRARIES += libiptc/libiptc.la
-libiptc_libiptc_la_SOURCES = libiptc/libip4tc.c libiptc/libip6tc.c
-libiptc_libiptc_la_LDFLAGS = -version-info 0:0:0
+lib_LTLIBRARIES += libiptc/libiptc.la libiptc/libip4tc.la libiptc/libip6tc.la
+libiptc_libiptc_la_SOURCES =
+libiptc_libiptc_la_LIBADD = libiptc/libip4tc.la libiptc/libip6tc.la
+libiptc_libiptc_la_LDFLAGS = -version-info 0:0:0
+libiptc_libip4tc_la_SOURCES = libiptc/libip4tc.c
+libiptc_libip4tc_la_LDFLAGS = -version-info 0:0:0
+libiptc_libip6tc_la_SOURCES = libiptc/libip6tc.c
+libiptc_libip6tc_la_LDFLAGS = -version-info 0:0:0
lib_LTLIBRARIES += libxtables.la
libxtables_la_SOURCES = xtables.c
@@ -26,7 +31,7 @@ libxtables_la_LIBADD = -ldl
# iptables, dynamic
iptables_SOURCES = iptables-standalone.c iptables.c
iptables_LDFLAGS = -rdynamic
-iptables_LDADD = libiptc/libiptc.la extensions/libext4.a libxtables.la -lm
+iptables_LDADD = libiptc/libip4tc.la extensions/libext4.a libxtables.la -lm
iptables_xml_LDADD = libxtables.la
iptables_multi_SOURCES = iptables-multi.c iptables-save.c \
@@ -47,14 +52,14 @@ iptables_save_LDADD = ${iptables_LDADD}
# iptables-multi, semi-static
iptables_static_SOURCES = ${iptables_multi_SOURCES} xtables.c
iptables_static_CFLAGS = ${iptables_multi_CFLAGS} -DNO_SHARED_LIBS=1
-iptables_static_LDADD = libiptc/libiptc.la extensions/libext4.a -lm
+iptables_static_LDADD = libiptc/libip4tc.la extensions/libext4.a -lm
iptables_xml_SOURCES = iptables-xml.c
# ip6tables, dynamic
ip6tables_SOURCES = ip6tables-standalone.c ip6tables.c
ip6tables_LDFLAGS = -rdynamic
-ip6tables_LDADD = libiptc/libiptc.la extensions/libext6.a libxtables.la -lm
+ip6tables_LDADD = libiptc/libip6tc.la extensions/libext6.a libxtables.la -lm
ip6tables_multi_SOURCES = ip6tables-multi.c ip6tables-save.c \
ip6tables-restore.c ip6tables-standalone.c \
@@ -74,7 +79,7 @@ ip6tables_save_LDADD = ${ip6tables_LDADD}
# iptables-multi, semi-static
ip6tables_static_SOURCES = ${ip6tables_multi_SOURCES} xtables.c
ip6tables_static_CFLAGS = ${ip6tables_multi_CFLAGS} -DNO_SHARED_LIBS=1
-ip6tables_static_LDADD = libiptc/libiptc.la extensions/libext6.a -lm
+ip6tables_static_LDADD = libiptc/libip6tc.la extensions/libext6.a -lm
bin_PROGRAMS = iptables-xml
sbin_PROGRAMS =
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread* [PATCH 03/10] extensions: collapse registration structures
2009-06-26 19:19 (unknown), Jan Engelhardt
2009-06-26 19:19 ` [PATCH 01/10] iptables: accept multiple IP address specifications for -s, -d Jan Engelhardt
2009-06-26 19:19 ` [PATCH 02/10] libiptc: split v4 and v6 Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 04/10] iptables: allow for parse-less extensions Jan Engelhardt
` (7 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
There are no different code paths between IPV4 and IPV6, so
data can be consolidated here.
text data bss dec hex filename
243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586]
243613 9428 2576 255617 3e681 ip6tables-static[after.i586]
-144 -2784
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_CONNMARK.c | 38 ++------------------------------------
extensions/libxt_CONNSECMARK.c | 18 +-----------------
extensions/libxt_DSCP.c | 17 +----------------
extensions/libxt_MARK.c | 18 +-----------------
extensions/libxt_NFLOG.c | 17 +----------------
extensions/libxt_NFQUEUE.c | 16 +---------------
extensions/libxt_NOTRACK.c | 13 +------------
extensions/libxt_TCPOPTSTRIP.c | 18 +-----------------
extensions/libxt_TOS.c | 18 +-----------------
| 17 +----------------
extensions/libxt_connbytes.c | 17 +----------------
extensions/libxt_connmark.c | 36 ++----------------------------------
extensions/libxt_dccp.c | 17 +----------------
extensions/libxt_dscp.c | 17 +----------------
extensions/libxt_esp.c | 17 +----------------
extensions/libxt_hashlimit.c | 19 +------------------
extensions/libxt_helper.c | 16 +---------------
extensions/libxt_mac.c | 17 +----------------
extensions/libxt_owner.c | 18 +-----------------
extensions/libxt_physdev.c | 17 +----------------
extensions/libxt_recent.c | 19 +------------------
extensions/libxt_sctp.c | 17 +----------------
extensions/libxt_state.c | 17 +----------------
extensions/libxt_tcp.c | 17 +----------------
extensions/libxt_tcpmss.c | 17 +----------------
extensions/libxt_tos.c | 18 +-----------------
extensions/libxt_udp.c | 17 +----------------
27 files changed, 29 insertions(+), 474 deletions(-)
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 6e42898..5e9c374 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -399,23 +399,7 @@ connmark_tg_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target connmark_target = {
- .family = NFPROTO_IPV4,
- .name = "CONNMARK",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
- .help = CONNMARK_help,
- .init = CONNMARK_init,
- .parse = CONNMARK_parse,
- .final_check = connmark_tg_check,
- .print = CONNMARK_print,
- .save = CONNMARK_save,
- .extra_opts = CONNMARK_opts,
-};
-
-static struct xtables_target connmark_target6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "CONNMARK",
.revision = 0,
.version = XTABLES_VERSION,
@@ -434,23 +418,7 @@ static struct xtables_target connmark_tg_reg = {
.version = XTABLES_VERSION,
.name = "CONNMARK",
.revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
- .help = connmark_tg_help,
- .init = connmark_tg_init,
- .parse = connmark_tg_parse,
- .final_check = connmark_tg_check,
- .print = connmark_tg_print,
- .save = connmark_tg_save,
- .extra_opts = connmark_tg_opts,
-};
-
-static struct xtables_target connmark_tg6_reg = {
- .version = XTABLES_VERSION,
- .name = "CONNMARK",
- .revision = 1,
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
.help = connmark_tg_help,
@@ -465,7 +433,5 @@ static struct xtables_target connmark_tg6_reg = {
void _init(void)
{
xtables_register_target(&connmark_target);
- xtables_register_target(&connmark_target6);
xtables_register_target(&connmark_tg_reg);
- xtables_register_target(&connmark_tg6_reg);
}
diff --git a/extensions/libxt_CONNSECMARK.c b/extensions/libxt_CONNSECMARK.c
index 11ec01a..d95339f 100644
--- a/extensions/libxt_CONNSECMARK.c
+++ b/extensions/libxt_CONNSECMARK.c
@@ -107,22 +107,7 @@ CONNSECMARK_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target connsecmark_target = {
- .family = NFPROTO_IPV4,
- .name = "CONNSECMARK",
- .version = XTABLES_VERSION,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
- .parse = CONNSECMARK_parse,
- .help = CONNSECMARK_help,
- .final_check = CONNSECMARK_check,
- .print = CONNSECMARK_print,
- .save = CONNSECMARK_save,
- .extra_opts = CONNSECMARK_opts,
-};
-
-static struct xtables_target connsecmark_target6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "CONNSECMARK",
.version = XTABLES_VERSION,
.revision = 0,
@@ -139,5 +124,4 @@ static struct xtables_target connsecmark_target6 = {
void _init(void)
{
xtables_register_target(&connsecmark_target);
- xtables_register_target(&connsecmark_target6);
}
diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c
index ddb9c99..82ac10c 100644
--- a/extensions/libxt_DSCP.c
+++ b/extensions/libxt_DSCP.c
@@ -130,21 +130,7 @@ static void DSCP_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target dscp_target = {
- .family = NFPROTO_IPV4,
- .name = "DSCP",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_DSCP_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_DSCP_info)),
- .help = DSCP_help,
- .parse = DSCP_parse,
- .final_check = DSCP_check,
- .print = DSCP_print,
- .save = DSCP_save,
- .extra_opts = DSCP_opts,
-};
-
-static struct xtables_target dscp_target6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "DSCP",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_DSCP_info)),
@@ -160,5 +146,4 @@ static struct xtables_target dscp_target6 = {
void _init(void)
{
xtables_register_target(&dscp_target);
- xtables_register_target(&dscp_target6);
}
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index ff48a76..cab052b 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -278,7 +278,7 @@ static void mark_tg_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target mark_target_v0 = {
- .family = NFPROTO_IPV4,
+ .family = NFPROTO_UNSPEC,
.name = "MARK",
.version = XTABLES_VERSION,
.revision = 0,
@@ -307,21 +307,6 @@ static struct xtables_target mark_target_v1 = {
.extra_opts = MARK_opts,
};
-static struct xtables_target mark_target6_v0 = {
- .family = NFPROTO_IPV6,
- .name = "MARK",
- .version = XTABLES_VERSION,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct xt_mark_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
- .help = MARK_help,
- .parse = MARK_parse_v0,
- .final_check = MARK_check,
- .print = MARK_print_v0,
- .save = MARK_save_v0,
- .extra_opts = MARK_opts,
-};
-
static struct xtables_target mark_tg_reg_v2 = {
.version = XTABLES_VERSION,
.name = "MARK",
@@ -341,6 +326,5 @@ void _init(void)
{
xtables_register_target(&mark_target_v0);
xtables_register_target(&mark_target_v1);
- xtables_register_target(&mark_target6_v0);
xtables_register_target(&mark_tg_reg_v2);
}
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 007c7b4..0768e88 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -139,21 +139,7 @@ static void NFLOG_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target nflog_target = {
- .family = NFPROTO_IPV4,
- .name = "NFLOG",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_nflog_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_nflog_info)),
- .help = NFLOG_help,
- .init = NFLOG_init,
- .parse = NFLOG_parse,
- .print = NFLOG_print,
- .save = NFLOG_save,
- .extra_opts = NFLOG_opts,
-};
-
-static struct xtables_target nflog_target6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "NFLOG",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_nflog_info)),
@@ -169,5 +155,4 @@ static struct xtables_target nflog_target6 = {
void _init(void)
{
xtables_register_target(&nflog_target);
- xtables_register_target(&nflog_target6);
}
diff --git a/extensions/libxt_NFQUEUE.c b/extensions/libxt_NFQUEUE.c
index 3ca2239..53ecf1c 100644
--- a/extensions/libxt_NFQUEUE.c
+++ b/extensions/libxt_NFQUEUE.c
@@ -78,7 +78,7 @@ static void NFQUEUE_save(const void *ip, const struct xt_entry_target *target)
}
static struct xtables_target nfqueue_target = {
- .family = NFPROTO_IPV4,
+ .family = NFPROTO_UNSPEC,
.name = "NFQUEUE",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_NFQ_info)),
@@ -90,21 +90,7 @@ static struct xtables_target nfqueue_target = {
.extra_opts = NFQUEUE_opts
};
-static struct xtables_target nfqueue_target6 = {
- .family = NFPROTO_IPV6,
- .name = "NFQUEUE",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_NFQ_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info)),
- .help = NFQUEUE_help,
- .parse = NFQUEUE_parse,
- .print = NFQUEUE_print,
- .save = NFQUEUE_save,
- .extra_opts = NFQUEUE_opts,
-};
-
void _init(void)
{
xtables_register_target(&nfqueue_target);
- xtables_register_target(&nfqueue_target6);
}
diff --git a/extensions/libxt_NOTRACK.c b/extensions/libxt_NOTRACK.c
index ef26654..d997d84 100644
--- a/extensions/libxt_NOTRACK.c
+++ b/extensions/libxt_NOTRACK.c
@@ -20,17 +20,7 @@ NOTRACK_parse(int c, char **argv, int invert, unsigned int *flags,
}
