Skip to content

GitLab

Commit 268c6aa1 authored by Arturo Borrero Gonzalez's avatar Arturo Borrero Gonzalez
Browse files

Merge tag 'debian/1.8.5-3' into debian/buster-backports 



Debian package 1.8.5-3
Signed-off-by: default avatarArturo Borrero Gonzalez <arturo@debian.org>
parents ada8a2c9 9fa0e185
Show whitespace changes
Inline Side-by-side
iptables/.gitignore
View file @ 268c6aa1
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
/ip6tables-restore /ip6tables-restore
/ip6tables-static /ip6tables-static
/ip6tables-translate.8 /ip6tables-translate.8
/ip6tables-restore-translate.8
/iptables /iptables
/iptables.8 /iptables.8
/iptables-extensions.8 /iptables-extensions.8
...@@ -13,14 +14,12 @@ ...@@ -13,14 +14,12 @@
/iptables-restore.8 /iptables-restore.8
/iptables-static /iptables-static
/iptables-translate.8 /iptables-translate.8
/iptables-restore-translate.8
/iptables-xml /iptables-xml
/iptables-xml.1 /iptables-xml.1
/xtables-multi /xtables-multi
/xtables-legacy-multi /xtables-legacy-multi
/xtables-nft-multi /xtables-nft-multi
/xtables-config-parser.c
/xtables-config-parser.h
/xtables-config-syntax.c
/xtables-monitor.8 /xtables-monitor.8
/xtables.pc /xtables.pc
iptables/Makefile.am
View file @ 268c6aa1
...@@ -2,7 +2,6 @@ ...@@ -2,7 +2,6 @@
AM_CFLAGS = ${regular_CFLAGS} AM_CFLAGS = ${regular_CFLAGS}
AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir} ${kinclude_CPPFLAGS} ${libmnl_CFLAGS} ${libnftnl_CFLAGS} ${libnetfilter_conntrack_CFLAGS} AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir} ${kinclude_CPPFLAGS} ${libmnl_CFLAGS} ${libnftnl_CFLAGS} ${libnetfilter_conntrack_CFLAGS}
AM_YFLAGS = -d
BUILT_SOURCES = BUILT_SOURCES =
...@@ -27,7 +26,6 @@ xtables_legacy_multi_LDADD += ../libxtables/libxtables.la -lm ...@@ -27,7 +26,6 @@ xtables_legacy_multi_LDADD += ../libxtables/libxtables.la -lm
# iptables using nf_tables api # iptables using nf_tables api
if ENABLE_NFTABLES if ENABLE_NFTABLES
BUILT_SOURCES += xtables-config-parser.h
xtables_nft_multi_SOURCES = xtables-nft-multi.c iptables-xml.c xtables_nft_multi_SOURCES = xtables-nft-multi.c iptables-xml.c
xtables_nft_multi_CFLAGS = ${AM_CFLAGS} xtables_nft_multi_CFLAGS = ${AM_CFLAGS}
xtables_nft_multi_LDADD = ../extensions/libext.a ../extensions/libext_ebt.a xtables_nft_multi_LDADD = ../extensions/libext.a ../extensions/libext_ebt.a
...@@ -35,19 +33,16 @@ if ENABLE_STATIC ...@@ -35,19 +33,16 @@ if ENABLE_STATIC
xtables_nft_multi_CFLAGS += -DALL_INCLUSIVE xtables_nft_multi_CFLAGS += -DALL_INCLUSIVE
endif endif
xtables_nft_multi_CFLAGS += -DENABLE_NFTABLES -DENABLE_IPV4 -DENABLE_IPV6 xtables_nft_multi_CFLAGS += -DENABLE_NFTABLES -DENABLE_IPV4 -DENABLE_IPV6
xtables_nft_multi_SOURCES += xtables-config-parser.y xtables-config-syntax.l
xtables_nft_multi_SOURCES += xtables-save.c xtables-restore.c \ xtables_nft_multi_SOURCES += xtables-save.c xtables-restore.c \
xtables-standalone.c xtables.c nft.c \ xtables-standalone.c xtables.c nft.c \
nft-shared.c nft-ipv4.c nft-ipv6.c nft-arp.c \ nft-shared.c nft-ipv4.c nft-ipv6.c nft-arp.c \
xtables-monitor.c \ xtables-monitor.c nft-cache.c \
xtables-arp-standalone.c xtables-arp.c \ xtables-arp-standalone.c xtables-arp.c \
nft-bridge.c \ nft-bridge.c nft-cmd.c \
xtables-eb-standalone.c xtables-eb.c \ xtables-eb-standalone.c xtables-eb.c \
xtables-eb-translate.c \ xtables-eb-translate.c \
xtables-translate.c xtables-translate.c
xtables_nft_multi_LDADD += ${libmnl_LIBS} ${libnftnl_LIBS} ${libnetfilter_conntrack_LIBS} ../extensions/libext4.a ../extensions/libext6.a ../extensions/libext_ebt.a ../extensions/libext_arpt.a xtables_nft_multi_LDADD += ${libmnl_LIBS} ${libnftnl_LIBS} ${libnetfilter_conntrack_LIBS} ../extensions/libext4.a ../extensions/libext6.a ../extensions/libext_ebt.a ../extensions/libext_arpt.a
# yacc and lex generate dirty code
xtables_nft_multi-xtables-config-parser.o xtables_nft_multi-xtables-config-syntax.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls
xtables_nft_multi_SOURCES += xshared.c xtables_nft_multi_SOURCES += xshared.c
xtables_nft_multi_LDADD += ../libxtables/libxtables.la -lm xtables_nft_multi_LDADD += ../libxtables/libxtables.la -lm
endif endif
...@@ -59,16 +54,20 @@ endif ...@@ -59,16 +54,20 @@ endif
man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \ man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \
iptables-xml.1 ip6tables.8 ip6tables-restore.8 \ iptables-xml.1 ip6tables.8 ip6tables-restore.8 \
ip6tables-save.8 iptables-extensions.8 \ ip6tables-save.8 iptables-extensions.8 \
xtables-nft.8 xtables-translate.8 xtables-legacy.8 \ iptables-apply.8 ip6tables-apply.8
iptables-translate.8 ip6tables-translate.8 \
xtables-monitor.8 sbin_SCRIPT = iptables-apply
if ENABLE_NFTABLES if ENABLE_NFTABLES
man_MANS += arptables-nft.8 arptables-nft-restore.8 arptables-nft-save.8 \ man_MANS += xtables-nft.8 xtables-translate.8 xtables-legacy.8 \
iptables-translate.8 ip6tables-translate.8 \
iptables-restore-translate.8 ip6tables-restore-translate.8 \
xtables-monitor.8 \
arptables-nft.8 arptables-nft-restore.8 arptables-nft-save.8 \
ebtables-nft.8 ebtables-nft.8
endif endif
CLEANFILES = iptables.8 xtables-monitor.8 \ CLEANFILES = iptables.8 xtables-monitor.8 \
iptables-translate.8 ip6tables-translate.8 \ iptables-translate.8 ip6tables-translate.8
xtables-config-parser.c xtables-config-syntax.c
vx_bin_links = iptables-xml vx_bin_links = iptables-xml
if ENABLE_IPV4 if ENABLE_IPV4
...@@ -98,7 +97,7 @@ iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../e ...@@ -98,7 +97,7 @@ iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../e
-e '/@MATCH@/ r ../extensions/matches.man' \ -e '/@MATCH@/ r ../extensions/matches.man' \
-e '/@TARGET@/ r ../extensions/targets.man' $< >$@; -e '/@TARGET@/ r ../extensions/targets.man' $< >$@;
iptables-translate.8 ip6tables-translate.8: iptables-translate.8 ip6tables-translate.8 iptables-restore-translate.8 ip6tables-restore-translate.8:
${AM_VERBOSE_GEN} echo '.so man8/xtables-translate.8' >$@ ${AM_VERBOSE_GEN} echo '.so man8/xtables-translate.8' >$@
pkgconfig_DATA = xtables.pc pkgconfig_DATA = xtables.pc
...@@ -111,3 +110,4 @@ install-exec-hook: ...@@ -111,3 +110,4 @@ install-exec-hook:
for i in ${v4_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done; for i in ${v4_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done;
for i in ${v6_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done; for i in ${v6_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done;
for i in ${x_sbin_links}; do ${LN_S} -f xtables-nft-multi "${DESTDIR}${sbindir}/$$i"; done; for i in ${x_sbin_links}; do ${LN_S} -f xtables-nft-multi "${DESTDIR}${sbindir}/$$i"; done;
${LN_S} -f iptables-apply "${DESTDIR}${sbindir}/ip6tables-apply"
iptables/Makefile.in
View file @ 268c6aa1
# Makefile.in generated by automake 1.15 from Makefile.am. # Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc. # Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
...@@ -97,21 +97,22 @@ host_triplet = @host@ ...@@ -97,21 +97,22 @@ host_triplet = @host@
@ENABLE_IPV6_TRUE@am__append_5 = ip6tables-standalone.c ip6tables.c @ENABLE_IPV6_TRUE@am__append_5 = ip6tables-standalone.c ip6tables.c
@ENABLE_IPV6_TRUE@am__append_6 = -DENABLE_IPV6 @ENABLE_IPV6_TRUE@am__append_6 = -DENABLE_IPV6
@ENABLE_IPV6_TRUE@am__append_7 = ../libiptc/libip6tc.la ../extensions/libext6.a @ENABLE_IPV6_TRUE@am__append_7 = ../libiptc/libip6tc.la ../extensions/libext6.a
@ENABLE_NFTABLES_TRUE@@ENABLE_STATIC_TRUE@am__append_8 = -DALL_INCLUSIVE
# iptables using nf_tables api
@ENABLE_NFTABLES_TRUE@am__append_8 = xtables-config-parser.h
@ENABLE_NFTABLES_TRUE@@ENABLE_STATIC_TRUE@am__append_9 = -DALL_INCLUSIVE
sbin_PROGRAMS = xtables-legacy-multi$(EXEEXT) $(am__EXEEXT_1) sbin_PROGRAMS = xtables-legacy-multi$(EXEEXT) $(am__EXEEXT_1)
@ENABLE_NFTABLES_TRUE@am__append_10 = xtables-nft-multi @ENABLE_NFTABLES_TRUE@am__append_9 = xtables-nft-multi
@ENABLE_NFTABLES_TRUE@am__append_11 = arptables-nft.8 arptables-nft-restore.8 arptables-nft-save.8 \ @ENABLE_NFTABLES_TRUE@am__append_10 = xtables-nft.8 xtables-translate.8 xtables-legacy.8 \
@ENABLE_NFTABLES_TRUE@ iptables-translate.8 ip6tables-translate.8 \
@ENABLE_NFTABLES_TRUE@ iptables-restore-translate.8 ip6tables-restore-translate.8 \
@ENABLE_NFTABLES_TRUE@ xtables-monitor.8 \
@ENABLE_NFTABLES_TRUE@ arptables-nft.8 arptables-nft-restore.8 arptables-nft-save.8 \
@ENABLE_NFTABLES_TRUE@ ebtables-nft.8 @ENABLE_NFTABLES_TRUE@ ebtables-nft.8
subdir = iptables subdir = iptables
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_linker_flags.m4 \ am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4) $(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
...@@ -151,16 +152,14 @@ xtables_legacy_multi_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ ...@@ -151,16 +152,14 @@ xtables_legacy_multi_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(xtables_legacy_multi_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(xtables_legacy_multi_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@ $(LDFLAGS) -o $@
am__xtables_nft_multi_SOURCES_DIST = xtables-nft-multi.c \ am__xtables_nft_multi_SOURCES_DIST = xtables-nft-multi.c \
iptables-xml.c xtables-config-parser.y xtables-config-syntax.l \ iptables-xml.c xtables-save.c xtables-restore.c \
xtables-save.c xtables-restore.c xtables-standalone.c \ xtables-standalone.c xtables.c nft.c nft-shared.c nft-ipv4.c \
xtables.c nft.c nft-shared.c nft-ipv4.c nft-ipv6.c nft-arp.c \ nft-ipv6.c nft-arp.c xtables-monitor.c nft-cache.c \
xtables-monitor.c xtables-arp-standalone.c xtables-arp.c \ xtables-arp-standalone.c xtables-arp.c nft-bridge.c nft-cmd.c \
nft-bridge.c xtables-eb-standalone.c xtables-eb.c \ xtables-eb-standalone.c xtables-eb.c xtables-eb-translate.c \
xtables-eb-translate.c xtables-translate.c xshared.c xtables-translate.c xshared.c
@ENABLE_NFTABLES_TRUE@am_xtables_nft_multi_OBJECTS = xtables_nft_multi-xtables-nft-multi.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@am_xtables_nft_multi_OBJECTS = xtables_nft_multi-xtables-nft-multi.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-iptables-xml.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-iptables-xml.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-config-parser.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-config-syntax.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-save.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-save.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-restore.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-restore.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-standalone.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-standalone.$(OBJEXT) \
...@@ -171,9 +170,11 @@ am__xtables_nft_multi_SOURCES_DIST = xtables-nft-multi.c \ ...@@ -171,9 +170,11 @@ am__xtables_nft_multi_SOURCES_DIST = xtables-nft-multi.c \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-nft-ipv6.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-nft-ipv6.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-nft-arp.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-nft-arp.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-monitor.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-monitor.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-nft-cache.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-arp-standalone.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-arp-standalone.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-arp.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-arp.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-nft-bridge.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-nft-bridge.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-nft-cmd.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-eb-standalone.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-eb-standalone.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-eb.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-eb.$(OBJEXT) \
@ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-eb-translate.$(OBJEXT) \ @ENABLE_NFTABLES_TRUE@ xtables_nft_multi-xtables-eb-translate.$(OBJEXT) \
...@@ -210,7 +211,39 @@ am__v_at_0 = @ ...@@ -210,7 +211,39 @@ am__v_at_0 = @
am__v_at_1 = am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__depfiles_maybe = depfiles am__maybe_remake_depfiles = depfiles
am__depfiles_remade = \
./$(DEPDIR)/xtables_legacy_multi-ip6tables-standalone.Po \
./$(DEPDIR)/xtables_legacy_multi-ip6tables.Po \
./$(DEPDIR)/xtables_legacy_multi-iptables-restore.Po \
./$(DEPDIR)/xtables_legacy_multi-iptables-save.Po \
./$(DEPDIR)/xtables_legacy_multi-iptables-standalone.Po \
./$(DEPDIR)/xtables_legacy_multi-iptables-xml.Po \
./$(DEPDIR)/xtables_legacy_multi-iptables.Po \
./$(DEPDIR)/xtables_legacy_multi-xshared.Po \
./$(DEPDIR)/xtables_legacy_multi-xtables-legacy-multi.Po \
./$(DEPDIR)/xtables_nft_multi-iptables-xml.Po \
./$(DEPDIR)/xtables_nft_multi-nft-arp.Po \
./$(DEPDIR)/xtables_nft_multi-nft-bridge.Po \
./$(DEPDIR)/xtables_nft_multi-nft-cache.Po \
./$(DEPDIR)/xtables_nft_multi-nft-cmd.Po \
./$(DEPDIR)/xtables_nft_multi-nft-ipv4.Po \
./$(DEPDIR)/xtables_nft_multi-nft-ipv6.Po \
./$(DEPDIR)/xtables_nft_multi-nft-shared.Po \
./$(DEPDIR)/xtables_nft_multi-nft.Po \
./$(DEPDIR)/xtables_nft_multi-xshared.Po \
./$(DEPDIR)/xtables_nft_multi-xtables-arp-standalone.Po \
./$(DEPDIR)/xtables_nft_multi-xtables-arp.Po \
./$(DEPDIR)/xtables_nft_multi-xtables-eb-standalone.Po \
./$(DEPDIR)/xtables_nft_multi-xtables-eb-translate.Po \
./$(DEPDIR)/xtables_nft_multi-xtables-eb.Po \
./$(DEPDIR)/xtables_nft_multi-xtables-monitor.Po \
./$(DEPDIR)/xtables_nft_multi-xtables-nft-multi.Po \
./$(DEPDIR)/xtables_nft_multi-xtables-restore.Po \
./$(DEPDIR)/xtables_nft_multi-xtables-save.Po \
./$(DEPDIR)/xtables_nft_multi-xtables-standalone.Po \
./$(DEPDIR)/xtables_nft_multi-xtables-translate.Po \
./$(DEPDIR)/xtables_nft_multi-xtables.Po
am__mv = mv -f am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
...@@ -230,23 +263,6 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) ...@@ -230,23 +263,6 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 = am__v_CCLD_1 =
LEXCOMPILE = $(LEX) $(AM_LFLAGS) $(LFLAGS)
LTLEXCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=compile $(LEX) $(AM_LFLAGS) $(LFLAGS)
AM_V_LEX = $(am__v_LEX_@AM_V@)
am__v_LEX_ = $(am__v_LEX_@AM_DEFAULT_V@)
am__v_LEX_0 = @echo " LEX " $@;
am__v_LEX_1 =
YLWRAP = $(top_srcdir)/build-aux/ylwrap
am__yacc_c2h = sed -e s/cc$$/hh/ -e s/cpp$$/hpp/ -e s/cxx$$/hxx/ \
-e s/c++$$/h++/ -e s/c$$/h/
YACCCOMPILE = $(YACC) $(AM_YFLAGS) $(YFLAGS)
LTYACCCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=compile $(YACC) $(AM_YFLAGS) $(YFLAGS)
AM_V_YACC = $(am__v_YACC_@AM_V@)
am__v_YACC_ = $(am__v_YACC_@AM_DEFAULT_V@)
am__v_YACC_0 = @echo " YACC " $@;
am__v_YACC_1 =
SOURCES = $(xtables_legacy_multi_SOURCES) $(xtables_nft_multi_SOURCES) SOURCES = $(xtables_legacy_multi_SOURCES) $(xtables_nft_multi_SOURCES)
DIST_SOURCES = $(am__xtables_legacy_multi_SOURCES_DIST) \ DIST_SOURCES = $(am__xtables_legacy_multi_SOURCES_DIST) \
$(am__xtables_nft_multi_SOURCES_DIST) $(am__xtables_nft_multi_SOURCES_DIST)
...@@ -311,9 +327,7 @@ am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/iptables-apply.8.in \ ...@@ -311,9 +327,7 @@ am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/iptables-apply.8.in \
$(srcdir)/iptables-restore.8.in $(srcdir)/iptables-save.8.in \ $(srcdir)/iptables-restore.8.in $(srcdir)/iptables-save.8.in \
$(srcdir)/iptables-xml.1.in $(srcdir)/iptables.8.in \ $(srcdir)/iptables-xml.1.in $(srcdir)/iptables.8.in \
$(srcdir)/xtables-monitor.8.in $(srcdir)/xtables.pc.in \ $(srcdir)/xtables-monitor.8.in $(srcdir)/xtables.pc.in \
$(top_srcdir)/build-aux/depcomp $(top_srcdir)/build-aux/ylwrap \ $(top_srcdir)/build-aux/depcomp
xtables-config-parser.c xtables-config-parser.h \
xtables-config-syntax.c
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
pkgdatadir = @pkgdatadir@ pkgdatadir = @pkgdatadir@
ACLOCAL = @ACLOCAL@ ACLOCAL = @ACLOCAL@
...@@ -349,9 +363,6 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ ...@@ -349,9 +363,6 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@ LD = @LD@
LDFLAGS = @LDFLAGS@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@ LIBOBJS = @LIBOBJS@
LIBS = @LIBS@ LIBS = @LIBS@
LIBTOOL = @LIBTOOL@ LIBTOOL = @LIBTOOL@
...@@ -385,8 +396,6 @@ SET_MAKE = @SET_MAKE@ ...@@ -385,8 +396,6 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@ SHELL = @SHELL@
STRIP = @STRIP@ STRIP = @STRIP@
VERSION = @VERSION@ VERSION = @VERSION@
YACC = @YACC@
YFLAGS = @YFLAGS@
abs_builddir = @abs_builddir@ abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@ abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@ abs_top_builddir = @abs_top_builddir@
...@@ -431,7 +440,6 @@ kinclude_CPPFLAGS = @kinclude_CPPFLAGS@ ...@@ -431,7 +440,6 @@ kinclude_CPPFLAGS = @kinclude_CPPFLAGS@
ksourcedir = @ksourcedir@ ksourcedir = @ksourcedir@
libdir = @libdir@ libdir = @libdir@
libexecdir = @libexecdir@ libexecdir = @libexecdir@
libiptc_LDFLAGS2 = @libiptc_LDFLAGS2@
libmnl_CFLAGS = @libmnl_CFLAGS@ libmnl_CFLAGS = @libmnl_CFLAGS@
libmnl_LIBS = @libmnl_LIBS@ libmnl_LIBS = @libmnl_LIBS@
libnetfilter_conntrack_CFLAGS = @libnetfilter_conntrack_CFLAGS@ libnetfilter_conntrack_CFLAGS = @libnetfilter_conntrack_CFLAGS@
...@@ -468,8 +476,7 @@ top_srcdir = @top_srcdir@ ...@@ -468,8 +476,7 @@ top_srcdir = @top_srcdir@
xtlibdir = @xtlibdir@ xtlibdir = @xtlibdir@
AM_CFLAGS = ${regular_CFLAGS} AM_CFLAGS = ${regular_CFLAGS}
AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir} ${kinclude_CPPFLAGS} ${libmnl_CFLAGS} ${libnftnl_CFLAGS} ${libnetfilter_conntrack_CFLAGS} AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir} ${kinclude_CPPFLAGS} ${libmnl_CFLAGS} ${libnftnl_CFLAGS} ${libnetfilter_conntrack_CFLAGS}
AM_YFLAGS = -d BUILT_SOURCES =
BUILT_SOURCES = $(am__append_8)
xtables_legacy_multi_SOURCES = xtables-legacy-multi.c iptables-xml.c \ xtables_legacy_multi_SOURCES = xtables-legacy-multi.c iptables-xml.c \
$(am__append_2) $(am__append_5) xshared.c iptables-restore.c \ $(am__append_2) $(am__append_5) xshared.c iptables-restore.c \
iptables-save.c iptables-save.c
...@@ -477,18 +484,20 @@ xtables_legacy_multi_CFLAGS = ${AM_CFLAGS} $(am__append_1) \ ...@@ -477,18 +484,20 @@ xtables_legacy_multi_CFLAGS = ${AM_CFLAGS} $(am__append_1) \
$(am__append_3) $(am__append_6) $(am__append_3) $(am__append_6)
xtables_legacy_multi_LDADD = ../extensions/libext.a $(am__append_4) \ xtables_legacy_multi_LDADD = ../extensions/libext.a $(am__append_4) \
$(am__append_7) ../libxtables/libxtables.la -lm $(am__append_7) ../libxtables/libxtables.la -lm
# iptables using nf_tables api
@ENABLE_NFTABLES_TRUE@xtables_nft_multi_SOURCES = xtables-nft-multi.c \ @ENABLE_NFTABLES_TRUE@xtables_nft_multi_SOURCES = xtables-nft-multi.c \
@ENABLE_NFTABLES_TRUE@ iptables-xml.c xtables-config-parser.y \ @ENABLE_NFTABLES_TRUE@ iptables-xml.c xtables-save.c \
@ENABLE_NFTABLES_TRUE@ xtables-config-syntax.l xtables-save.c \
@ENABLE_NFTABLES_TRUE@ xtables-restore.c xtables-standalone.c \ @ENABLE_NFTABLES_TRUE@ xtables-restore.c xtables-standalone.c \
@ENABLE_NFTABLES_TRUE@ xtables.c nft.c nft-shared.c nft-ipv4.c \ @ENABLE_NFTABLES_TRUE@ xtables.c nft.c nft-shared.c nft-ipv4.c \
@ENABLE_NFTABLES_TRUE@ nft-ipv6.c nft-arp.c xtables-monitor.c \ @ENABLE_NFTABLES_TRUE@ nft-ipv6.c nft-arp.c xtables-monitor.c \
@ENABLE_NFTABLES_TRUE@ xtables-arp-standalone.c xtables-arp.c \ @ENABLE_NFTABLES_TRUE@ nft-cache.c xtables-arp-standalone.c \
@ENABLE_NFTABLES_TRUE@ nft-bridge.c xtables-eb-standalone.c \ @ENABLE_NFTABLES_TRUE@ xtables-arp.c nft-bridge.c nft-cmd.c \
@ENABLE_NFTABLES_TRUE@ xtables-eb.c xtables-eb-translate.c \ @ENABLE_NFTABLES_TRUE@ xtables-eb-standalone.c xtables-eb.c \
@ENABLE_NFTABLES_TRUE@ xtables-eb-translate.c \
@ENABLE_NFTABLES_TRUE@ xtables-translate.c xshared.c @ENABLE_NFTABLES_TRUE@ xtables-translate.c xshared.c
@ENABLE_NFTABLES_TRUE@xtables_nft_multi_CFLAGS = ${AM_CFLAGS} \ @ENABLE_NFTABLES_TRUE@xtables_nft_multi_CFLAGS = ${AM_CFLAGS} \
@ENABLE_NFTABLES_TRUE@ $(am__append_9) -DENABLE_NFTABLES \ @ENABLE_NFTABLES_TRUE@ $(am__append_8) -DENABLE_NFTABLES \
@ENABLE_NFTABLES_TRUE@ -DENABLE_IPV4 -DENABLE_IPV6 @ENABLE_NFTABLES_TRUE@ -DENABLE_IPV4 -DENABLE_IPV6
@ENABLE_NFTABLES_TRUE@xtables_nft_multi_LDADD = \ @ENABLE_NFTABLES_TRUE@xtables_nft_multi_LDADD = \
@ENABLE_NFTABLES_TRUE@ ../extensions/libext.a \ @ENABLE_NFTABLES_TRUE@ ../extensions/libext.a \
...@@ -502,12 +511,11 @@ xtables_legacy_multi_LDADD = ../extensions/libext.a $(am__append_4) \ ...@@ -502,12 +511,11 @@ xtables_legacy_multi_LDADD = ../extensions/libext.a $(am__append_4) \
@ENABLE_NFTABLES_TRUE@ ../libxtables/libxtables.la -lm @ENABLE_NFTABLES_TRUE@ ../libxtables/libxtables.la -lm
man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \ man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \
iptables-xml.1 ip6tables.8 ip6tables-restore.8 \ iptables-xml.1 ip6tables.8 ip6tables-restore.8 \
ip6tables-save.8 iptables-extensions.8 xtables-nft.8 \ ip6tables-save.8 iptables-extensions.8 iptables-apply.8 \
xtables-translate.8 xtables-legacy.8 iptables-translate.8 \ ip6tables-apply.8 $(am__append_10)
ip6tables-translate.8 xtables-monitor.8 $(am__append_11) sbin_SCRIPT = iptables-apply
CLEANFILES = iptables.8 xtables-monitor.8 \ CLEANFILES = iptables.8 xtables-monitor.8 \
iptables-translate.8 ip6tables-translate.8 \ iptables-translate.8 ip6tables-translate.8
xtables-config-parser.c xtables-config-syntax.c
vx_bin_links = iptables-xml vx_bin_links = iptables-xml
@ENABLE_IPV4_TRUE@v4_sbin_links = iptables-legacy iptables-legacy-restore iptables-legacy-save \ @ENABLE_IPV4_TRUE@v4_sbin_links = iptables-legacy iptables-legacy-restore iptables-legacy-save \
...@@ -533,7 +541,7 @@ all: $(BUILT_SOURCES) ...@@ -533,7 +541,7 @@ all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-am $(MAKE) $(AM_MAKEFLAGS) all-am
.SUFFIXES: .SUFFIXES:
.SUFFIXES: .c .l .lo .o .obj .y .SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \ @for dep in $?; do \
case '$(am__configure_deps)' in \ case '$(am__configure_deps)' in \
...@@ -551,8 +559,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status ...@@ -551,8 +559,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \ *config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \ *) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac; esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
...@@ -632,9 +640,6 @@ clean-sbinPROGRAMS: ...@@ -632,9 +640,6 @@ clean-sbinPROGRAMS:
xtables-legacy-multi$(EXEEXT): $(xtables_legacy_multi_OBJECTS) $(xtables_legacy_multi_DEPENDENCIES) $(EXTRA_xtables_legacy_multi_DEPENDENCIES) xtables-legacy-multi$(EXEEXT): $(xtables_legacy_multi_OBJECTS) $(xtables_legacy_multi_DEPENDENCIES) $(EXTRA_xtables_legacy_multi_DEPENDENCIES)
@rm -f xtables-legacy-multi$(EXEEXT) @rm -f xtables-legacy-multi$(EXEEXT)
$(AM_V_CCLD)$(xtables_legacy_multi_LINK) $(xtables_legacy_multi_OBJECTS) $(xtables_legacy_multi_LDADD) $(LIBS) $(AM_V_CCLD)$(xtables_legacy_multi_LINK) $(xtables_legacy_multi_OBJECTS) $(xtables_legacy_multi_LDADD) $(LIBS)
xtables-config-parser.h: xtables-config-parser.c
@if test ! -f $@; then rm -f xtables-config-parser.c; else :; fi
@if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) xtables-config-parser.c; else :; fi
xtables-nft-multi$(EXEEXT): $(xtables_nft_multi_OBJECTS) $(xtables_nft_multi_DEPENDENCIES) $(EXTRA_xtables_nft_multi_DEPENDENCIES) xtables-nft-multi$(EXEEXT): $(xtables_nft_multi_OBJECTS) $(xtables_nft_multi_DEPENDENCIES) $(EXTRA_xtables_nft_multi_DEPENDENCIES)
@rm -f xtables-nft-multi$(EXEEXT) @rm -f xtables-nft-multi$(EXEEXT)
...@@ -646,37 +651,43 @@ mostlyclean-compile: ...@@ -646,37 +651,43 @@ mostlyclean-compile:
distclean-compile: distclean-compile:
-rm -f *.tab.c -rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-ip6tables-standalone.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-ip6tables-standalone.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-ip6tables.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-ip6tables.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-iptables-restore.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-iptables-restore.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-iptables-save.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-iptables-save.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-iptables-standalone.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-iptables-standalone.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-iptables-xml.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-iptables-xml.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-iptables.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-iptables.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-xshared.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-xshared.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-xtables-legacy-multi.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_legacy_multi-xtables-legacy-multi.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-iptables-xml.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-iptables-xml.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-arp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-arp.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-bridge.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-bridge.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-ipv4.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-cache.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-ipv6.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-cmd.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-shared.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-ipv4.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-ipv6.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xshared.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft-shared.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-arp-standalone.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-nft.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-arp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xshared.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-config-parser.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-arp-standalone.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-config-syntax.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-arp.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-eb-standalone.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-eb-standalone.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-eb-translate.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-eb-translate.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-eb.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-eb.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-monitor.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-monitor.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-nft-multi.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-nft-multi.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-restore.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-restore.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-save.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-save.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-standalone.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-standalone.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-translate.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables-translate.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xtables_nft_multi-xtables.Po@am__quote@ # am--include-marker
$(am__depfiles_remade):
@$(MKDIR_P) $(@D)
@echo '# dummy' >$@-t && $(am__mv) $@-t $@
am--depfiles: $(am__depfiles_remade)
.c.o: .c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
...@@ -853,34 +864,6 @@ xtables_nft_multi-iptables-xml.obj: iptables-xml.c ...@@ -853,34 +864,6 @@ xtables_nft_multi-iptables-xml.obj: iptables-xml.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-iptables-xml.obj `if test -f 'iptables-xml.c'; then $(CYGPATH_W) 'iptables-xml.c'; else $(CYGPATH_W) '$(srcdir)/iptables-xml.c'; fi` @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-iptables-xml.obj `if test -f 'iptables-xml.c'; then $(CYGPATH_W) 'iptables-xml.c'; else $(CYGPATH_W) '$(srcdir)/iptables-xml.c'; fi`
xtables_nft_multi-xtables-config-parser.o: xtables-config-parser.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-xtables-config-parser.o -MD -MP -MF $(DEPDIR)/xtables_nft_multi-xtables-config-parser.Tpo -c -o xtables_nft_multi-xtables-config-parser.o `test -f 'xtables-config-parser.c' || echo '$(srcdir)/'`xtables-config-parser.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-xtables-config-parser.Tpo $(DEPDIR)/xtables_nft_multi-xtables-config-parser.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='xtables-config-parser.c' object='xtables_nft_multi-xtables-config-parser.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-xtables-config-parser.o `test -f 'xtables-config-parser.c' || echo '$(srcdir)/'`xtables-config-parser.c
xtables_nft_multi-xtables-config-parser.obj: xtables-config-parser.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-xtables-config-parser.obj -MD -MP -MF $(DEPDIR)/xtables_nft_multi-xtables-config-parser.Tpo -c -o xtables_nft_multi-xtables-config-parser.obj `if test -f 'xtables-config-parser.c'; then $(CYGPATH_W) 'xtables-config-parser.c'; else $(CYGPATH_W) '$(srcdir)/xtables-config-parser.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-xtables-config-parser.Tpo $(DEPDIR)/xtables_nft_multi-xtables-config-parser.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='xtables-config-parser.c' object='xtables_nft_multi-xtables-config-parser.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-xtables-config-parser.obj `if test -f 'xtables-config-parser.c'; then $(CYGPATH_W) 'xtables-config-parser.c'; else $(CYGPATH_W) '$(srcdir)/xtables-config-parser.c'; fi`
xtables_nft_multi-xtables-config-syntax.o: xtables-config-syntax.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-xtables-config-syntax.o -MD -MP -MF $(DEPDIR)/xtables_nft_multi-xtables-config-syntax.Tpo -c -o xtables_nft_multi-xtables-config-syntax.o `test -f 'xtables-config-syntax.c' || echo '$(srcdir)/'`xtables-config-syntax.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-xtables-config-syntax.Tpo $(DEPDIR)/xtables_nft_multi-xtables-config-syntax.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='xtables-config-syntax.c' object='xtables_nft_multi-xtables-config-syntax.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-xtables-config-syntax.o `test -f 'xtables-config-syntax.c' || echo '$(srcdir)/'`xtables-config-syntax.c
xtables_nft_multi-xtables-config-syntax.obj: xtables-config-syntax.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-xtables-config-syntax.obj -MD -MP -MF $(DEPDIR)/xtables_nft_multi-xtables-config-syntax.Tpo -c -o xtables_nft_multi-xtables-config-syntax.obj `if test -f 'xtables-config-syntax.c'; then $(CYGPATH_W) 'xtables-config-syntax.c'; else $(CYGPATH_W) '$(srcdir)/xtables-config-syntax.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-xtables-config-syntax.Tpo $(DEPDIR)/xtables_nft_multi-xtables-config-syntax.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='xtables-config-syntax.c' object='xtables_nft_multi-xtables-config-syntax.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-xtables-config-syntax.obj `if test -f 'xtables-config-syntax.c'; then $(CYGPATH_W) 'xtables-config-syntax.c'; else $(CYGPATH_W) '$(srcdir)/xtables-config-syntax.c'; fi`
xtables_nft_multi-xtables-save.o: xtables-save.c xtables_nft_multi-xtables-save.o: xtables-save.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-xtables-save.o -MD -MP -MF $(DEPDIR)/xtables_nft_multi-xtables-save.Tpo -c -o xtables_nft_multi-xtables-save.o `test -f 'xtables-save.c' || echo '$(srcdir)/'`xtables-save.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-xtables-save.o -MD -MP -MF $(DEPDIR)/xtables_nft_multi-xtables-save.Tpo -c -o xtables_nft_multi-xtables-save.o `test -f 'xtables-save.c' || echo '$(srcdir)/'`xtables-save.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-xtables-save.Tpo $(DEPDIR)/xtables_nft_multi-xtables-save.Po @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-xtables-save.Tpo $(DEPDIR)/xtables_nft_multi-xtables-save.Po
...@@ -1021,6 +1004,20 @@ xtables_nft_multi-xtables-monitor.obj: xtables-monitor.c ...@@ -1021,6 +1004,20 @@ xtables_nft_multi-xtables-monitor.obj: xtables-monitor.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-xtables-monitor.obj `if test -f 'xtables-monitor.c'; then $(CYGPATH_W) 'xtables-monitor.c'; else $(CYGPATH_W) '$(srcdir)/xtables-monitor.c'; fi` @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-xtables-monitor.obj `if test -f 'xtables-monitor.c'; then $(CYGPATH_W) 'xtables-monitor.c'; else $(CYGPATH_W) '$(srcdir)/xtables-monitor.c'; fi`
xtables_nft_multi-nft-cache.o: nft-cache.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-nft-cache.o -MD -MP -MF $(DEPDIR)/xtables_nft_multi-nft-cache.Tpo -c -o xtables_nft_multi-nft-cache.o `test -f 'nft-cache.c' || echo '$(srcdir)/'`nft-cache.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-nft-cache.Tpo $(DEPDIR)/xtables_nft_multi-nft-cache.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='nft-cache.c' object='xtables_nft_multi-nft-cache.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-nft-cache.o `test -f 'nft-cache.c' || echo '$(srcdir)/'`nft-cache.c
xtables_nft_multi-nft-cache.obj: nft-cache.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-nft-cache.obj -MD -MP -MF $(DEPDIR)/xtables_nft_multi-nft-cache.Tpo -c -o xtables_nft_multi-nft-cache.obj `if test -f 'nft-cache.c'; then $(CYGPATH_W) 'nft-cache.c'; else $(CYGPATH_W) '$(srcdir)/nft-cache.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-nft-cache.Tpo $(DEPDIR)/xtables_nft_multi-nft-cache.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='nft-cache.c' object='xtables_nft_multi-nft-cache.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-nft-cache.obj `if test -f 'nft-cache.c'; then $(CYGPATH_W) 'nft-cache.c'; else $(CYGPATH_W) '$(srcdir)/nft-cache.c'; fi`
xtables_nft_multi-xtables-arp-standalone.o: xtables-arp-standalone.c xtables_nft_multi-xtables-arp-standalone.o: xtables-arp-standalone.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-xtables-arp-standalone.o -MD -MP -MF $(DEPDIR)/xtables_nft_multi-xtables-arp-standalone.Tpo -c -o xtables_nft_multi-xtables-arp-standalone.o `test -f 'xtables-arp-standalone.c' || echo '$(srcdir)/'`xtables-arp-standalone.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-xtables-arp-standalone.o -MD -MP -MF $(DEPDIR)/xtables_nft_multi-xtables-arp-standalone.Tpo -c -o xtables_nft_multi-xtables-arp-standalone.o `test -f 'xtables-arp-standalone.c' || echo '$(srcdir)/'`xtables-arp-standalone.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-xtables-arp-standalone.Tpo $(DEPDIR)/xtables_nft_multi-xtables-arp-standalone.Po @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-xtables-arp-standalone.Tpo $(DEPDIR)/xtables_nft_multi-xtables-arp-standalone.Po
...@@ -1063,6 +1060,20 @@ xtables_nft_multi-nft-bridge.obj: nft-bridge.c ...@@ -1063,6 +1060,20 @@ xtables_nft_multi-nft-bridge.obj: nft-bridge.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-nft-bridge.obj `if test -f 'nft-bridge.c'; then $(CYGPATH_W) 'nft-bridge.c'; else $(CYGPATH_W) '$(srcdir)/nft-bridge.c'; fi` @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-nft-bridge.obj `if test -f 'nft-bridge.c'; then $(CYGPATH_W) 'nft-bridge.c'; else $(CYGPATH_W) '$(srcdir)/nft-bridge.c'; fi`