static struct xtables_target notrack_target = {
- .family = NFPROTO_IPV4,
- .name = "NOTRACK",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(0),
- .userspacesize = XT_ALIGN(0),
- .help = NOTRACK_help,
- .parse = NOTRACK_parse,
-};
-
-static struct xtables_target notrack_target6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "NOTRACK",
.version = XTABLES_VERSION,
.size = XT_ALIGN(0),
@@ -42,5 +32,4 @@ static struct xtables_target notrack_target6 = {
void _init(void)
{
xtables_register_target(¬rack_target);
- xtables_register_target(¬rack_target6);
}
diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c
index cf946fc..a063d0d 100644
--- a/extensions/libxt_TCPOPTSTRIP.c
+++ b/extensions/libxt_TCPOPTSTRIP.c
@@ -180,22 +180,7 @@ tcpoptstrip_tg_save(const void *ip, const struct xt_entry_target *target)
static struct xtables_target tcpoptstrip_tg_reg = {
.version = XTABLES_VERSION,
.name = "TCPOPTSTRIP",
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
- .help = tcpoptstrip_tg_help,
- .init = tcpoptstrip_tg_init,
- .parse = tcpoptstrip_tg_parse,
- .final_check = tcpoptstrip_tg_check,
- .print = tcpoptstrip_tg_print,
- .save = tcpoptstrip_tg_save,
- .extra_opts = tcpoptstrip_tg_opts,
-};
-
-static struct xtables_target tcpoptstrip_tg6_reg = {
- .version = XTABLES_VERSION,
- .name = "TCPOPTSTRIP",
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
.help = tcpoptstrip_tg_help,
@@ -210,5 +195,4 @@ static struct xtables_target tcpoptstrip_tg6_reg = {
void _init(void)
{
xtables_register_target(&tcpoptstrip_tg_reg);
- xtables_register_target(&tcpoptstrip_tg6_reg);
}
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index c08f53b..e6382e1 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -224,22 +224,7 @@ static struct xtables_target tos_tg_reg = {
.version = XTABLES_VERSION,
.name = "TOS",
.revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .help = tos_tg_help,
- .parse = tos_tg_parse,
- .final_check = tos_tg_check,
- .print = tos_tg_print,
- .save = tos_tg_save,
- .extra_opts = tos_tg_opts,
-};
-
-static struct xtables_target tos_tg6_reg = {
- .version = XTABLES_VERSION,
- .name = "TOS",
- .family = NFPROTO_IPV6,
- .revision = 1,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
.help = tos_tg_help,
@@ -254,5 +239,4 @@ void _init(void)
{
xtables_register_target(&tos_tg_reg_v0);
xtables_register_target(&tos_tg_reg);
- xtables_register_target(&tos_tg6_reg);
}
--git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
index 5f393bb..2e665b1 100644
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -89,21 +89,7 @@ comment_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match comment_match = {
- .family = NFPROTO_IPV4,
- .name = "comment",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_comment_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_comment_info)),
- .help = comment_help,
- .parse = comment_parse,
- .final_check = comment_check,
- .print = comment_print,
- .save = comment_save,
- .extra_opts = comment_opts,
-};
-
-static struct xtables_match comment_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "comment",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_comment_info)),
@@ -119,5 +105,4 @@ static struct xtables_match comment_match6 = {
void _init(void)
{
xtables_register_match(&comment_match);
- xtables_register_match(&comment_match6);
}
diff --git a/extensions/libxt_connbytes.c b/extensions/libxt_connbytes.c
index c7bdff0..d6c3b1b 100644
--- a/extensions/libxt_connbytes.c
+++ b/extensions/libxt_connbytes.c
@@ -180,21 +180,7 @@ static void connbytes_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match connbytes_match = {
- .family = NFPROTO_IPV4,
- .name = "connbytes",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connbytes_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connbytes_info)),
- .help = connbytes_help,
- .parse = connbytes_parse,
- .final_check = connbytes_check,
- .print = connbytes_print,
- .save = connbytes_save,
- .extra_opts = connbytes_opts,
-};
-
-static struct xtables_match connbytes_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "connbytes",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_connbytes_info)),
@@ -210,5 +196,4 @@ static struct xtables_match connbytes_match6 = {
void _init(void)
{
xtables_register_match(&connbytes_match);
- xtables_register_match(&connbytes_match6);
}
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c
index ce2002c..db7c3a1 100644
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -164,22 +164,7 @@ connmark_mt_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match connmark_mt_reg_v0 = {
- .family = NFPROTO_IPV4,
- .name = "connmark",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connmark_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
- .help = connmark_mt_help,
- .parse = connmark_parse,
- .final_check = connmark_mt_check,
- .print = connmark_print,
- .save = connmark_save,
- .extra_opts = connmark_mt_opts,
-};
-
-static struct xtables_match connmark_mt6_reg_v0 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "connmark",
.revision = 0,
.version = XTABLES_VERSION,
@@ -197,22 +182,7 @@ static struct xtables_match connmark_mt_reg = {
.version = XTABLES_VERSION,
.name = "connmark",
.revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
- .help = connmark_mt_help,
- .parse = connmark_mt_parse,
- .final_check = connmark_mt_check,
- .print = connmark_mt_print,
- .save = connmark_mt_save,
- .extra_opts = connmark_mt_opts,
-};
-
-static struct xtables_match connmark_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "connmark",
- .revision = 1,
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
.help = connmark_mt_help,
@@ -226,7 +196,5 @@ static struct xtables_match connmark_mt6_reg = {
void _init(void)
{
xtables_register_match(&connmark_mt_reg_v0);
- xtables_register_match(&connmark_mt6_reg_v0);
xtables_register_match(&connmark_mt_reg);
- xtables_register_match(&connmark_mt6_reg);
}
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index 7321145..ae23225 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -336,21 +336,7 @@ static void dccp_save(const void *ip, const struct xt_entry_match *match)
static struct xtables_match dccp_match = {
.name = "dccp",
- .family = NFPROTO_IPV4,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_dccp_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_dccp_info)),
- .help = dccp_help,
- .init = dccp_init,
- .parse = dccp_parse,
- .print = dccp_print,
- .save = dccp_save,
- .extra_opts = dccp_opts,
-};
-
-static struct xtables_match dccp_match6 = {
- .name = "dccp",
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_dccp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_dccp_info)),
@@ -365,5 +351,4 @@ static struct xtables_match dccp_match6 = {
void _init(void)
{
xtables_register_match(&dccp_match);
- xtables_register_match(&dccp_match6);
}
diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c
index 62fa6af..306643e 100644
--- a/extensions/libxt_dscp.c
+++ b/extensions/libxt_dscp.c
@@ -131,21 +131,7 @@ static void dscp_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match dscp_match = {
- .family = NFPROTO_IPV4,
- .name = "dscp",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_dscp_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_dscp_info)),
- .help = dscp_help,
- .parse = dscp_parse,
- .final_check = dscp_check,
- .print = dscp_print,
- .save = dscp_save,
- .extra_opts = dscp_opts,
-};
-
-static struct xtables_match dscp_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "dscp",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_dscp_info)),
@@ -161,5 +147,4 @@ static struct xtables_match dscp_match6 = {
void _init(void)
{
xtables_register_match(&dscp_match);
- xtables_register_match(&dscp_match6);
}
diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c
index 5769edb..89c3fb4 100644
--- a/extensions/libxt_esp.c
+++ b/extensions/libxt_esp.c
@@ -149,21 +149,7 @@ static void esp_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match esp_match = {
- .family = NFPROTO_IPV4,
- .name = "esp",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_esp)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_esp)),
- .help = esp_help,
- .init = esp_init,
- .parse = esp_parse,
- .print = esp_print,
- .save = esp_save,
- .extra_opts = esp_opts,
-};
-
-static struct xtables_match esp_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "esp",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_esp)),
@@ -180,5 +166,4 @@ void
_init(void)
{
xtables_register_match(&esp_match);
- xtables_register_match(&esp_match6);
}
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 84dd786..9d8c86a 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -660,23 +660,7 @@ hashlimit_mt6_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match hashlimit_match = {
- .family = NFPROTO_IPV4,
- .name = "hashlimit",
- .version = XTABLES_VERSION,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct xt_hashlimit_info)),
- .userspacesize = offsetof(struct xt_hashlimit_info, hinfo),
- .help = hashlimit_help,
- .init = hashlimit_init,
- .parse = hashlimit_parse,
- .final_check = hashlimit_check,
- .print = hashlimit_print,
- .save = hashlimit_save,
- .extra_opts = hashlimit_opts,
-};
-
-static struct xtables_match hashlimit_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "hashlimit",
.version = XTABLES_VERSION,
.revision = 0,
@@ -726,7 +710,6 @@ static struct xtables_match hashlimit_mt6_reg = {
void _init(void)
{
xtables_register_match(&hashlimit_match);
- xtables_register_match(&hashlimit_match6);
xtables_register_match(&hashlimit_mt_reg);
xtables_register_match(&hashlimit_mt6_reg);
}
diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c
index 7b56bef..22c3113 100644
--- a/extensions/libxt_helper.c
+++ b/extensions/libxt_helper.c
@@ -69,20 +69,7 @@ static void helper_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match helper_match = {
- .family = NFPROTO_IPV4,
- .name = "helper",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_helper_info)),
- .help = helper_help,
- .parse = helper_parse,
- .final_check = helper_check,
- .print = helper_print,
- .save = helper_save,
- .extra_opts = helper_opts,
-};
-
-static struct xtables_match helper_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "helper",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_helper_info)),
@@ -97,5 +84,4 @@ static struct xtables_match helper_match6 = {
void _init(void)
{
xtables_register_match(&helper_match);
- xtables_register_match(&helper_match6);
}
diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c
index a57e341..449fff9 100644
--- a/extensions/libxt_mac.c
+++ b/extensions/libxt_mac.c
@@ -112,21 +112,7 @@ static void mac_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match mac_match = {
- .family = NFPROTO_IPV4,
- .name = "mac",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_mac_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mac_info)),
- .help = mac_help,
- .parse = mac_parse,
- .final_check = mac_check,
- .print = mac_print,
- .save = mac_save,
- .extra_opts = mac_opts,
-};
-
-static struct xtables_match mac_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "mac",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_mac_info)),
@@ -142,5 +128,4 @@ static struct xtables_match mac_match6 = {
void _init(void)
{
xtables_register_match(&mac_match);
- xtables_register_match(&mac_match6);
}
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index d27b3ae..f1d6b4a 100644
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -567,22 +567,7 @@ static struct xtables_match owner_mt_reg = {
.version = XTABLES_VERSION,
.name = "owner",
.revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_owner_match_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)),
- .help = owner_mt_help,
- .parse = owner_mt_parse,
- .final_check = owner_mt_check,
- .print = owner_mt_print,
- .save = owner_mt_save,
- .extra_opts = owner_mt_opts,
-};
-
-static struct xtables_match owner_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "owner",
- .revision = 1,
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_owner_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)),
.help = owner_mt_help,
@@ -598,5 +583,4 @@ void _init(void)
xtables_register_match(&owner_mt_reg_v0);
xtables_register_match(&owner_mt6_reg_v0);
xtables_register_match(&owner_mt_reg);
- xtables_register_match(&owner_mt6_reg);
}
diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c
index 5522a32..74d311d 100644
--- a/extensions/libxt_physdev.c
+++ b/extensions/libxt_physdev.c
@@ -161,21 +161,7 @@ static void physdev_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match physdev_match = {
- .family = NFPROTO_IPV4,
- .name = "physdev",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_physdev_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_physdev_info)),
- .help = physdev_help,
- .parse = physdev_parse,
- .final_check = physdev_check,
- .print = physdev_print,
- .save = physdev_save,
- .extra_opts = physdev_opts,
-};
-
-static struct xtables_match physdev_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "physdev",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_physdev_info)),
@@ -191,5 +177,4 @@ static struct xtables_match physdev_match6 = {
void _init(void)
{
xtables_register_match(&physdev_match);
- xtables_register_match(&physdev_match6);
}
diff --git a/extensions/libxt_recent.c b/extensions/libxt_recent.c
index 47c35ff..d503685 100644
--- a/extensions/libxt_recent.c
+++ b/extensions/libxt_recent.c
@@ -215,7 +215,7 @@ static void recent_save(const void *ip, const struct xt_entry_match *match)
static struct xtables_match recent_mt_reg = {
.name = "recent",
.version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
+ .family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
.userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
.help = recent_help,
@@ -227,24 +227,7 @@ static struct xtables_match recent_mt_reg = {
.extra_opts = recent_opts,
};
-static struct xtables_match recent_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "recent",
- .revision = 0,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
- .help = recent_help,
- .init = recent_init,
- .parse = recent_parse,
- .final_check = recent_check,
- .print = recent_print,
- .save = recent_save,
- .extra_opts = recent_opts,
-};
-
void _init(void)
{
xtables_register_match(&recent_mt_reg);
- xtables_register_match(&recent_mt6_reg);
}
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index 829eade..dfa72d3 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -496,21 +496,7 @@ static void sctp_save(const void *ip, const struct xt_entry_match *match)
static struct xtables_match sctp_match = {
.name = "sctp",
- .family = NFPROTO_IPV4,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_sctp_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_sctp_info)),
- .help = sctp_help,
- .init = sctp_init,
- .parse = sctp_parse,
- .print = sctp_print,
- .save = sctp_save,
- .extra_opts = sctp_opts,
-};
-
-static struct xtables_match sctp_match6 = {
- .name = "sctp",
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_sctp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_sctp_info)),
@@ -525,5 +511,4 @@ static struct xtables_match sctp_match6 = {
void _init(void)
{
xtables_register_match(&sctp_match);
- xtables_register_match(&sctp_match6);
}
diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c
index 7387e26..c8a7454 100644
--- a/extensions/libxt_state.c
+++ b/extensions/libxt_state.c
@@ -139,21 +139,7 @@ static void state_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match state_match = {
- .family = NFPROTO_IPV4,
- .name = "state",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_state_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_state_info)),
- .help = state_help,
- .parse = state_parse,
- .final_check = state_final_check,
- .print = state_print,
- .save = state_save,
- .extra_opts = state_opts,
-};
-
-static struct xtables_match state_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "state",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_state_info)),
@@ -169,5 +155,4 @@ static struct xtables_match state_match6 = {
void _init(void)
{
xtables_register_match(&state_match);
- xtables_register_match(&state_match6);
}
diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c
index 5ea9ebd..7abecc1 100644
--- a/extensions/libxt_tcp.c
+++ b/extensions/libxt_tcp.c
@@ -375,21 +375,7 @@ static void tcp_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match tcp_match = {
- .family = NFPROTO_IPV4,
- .name = "tcp",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_tcp)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tcp)),
- .help = tcp_help,
- .init = tcp_init,
- .parse = tcp_parse,
- .print = tcp_print,
- .save = tcp_save,
- .extra_opts = tcp_opts,
-};
-
-static struct xtables_match tcp_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "tcp",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_tcp)),
@@ -406,5 +392,4 @@ void
_init(void)
{
xtables_register_match(&tcp_match);
- xtables_register_match(&tcp_match6);
}
diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c
index 46529f9..36785a3 100644
--- a/extensions/libxt_tcpmss.c
+++ b/extensions/libxt_tcpmss.c
@@ -109,21 +109,7 @@ static void tcpmss_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match tcpmss_match = {
- .family = NFPROTO_IPV4,
- .name = "tcpmss",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
- .help = tcpmss_help,
- .parse = tcpmss_parse,
- .final_check = tcpmss_check,
- .print = tcpmss_print,
- .save = tcpmss_save,
- .extra_opts = tcpmss_opts,
-};
-
-static struct xtables_match tcpmss_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "tcpmss",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
@@ -139,5 +125,4 @@ static struct xtables_match tcpmss_match6 = {
void _init(void)
{
xtables_register_match(&tcpmss_match);
- xtables_register_match(&tcpmss_match6);
}
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index b810ea6..1f7b2cd 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -155,22 +155,7 @@ static struct xtables_match tos_mt_reg_v0 = {
static struct xtables_match tos_mt_reg = {
.version = XTABLES_VERSION,
.name = "tos",
- .family = NFPROTO_IPV4,
- .revision = 1,
- .size = XT_ALIGN(sizeof(struct xt_tos_match_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tos_match_info)),
- .help = tos_mt_help,
- .parse = tos_mt_parse,
- .final_check = tos_mt_check,
- .print = tos_mt_print,
- .save = tos_mt_save,
- .extra_opts = tos_mt_opts,
-};
-
-static struct xtables_match tos_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "tos",
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.revision = 1,
.size = XT_ALIGN(sizeof(struct xt_tos_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tos_match_info)),
@@ -186,5 +171,4 @@ void _init(void)
{
xtables_register_match(&tos_mt_reg_v0);
xtables_register_match(&tos_mt_reg);
- xtables_register_match(&tos_mt6_reg);
}
diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
index 4b4e84f..bf0b34f 100644
--- a/extensions/libxt_udp.c
+++ b/extensions/libxt_udp.c
@@ -191,21 +191,7 @@ static void udp_save(const void *ip, const struct xt_entry_match *match)
}
static struct xtables_match udp_match = {
- .family = NFPROTO_IPV4,
- .name = "udp",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_udp)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_udp)),
- .help = udp_help,
- .init = udp_init,
- .parse = udp_parse,
- .print = udp_print,
- .save = udp_save,
- .extra_opts = udp_opts,
-};
-
-static struct xtables_match udp_match6 = {
- .family = NFPROTO_IPV6,
+ .family = NFPROTO_UNSPEC,
.name = "udp",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_udp)),
@@ -222,5 +208,4 @@ void
_init(void)
{
xtables_register_match(&udp_match);
- xtables_register_match(&udp_match6);
}
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread* [PATCH 04/10] iptables: allow for parse-less extensions
2009-06-26 19:19 (unknown), Jan Engelhardt
` (2 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 03/10] extensions: collapse registration structures Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 05/10] iptables: allow for help-less extensions Jan Engelhardt
` (6 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
This means we can do some code removal in extensions.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables.c | 9 +++++----
iptables.c | 9 +++++----
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/ip6tables.c b/ip6tables.c
index 31c4b45..71ff46f 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1699,13 +1699,14 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
exit_tryhelp(2);
default:
- if (!target
- || !(target->parse(c - target->option_offset,
+ if (target == NULL || target->parse == NULL ||
+ !target->parse(c - target->option_offset,
argv, invert,
&target->tflags,
- &fw, &target->t))) {
+ &fw, &target->t)) {
for (matchp = matches; matchp; matchp = matchp->next) {
- if (matchp->completed)
+ if (matchp->completed ||
+ matchp->match->parse == NULL)
continue;
if (matchp->match->parse(c - matchp->match->option_offset,
argv, invert,
diff --git a/iptables.c b/iptables.c
index 7c075da..cc17576 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1727,13 +1727,14 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
exit_tryhelp(2);
default:
- if (!target
- || !(target->parse(c - target->option_offset,
+ if (target == NULL || target->parse == NULL ||
+ !target->parse(c - target->option_offset,
argv, invert,
&target->tflags,
- &fw, &target->t))) {
+ &fw, &target->t)) {
for (matchp = matches; matchp; matchp = matchp->next) {
- if (matchp->completed)
+ if (matchp->completed ||
+ matchp->match->parse == NULL)
continue;
if (matchp->match->parse(c - matchp->match->option_offset,
argv, invert,
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread* [PATCH 05/10] iptables: allow for help-less extensions
2009-06-26 19:19 (unknown), Jan Engelhardt
` (3 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 04/10] iptables: allow for parse-less extensions Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 06/10] extensions: remove empty help and parse functions Jan Engelhardt
` (5 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
This is for extensions that do not take any options, and which