xtables_nft_multi-nft-cmd.o: nft-cmd.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-nft-cmd.o -MD -MP -MF $(DEPDIR)/xtables_nft_multi-nft-cmd.Tpo -c -o xtables_nft_multi-nft-cmd.o `test -f 'nft-cmd.c' || echo '$(srcdir)/'`nft-cmd.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-nft-cmd.Tpo $(DEPDIR)/xtables_nft_multi-nft-cmd.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='nft-cmd.c' object='xtables_nft_multi-nft-cmd.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-nft-cmd.o `test -f 'nft-cmd.c' || echo '$(srcdir)/'`nft-cmd.c
xtables_nft_multi-nft-cmd.obj: nft-cmd.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-nft-cmd.obj -MD -MP -MF $(DEPDIR)/xtables_nft_multi-nft-cmd.Tpo -c -o xtables_nft_multi-nft-cmd.obj `if test -f 'nft-cmd.c'; then $(CYGPATH_W) 'nft-cmd.c'; else $(CYGPATH_W) '$(srcdir)/nft-cmd.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-nft-cmd.Tpo $(DEPDIR)/xtables_nft_multi-nft-cmd.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='nft-cmd.c' object='xtables_nft_multi-nft-cmd.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-nft-cmd.obj `if test -f 'nft-cmd.c'; then $(CYGPATH_W) 'nft-cmd.c'; else $(CYGPATH_W) '$(srcdir)/nft-cmd.c'; fi`
xtables_nft_multi-xtables-eb-standalone.o: xtables-eb-standalone.c xtables_nft_multi-xtables-eb-standalone.o: xtables-eb-standalone.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-xtables-eb-standalone.o -MD -MP -MF $(DEPDIR)/xtables_nft_multi-xtables-eb-standalone.Tpo -c -o xtables_nft_multi-xtables-eb-standalone.o `test -f 'xtables-eb-standalone.c' || echo '$(srcdir)/'`xtables-eb-standalone.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -MT xtables_nft_multi-xtables-eb-standalone.o -MD -MP -MF $(DEPDIR)/xtables_nft_multi-xtables-eb-standalone.Tpo -c -o xtables_nft_multi-xtables-eb-standalone.o `test -f 'xtables-eb-standalone.c' || echo '$(srcdir)/'`xtables-eb-standalone.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-xtables-eb-standalone.Tpo $(DEPDIR)/xtables_nft_multi-xtables-eb-standalone.Po @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/xtables_nft_multi-xtables-eb-standalone.Tpo $(DEPDIR)/xtables_nft_multi-xtables-eb-standalone.Po
...@@ -1133,12 +1144,6 @@ xtables_nft_multi-xshared.obj: xshared.c ...@@ -1133,12 +1144,6 @@ xtables_nft_multi-xshared.obj: xshared.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-xshared.obj `if test -f 'xshared.c'; then $(CYGPATH_W) 'xshared.c'; else $(CYGPATH_W) '$(srcdir)/xshared.c'; fi` @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(xtables_nft_multi_CFLAGS) $(CFLAGS) -c -o xtables_nft_multi-xshared.obj `if test -f 'xshared.c'; then $(CYGPATH_W) 'xshared.c'; else $(CYGPATH_W) '$(srcdir)/xshared.c'; fi`
.l.c:
$(AM_V_LEX)$(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
.y.c:
$(AM_V_YACC)$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h `echo $@ | $(am__yacc_c2h)` y.output $*.output -- $(YACCCOMPILE)
mostlyclean-libtool: mostlyclean-libtool:
-rm -f *.lo -rm -f *.lo
...@@ -1304,7 +1309,10 @@ cscopelist-am: $(am__tagged_files) ...@@ -1304,7 +1309,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags: distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES) distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \ list='$(DISTFILES)'; \
...@@ -1374,9 +1382,6 @@ distclean-generic: ...@@ -1374,9 +1382,6 @@ distclean-generic:
maintainer-clean-generic: maintainer-clean-generic:
@echo "This command is intended for maintainers to use" @echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild." @echo "it deletes files that may require special tools to rebuild."
-rm -f xtables-config-parser.c
-rm -f xtables-config-parser.h
-rm -f xtables-config-syntax.c
-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
clean: clean-am clean: clean-am
...@@ -1384,7 +1389,37 @@ clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ ...@@ -1384,7 +1389,37 @@ clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
mostlyclean-am mostlyclean-am
distclean: distclean-am distclean: distclean-am
-rm -rf ./$(DEPDIR) -rm -f ./$(DEPDIR)/xtables_legacy_multi-ip6tables-standalone.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-ip6tables.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-iptables-restore.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-iptables-save.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-iptables-standalone.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-iptables-xml.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-iptables.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-xshared.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-xtables-legacy-multi.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-iptables-xml.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-arp.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-bridge.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-cache.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-cmd.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-ipv4.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-ipv6.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-shared.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xshared.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-arp-standalone.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-arp.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-eb-standalone.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-eb-translate.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-eb.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-monitor.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-nft-multi.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-restore.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-save.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-standalone.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-translate.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables.Po
-rm -f Makefile -rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \ distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags distclean-tags
...@@ -1431,7 +1466,37 @@ install-ps-am: ...@@ -1431,7 +1466,37 @@ install-ps-am:
installcheck-am: installcheck-am:
maintainer-clean: maintainer-clean-am maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR) -rm -f ./$(DEPDIR)/xtables_legacy_multi-ip6tables-standalone.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-ip6tables.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-iptables-restore.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-iptables-save.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-iptables-standalone.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-iptables-xml.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-iptables.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-xshared.Po
-rm -f ./$(DEPDIR)/xtables_legacy_multi-xtables-legacy-multi.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-iptables-xml.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-arp.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-bridge.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-cache.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-cmd.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-ipv4.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-ipv6.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft-shared.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-nft.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xshared.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-arp-standalone.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-arp.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-eb-standalone.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-eb-translate.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-eb.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-monitor.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-nft-multi.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-restore.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-save.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-standalone.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables-translate.Po
-rm -f ./$(DEPDIR)/xtables_nft_multi-xtables.Po
-rm -f Makefile -rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic maintainer-clean-am: distclean-am maintainer-clean-generic
...@@ -1455,9 +1520,9 @@ uninstall-man: uninstall-man1 uninstall-man8 ...@@ -1455,9 +1520,9 @@ uninstall-man: uninstall-man1 uninstall-man8
.MAKE: all check install install-am install-exec-am install-strip .MAKE: all check install install-am install-exec-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ .PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \ clean-generic clean-libtool clean-sbinPROGRAMS cscopelist-am \
distclean distclean-compile distclean-generic \ ctags ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \ distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \ html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \ install-data-am install-dvi install-dvi-am install-exec \
...@@ -1474,15 +1539,13 @@ uninstall-man: uninstall-man1 uninstall-man8 ...@@ -1474,15 +1539,13 @@ uninstall-man: uninstall-man1 uninstall-man8
.PRECIOUS: Makefile .PRECIOUS: Makefile
# yacc and lex generate dirty code
@ENABLE_NFTABLES_TRUE@xtables_nft_multi-xtables-config-parser.o xtables_nft_multi-xtables-config-syntax.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls
iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../extensions/targets.man iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../extensions/targets.man
${AM_VERBOSE_GEN} sed \ ${AM_VERBOSE_GEN} sed \
-e '/@MATCH@/ r ../extensions/matches.man' \ -e '/@MATCH@/ r ../extensions/matches.man' \
-e '/@TARGET@/ r ../extensions/targets.man' $< >$@; -e '/@TARGET@/ r ../extensions/targets.man' $< >$@;
iptables-translate.8 ip6tables-translate.8: iptables-translate.8 ip6tables-translate.8 iptables-restore-translate.8 ip6tables-restore-translate.8:
${AM_VERBOSE_GEN} echo '.so man8/xtables-translate.8' >$@ ${AM_VERBOSE_GEN} echo '.so man8/xtables-translate.8' >$@
# Using if..fi avoids an ugly "error (ignored)" message :) # Using if..fi avoids an ugly "error (ignored)" message :)
...@@ -1493,6 +1556,7 @@ install-exec-hook: ...@@ -1493,6 +1556,7 @@ install-exec-hook:
for i in ${v4_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done; for i in ${v4_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done;
for i in ${v6_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done; for i in ${v6_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done;
for i in ${x_sbin_links}; do ${LN_S} -f xtables-nft-multi "${DESTDIR}${sbindir}/$$i"; done; for i in ${x_sbin_links}; do ${LN_S} -f xtables-nft-multi "${DESTDIR}${sbindir}/$$i"; done;
${LN_S} -f iptables-apply "${DESTDIR}${sbindir}/ip6tables-apply"
# Tell versions [3.59,3.63) of GNU make to not export all variables. # Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded. # Otherwise a system limit (for SysV at least) may be exceeded.
......
iptables/ebtables-nft.8
View file @ 268c6aa1
...@@ -522,35 +522,35 @@ If the 802.3 DSAP and SSAP values are 0xaa then the SNAP type field must ...@@ -522,35 +522,35 @@ If the 802.3 DSAP and SSAP values are 0xaa then the SNAP type field must
be consulted to determine the payload protocol. This is a two byte be consulted to determine the payload protocol. This is a two byte
(hexadecimal) argument. Only 802.3 frames with DSAP/SSAP 0xaa are (hexadecimal) argument. Only 802.3 frames with DSAP/SSAP 0xaa are
checked for type. checked for type.
.\" .SS among .SS among
.\" Match a MAC address or MAC/IP address pair versus a list of MAC addresses Match a MAC address or MAC/IP address pair versus a list of MAC addresses
.\" and MAC/IP address pairs. and MAC/IP address pairs.