subsequently do not offer any help text either.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
Makefile.am | 16 ++++++++--------
ip6tables.c | 18 ++----------------
iptables.c | 18 ++----------------
xshared.c | 31 +++++++++++++++++++++++++++++++
xshared.h | 10 ++++++++++
5 files changed, 53 insertions(+), 40 deletions(-)
create mode 100644 xshared.c
create mode 100644 xshared.h
diff --git a/Makefile.am b/Makefile.am
index 445717e..a9e3ad3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -29,23 +29,23 @@ libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage
libxtables_la_LIBADD = -ldl
# iptables, dynamic
-iptables_SOURCES = iptables-standalone.c iptables.c
+iptables_SOURCES = iptables-standalone.c iptables.c xshared.c
iptables_LDFLAGS = -rdynamic
iptables_LDADD = libiptc/libip4tc.la extensions/libext4.a libxtables.la -lm
iptables_xml_LDADD = libxtables.la
iptables_multi_SOURCES = iptables-multi.c iptables-save.c \
iptables-restore.c iptables-xml.c \
- iptables-standalone.c iptables.c
+ iptables-standalone.c iptables.c xshared.c
iptables_multi_CFLAGS = ${AM_CFLAGS} -DIPTABLES_MULTI
iptables_multi_LDFLAGS = ${iptables_LDFLAGS}
iptables_multi_LDADD = ${iptables_LDADD}
-iptables_restore_SOURCES = iptables-restore.c iptables.c
+iptables_restore_SOURCES = iptables-restore.c iptables.c xshared.c
iptables_restore_LDFLAGS = ${iptables_LDFLAGS}
iptables_restore_LDADD = ${iptables_LDADD}
-iptables_save_SOURCES = iptables-save.c iptables.c
+iptables_save_SOURCES = iptables-save.c iptables.c xshared.c
iptables_save_LDFLAGS = ${iptables_LDFLAGS}
iptables_save_LDADD = ${iptables_LDADD}
@@ -57,22 +57,22 @@ iptables_static_LDADD = libiptc/libip4tc.la extensions/libext4.a -lm
iptables_xml_SOURCES = iptables-xml.c
# ip6tables, dynamic
-ip6tables_SOURCES = ip6tables-standalone.c ip6tables.c
+ip6tables_SOURCES = ip6tables-standalone.c ip6tables.c xshared.c
ip6tables_LDFLAGS = -rdynamic
ip6tables_LDADD = libiptc/libip6tc.la extensions/libext6.a libxtables.la -lm
ip6tables_multi_SOURCES = ip6tables-multi.c ip6tables-save.c \
ip6tables-restore.c ip6tables-standalone.c \
- ip6tables.c
+ ip6tables.c xshared.c
ip6tables_multi_CFLAGS = ${AM_CFLAGS} -DIPTABLES_MULTI
ip6tables_multi_LDFLAGS = ${ip6tables_LDFLAGS}
ip6tables_multi_LDADD = ${ip6tables_LDADD}
-ip6tables_restore_SOURCES = ip6tables-restore.c ip6tables.c
+ip6tables_restore_SOURCES = ip6tables-restore.c ip6tables.c xshared.c
ip6tables_restore_LDFLAGS = ${ip6tables_LDFLAGS}
ip6tables_restore_LDADD = ${ip6tables_LDADD}
-ip6tables_save_SOURCES = ip6tables-save.c ip6tables.c
+ip6tables_save_SOURCES = ip6tables-save.c ip6tables.c xshared.c
ip6tables_save_LDFLAGS = ${ip6tables_LDFLAGS}
ip6tables_save_LDADD = ${ip6tables_LDADD}
diff --git a/ip6tables.c b/ip6tables.c
index 71ff46f..f974fb1 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -43,6 +43,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include "ip6tables-multi.h"
+#include "xshared.h"
#ifndef TRUE
#define TRUE 1
@@ -235,9 +236,6 @@ exit_tryhelp(int status)
static void
exit_printhelp(struct xtables_rule_match *matches)
{
- struct xtables_rule_match *matchp = NULL;
- struct xtables_target *t = NULL;
-
printf("%s v%s\n\n"
"Usage: %s -[AD] chain rule-specification [options]\n"
" %s -I chain [rulenum] rule-specification [options]\n"
@@ -307,19 +305,7 @@ exit_printhelp(struct xtables_rule_match *matches)
" --set-counters PKTS BYTES set the counter during insert/append\n"
"[!] --version -V print package version.\n");
- /* Print out any special helps. A user might like to be able to add a --help
- to the commandline, and see expected results. So we call help for all
- specified matches & targets */
- for (t = xtables_targets; t; t = t->next) {
- if (t->used) {
- printf("\n");
- t->help();
- }
- }
- for (matchp = matches; matchp; matchp = matchp->next) {
- printf("\n");
- matchp->match->help();
- }
+ print_extension_helps(xtables_targets, matches);
exit(0);
}
diff --git a/iptables.c b/iptables.c
index cc17576..a229c35 100644
--- a/iptables.c
+++ b/iptables.c
@@ -40,6 +40,7 @@
#include <xtables.h>
#include <fcntl.h>
#include <sys/utsname.h>
+#include "xshared.h"
#ifndef TRUE
#define TRUE 1
@@ -248,9 +249,6 @@ exit_tryhelp(int status)
static void
exit_printhelp(struct xtables_rule_match *matches)
{
- struct xtables_rule_match *matchp = NULL;
- struct xtables_target *t = NULL;
-
printf("%s v%s\n\n"
"Usage: %s -[AD] chain rule-specification [options]\n"
" %s -I chain [rulenum] rule-specification [options]\n"
@@ -320,19 +318,7 @@ exit_printhelp(struct xtables_rule_match *matches)
" --set-counters PKTS BYTES set the counter during insert/append\n"
"[!] --version -V print package version.\n");
- /* Print out any special helps. A user might like to be able
- to add a --help to the commandline, and see expected
- results. So we call help for all specified matches & targets */
- for (t = xtables_targets; t ;t = t->next) {
- if (t->used) {
- printf("\n");
- t->help();
- }
- }
- for (matchp = matches; matchp; matchp = matchp->next) {
- printf("\n");
- matchp->match->help();
- }
+ print_extension_helps(xtables_targets, matches);
exit(0);
}
diff --git a/xshared.c b/xshared.c
new file mode 100644
index 0000000..21b5b2c
--- /dev/null
+++ b/xshared.c
@@ -0,0 +1,31 @@
+#include <stdio.h>
+#include <xtables.h>
+#include "xshared.h"
+
+/*
+ * Print out any special helps. A user might like to be able to add a --help
+ * to the commandline, and see expected results. So we call help for all
+ * specified matches and targets.
+ */
+void print_extension_helps(const struct xtables_target *t,
+ const struct xtables_rule_match *m)
+{
+ for (; t != NULL; t = t->next) {
+ if (t->used) {
+ printf("\n");
+ if (t->help == NULL)
+ printf("%s does not take any options\n",
+ t->name);
+ else
+ t->help();
+ }
+ }
+ for (; m != NULL; m = m->next) {
+ printf("\n");
+ if (m->match->help == NULL)
+ printf("%s does not take any options\n",
+ m->match->name);
+ else
+ m->match->help();
+ }
+}
diff --git a/xshared.h b/xshared.h
new file mode 100644
index 0000000..c53b618
--- /dev/null
+++ b/xshared.h
@@ -0,0 +1,10 @@
+#ifndef IPTABLES_XSHARED_H
+#define IPTABLES_XSHARED_H 1
+
+struct xtables_rule_match;
+struct xtables_target;
+
+extern void print_extension_helps(const struct xtables_target *,
+ const struct xtables_rule_match *);
+
+#endif /* IPTABLES_XSHARED_H */
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread* [PATCH 06/10] extensions: remove empty help and parse functions
2009-06-26 19:19 (unknown), Jan Engelhardt
` (4 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 05/10] iptables: allow for help-less extensions Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 07/10] xtables: add multi-registration functions Jan Engelhardt
` (4 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libip6t_eui64.c | 26 --------------------------
extensions/libipt_MIRROR.c | 20 --------------------
extensions/libipt_unclean.c | 16 ----------------
extensions/libxt_NOTRACK.c | 20 --------------------
extensions/libxt_TRACE.c | 13 -------------
extensions/libxt_socket.c | 20 --------------------
extensions/libxt_standard.c | 12 ------------
7 files changed, 0 insertions(+), 127 deletions(-)
diff --git a/extensions/libip6t_eui64.c b/extensions/libip6t_eui64.c
index c92c868..607bf86 100644
--- a/extensions/libip6t_eui64.c
+++ b/extensions/libip6t_eui64.c
@@ -1,38 +1,12 @@
/* Shared library add-on to ip6tables to add EUI64 address checking support. */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#if defined(__GLIBC__) && __GLIBC__ == 2
-#include <net/ethernet.h>
-#else
-#include <linux/if_ether.h>
-#endif
#include <xtables.h>
-static void eui64_help(void)
-{
- printf(
-"eui64 match options:\n"
-" This module hasn't got any option\n"
-" This module checks for EUI64 IPv6 addresses\n");
-}
-
-static int eui64_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- return 0;
-}
-
static struct xtables_match eui64_mt6_reg = {
.name = "eui64",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV6,
.size = XT_ALIGN(sizeof(int)),
.userspacesize = XT_ALIGN(sizeof(int)),
- .help = eui64_help,
- .parse = eui64_parse,
};
void _init(void)
diff --git a/extensions/libipt_MIRROR.c b/extensions/libipt_MIRROR.c
index 81964dd..fb78751 100644
--- a/extensions/libipt_MIRROR.c
+++ b/extensions/libipt_MIRROR.c
@@ -1,32 +1,12 @@
/* Shared library add-on to iptables to add MIRROR target support. */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
-static void MIRROR_help(void)
-{
- printf("MIRROR target takes no options\n");
-}
-
-static int MIRROR_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- return 0;
-}
-
static struct xtables_target mirror_tg_reg = {
.name = "MIRROR",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
- .help = MIRROR_help,
- .parse = MIRROR_parse,
- .print = NULL,
- .save = NULL,
};
void _init(void)
diff --git a/extensions/libipt_unclean.c b/extensions/libipt_unclean.c
index 93d9013..bc4a4a0 100644
--- a/extensions/libipt_unclean.c
+++ b/extensions/libipt_unclean.c
@@ -1,28 +1,12 @@
/* Shared library add-on to iptables for unclean. */
-#include <stdio.h>
-#include <stdlib.h>
-#include <getopt.h>
#include <xtables.h>
-static void unclean_help(void)
-{
- printf("unclean match takes no options\n");
-}
-
-static int unclean_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- return 0;
-}
-
static struct xtables_match unclean_mt_reg = {
.name = "unclean",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
- .help = unclean_help,
- .parse = unclean_parse,
};
void _init(void)
diff --git a/extensions/libxt_NOTRACK.c b/extensions/libxt_NOTRACK.c
index d997d84..ca58700 100644
--- a/extensions/libxt_NOTRACK.c
+++ b/extensions/libxt_NOTRACK.c
@@ -1,23 +1,5 @@
/* Shared library add-on to iptables to add NOTRACK target support. */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
#include <xtables.h>
-#include <linux/netfilter/x_tables.h>
-
-static void NOTRACK_help(void)
-{
- printf("NOTRACK target takes no options\n");
-}
-
-static int
-NOTRACK_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- return 0;
-}
static struct xtables_target notrack_target = {
.family = NFPROTO_UNSPEC,
@@ -25,8 +7,6 @@ static struct xtables_target notrack_target = {
.version = XTABLES_VERSION,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
- .help = NOTRACK_help,
- .parse = NOTRACK_parse,
};
void _init(void)
diff --git a/extensions/libxt_TRACE.c b/extensions/libxt_TRACE.c
index 344b80d..0282e6f 100644
--- a/extensions/libxt_TRACE.c
+++ b/extensions/libxt_TRACE.c
@@ -7,25 +7,12 @@
#include <xtables.h>
#include <linux/netfilter/x_tables.h>
-static void TRACE_help(void)
-{
- printf("TRACE target takes no options\n");
-}
-
-static int TRACE_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- return 0;
-}
-
static struct xtables_target trace_target = {
.family = NFPROTO_UNSPEC,
.name = "TRACE",
.version = XTABLES_VERSION,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
- .help = TRACE_help,
- .parse = TRACE_parse,
};
void _init(void)
diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c
index eebc7c5..1490473 100644
--- a/extensions/libxt_socket.c
+++ b/extensions/libxt_socket.c
@@ -3,34 +3,14 @@
*
* Copyright (C) 2007 BalaBit IT Ltd.