.\" A list entry has the following format: A list entry has the following format:
.\" .IR xx:xx:xx:xx:xx:xx[=ip.ip.ip.ip][,] ". Multiple" .IR xx:xx:xx:xx:xx:xx[=ip.ip.ip.ip][,] ". Multiple"
.\" list entries are separated by a comma, specifying an IP address corresponding to list entries are separated by a comma, specifying an IP address corresponding to
.\" the MAC address is optional. Multiple MAC/IP address pairs with the same MAC address the MAC address is optional. Multiple MAC/IP address pairs with the same MAC address
.\" but different IP address (and vice versa) can be specified. If the MAC address doesn't but different IP address (and vice versa) can be specified. If the MAC address doesn't
.\" match any entry from the list, the frame doesn't match the rule (unless "!" was used). match any entry from the list, the frame doesn't match the rule (unless "!" was used).
.\" .TP .TP
.\" .BR "--among-dst " "[!] \fIlist\fP" .BR "--among-dst " "[!] \fIlist\fP"
.\" Compare the MAC destination to the given list. If the Ethernet frame has type Compare the MAC destination to the given list. If the Ethernet frame has type
.\" .IR IPv4 " or " ARP , .IR IPv4 " or " ARP ,
.\" then comparison with MAC/IP destination address pairs from the then comparison with MAC/IP destination address pairs from the
.\" list is possible. list is possible.
.\" .TP .TP
.\" .BR "--among-src " "[!] \fIlist\fP" .BR "--among-src " "[!] \fIlist\fP"
.\" Compare the MAC source to the given list. If the Ethernet frame has type Compare the MAC source to the given list. If the Ethernet frame has type
.\" .IR IPv4 " or " ARP , .IR IPv4 " or " ARP ,
.\" then comparison with MAC/IP source address pairs from the list then comparison with MAC/IP source address pairs from the list
.\" is possible. is possible.
.\" .TP .TP
.\" .BR "--among-dst-file " "[!] \fIfile\fP" .BR "--among-dst-file " "[!] \fIfile\fP"
.\" Same as Same as
.\" .BR --among-dst " but the list is read in from the specified file." .BR --among-dst " but the list is read in from the specified file."
.\" .TP .TP
.\" .BR "--among-src-file " "[!] \fIfile\fP" .BR "--among-src-file " "[!] \fIfile\fP"
.\" Same as Same as
.\" .BR --among-src " but the list is read in from the specified file." .BR --among-src " but the list is read in from the specified file."
.SS arp .SS arp
Specify (R)ARP fields. The protocol must be specified as Specify (R)ARP fields. The protocol must be specified as
.IR ARP " or " RARP . .IR ARP " or " RARP .
...@@ -1108,8 +1108,8 @@ arp message and the hardware address length in the arp header is 6 bytes. ...@@ -1108,8 +1108,8 @@ arp message and the hardware address length in the arp header is 6 bytes.
The version of ebtables this man page ships with does not support the The version of ebtables this man page ships with does not support the
.B broute .B broute
table. Also there is no support for table. Also there is no support for
.BR among " and " string .B string
matches. And finally, this list is probably not complete. match. And finally, this list is probably not complete.
.SH SEE ALSO .SH SEE ALSO
.BR xtables-nft "(8), " iptables "(8), " ip (8) .BR xtables-nft "(8), " iptables "(8), " ip (8)
.PP .PP
......
iptables/ip6tables-apply.8 0 → 100644
View file @ 268c6aa1
.so man8/iptables-apply.8
iptables/ip6tables-standalone.c
View file @ 268c6aa1
...@@ -64,6 +64,8 @@ ip6tables_main(int argc, char *argv[]) ...@@ -64,6 +64,8 @@ ip6tables_main(int argc, char *argv[])
ip6tc_free(handle); ip6tc_free(handle);
} }
xtables_fini();
if (!ret) { if (!ret) {
if (errno == EINVAL) { if (errno == EINVAL) {
fprintf(stderr, "ip6tables: %s. " fprintf(stderr, "ip6tables: %s. "
......
iptables/ip6tables.c
View file @ 268c6aa1
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/ */
#include "config.h"
#include <getopt.h> #include <getopt.h>
#include <string.h> #include <string.h>
#include <netdb.h> #include <netdb.h>
...@@ -45,33 +45,6 @@ ...@@ -45,33 +45,6 @@
#include "ip6tables-multi.h" #include "ip6tables-multi.h"
#include "xshared.h" #include "xshared.h"
#ifndef TRUE
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
#define CMD_NONE 0x0000U
#define CMD_INSERT 0x0001U
#define CMD_DELETE 0x0002U
#define CMD_DELETE_NUM 0x0004U
#define CMD_REPLACE 0x0008U
#define CMD_APPEND 0x0010U
#define CMD_LIST 0x0020U
#define CMD_FLUSH 0x0040U
#define CMD_ZERO 0x0080U
#define CMD_NEW_CHAIN 0x0100U
#define CMD_DELETE_CHAIN 0x0200U
#define CMD_SET_POLICY 0x0400U
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
#define CMD_ZERO_NUM 0x2000U
#define CMD_CHECK 0x4000U
#define NUMBER_OF_CMD 16
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
#define NUMBER_OF_OPT ARRAY_SIZE(optflags) #define NUMBER_OF_OPT ARRAY_SIZE(optflags)
static const char optflags[] static const char optflags[]
= { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', '0', 'c'}; = { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', '0', 'c'};
...@@ -121,7 +94,7 @@ static struct option original_opts[] = { ...@@ -121,7 +94,7 @@ static struct option original_opts[] = {
void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3))); void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals ip6tables_globals = { struct xtables_globals ip6tables_globals = {
.option_offset = 0, .option_offset = 0,
.program_version = IPTABLES_VERSION, .program_version = PACKAGE_VERSION,
.orig_opts = original_opts, .orig_opts = original_opts,
.exit_err = ip6tables_exit_error, .exit_err = ip6tables_exit_error,
.compat_rev = xtables_compatible_revision, .compat_rev = xtables_compatible_revision,
...@@ -175,12 +148,6 @@ static const unsigned int inverse_for_options[NUMBER_OF_OPT] = ...@@ -175,12 +148,6 @@ static const unsigned int inverse_for_options[NUMBER_OF_OPT] =
#define opts ip6tables_globals.opts #define opts ip6tables_globals.opts
#define prog_name ip6tables_globals.program_name #define prog_name ip6tables_globals.program_name
#define prog_vers ip6tables_globals.program_version #define prog_vers ip6tables_globals.program_version
/* A few hardcoded protocols for 'all' and in case the user has no
/etc/protocols */
struct pprot {
const char *name;
uint8_t num;
};
static void __attribute__((noreturn)) static void __attribute__((noreturn))
exit_tryhelp(int status) exit_tryhelp(int status)
...@@ -342,27 +309,6 @@ opt2char(int option) ...@@ -342,27 +309,6 @@ opt2char(int option)
return *ptr; return *ptr;
} }
static char
cmd2char(int option)
{
const char *ptr;
for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
return *ptr;
}
static void
add_command(unsigned int *cmd, const int newcmd, const int othercmds,
int invert)
{
if (invert)
xtables_error(PARAMETER_PROBLEM, "unexpected '!' flag");
if (*cmd & (~othercmds))
xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
*cmd |= newcmd;
}
/* /*
* All functions starting with "parse" should succeed, otherwise * All functions starting with "parse" should succeed, otherwise
* the program fails. * the program fails.
...@@ -381,19 +327,6 @@ static int is_exthdr(uint16_t proto) ...@@ -381,19 +327,6 @@ static int is_exthdr(uint16_t proto)
proto == IPPROTO_DSTOPTS); proto == IPPROTO_DSTOPTS);
} }
/* Can't be zero. */
static int
parse_rulenumber(const char *rule)
{
unsigned int rulenum;
if (!xtables_strtoui(rule, NULL, &rulenum, 1, INT_MAX))
xtables_error(PARAMETER_PROBLEM,
"Invalid rule number `%s'", rule);
return rulenum;
}
static void static void
parse_chain(const char *chainname) parse_chain(const char *chainname)
{ {
...@@ -1228,6 +1161,7 @@ int do_command6(int argc, char *argv[], char **table, ...@@ -1228,6 +1161,7 @@ int do_command6(int argc, char *argv[], char **table,
struct xtables_rule_match *matchp; struct xtables_rule_match *matchp;
struct xtables_target *t; struct xtables_target *t;
unsigned long long cnt; unsigned long long cnt;
bool table_set = false;
/* re-set optind to 0 in case do_command6 gets called /* re-set optind to 0 in case do_command6 gets called
* a second time */ * a second time */
...@@ -1508,7 +1442,12 @@ int do_command6(int argc, char *argv[], char **table, ...@@ -1508,7 +1442,12 @@ int do_command6(int argc, char *argv[], char **table,
if (cs.invert) if (cs.invert)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"unexpected ! flag before --table"); "unexpected ! flag before --table");
if (restore && table_set)
xtables_error(PARAMETER_PROBLEM,
"The -t option (seen in line %u) cannot be used in %s.\n",
line, xt_params->program_name);
*table = optarg; *table = optarg;
table_set = true;
break; break;
case 'x': case 'x':
...@@ -1578,7 +1517,7 @@ int do_command6(int argc, char *argv[], char **table, ...@@ -1578,7 +1517,7 @@ int do_command6(int argc, char *argv[], char **table,
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"multiple consecutive ! not" "multiple consecutive ! not"
" allowed"); " allowed");
cs.invert = TRUE; cs.invert = true;
optarg[0] = '\0'; optarg[0] = '\0';
continue; continue;
} }
...@@ -1590,12 +1529,12 @@ int do_command6(int argc, char *argv[], char **table, ...@@ -1590,12 +1529,12 @@ int do_command6(int argc, char *argv[], char **table,
/* /*
* If new options were loaded, we must retry * If new options were loaded, we must retry
* getopt immediately and not allow * getopt immediately and not allow
* cs.invert=FALSE to be executed. * cs.invert=false to be executed.
*/ */
continue; continue;
break; break;
} }
cs.invert = FALSE; cs.invert = false;
} }
if (!wait && wait_interval_set) if (!wait && wait_interval_set)
......
iptables/iptables-apply
View file @ 268c6aa1
#!/bin/bash #!/bin/bash
#
# iptables-apply -- a safer way to update iptables remotely # iptables-apply -- a safer way to update iptables remotely
# #
# Copyright © Martin F. Krafft <madduck@madduck.net> # Usage:
# iptables-apply [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]}
#
# Versions:
# * 1.0 Copyright 2006 Martin F. Krafft <madduck@madduck.net>
# Original version
# * 1.1 Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>
# Added parameter -c (run command)
# Added parameter -w (save successfully applied rules to file)
# Major code cleanup
#
# Released under the terms of the Artistic Licence 2.0 # Released under the terms of the Artistic Licence 2.0
# #
set -eu set -eu
PROGNAME="${0##*/}"; PROGNAME="${0##*/}"
VERSION=1.0 VERSION=1.1
### Default settings
DEF_TIMEOUT=10
TIMEOUT=10 MODE=0 # apply rulesfile mode
# MODE=1 # run command mode
function blurb() case "$PROGNAME" in
{ (*6*)
cat <<-_eof SAVE=ip6tables-save
RESTORE=ip6tables-restore
DEF_RULESFILE="/etc/network/ip6tables.up.rules"
DEF_SAVEFILE="$DEF_RULESFILE"
DEF_RUNCMD="/etc/network/ip6tables.up.run"
;;
(*)
SAVE=iptables-save
RESTORE=iptables-restore
DEF_RULESFILE="/etc/network/iptables.up.rules"
DEF_SAVEFILE="$DEF_RULESFILE"
DEF_RUNCMD="/etc/network/iptables.up.run"
;;
esac
### Functions
function blurb() {
cat <<-__EOF__
$PROGNAME $VERSION -- a safer way to update iptables remotely $PROGNAME $VERSION -- a safer way to update iptables remotely
_eof __EOF__
} }
function copyright() function copyright() {
{ cat <<-__EOF__
cat <<-_eof $PROGNAME has been published under the terms of the Artistic Licence 2.0.
$PROGNAME is C Martin F. Krafft <madduck@madduck.net>.
The program has been published under the terms of the Artistic Licence 2.0 Original version - Copyright 2006 Martin F. Krafft <madduck@madduck.net>.
_eof Version 1.1 - Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>.