*/
-#include <stdio.h>
-#include <getopt.h>
#include <xtables.h>
-static void socket_mt_help(void)
-{
- printf("socket v%s has no options\n\n", XTABLES_VERSION);
-}
-
-static int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
-{
- return 0;
-}
-
-static void socket_mt_check(unsigned int flags)
-{
-}
-
static struct xtables_match socket_mt_reg = {
.name = "socket",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
- .parse = socket_mt_parse,
- .final_check = socket_mt_check,
- .help = socket_mt_help,
};
void _init(void)
diff --git a/extensions/libxt_standard.c b/extensions/libxt_standard.c
index 56dc2d2..c64ba29 100644
--- a/extensions/libxt_standard.c
+++ b/extensions/libxt_standard.c
@@ -1,10 +1,5 @@
/* Shared library add-on to iptables for standard target support. */
#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <limits.h>
-#include <getopt.h>
#include <xtables.h>
static void standard_help(void)
@@ -14,12 +9,6 @@ static void standard_help(void)
"(If target is DROP, ACCEPT, RETURN or nothing)\n");
}
-static int standard_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_target **target)
-{
- return 0;
-}
-
static struct xtables_target standard_target = {
.family = NFPROTO_UNSPEC,
.name = "standard",
@@ -27,7 +16,6 @@ static struct xtables_target standard_target = {
.size = XT_ALIGN(sizeof(int)),
.userspacesize = XT_ALIGN(sizeof(int)),
.help = standard_help,
- .parse = standard_parse,
};
void _init(void)
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread* [PATCH 07/10] xtables: add multi-registration functions
2009-06-26 19:19 (unknown), Jan Engelhardt
` (5 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 06/10] extensions: remove empty help and parse functions Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 08/10] extensions: collapse data variables to use multi-reg calls Jan Engelhardt
` (3 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Similar to the ones that are present in the kernel.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/xtables.h.in | 2 ++
xtables.c | 14 ++++++++++++++
2 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/include/xtables.h.in b/include/xtables.h.in
index 037fae1..222e2a9 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -233,7 +233,9 @@ extern struct xtables_target *xtables_find_target(const char *name,
/* Your shared library should call one of these. */
extern void xtables_register_match(struct xtables_match *me);
+extern void xtables_register_matches(struct xtables_match *, unsigned int);
extern void xtables_register_target(struct xtables_target *me);
+extern void xtables_register_targets(struct xtables_target *, unsigned int);
extern bool xtables_strtoul(const char *, char **, unsigned long *,
unsigned long, unsigned long);
diff --git a/xtables.c b/xtables.c
index 05154dd..1ff6e82 100644
--- a/xtables.c
+++ b/xtables.c
@@ -794,6 +794,13 @@ void xtables_register_match(struct xtables_match *me)
me->mflags = 0;
}
+void xtables_register_matches(struct xtables_match *match, unsigned int n)
+{
+ do {
+ xtables_register_match(&match[--n]);
+ } while (n > 0);
+}
+
void xtables_register_target(struct xtables_target *me)
{
struct xtables_target *old;
@@ -868,6 +875,13 @@ void xtables_register_target(struct xtables_target *me)
me->tflags = 0;
}
+void xtables_register_targets(struct xtables_target *target, unsigned int n)
+{
+ do {
+ xtables_register_target(&target[--n]);
+ } while (n > 0);
+}
+
/**
* xtables_param_act - act on condition
* @status: a constant from enum xtables_exittype
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread* [PATCH 08/10] extensions: collapse data variables to use multi-reg calls
2009-06-26 19:19 (unknown), Jan Engelhardt
` (6 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 07/10] xtables: add multi-registration functions Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 09/10] xtables: warn of missing version identifier in extensions Jan Engelhardt
` (2 subsequent siblings)
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libipt_addrtype.c | 58 ++++++++++----------
extensions/libxt_CONNMARK.c | 64 +++++++++++-----------
extensions/libxt_MARK.c | 90 +++++++++++++++----------------
extensions/libxt_TOS.c | 60 ++++++++++----------
extensions/libxt_connlimit.c | 60 ++++++++++----------
extensions/libxt_connmark.c | 60 ++++++++++----------
extensions/libxt_conntrack.c | 90 +++++++++++++++----------------
extensions/libxt_hashlimit.c | 96 ++++++++++++++++-----------------
extensions/libxt_iprange.c | 90 +++++++++++++++----------------
extensions/libxt_mark.c | 60 ++++++++++----------
extensions/libxt_multiport.c | 120 ++++++++++++++++++++----------------------
extensions/libxt_owner.c | 90 +++++++++++++++----------------
extensions/libxt_policy.c | 56 ++++++++++----------
extensions/libxt_string.c | 64 +++++++++++-----------
extensions/libxt_tos.c | 60 ++++++++++----------
15 files changed, 552 insertions(+), 566 deletions(-)
diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c
index ecd51b5..cda7051 100644
--- a/extensions/libipt_addrtype.c
+++ b/extensions/libipt_addrtype.c
@@ -323,38 +323,38 @@ static const struct option addrtype_opts_v1[] = {
{ .name = NULL }
};
-static struct xtables_match addrtype_mt_reg_v0 = {
- .name = "addrtype",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
- .help = addrtype_help_v0,
- .parse = addrtype_parse_v0,
- .final_check = addrtype_check_v0,
- .print = addrtype_print_v0,
- .save = addrtype_save_v0,
- .extra_opts = addrtype_opts_v0,
-};
-
-static struct xtables_match addrtype_mt_reg_v1 = {
- .name = "addrtype",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
- .help = addrtype_help_v1,
- .parse = addrtype_parse_v1,
- .final_check = addrtype_check_v1,
- .print = addrtype_print_v1,
- .save = addrtype_save_v1,
- .extra_opts = addrtype_opts_v1,
- .revision = 1,
+static struct xtables_match addrtype_mt_reg[] = {
+ {
+ .name = "addrtype",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
+ .help = addrtype_help_v0,
+ .parse = addrtype_parse_v0,
+ .final_check = addrtype_check_v0,
+ .print = addrtype_print_v0,
+ .save = addrtype_save_v0,
+ .extra_opts = addrtype_opts_v0,
+ },
+ {
+ .name = "addrtype",
+ .revision = 1,
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
+ .help = addrtype_help_v1,
+ .parse = addrtype_parse_v1,
+ .final_check = addrtype_check_v1,
+ .print = addrtype_print_v1,
+ .save = addrtype_save_v1,
+ .extra_opts = addrtype_opts_v1,
+ },
};
void _init(void)
{
- xtables_register_match(&addrtype_mt_reg_v0);
- xtables_register_match(&addrtype_mt_reg_v1);
+ xtables_register_matches(addrtype_mt_reg, ARRAY_SIZE(addrtype_mt_reg));
}
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 5e9c374..3cf62f0 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -398,40 +398,40 @@ connmark_tg_save(const void *ip, const struct xt_entry_target *target)
}
}
-static struct xtables_target connmark_target = {
- .family = NFPROTO_UNSPEC,
- .name = "CONNMARK",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
- .help = CONNMARK_help,
- .init = CONNMARK_init,
- .parse = CONNMARK_parse,
- .final_check = connmark_tg_check,
- .print = CONNMARK_print,
- .save = CONNMARK_save,
- .extra_opts = CONNMARK_opts,
-};
-
-static struct xtables_target connmark_tg_reg = {
- .version = XTABLES_VERSION,
- .name = "CONNMARK",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
- .help = connmark_tg_help,
- .init = connmark_tg_init,
- .parse = connmark_tg_parse,
- .final_check = connmark_tg_check,
- .print = connmark_tg_print,
- .save = connmark_tg_save,
- .extra_opts = connmark_tg_opts,
+static struct xtables_target connmark_tg_reg[] = {
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "CONNMARK",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_target_info)),
+ .help = CONNMARK_help,
+ .init = CONNMARK_init,
+ .parse = CONNMARK_parse,
+ .final_check = connmark_tg_check,
+ .print = CONNMARK_print,
+ .save = CONNMARK_save,
+ .extra_opts = CONNMARK_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "CONNMARK",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_tginfo1)),
+ .help = connmark_tg_help,
+ .init = connmark_tg_init,
+ .parse = connmark_tg_parse,
+ .final_check = connmark_tg_check,
+ .print = connmark_tg_print,
+ .save = connmark_tg_save,
+ .extra_opts = connmark_tg_opts,
+ },
};
void _init(void)
{
- xtables_register_target(&connmark_target);
- xtables_register_target(&connmark_tg_reg);
+ xtables_register_targets(connmark_tg_reg, ARRAY_SIZE(connmark_tg_reg));
}
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index cab052b..f6a2c5c 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -277,54 +277,52 @@ static void mark_tg_save(const void *ip, const struct xt_entry_target *target)
printf("--set-xmark 0x%x/0x%x ", info->mark, info->mask);
}
-static struct xtables_target mark_target_v0 = {
- .family = NFPROTO_UNSPEC,
- .name = "MARK",
- .version = XTABLES_VERSION,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct xt_mark_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
- .help = MARK_help,
- .parse = MARK_parse_v0,
- .final_check = MARK_check,
- .print = MARK_print_v0,
- .save = MARK_save_v0,
- .extra_opts = MARK_opts,
-};
-
-static struct xtables_target mark_target_v1 = {
- .family = NFPROTO_IPV4,
- .name = "MARK",
- .version = XTABLES_VERSION,
- .revision = 1,
- .size = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
- .help = MARK_help,
- .parse = MARK_parse_v1,
- .final_check = MARK_check,
- .print = MARK_print_v1,
- .save = MARK_save_v1,
- .extra_opts = MARK_opts,
-};
-
-static struct xtables_target mark_tg_reg_v2 = {
- .version = XTABLES_VERSION,
- .name = "MARK",
- .revision = 2,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
- .help = mark_tg_help,
- .parse = mark_tg_parse,
- .final_check = mark_tg_check,
- .print = mark_tg_print,
- .save = mark_tg_save,
- .extra_opts = mark_tg_opts,
+static struct xtables_target mark_tg_reg[] = {
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "MARK",
+ .version = XTABLES_VERSION,
+ .revision = 0,
+ .size = XT_ALIGN(sizeof(struct xt_mark_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
+ .help = MARK_help,
+ .parse = MARK_parse_v0,
+ .final_check = MARK_check,
+ .print = MARK_print_v0,
+ .save = MARK_save_v0,
+ .extra_opts = MARK_opts,
+ },
+ {
+ .family = NFPROTO_IPV4,
+ .name = "MARK",
+ .version = XTABLES_VERSION,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
+ .help = MARK_help,
+ .parse = MARK_parse_v1,
+ .final_check = MARK_check,
+ .print = MARK_print_v1,
+ .save = MARK_save_v1,
+ .extra_opts = MARK_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "MARK",
+ .revision = 2,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
+ .help = mark_tg_help,
+ .parse = mark_tg_parse,
+ .final_check = mark_tg_check,
+ .print = mark_tg_print,
+ .save = mark_tg_save,
+ .extra_opts = mark_tg_opts,
+ },
};
void _init(void)
{
- xtables_register_target(&mark_target_v0);
- xtables_register_target(&mark_target_v1);
- xtables_register_target(&mark_tg_reg_v2);
+ xtables_register_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
}
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index e6382e1..bf751a4 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -205,38 +205,38 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target)
printf("--set-tos 0x%02x/0x%02x ", info->tos_value, info->tos_mask);
}
-static struct xtables_target tos_tg_reg_v0 = {
- .version = XTABLES_VERSION,
- .name = "TOS",
- .revision = 0,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .help = tos_tg_help_v0,
- .parse = tos_tg_parse_v0,
- .final_check = tos_tg_check,
- .print = tos_tg_print_v0,
- .save = tos_tg_save_v0,
- .extra_opts = tos_tg_opts_v0,
-};
-
-static struct xtables_target tos_tg_reg = {
- .version = XTABLES_VERSION,
- .name = "TOS",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
- .help = tos_tg_help,
- .parse = tos_tg_parse,
- .final_check = tos_tg_check,
- .print = tos_tg_print,
- .save = tos_tg_save,
- .extra_opts = tos_tg_opts,
+static struct xtables_target tos_tg_reg[] = {
+ {
+ .version = XTABLES_VERSION,
+ .name = "TOS",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
+ .help = tos_tg_help_v0,
+ .parse = tos_tg_parse_v0,
+ .final_check = tos_tg_check,
+ .print = tos_tg_print_v0,
+ .save = tos_tg_save_v0,
+ .extra_opts = tos_tg_opts_v0,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "TOS",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_tos_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tos_target_info)),
+ .help = tos_tg_help,
+ .parse = tos_tg_parse,
+ .final_check = tos_tg_check,
+ .print = tos_tg_print,
+ .save = tos_tg_save,
+ .extra_opts = tos_tg_opts,
+ },
};
void _init(void)
{
- xtables_register_target(&tos_tg_reg_v0);
- xtables_register_target(&tos_tg_reg);
+ xtables_register_targets(tos_tg_reg, ARRAY_SIZE(tos_tg_reg));
}
diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c
index 403e7e6..1698561 100644
--- a/extensions/libxt_connlimit.c
+++ b/extensions/libxt_connlimit.c
@@ -179,38 +179,38 @@ static void connlimit_save6(const void *ip, const struct xt_entry_match *match)
count_bits6(info->v6_mask));
}
-static struct xtables_match connlimit_match = {
- .name = "connlimit",
- .family = NFPROTO_IPV4,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
- .userspacesize = offsetof(struct xt_connlimit_info, data),
- .help = connlimit_help,
- .init = connlimit_init,
- .parse = connlimit_parse4,
- .final_check = connlimit_check,
- .print = connlimit_print4,
- .save = connlimit_save4,
- .extra_opts = connlimit_opts,
-};
-
-static struct xtables_match connlimit_match6 = {
- .name = "connlimit",
- .family = NFPROTO_IPV6,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
- .userspacesize = offsetof(struct xt_connlimit_info, data),
- .help = connlimit_help,
- .init = connlimit_init,
- .parse = connlimit_parse6,
- .final_check = connlimit_check,
- .print = connlimit_print6,
- .save = connlimit_save6,
- .extra_opts = connlimit_opts,
+static struct xtables_match connlimit_mt_reg[] = {
+ {
+ .name = "connlimit",
+ .family = NFPROTO_IPV4,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
+ .userspacesize = offsetof(struct xt_connlimit_info, data),
+ .help = connlimit_help,
+ .init = connlimit_init,
+ .parse = connlimit_parse4,
+ .final_check = connlimit_check,
+ .print = connlimit_print4,
+ .save = connlimit_save4,
+ .extra_opts = connlimit_opts,
+ },
+ {
+ .name = "connlimit",
+ .family = NFPROTO_IPV6,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connlimit_info)),
+ .userspacesize = offsetof(struct xt_connlimit_info, data),
+ .help = connlimit_help,
+ .init = connlimit_init,
+ .parse = connlimit_parse6,
+ .final_check = connlimit_check,
+ .print = connlimit_print6,
+ .save = connlimit_save6,
+ .extra_opts = connlimit_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&connlimit_match);
- xtables_register_match(&connlimit_match6);
+ xtables_register_matches(connlimit_mt_reg, ARRAY_SIZE(connlimit_mt_reg));
}
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c
index db7c3a1..48c10b5 100644
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -163,38 +163,38 @@ connmark_mt_save(const void *ip, const struct xt_entry_match *match)
print_mark(info->mark, info->mask);
}
-static struct xtables_match connmark_mt_reg_v0 = {
- .family = NFPROTO_UNSPEC,
- .name = "connmark",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_connmark_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
- .help = connmark_mt_help,
- .parse = connmark_parse,
- .final_check = connmark_mt_check,
- .print = connmark_print,
- .save = connmark_save,
- .extra_opts = connmark_mt_opts,
-};
-
-static struct xtables_match connmark_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "connmark",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
- .help = connmark_mt_help,
- .parse = connmark_mt_parse,
- .final_check = connmark_mt_check,
- .print = connmark_mt_print,
- .save = connmark_mt_save,
- .extra_opts = connmark_mt_opts,
+static struct xtables_match connmark_mt_reg[] = {
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "connmark",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connmark_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
+ .help = connmark_mt_help,
+ .parse = connmark_parse,
+ .final_check = connmark_mt_check,
+ .print = connmark_print,
+ .save = connmark_save,
+ .extra_opts = connmark_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "connmark",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
+ .help = connmark_mt_help,
+ .parse = connmark_mt_parse,
+ .final_check = connmark_mt_check,
+ .print = connmark_mt_print,
+ .save = connmark_mt_save,
+ .extra_opts = connmark_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&connmark_mt_reg_v0);
- xtables_register_match(&connmark_mt_reg);
+ xtables_register_matches(connmark_mt_reg, ARRAY_SIZE(connmark_mt_reg));
}
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 96ea3ec..edcaaa8 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -1034,54 +1034,52 @@ static void conntrack_mt6_save(const void *ip,
conntrack_dump((const void *)match->data, "--", NFPROTO_IPV6, true);
}
-static struct xtables_match conntrack_match = {
- .version = XTABLES_VERSION,
- .name = "conntrack",
- .revision = 0,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_conntrack_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_info)),
- .help = conntrack_mt_help,
- .parse = conntrack_parse,
- .final_check = conntrack_mt_check,
- .print = conntrack_print,
- .save = conntrack_save,
- .extra_opts = conntrack_mt_opts_v0,
-};
-
-static struct xtables_match conntrack_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "conntrack",
- .revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
- .help = conntrack_mt_help,
- .parse = conntrack_mt4_parse,
- .final_check = conntrack_mt_check,
- .print = conntrack_mt_print,
- .save = conntrack_mt_save,
- .extra_opts = conntrack_mt_opts,
-};
-
-static struct xtables_match conntrack_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "conntrack",
- .revision = 1,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
- .help = conntrack_mt_help,
- .parse = conntrack_mt6_parse,
- .final_check = conntrack_mt_check,
- .print = conntrack_mt6_print,
- .save = conntrack_mt6_save,
- .extra_opts = conntrack_mt_opts,
+static struct xtables_match conntrack_mt_reg[] = {
+ {
+ .version = XTABLES_VERSION,
+ .name = "conntrack",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_conntrack_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_info)),
+ .help = conntrack_mt_help,
+ .parse = conntrack_parse,
+ .final_check = conntrack_mt_check,
+ .print = conntrack_print,
+ .save = conntrack_save,
+ .extra_opts = conntrack_mt_opts_v0,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "conntrack",
+ .revision = 1,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
+ .help = conntrack_mt_help,
+ .parse = conntrack_mt4_parse,
+ .final_check = conntrack_mt_check,
+ .print = conntrack_mt_print,
+ .save = conntrack_mt_save,
+ .extra_opts = conntrack_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "conntrack",
+ .revision = 1,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_conntrack_mtinfo1)),
+ .help = conntrack_mt_help,
+ .parse = conntrack_mt6_parse,
+ .final_check = conntrack_mt_check,
+ .print = conntrack_mt6_print,
+ .save = conntrack_mt6_save,
+ .extra_opts = conntrack_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&conntrack_match);
- xtables_register_match(&conntrack_mt_reg);
- xtables_register_match(&conntrack_mt6_reg);
+ xtables_register_matches(conntrack_mt_reg, ARRAY_SIZE(conntrack_mt_reg));
}
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 9d8c86a..cdb407a 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -659,57 +659,55 @@ hashlimit_mt6_save(const void *ip, const struct xt_entry_match *match)
hashlimit_mt_save(info, 128);
}
-static struct xtables_match hashlimit_match = {
- .family = NFPROTO_UNSPEC,
- .name = "hashlimit",
- .version = XTABLES_VERSION,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct xt_hashlimit_info)),
- .userspacesize = offsetof(struct xt_hashlimit_info, hinfo),
- .help = hashlimit_help,
- .init = hashlimit_init,
- .parse = hashlimit_parse,
- .final_check = hashlimit_check,
- .print = hashlimit_print,
- .save = hashlimit_save,
- .extra_opts = hashlimit_opts,
-};
-
-static struct xtables_match hashlimit_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "hashlimit",
- .revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
- .userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
- .help = hashlimit_mt_help,
- .init = hashlimit_mt4_init,
- .parse = hashlimit_mt4_parse,
- .final_check = hashlimit_mt_check,
- .print = hashlimit_mt4_print,
- .save = hashlimit_mt4_save,
- .extra_opts = hashlimit_mt_opts,
-};
-
-static struct xtables_match hashlimit_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "hashlimit",
- .revision = 1,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
- .userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
- .help = hashlimit_mt_help,
- .init = hashlimit_mt6_init,
- .parse = hashlimit_mt6_parse,
- .final_check = hashlimit_mt_check,
- .print = hashlimit_mt6_print,
- .save = hashlimit_mt6_save,
- .extra_opts = hashlimit_mt_opts,
+static struct xtables_match hashlimit_mt_reg[] = {
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "hashlimit",
+ .version = XTABLES_VERSION,
+ .revision = 0,
+ .size = XT_ALIGN(sizeof(struct xt_hashlimit_info)),
+ .userspacesize = offsetof(struct xt_hashlimit_info, hinfo),
+ .help = hashlimit_help,
+ .init = hashlimit_init,
+ .parse = hashlimit_parse,
+ .final_check = hashlimit_check,
+ .print = hashlimit_print,
+ .save = hashlimit_save,
+ .extra_opts = hashlimit_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "hashlimit",
+ .revision = 1,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
+ .userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
+ .help = hashlimit_mt_help,