__EOF__
} }
function about() function about() {
{
blurb blurb
echo echo
copyright copyright
} }
function usage() function usage() {
{ blurb
cat <<-_eof echo
Usage: $PROGNAME [options] ruleset cat <<-__EOF__
Usage:
$PROGNAME [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]}
The script will try to apply a new ruleset (as output by iptables-save/read The script will try to apply a new rulesfile (as output by iptables-save,
by iptables-restore) to iptables, then prompt the user whether the changes read by iptables-restore) or run a command to configure iptables and then
are okay. If the new ruleset cut the existing connection, the user will not prompt the user whether the changes are okay. If the new iptables rules cut
be able to answer affirmatively. In this case, the script rolls back to the the existing connection, the user will not be able to answer affirmatively.
previous ruleset. In this case, the script rolls back to the previous working iptables rules
after the timeout expires.
The following options may be specified, using standard conventions: Successfully applied rules can also be written to savefile and later used
to roll back to this state. This can be used to implement a store last good
configuration mechanism when experimenting with an iptables setup script:
$PROGNAME -w $DEF_SAVEFILE -c $DEF_RUNCMD
-t | --timeout Specify the timeout in seconds (default: $TIMEOUT) When called as ip6tables-apply, the script will use ip6tables-save/-restore
-V | --version Display version information and IPv6 default values instead. Default value for rulesfile is
-h | --help Display this help text '$DEF_RULESFILE'.
_eof
Options:
-t seconds, --timeout seconds
Specify the timeout in seconds (default: $DEF_TIMEOUT).
-w savefile, --write savefile
Specify the savefile where successfully applied rules will be written to
(default if empty string is given: $DEF_SAVEFILE).
-c runcmd, --command runcmd
Run command runcmd to configure iptables instead of applying a rulesfile
(default: $DEF_RUNCMD).
-h, --help
Display this help text.
-V, --version
Display version information.
__EOF__
}
function checkcommands() {
for cmd in "${COMMANDS[@]}"; do
if ! command -v "$cmd" >/dev/null; then
echo "Error: needed command not found: $cmd" >&2
exit 127
fi
done
}
function revertrules() {
echo -n "Reverting to old iptables rules... "
"$RESTORE" <"$TMPFILE"
echo "done."
} }
SHORTOPTS="t:Vh";
LONGOPTS="timeout:,version,help"; ### Parsing and checking parameters
TIMEOUT="$DEF_TIMEOUT"
SAVEFILE=""
SHORTOPTS="t:w:chV";
LONGOPTS="timeout:,write:,command,help,version";
OPTS=$(getopt -s bash -o "$SHORTOPTS" -l "$LONGOPTS" -n "$PROGNAME" -- "$@") || exit $? OPTS=$(getopt -s bash -o "$SHORTOPTS" -l "$LONGOPTS" -n "$PROGNAME" -- "$@") || exit $?
for opt in $OPTS; do for opt in $OPTS; do
case "$opt" in case "$opt" in
(-*) unset OPT_STATE;; (-*)
unset OPT_STATE
;;
(*) (*)
case "${OPT_STATE:-}" in case "${OPT_STATE:-}" in
(SET_TIMEOUT) (SET_TIMEOUT) eval TIMEOUT=$opt;;
eval TIMEOUT=$opt (SET_SAVEFILE)
case "$TIMEOUT" in eval SAVEFILE=$opt
([0-9]*) :;; [ -z "$SAVEFILE" ] && SAVEFILE="$DEF_SAVEFILE"
(*)
echo "E: non-numeric timeout value." >&2
exit 1
;;
esac
;; ;;
esac esac
;; ;;
esac esac
case "$opt" in case "$opt" in
(-t|--timeout) OPT_STATE="SET_TIMEOUT";;
(-w|--write) OPT_STATE="SET_SAVEFILE";;
(-c|--command) MODE=1;;
(-h|--help) usage >&2; exit 0;; (-h|--help) usage >&2; exit 0;;
(-V|--version) about >&2; exit 0;; (-V|--version) about >&2; exit 0;;
(-t|--timeout) OPT_STATE=SET_TIMEOUT;;
(--) break;; (--) break;;
esac esac
shift shift
done done
case "$PROGNAME" in # Validate parameters
(*6*) if [ "$TIMEOUT" -ge 0 ] 2>/dev/null; then
SAVE=ip6tables-save TIMEOUT=$(($TIMEOUT))
RESTORE=ip6tables-restore else
DEFAULT_FILE=/etc/network/ip6tables echo "Error: timeout must be a positive number" >&2
;;
(*)
SAVE=iptables-save
RESTORE=iptables-restore
DEFAULT_FILE=/etc/network/iptables
;;
esac
FILE="${1:-$DEFAULT_FILE}";
if [[ -z "$FILE" ]]; then
echo "E: missing file argument." >&2
exit 1 exit 1
fi fi
if [[ ! -r "$FILE" ]]; then if [ -n "$SAVEFILE" -a -e "$SAVEFILE" -a ! -w "$SAVEFILE" ]; then
echo "E: cannot read $FILE" >&2 echo "Error: savefile not writable: $SAVEFILE" >&2
exit 2 exit 8
fi fi
COMMANDS=(tempfile "$SAVE" "$RESTORE") case "$MODE" in
(1)
# Treat parameter as runcmd (run command mode)
RUNCMD="${1:-$DEF_RUNCMD}"
if [ ! -x "$RUNCMD" ]; then
echo "Error: runcmd not executable: $RUNCMD" >&2
exit 6
fi
for cmd in "${COMMANDS[@]}"; do # Needed commands
if ! command -v $cmd >/dev/null; then COMMANDS=(mktemp "$SAVE" "$RESTORE" "$RUNCMD")
echo "E: command not found: $cmd" >&2 checkcommands
exit 127 ;;
(*)
# Treat parameter as rulesfile (apply rulesfile mode)
RULESFILE="${1:-$DEF_RULESFILE}";
if [ ! -r "$RULESFILE" ]; then
echo "Error: rulesfile not readable: $RULESFILE" >&2
exit 2
fi fi
done
umask 0700 # Needed commands
COMMANDS=(mktemp "$SAVE" "$RESTORE")
checkcommands
;;
esac
TMPFILE=$(tempfile -p iptap) ### Begin work
# Store old iptables rules to temporary file
TMPFILE=`mktemp /tmp/$PROGNAME-XXXXXXXX`
trap "rm -f $TMPFILE" EXIT HUP INT QUIT ILL TRAP ABRT BUS \ trap "rm -f $TMPFILE" EXIT HUP INT QUIT ILL TRAP ABRT BUS \
FPE USR1 SEGV USR2 PIPE ALRM TERM FPE USR1 SEGV USR2 PIPE ALRM TERM
if ! "$SAVE" >"$TMPFILE"; then if ! "$SAVE" >"$TMPFILE"; then
# An error occured
if ! grep -q ipt /proc/modules 2>/dev/null; then if ! grep -q ipt /proc/modules 2>/dev/null; then
echo "E: iptables support lacking from the kernel." >&2 echo "Error: iptables support lacking from the kernel" >&2
exit 3 exit 3
else else
echo "E: unknown error saving current iptables ruleset." >&2 echo "Error: unknown error saving old iptables rules: $TMPFILE" >&2
exit 4 exit 4
fi fi
fi fi
# Legacy to stop the fail2ban daemon if present
[ -x /etc/init.d/fail2ban ] && /etc/init.d/fail2ban stop [ -x /etc/init.d/fail2ban ] && /etc/init.d/fail2ban stop
echo -n "Applying new ruleset... " # Configure iptables
if ! "$RESTORE" <"$FILE"; then case "$MODE" in
(1)
# Run command in background and kill it if it times out
echo -n "Running command '$RUNCMD'... "
"$RUNCMD" &
CMD_PID=$!
( sleep "$TIMEOUT"; kill "$CMD_PID" 2>/dev/null; exit 0 ) &
CMDTIMEOUT_PID=$!
if ! wait "$CMD_PID"; then
echo "failed."
echo "Error: unknown error running command: $RUNCMD" >&2
revertrules
exit 7
else
echo "done."
fi
;;
(*)
# Apply iptables rulesfile
echo -n "Applying new iptables rules from '$RULESFILE'... "
if ! "$RESTORE" <"$RULESFILE"; then
echo "failed." echo "failed."
echo "E: unknown error applying new iptables ruleset." >&2 echo "Error: unknown error applying new iptables rules: $RULESFILE" >&2
revertrules
exit 5 exit 5
else else
echo "done." echo "done."
fi fi
;;
esac
# Prompt user for confirmation
echo -n "Can you establish NEW connections to the machine? (y/N) " echo -n "Can you establish NEW connections to the machine? (y/N) "
read -n1 -t "${TIMEOUT:-15}" ret 2>&1 || : read -n1 -t "$TIMEOUT" ret 2>&1 || :
case "${ret:-}" in case "${ret:-}" in
(y*|Y*) (y*|Y*)
# Success
echo echo
if [ ! -z "$SAVEFILE" ]; then
# Write successfully applied rules to the savefile
echo "Writing successfully applied rules to '$SAVEFILE'..."
if ! "$SAVE" >"$SAVEFILE"; then
echo "Error: unknown error writing successfully applied rules: $SAVEFILE" >&2
exit 9
fi
fi
echo "... then my job is done. See you next time." echo "... then my job is done. See you next time."
;; ;;
(*) (*)
if [[ -z "${ret:-}" ]]; then # Failed
echo "apparently not..."
else
echo echo
if [ -z "${ret:-}" ]; then
echo "Timeout! Something happened (or did not). Better play it safe..."
else
echo "No affirmative response! Better play it safe..."
fi fi
echo "Timeout. Something happened (or did not). Better play it safe..." revertrules
echo -n "Reverting to old ruleset... "
"$RESTORE" <"$TMPFILE";
echo "done."
exit 255 exit 255
;; ;;
esac esac
# Legacy to start the fail2ban daemon again
[ -x /etc/init.d/fail2ban ] && /etc/init.d/fail2ban start [ -x /etc/init.d/fail2ban ] && /etc/init.d/fail2ban start
exit 0 exit 0
......
iptables/iptables-apply.8.in
View file @ 268c6aa1
.\" Title: iptables-apply .\" Title: iptables-apply
.\" Author: Martin F. Krafft .\" Author: Martin F. Krafft, GW
.\" Date: Jun 04, 2006 .\" Date: May 10, 2010
.\" .\"
.TH IPTABLES\-APPLY 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@" .TH IPTABLES\-APPLY 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
.\" disable hyphenation .\" disable hyphenation
...@@ -8,23 +8,37 @@ ...@@ -8,23 +8,37 @@
.SH NAME .SH NAME
iptables-apply \- a safer way to update iptables remotely iptables-apply \- a safer way to update iptables remotely
.SH SYNOPSIS .SH SYNOPSIS
\fBiptables\-apply\fP [\-\fBhV\fP] [\fB-t\fP \fItimeout\fP] \fIruleset\-file\fP \fBiptables\-apply\fP [\-\fBhV\fP] [\fB-t\fP \fItimeout\fP] [\fB-w\fP \fIsavefile\fP] {[\fIrulesfile]|-c [runcmd]}\fP
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
iptables\-apply will try to apply a new ruleset (as output by iptables\-apply will try to apply a new rulesfile (as output by
iptables\-save/read by iptables\-restore) to iptables, then prompt the iptables-save, read by iptables-restore) or run a command to configure
user whether the changes are okay. If the new ruleset cut the existing iptables and then prompt the user whether the changes are okay. If the
connection, the user will not be able to answer affirmatively. In this new iptables rules cut the existing connection, the user will not be
case, the script rolls back to the previous ruleset after the timeout able to answer affirmatively. In this case, the script rolls back to
expired. The timeout can be set with \fB\-t\fP. the previous working iptables rules after the timeout expires.
.PP .PP
When called as \fBip6tables\-apply\fP, the script will use Successfully applied rules can also be written to savefile and later used
ip6tables\-save/\-restore instead. to roll back to this state. This can be used to implement a store last good
configuration mechanism when experimenting with an iptables setup script:
iptables-apply \-w /etc/network/iptables.up.rules \-c /etc/network/iptables.up.run
.PP
When called as ip6tables\-apply, the script will use
ip6tables\-save/\-restore and IPv6 default values instead. Default
value for rulesfile is '/etc/network/iptables.up.rules'.
.SH OPTIONS .SH OPTIONS
.TP .TP
\fB\-t\fP \fIseconds\fR, \fB\-\-timeout\fP \fIseconds\fR \fB\-t\fP \fIseconds\fR, \fB\-\-timeout\fP \fIseconds\fR
Sets the timeout after which the script will roll back to the previous Sets the timeout in seconds after which the script will roll back
ruleset. to the previous ruleset (default: 10).