+ .init = hashlimit_mt4_init,
+ .parse = hashlimit_mt4_parse,
+ .final_check = hashlimit_mt_check,
+ .print = hashlimit_mt4_print,
+ .save = hashlimit_mt4_save,
+ .extra_opts = hashlimit_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "hashlimit",
+ .revision = 1,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_hashlimit_mtinfo1)),
+ .userspacesize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
+ .help = hashlimit_mt_help,
+ .init = hashlimit_mt6_init,
+ .parse = hashlimit_mt6_parse,
+ .final_check = hashlimit_mt_check,
+ .print = hashlimit_mt6_print,
+ .save = hashlimit_mt6_save,
+ .extra_opts = hashlimit_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&hashlimit_match);
- xtables_register_match(&hashlimit_mt_reg);
- xtables_register_match(&hashlimit_mt6_reg);
+ xtables_register_matches(hashlimit_mt_reg, ARRAY_SIZE(hashlimit_mt_reg));
}
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index bc5b2ae..7b3ccc2 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -344,54 +344,52 @@ static void iprange_mt6_save(const void *ip, const struct xt_entry_match *match)
}
}
-static struct xtables_match iprange_match = {
- .version = XTABLES_VERSION,
- .name = "iprange",
- .revision = 0,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_iprange_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_iprange_info)),
- .help = iprange_mt_help,
- .parse = iprange_parse,
- .final_check = iprange_mt_check,
- .print = iprange_print,
- .save = iprange_save,
- .extra_opts = iprange_mt_opts,
-};
-
-static struct xtables_match iprange_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "iprange",
- .revision = 1,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
- .help = iprange_mt_help,
- .parse = iprange_mt4_parse,
- .final_check = iprange_mt_check,
- .print = iprange_mt4_print,
- .save = iprange_mt4_save,
- .extra_opts = iprange_mt_opts,
-};
-
-static struct xtables_match iprange_mt6_reg = {
- .version = XTABLES_VERSION,
- .name = "iprange",
- .revision = 1,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
- .help = iprange_mt_help,
- .parse = iprange_mt6_parse,
- .final_check = iprange_mt_check,
- .print = iprange_mt6_print,
- .save = iprange_mt6_save,
- .extra_opts = iprange_mt_opts,
+static struct xtables_match iprange_mt_reg[] = {
+ {
+ .version = XTABLES_VERSION,
+ .name = "iprange",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct ipt_iprange_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_iprange_info)),
+ .help = iprange_mt_help,
+ .parse = iprange_parse,
+ .final_check = iprange_mt_check,
+ .print = iprange_print,
+ .save = iprange_save,
+ .extra_opts = iprange_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "iprange",
+ .revision = 1,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
+ .help = iprange_mt_help,
+ .parse = iprange_mt4_parse,
+ .final_check = iprange_mt_check,
+ .print = iprange_mt4_print,
+ .save = iprange_mt4_save,
+ .extra_opts = iprange_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "iprange",
+ .revision = 1,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
+ .help = iprange_mt_help,
+ .parse = iprange_mt6_parse,
+ .final_check = iprange_mt_check,
+ .print = iprange_mt6_print,
+ .save = iprange_mt6_save,
+ .extra_opts = iprange_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&iprange_match);
- xtables_register_match(&iprange_mt_reg);
- xtables_register_match(&iprange_mt6_reg);
+ xtables_register_matches(iprange_mt_reg, ARRAY_SIZE(iprange_mt_reg));
}
diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c
index 6f8cc57..fc3d646 100644
--- a/extensions/libxt_mark.c
+++ b/extensions/libxt_mark.c
@@ -143,38 +143,38 @@ mark_save(const void *ip, const struct xt_entry_match *match)
print_mark(info->mark, info->mask);
}
-static struct xtables_match mark_match = {
- .family = NFPROTO_UNSPEC,
- .name = "mark",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_mark_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)),
- .help = mark_mt_help,
- .parse = mark_parse,
- .final_check = mark_mt_check,
- .print = mark_print,
- .save = mark_save,
- .extra_opts = mark_mt_opts,
-};
-
-static struct xtables_match mark_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "mark",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
- .help = mark_mt_help,
- .parse = mark_mt_parse,
- .final_check = mark_mt_check,
- .print = mark_mt_print,
- .save = mark_mt_save,
- .extra_opts = mark_mt_opts,
+static struct xtables_match mark_mt_reg[] = {
+ {
+ .family = NFPROTO_UNSPEC,
+ .name = "mark",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_mark_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)),
+ .help = mark_mt_help,
+ .parse = mark_parse,
+ .final_check = mark_mt_check,
+ .print = mark_print,
+ .save = mark_save,
+ .extra_opts = mark_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "mark",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
+ .help = mark_mt_help,
+ .parse = mark_mt_parse,
+ .final_check = mark_mt_check,
+ .print = mark_mt_print,
+ .save = mark_mt_save,
+ .extra_opts = mark_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&mark_match);
- xtables_register_match(&mark_mt_reg);
+ xtables_register_matches(mark_mt_reg, ARRAY_SIZE(mark_mt_reg));
}
diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c
index 9959a20..d9b6e74 100644
--- a/extensions/libxt_multiport.c
+++ b/extensions/libxt_multiport.c
@@ -509,71 +509,67 @@ static void multiport_save6_v1(const void *ip_void,
__multiport_save_v1(match, ip->proto);
}
-static struct xtables_match multiport_match = {
- .family = NFPROTO_IPV4,
- .name = "multiport",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_multiport)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
- .help = multiport_help,
- .parse = multiport_parse,
- .final_check = multiport_check,
- .print = multiport_print,
- .save = multiport_save,
- .extra_opts = multiport_opts,
-};
-
-static struct xtables_match multiport_match6 = {
- .family = NFPROTO_IPV6,
- .name = "multiport",
- .revision = 0,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_multiport)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
- .help = multiport_help,
- .parse = multiport_parse6,
- .final_check = multiport_check,
- .print = multiport_print6,
- .save = multiport_save6,
- .extra_opts = multiport_opts,
-};
-
-static struct xtables_match multiport_match_v1 = {
- .family = NFPROTO_IPV4,
- .name = "multiport",
- .version = XTABLES_VERSION,
- .revision = 1,
- .size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
- .help = multiport_help_v1,
- .parse = multiport_parse_v1,
- .final_check = multiport_check,
- .print = multiport_print_v1,
- .save = multiport_save_v1,
- .extra_opts = multiport_opts,
-};
-
-static struct xtables_match multiport_match6_v1 = {
- .family = NFPROTO_IPV6,
- .name = "multiport",
- .version = XTABLES_VERSION,
- .revision = 1,
- .size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
- .help = multiport_help_v1,
- .parse = multiport_parse6_v1,
- .final_check = multiport_check,
- .print = multiport_print6_v1,
- .save = multiport_save6_v1,
- .extra_opts = multiport_opts,
+static struct xtables_match multiport_mt_reg[] = {
+ {
+ .family = NFPROTO_IPV4,
+ .name = "multiport",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_multiport)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
+ .help = multiport_help,
+ .parse = multiport_parse,
+ .final_check = multiport_check,
+ .print = multiport_print,
+ .save = multiport_save,
+ .extra_opts = multiport_opts,
+ },
+ {
+ .family = NFPROTO_IPV6,
+ .name = "multiport",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_multiport)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
+ .help = multiport_help,
+ .parse = multiport_parse6,
+ .final_check = multiport_check,
+ .print = multiport_print6,
+ .save = multiport_save6,
+ .extra_opts = multiport_opts,
+ },
+ {
+ .family = NFPROTO_IPV4,
+ .name = "multiport",
+ .version = XTABLES_VERSION,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
+ .help = multiport_help_v1,
+ .parse = multiport_parse_v1,
+ .final_check = multiport_check,
+ .print = multiport_print_v1,
+ .save = multiport_save_v1,
+ .extra_opts = multiport_opts,
+ },
+ {
+ .family = NFPROTO_IPV6,
+ .name = "multiport",
+ .version = XTABLES_VERSION,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
+ .help = multiport_help_v1,
+ .parse = multiport_parse6_v1,
+ .final_check = multiport_check,
+ .print = multiport_print6_v1,
+ .save = multiport_save6_v1,
+ .extra_opts = multiport_opts,
+ },
};
void
_init(void)
{
- xtables_register_match(&multiport_match);
- xtables_register_match(&multiport_match6);
- xtables_register_match(&multiport_match_v1);
- xtables_register_match(&multiport_match6_v1);
+ xtables_register_matches(multiport_mt_reg, ARRAY_SIZE(multiport_mt_reg));
}
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index f1d6b4a..2544138 100644
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -533,54 +533,52 @@ static void owner_mt_save(const void *ip, const struct xt_entry_match *match)
owner_mt_print_item(info, "--gid-owner", XT_OWNER_GID, false);
}
-static struct xtables_match owner_mt_reg_v0 = {
- .version = XTABLES_VERSION,
- .name = "owner",
- .revision = 0,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_owner_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_owner_info)),
- .help = owner_mt_help_v0,
- .parse = owner_mt_parse_v0,
- .final_check = owner_mt_check,
- .print = owner_mt_print_v0,
- .save = owner_mt_save_v0,
- .extra_opts = owner_mt_opts_v0,
-};
-
-static struct xtables_match owner_mt6_reg_v0 = {
- .version = XTABLES_VERSION,
- .name = "owner",
- .revision = 0,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct ip6t_owner_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ip6t_owner_info)),
- .help = owner_mt6_help_v0,
- .parse = owner_mt6_parse_v0,
- .final_check = owner_mt_check,
- .print = owner_mt6_print_v0,
- .save = owner_mt6_save_v0,
- .extra_opts = owner_mt6_opts_v0,
-};
-
-static struct xtables_match owner_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "owner",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .size = XT_ALIGN(sizeof(struct xt_owner_match_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)),
- .help = owner_mt_help,
- .parse = owner_mt_parse,
- .final_check = owner_mt_check,
- .print = owner_mt_print,
- .save = owner_mt_save,
- .extra_opts = owner_mt_opts,
+static struct xtables_match owner_mt_reg[] = {
+ {
+ .version = XTABLES_VERSION,
+ .name = "owner",
+ .revision = 0,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct ipt_owner_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_owner_info)),
+ .help = owner_mt_help_v0,
+ .parse = owner_mt_parse_v0,
+ .final_check = owner_mt_check,
+ .print = owner_mt_print_v0,
+ .save = owner_mt_save_v0,
+ .extra_opts = owner_mt_opts_v0,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "owner",
+ .revision = 0,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct ip6t_owner_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip6t_owner_info)),
+ .help = owner_mt6_help_v0,
+ .parse = owner_mt6_parse_v0,
+ .final_check = owner_mt_check,
+ .print = owner_mt6_print_v0,
+ .save = owner_mt6_save_v0,
+ .extra_opts = owner_mt6_opts_v0,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "owner",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .size = XT_ALIGN(sizeof(struct xt_owner_match_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)),
+ .help = owner_mt_help,
+ .parse = owner_mt_parse,
+ .final_check = owner_mt_check,
+ .print = owner_mt_print,
+ .save = owner_mt_save,
+ .extra_opts = owner_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&owner_mt_reg_v0);
- xtables_register_match(&owner_mt6_reg_v0);
- xtables_register_match(&owner_mt_reg);
+ xtables_register_matches(owner_mt_reg, ARRAY_SIZE(owner_mt_reg));
}
diff --git a/extensions/libxt_policy.c b/extensions/libxt_policy.c
index d17b1bb..858eaaa 100644
--- a/extensions/libxt_policy.c
+++ b/extensions/libxt_policy.c
@@ -478,36 +478,36 @@ static void policy6_save(const void *ip, const struct xt_entry_match *match)
}
}
-static struct xtables_match policy_mt_reg = {
- .name = "policy",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct xt_policy_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
- .help = policy_help,
- .parse = policy4_parse,
- .final_check = policy_check,
- .print = policy4_print,
- .save = policy4_save,
- .extra_opts = policy_opts,
-};
-
-static struct xtables_match policy_mt6_reg = {
- .name = "policy",
- .version = XTABLES_VERSION,
- .family = NFPROTO_IPV6,
- .size = XT_ALIGN(sizeof(struct xt_policy_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
- .help = policy_help,
- .parse = policy6_parse,
- .final_check = policy_check,
- .print = policy6_print,
- .save = policy6_save,
- .extra_opts = policy_opts,
+static struct xtables_match policy_mt_reg[] = {
+ {
+ .name = "policy",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_policy_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
+ .help = policy_help,
+ .parse = policy4_parse,
+ .final_check = policy_check,
+ .print = policy4_print,
+ .save = policy4_save,
+ .extra_opts = policy_opts,
+ },
+ {
+ .name = "policy",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_policy_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
+ .help = policy_help,
+ .parse = policy6_parse,
+ .final_check = policy_check,
+ .print = policy6_print,
+ .save = policy6_save,
+ .extra_opts = policy_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&policy_mt_reg);
- xtables_register_match(&policy_mt6_reg);
+ xtables_register_matches(policy_mt_reg, ARRAY_SIZE(policy_mt_reg));
}
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index 18e3ed2..62c3a97 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -350,40 +350,40 @@ static void string_save(const void *ip, const struct xt_entry_match *match)
}
-static struct xtables_match string_match = {
- .name = "string",
- .revision = 0,
- .family = NFPROTO_UNSPEC,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_string_info)),
- .userspacesize = offsetof(struct xt_string_info, config),
- .help = string_help,
- .init = string_init,
- .parse = string_parse,
- .final_check = string_check,
- .print = string_print,
- .save = string_save,
- .extra_opts = string_opts,
-};
-
-static struct xtables_match string_match_v1 = {
- .name = "string",
- .revision = 1,
- .family = NFPROTO_UNSPEC,
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_string_info)),
- .userspacesize = offsetof(struct xt_string_info, config),
- .help = string_help,
- .init = string_init,
- .parse = string_parse,
- .final_check = string_check,
- .print = string_print,
- .save = string_save,
- .extra_opts = string_opts,
+static struct xtables_match string_mt_reg[] = {
+ {
+ .name = "string",
+ .revision = 0,
+ .family = NFPROTO_UNSPEC,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_string_info)),
+ .userspacesize = offsetof(struct xt_string_info, config),
+ .help = string_help,
+ .init = string_init,
+ .parse = string_parse,
+ .final_check = string_check,
+ .print = string_print,
+ .save = string_save,
+ .extra_opts = string_opts,
+ },
+ {
+ .name = "string",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_string_info)),
+ .userspacesize = offsetof(struct xt_string_info, config),
+ .help = string_help,
+ .init = string_init,
+ .parse = string_parse,
+ .final_check = string_check,
+ .print = string_print,
+ .save = string_save,
+ .extra_opts = string_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&string_match);
- xtables_register_match(&string_match_v1);
+ xtables_register_matches(string_mt_reg, ARRAY_SIZE(string_mt_reg));
}
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index 1f7b2cd..0a81f46 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -137,38 +137,38 @@ static void tos_mt_save(const void *ip, const struct xt_entry_match *match)
printf("--tos 0x%02x/0x%02x ", info->tos_value, info->tos_mask);
}
-static struct xtables_match tos_mt_reg_v0 = {
- .version = XTABLES_VERSION,
- .name = "tos",
- .family = NFPROTO_IPV4,
- .revision = 0,
- .size = XT_ALIGN(sizeof(struct ipt_tos_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_tos_info)),
- .help = tos_mt_help,
- .parse = tos_mt_parse_v0,
- .final_check = tos_mt_check,
- .print = tos_mt_print_v0,
- .save = tos_mt_save_v0,
- .extra_opts = tos_mt_opts,
-};
-
-static struct xtables_match tos_mt_reg = {
- .version = XTABLES_VERSION,
- .name = "tos",
- .family = NFPROTO_UNSPEC,
- .revision = 1,
- .size = XT_ALIGN(sizeof(struct xt_tos_match_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_tos_match_info)),
- .help = tos_mt_help,
- .parse = tos_mt_parse,
- .final_check = tos_mt_check,
- .print = tos_mt_print,
- .save = tos_mt_save,
- .extra_opts = tos_mt_opts,
+static struct xtables_match tos_mt_reg[] = {
+ {
+ .version = XTABLES_VERSION,
+ .name = "tos",
+ .family = NFPROTO_IPV4,
+ .revision = 0,
+ .size = XT_ALIGN(sizeof(struct ipt_tos_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_tos_info)),
+ .help = tos_mt_help,
+ .parse = tos_mt_parse_v0,
+ .final_check = tos_mt_check,
+ .print = tos_mt_print_v0,
+ .save = tos_mt_save_v0,
+ .extra_opts = tos_mt_opts,
+ },
+ {
+ .version = XTABLES_VERSION,
+ .name = "tos",
+ .family = NFPROTO_UNSPEC,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct xt_tos_match_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_tos_match_info)),
+ .help = tos_mt_help,
+ .parse = tos_mt_parse,
+ .final_check = tos_mt_check,
+ .print = tos_mt_print,
+ .save = tos_mt_save,
+ .extra_opts = tos_mt_opts,
+ },
};
void _init(void)
{
- xtables_register_match(&tos_mt_reg_v0);
- xtables_register_match(&tos_mt_reg);
+ xtables_register_matches(tos_mt_reg, ARRAY_SIZE(tos_mt_reg));
}
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread* [PATCH 09/10] xtables: warn of missing version identifier in extensions
2009-06-26 19:19 (unknown), Jan Engelhardt
` (7 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 08/10] extensions: collapse data variables to use multi-reg calls Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-26 19:19 ` [PATCH 10/10] COMMIT_NOTES: notice to check for soversion bumps Jan Engelhardt
2009-06-29 12:56 ` Patrick McHardy
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
xtables.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/xtables.c b/xtables.c
index 1ff6e82..41e0b87 100644
--- a/xtables.c
+++ b/xtables.c
@@ -724,6 +724,11 @@ void xtables_register_match(struct xtables_match *me)
{
struct xtables_match **i, *old;
+ if (me->version == NULL) {
+ fprintf(stderr, "%s: match %s<%u> is missing a version\n",
+ xt_params->program_name, me->name, me->revision);
+ exit(1);
+ }
if (strcmp(me->version, XTABLES_VERSION) != 0) {
fprintf(stderr, "%s: match \"%s\" has version \"%s\", "
"but \"%s\" is required.\n",
@@ -805,6 +810,11 @@ void xtables_register_target(struct xtables_target *me)
{
struct xtables_target *old;
+ if (me->version == NULL) {
+ fprintf(stderr, "%s: target %s<%u> is missing a version\n",
+ xt_params->program_name, me->name, me->revision);
+ exit(1);
+ }
if (strcmp(me->version, XTABLES_VERSION) != 0) {
fprintf(stderr, "%s: target \"%s\" has version \"%s\", "
"but \"%s\" is required.\n",
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread* [PATCH 10/10] COMMIT_NOTES: notice to check for soversion bumps
2009-06-26 19:19 (unknown), Jan Engelhardt
` (8 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 09/10] xtables: warn of missing version identifier in extensions Jan Engelhardt
@ 2009-06-26 19:19 ` Jan Engelhardt
2009-06-29 12:56 ` Patrick McHardy
10 siblings, 0 replies; 28+ messages in thread
From: Jan Engelhardt @ 2009-06-26 19:19 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
COMMIT_NOTES | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/COMMIT_NOTES b/COMMIT_NOTES
index 7583fac..592808c 100644
--- a/COMMIT_NOTES
+++ b/COMMIT_NOTES
@@ -11,5 +11,9 @@ A quick list of rules for committing stuff into netfilter git:
- If you touch any parts of libxtables (xtables.c, include/xtables.h.in),
make sure the so-version is updated _appropriately_ (i.e. read the
- libtool manual about Versioning:: first if need be) in configure.ac.
+ libtool manual about Versioning:: first, if need be) in configure.ac.
Adding fields to a struct always entails a vcurrent bump.
+
+ - Check, whether a bump (vcurrent,vage) has already been made since the
+ last release (no more than one per release), e.g.:
+ git log v1.4.4.. configure.ac
--
1.6.3.2
^ permalink raw reply related [flat|nested] 28+ messages in thread* Re:
2009-06-26 19:19 (unknown), Jan Engelhardt
` (9 preceding siblings ...)
2009-06-26 19:19 ` [PATCH 10/10] COMMIT_NOTES: notice to check for soversion bumps Jan Engelhardt
@ 2009-06-29 12:56 ` Patrick McHardy
10 siblings, 0 replies; 28+ messages in thread
From: Patrick McHardy @ 2009-06-29 12:56 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
Jan Engelhardt wrote:
> Hi,
>
>
> here are a number of patches I am suggesting for the -master branch
> (-stable is separate in my view and my management, but see other
> discussion thread).
> Pullable from
> git://dev.medozas.de/iptables master
>
>
> Jan Engelhardt (9):
> libiptc: split v4 and v6
> extensions: collapse registration structures
> iptables: allow for parse-less extensions
> iptables: allow for help-less extensions
> extensions: remove empty help and parse functions
> xtables: add multi-registration functions
> extensions: collapse data variables to use multi-reg calls
> xtables: warn of missing version identifier in extensions
> COMMIT_NOTES: notice to check for soversion bumps
>
> Michael Granzow (1):
> iptables: accept multiple IP address specifications for -s, -d
Looks good, pulled and pushed out again, thanks.
> (Shall I post the entire mergestat, or just the "X files changed" line?)
This is fine, I mainly want something comparable to the git pull output.
^ permalink raw reply [flat|nested] 28+ messages in thread