.TP
\fB\-w\fP \fIsavefile\fR, \fB\-\-write\fP \fIsavefile\fR
Specify the savefile where successfully applied rules will be written to
(default if empty string is given: /etc/network/iptables.up.rules).
.TP
\fB\-c\fP \fIruncmd\fR, \fB\-\-command\fP \fIruncmd\fR
Run command runcmd to configure iptables instead of applying a rulesfile
(default: /etc/network/iptables.up.run).
.TP .TP
\fB\-h\fP, \fB\-\-help\fP \fB\-h\fP, \fB\-\-help\fP
Display usage information. Display usage information.
...@@ -36,9 +50,11 @@ Display version information. ...@@ -36,9 +50,11 @@ Display version information.
\fBiptables-restore\fP(8), \fBiptables-save\fP(8), \fBiptables\fR(8). \fBiptables-restore\fP(8), \fBiptables-save\fP(8), \fBiptables\fR(8).
.SH LEGALESE .SH LEGALESE
.PP .PP
iptables\-apply is copyright by Martin F. Krafft. Original iptables-apply - Copyright 2006 Martin F. Krafft <madduck@madduck.net>.
Version 1.1 - Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>.
.PP .PP
This manual page was written by Martin F. Krafft <madduck@madduck.net> This manual page was written by Martin F. Krafft <madduck@madduck.net> and
extended by GW <gw.2010@tnode.com or http://gw.tnode.com/>.
.PP .PP
Permission is granted to copy, distribute and/or modify this document Permission is granted to copy, distribute and/or modify this document
under the terms of the Artistic License 2.0. under the terms of the Artistic License 2.0.
iptables/iptables-restore.8.in
View file @ 268c6aa1
...@@ -87,7 +87,7 @@ from Rusty Russell. ...@@ -87,7 +87,7 @@ from Rusty Russell.
.br .br
Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-restore. Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-restore.
.SH SEE ALSO .SH SEE ALSO
\fBiptables\-save\fP(8), \fBiptables\fP(8) \fBiptables\-apply\fP(8),\fBiptables\-save\fP(8), \fBiptables\fP(8)
.PP .PP
The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO,
which details NAT, and the netfilter-hacking-HOWTO which details the which details NAT, and the netfilter-hacking-HOWTO which details the
......
iptables/iptables-restore.c
View file @ 268c6aa1
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
* *
* This code is distributed under the terms of GNU GPL v2 * This code is distributed under the terms of GNU GPL v2
*/ */
#include "config.h"
#include <getopt.h> #include <getopt.h>
#include <errno.h> #include <errno.h>
#include <stdbool.h> #include <stdbool.h>
...@@ -43,7 +43,7 @@ static const struct option options[] = { ...@@ -43,7 +43,7 @@ static const struct option options[] = {
static void print_usage(const char *name, const char *version) static void print_usage(const char *name, const char *version)
{ {
fprintf(stderr, "Usage: %s [-c] [-v] [-V] [-t] [-h] [-n] [-w secs] [-W usecs] [-T table] [-M command]\n" fprintf(stderr, "Usage: %s [-c] [-v] [-V] [-t] [-h] [-n] [-w secs] [-W usecs] [-T table] [-M command] [file]\n"
" [ --counters ]\n" " [ --counters ]\n"
" [ --verbose ]\n" " [ --verbose ]\n"
" [ --version]\n" " [ --version]\n"
...@@ -70,7 +70,7 @@ struct iptables_restore_cb { ...@@ -70,7 +70,7 @@ struct iptables_restore_cb {
}; };
static struct xtc_handle * static struct xtc_handle *
create_handle(struct iptables_restore_cb *cb, const char *tablename) create_handle(const struct iptables_restore_cb *cb, const char *tablename)
{ {
struct xtc_handle *handle; struct xtc_handle *handle;
...@@ -82,18 +82,19 @@ create_handle(struct iptables_restore_cb *cb, const char *tablename) ...@@ -82,18 +82,19 @@ create_handle(struct iptables_restore_cb *cb, const char *tablename)
handle = cb->ops->init(tablename); handle = cb->ops->init(tablename);
} }
if (!handle) { if (!handle)
xtables_error(PARAMETER_PROBLEM, "%s: unable to initialize " xtables_error(PARAMETER_PROBLEM, "%s: unable to initialize "
"table '%s'\n", xt_params->program_name, tablename); "table '%s'\n", xt_params->program_name, tablename);
exit(1);
}
return handle; return handle;
} }
static int static int
ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[]) ip46tables_restore_main(const struct iptables_restore_cb *cb,
int argc, char *argv[])
{ {
struct xtc_handle *handle = NULL; struct xtc_handle *handle = NULL;
struct argv_store av_store = {};
char buffer[10240]; char buffer[10240];
int c, lock; int c, lock;
char curtable[XT_TABLE_MAXNAMELEN + 1] = {}; char curtable[XT_TABLE_MAXNAMELEN + 1] = {};
...@@ -125,7 +126,7 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[]) ...@@ -125,7 +126,7 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[])
break; break;
case 'h': case 'h':
print_usage(xt_params->program_name, print_usage(xt_params->program_name,
IPTABLES_VERSION); PACKAGE_VERSION);
exit(0); exit(0);
case 'n': case 'n':
noflush = 1; noflush = 1;
...@@ -177,8 +178,10 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[]) ...@@ -177,8 +178,10 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[])
if (buffer[0] == '\n') if (buffer[0] == '\n')
continue; continue;
else if (buffer[0] == '#') { else if (buffer[0] == '#') {
if (verbose) if (verbose) {
fputs(buffer, stdout); fputs(buffer, stdout);
fflush(stdout);
}
continue; continue;
} else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) { } else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) {
if (!testing) { if (!testing) {
...@@ -207,12 +210,11 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[]) ...@@ -207,12 +210,11 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[])
table = strtok(buffer+1, " \t\n"); table = strtok(buffer+1, " \t\n");
DEBUGP("line %u, table '%s'\n", line, table); DEBUGP("line %u, table '%s'\n", line, table);
if (!table) { if (!table)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n", "%s: line %u table name invalid\n",
xt_params->program_name, line); xt_params->program_name, line);
exit(1);
}
strncpy(curtable, table, XT_TABLE_MAXNAMELEN); strncpy(curtable, table, XT_TABLE_MAXNAMELEN);
curtable[XT_TABLE_MAXNAMELEN] = '\0'; curtable[XT_TABLE_MAXNAMELEN] = '\0';
...@@ -248,12 +250,10 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[]) ...@@ -248,12 +250,10 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[])
chain = strtok(buffer+1, " \t\n"); chain = strtok(buffer+1, " \t\n");
DEBUGP("line %u, chain '%s'\n", line, chain); DEBUGP("line %u, chain '%s'\n", line, chain);
if (!chain) { if (!chain)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n", "%s: line %u chain name invalid\n",
xt_params->program_name, line); xt_params->program_name, line);
exit(1);
}
if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN) if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
...@@ -281,12 +281,10 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[]) ...@@ -281,12 +281,10 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[])
policy = strtok(NULL, " \t\n"); policy = strtok(NULL, " \t\n");
DEBUGP("line %u, policy '%s'\n", line, policy); DEBUGP("line %u, policy '%s'\n", line, policy);
if (!policy) { if (!policy)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n", "%s: line %u policy invalid\n",
xt_params->program_name, line); xt_params->program_name, line);
exit(1);
}
if (strcmp(policy, "-") != 0) { if (strcmp(policy, "-") != 0) {
struct xt_counters count = {}; struct xt_counters count = {};
...@@ -316,61 +314,31 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[]) ...@@ -316,61 +314,31 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[])
ret = 1; ret = 1;
} else if (in_table) { } else if (in_table) {
int a;
char *pcnt = NULL; char *pcnt = NULL;
char *bcnt = NULL; char *bcnt = NULL;
char *parsestart; char *parsestart = buffer;
if (buffer[0] == '[') { add_argv(&av_store, argv[0], 0);
/* we have counters in our input */ add_argv(&av_store, "-t", 0);
char *ptr = strchr(buffer, ']'); add_argv(&av_store, curtable, 0);
if (!ptr)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
pcnt = strtok(buffer+1, ":");
if (!pcnt)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need :\n",
line);
bcnt = strtok(NULL, "]");
if (!bcnt)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
/* start command parsing after counter */
parsestart = ptr + 1;
} else {
/* start command parsing at start of line */
parsestart = buffer;
}
add_argv(argv[0], 0);
add_argv("-t", 0);
add_argv(curtable, 0);
tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line);
if (counters && pcnt && bcnt) { if (counters && pcnt && bcnt) {
add_argv("--set-counters", 0); add_argv(&av_store, "--set-counters", 0);
add_argv((char *) pcnt, 0); add_argv(&av_store, pcnt, 0);
add_argv((char *) bcnt, 0); add_argv(&av_store, bcnt, 0);
} }
add_param_to_argv(parsestart, line); add_param_to_argv(&av_store, parsestart, line);
DEBUGP("calling do_command(%u, argv, &%s, handle):\n", DEBUGP("calling do_command(%u, argv, &%s, handle):\n",
newargc, curtable); av_store.argc, curtable);
debug_print_argv(&av_store);
for (a = 0; a < newargc; a++) ret = cb->do_command(av_store.argc, av_store.argv,
DEBUGP("argv[%u]: %s\n", a, newargv[a]); &av_store.argv[2], &handle, true);
ret = cb->do_command(newargc, newargv, free_argv(&av_store);
&newargv[2], &handle, true);
free_argv();
fflush(stdout); fflush(stdout);
} }
if (tablename && strcmp(tablename, curtable) != 0) if (tablename && strcmp(tablename, curtable) != 0)
...@@ -393,7 +361,7 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[]) ...@@ -393,7 +361,7 @@ ip46tables_restore_main(struct iptables_restore_cb *cb, int argc, char *argv[])
#if defined ENABLE_IPV4 #if defined ENABLE_IPV4
struct iptables_restore_cb ipt_restore_cb = { static const struct iptables_restore_cb ipt_restore_cb = {
.ops = &iptc_ops, .ops = &iptc_ops,
.for_each_chain = for_each_chain4, .for_each_chain = for_each_chain4,
.flush_entries = flush_entries4, .flush_entries = flush_entries4,
...@@ -404,7 +372,7 @@ struct iptables_restore_cb ipt_restore_cb = { ...@@ -404,7 +372,7 @@ struct iptables_restore_cb ipt_restore_cb = {
int int
iptables_restore_main(int argc, char *argv[]) iptables_restore_main(int argc, char *argv[])
{ {
int c; int c, ret;
iptables_globals.program_name = "iptables-restore"; iptables_globals.program_name = "iptables-restore";
c = xtables_init_all(&iptables_globals, NFPROTO_IPV4); c = xtables_init_all(&iptables_globals, NFPROTO_IPV4);
...@@ -419,12 +387,15 @@ iptables_restore_main(int argc, char *argv[]) ...@@ -419,12 +387,15 @@ iptables_restore_main(int argc, char *argv[])
init_extensions4(); init_extensions4();
#endif #endif
return ip46tables_restore_main(&ipt_restore_cb, argc, argv); ret = ip46tables_restore_main(&ipt_restore_cb, argc, argv);
xtables_fini();
return ret;
} }
#endif #endif
#if defined ENABLE_IPV6 #if defined ENABLE_IPV6
struct iptables_restore_cb ip6t_restore_cb = { static const struct iptables_restore_cb ip6t_restore_cb = {
.ops = &ip6tc_ops, .ops = &ip6tc_ops,
.for_each_chain = for_each_chain6, .for_each_chain = for_each_chain6,
.flush_entries = flush_entries6, .flush_entries = flush_entries6,
...@@ -435,7 +406,7 @@ struct iptables_restore_cb ip6t_restore_cb = { ...@@ -435,7 +406,7 @@ struct iptables_restore_cb ip6t_restore_cb = {
int int
ip6tables_restore_main(int argc, char *argv[]) ip6tables_restore_main(int argc, char *argv[])
{ {
int c; int c, ret;
ip6tables_globals.program_name = "ip6tables-restore"; ip6tables_globals.program_name = "ip6tables-restore";
c = xtables_init_all(&ip6tables_globals, NFPROTO_IPV6); c = xtables_init_all(&ip6tables_globals, NFPROTO_IPV6);
...@@ -450,6 +421,9 @@ ip6tables_restore_main(int argc, char *argv[]) ...@@ -450,6 +421,9 @@ ip6tables_restore_main(int argc, char *argv[])
init_extensions6(); init_extensions6();
#endif #endif
return ip46tables_restore_main(&ip6t_restore_cb, argc, argv); ret = ip46tables_restore_main(&ip6t_restore_cb, argc, argv);
xtables_fini();
return ret;
} }
#endif #endif
iptables/iptables-save.8.in
View file @ 268c6aa1
...@@ -62,7 +62,7 @@ Rusty Russell <rusty@rustcorp.com.au> ...@@ -62,7 +62,7 @@ Rusty Russell <rusty@rustcorp.com.au>
.br .br
Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-save. Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-save.
.SH SEE ALSO .SH SEE ALSO
\fBiptables\-restore\fP(8), \fBiptables\fP(8) \fBiptables\-apply\fP(8),\fBiptables\-restore\fP(8), \fBiptables\fP(8)
.PP .PP
The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO,
which details NAT, and the netfilter-hacking-HOWTO which details the which details NAT, and the netfilter-hacking-HOWTO which details the
......
iptables/iptables-save.c
View file @ 268c6aa1
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
* This code is distributed under the terms of GNU GPL v2 * This code is distributed under the terms of GNU GPL v2
* *
*/ */
#include "config.h"
#include <getopt.h> #include <getopt.h>
#include <errno.h> #include <errno.h>
#include <stdio.h> #include <stdio.h>
...@@ -90,7 +91,7 @@ static int do_output(struct iptables_save_cb *cb, const char *tablename) ...@@ -90,7 +91,7 @@ static int do_output(struct iptables_save_cb *cb, const char *tablename)
time_t now = time(NULL); time_t now = time(NULL);
printf("# Generated by %s v%s on %s", printf("# Generated by %s v%s on %s",
xt_params->program_name, IPTABLES_VERSION, ctime(&now)); xt_params->program_name, PACKAGE_VERSION, ctime(&now));
printf("*%s\n", tablename); printf("*%s\n", tablename);
/* Dump out chain names first, /* Dump out chain names first,
...@@ -217,6 +218,8 @@ struct iptables_save_cb ipt_save_cb = { ...@@ -217,6 +218,8 @@ struct iptables_save_cb ipt_save_cb = {
int int
iptables_save_main(int argc, char *argv[]) iptables_save_main(int argc, char *argv[])
{ {
int ret;
iptables_globals.program_name = "iptables-save"; iptables_globals.program_name = "iptables-save";
if (xtables_init_all(&iptables_globals, NFPROTO_IPV4) < 0) { if (xtables_init_all(&iptables_globals, NFPROTO_IPV4) < 0) {
fprintf(stderr, "%s/%s Failed to initialize xtables\n", fprintf(stderr, "%s/%s Failed to initialize xtables\n",
...@@ -229,7 +232,10 @@ iptables_save_main(int argc, char *argv[]) ...@@ -229,7 +232,10 @@ iptables_save_main(int argc, char *argv[])
init_extensions4(); init_extensions4();
#endif #endif
return do_iptables_save(&ipt_save_cb, argc, argv); ret = do_iptables_save(&ipt_save_cb, argc, argv);
xtables_fini();
return ret;
} }
#endif /* ENABLE_IPV4 */ #endif /* ENABLE_IPV4 */
...@@ -258,6 +264,8 @@ struct iptables_save_cb ip6t_save_cb = { ...@@ -258,6 +264,8 @@ struct iptables_save_cb ip6t_save_cb = {
int int
ip6tables_save_main(int argc, char *argv[]) ip6tables_save_main(int argc, char *argv[])
{ {
int ret;
ip6tables_globals.program_name = "ip6tables-save"; ip6tables_globals.program_name = "ip6tables-save";
if (xtables_init_all(&ip6tables_globals, NFPROTO_IPV6) < 0) { if (xtables_init_all(&ip6tables_globals, NFPROTO_IPV6) < 0) {
fprintf(stderr, "%s/%s Failed to initialize xtables\n", fprintf(stderr, "%s/%s Failed to initialize xtables\n",
...@@ -270,6 +278,9 @@ ip6tables_save_main(int argc, char *argv[]) ...@@ -270,6 +278,9 @@ ip6tables_save_main(int argc, char *argv[])
init_extensions6(); init_extensions6();
#endif #endif
return do_iptables_save(&ip6t_save_cb, argc, argv); ret = do_iptables_save(&ip6t_save_cb, argc, argv);
xtables_fini();
return ret;
} }
#endif /* ENABLE_IPV6 */ #endif /* ENABLE_IPV6 */
iptables/iptables-standalone.c
View file @ 268c6aa1
...@@ -64,6 +64,8 @@ iptables_main(int argc, char *argv[]) ...@@ -64,6 +64,8 @@ iptables_main(int argc, char *argv[])
iptc_free(handle); iptc_free(handle);
} }
xtables_fini();
if (!ret) { if (!ret) {
if (errno == EINVAL) { if (errno == EINVAL) {
fprintf(stderr, "iptables: %s. " fprintf(stderr, "iptables: %s. "
......
iptables/iptables-xml.c
View file @ 268c6aa1
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
* *
* This code is distributed under the terms of GNU GPL v2 * This code is distributed under the terms of GNU GPL v2
*/ */
#include "config.h"
#include <getopt.h> #include <getopt.h>
#include <errno.h> #include <errno.h>
#include <string.h> #include <string.h>
...@@ -20,7 +20,7 @@ ...@@ -20,7 +20,7 @@
struct xtables_globals iptables_xml_globals = { struct xtables_globals iptables_xml_globals = {
.option_offset = 0, .option_offset = 0,
.program_version = IPTABLES_VERSION, .program_version = PACKAGE_VERSION,
.program_name = "iptables-xml", .program_name = "iptables-xml",
}; };
#define prog_name iptables_xml_globals.program_name #define prog_name iptables_xml_globals.program_name
...@@ -208,12 +208,11 @@ needChain(char *chain) ...@@ -208,12 +208,11 @@ needChain(char *chain)
static void static void
saveChain(char *chain, char *policy, struct xt_counters *ctr) saveChain(char *chain, char *policy, struct xt_counters *ctr)
{ {
if (nextChain >= maxChains) { if (nextChain >= maxChains)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n", "%s: line %u chain name invalid\n",
prog_name, line); prog_name, line);
exit(1);
};
chains[nextChain].chain = strdup(chain); chains[nextChain].chain = strdup(chain);
chains[nextChain].policy = strdup(policy); chains[nextChain].policy = strdup(policy);
chains[nextChain].count = *ctr; chains[nextChain].count = *ctr;
...@@ -441,7 +440,7 @@ do_rule_part(char *leveltag1, char *leveltag2, int part, int argc, ...@@ -441,7 +440,7 @@ do_rule_part(char *leveltag1, char *leveltag2, int part, int argc,
} }
static int static int
compareRules(void) compareRules(int newargc, char *newargv[], int oldargc, char *oldargv[])
{ {
/* Compare arguments up to -j or -g for match. /* Compare arguments up to -j or -g for match.
* NOTE: We don't want to combine actions if there were no criteria * NOTE: We don't want to combine actions if there were no criteria
...@@ -490,11 +489,13 @@ compareRules(void) ...@@ -490,11 +489,13 @@ compareRules(void)
/* has a nice parsed rule starting with -A */ /* has a nice parsed rule starting with -A */
static void static void
do_rule(char *pcnt, char *bcnt, int argc, char *argv[], int argvattr[]) do_rule(char *pcnt, char *bcnt, int argc, char *argv[], int argvattr[],
int oldargc, char *oldargv[])
{ {
/* are these conditions the same as the previous rule? /* are these conditions the same as the previous rule?
* If so, skip arg straight to -j or -g */ * If so, skip arg straight to -j or -g */
if (combine && argc > 2 && !isTarget(argv[2]) && compareRules()) { if (combine && argc > 2 && !isTarget(argv[2]) &&
compareRules(argc, argv, oldargc, oldargv)) {
xmlComment("Combine action from next rule"); xmlComment("Combine action from next rule");
} else { } else {
...@@ -540,6 +541,7 @@ do_rule(char *pcnt, char *bcnt, int argc, char *argv[], int argvattr[]) ...@@ -540,6 +541,7 @@ do_rule(char *pcnt, char *bcnt, int argc, char *argv[], int argvattr[])
int int
iptables_xml_main(int argc, char *argv[]) iptables_xml_main(int argc, char *argv[])
{ {
struct argv_store last_rule = {}, cur_rule = {};
char buffer[10240]; char buffer[10240];
int c; int c;
FILE *in; FILE *in;
...@@ -557,7 +559,7 @@ iptables_xml_main(int argc, char *argv[]) ...@@ -557,7 +559,7 @@ iptables_xml_main(int argc, char *argv[])
verbose = 1; verbose = 1;
break; break;
case 'h': case 'h':
print_usage("iptables-xml", IPTABLES_VERSION); print_usage("iptables-xml", PACKAGE_VERSION);
break; break;
} }
} }
...@@ -606,12 +608,11 @@ iptables_xml_main(int argc, char *argv[]) ...@@ -606,12 +608,11 @@ iptables_xml_main(int argc, char *argv[])
table = strtok(buffer + 1, " \t\n"); table = strtok(buffer + 1, " \t\n");
DEBUGP("line %u, table '%s'\n", line, table); DEBUGP("line %u, table '%s'\n", line, table);
if (!table) { if (!table)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n", "%s: line %u table name invalid\n",
prog_name, line); prog_name, line);
exit(1);
}
openTable(table); openTable(table);
ret = 1; ret = 1;
...@@ -623,23 +624,19 @@ iptables_xml_main(int argc, char *argv[]) ...@@ -623,23 +624,19 @@ iptables_xml_main(int argc, char *argv[])
chain = strtok(buffer + 1, " \t\n"); chain = strtok(buffer + 1, " \t\n");
DEBUGP("line %u, chain '%s'\n", line, chain); DEBUGP("line %u, chain '%s'\n", line, chain);
if (!chain) { if (!chain)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n", "%s: line %u chain name invalid\n",
prog_name, line); prog_name, line);
exit(1);
}
DEBUGP("Creating new chain '%s'\n", chain); DEBUGP("Creating new chain '%s'\n", chain);
policy = strtok(NULL, " \t\n"); policy = strtok(NULL, " \t\n");
DEBUGP("line %u, policy '%s'\n", line, policy); DEBUGP("line %u, policy '%s'\n", line, policy);
if (!policy) { if (!policy)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n", "%s: line %u policy invalid\n",
prog_name, line); prog_name, line);
exit(1);
}
ctrs = strtok(NULL, " \t\n"); ctrs = strtok(NULL, " \t\n");
parse_counters(ctrs, &count); parse_counters(ctrs, &count);
...@@ -650,126 +647,32 @@ iptables_xml_main(int argc, char *argv[]) ...@@ -650,126 +647,32 @@ iptables_xml_main(int argc, char *argv[])
unsigned int a; unsigned int a;
char *pcnt = NULL; char *pcnt = NULL;
char *bcnt = NULL; char *bcnt = NULL;
char *parsestart; char *parsestart = buffer;
char *chain = NULL; char *chain = NULL;
/* the parser */ tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line);
char *param_start, *curchar; add_param_to_argv(&cur_rule, parsestart, line);
int quote_open, quoted;
char param_buffer[1024];
if (buffer[0] == '[') {
/* we have counters in our input */
char *ptr = strchr(buffer, ']');
if (!ptr)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
pcnt = strtok(buffer + 1, ":");
if (!pcnt)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need :\n",
line);
bcnt = strtok(NULL, "]");
if (!bcnt)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
/* start command parsing after counter */ DEBUGP("calling do_command4(%u, argv, &%s, handle):\n",
parsestart = ptr + 1; cur_rule.argc, curTable);
} else { debug_print_argv(&cur_rule);
/* start command parsing at start of line */
parsestart = buffer;
}
/* This is a 'real' parser crafted in artist mode
* not hacker mode. If the author can live with that
* then so can everyone else */
quote_open = 0;
/* We need to know which args were quoted so we
can preserve quote */
quoted = 0;
param_start = parsestart;
for (curchar = parsestart; *curchar; curchar++) {
if (*curchar == '"') {
/* quote_open cannot be true if there
* was no previous character. Thus,
* curchar-1 has to be within bounds */
if (quote_open &&
*(curchar - 1) != '\\') {
quote_open = 0;
*curchar = ' ';
} else {
quote_open = 1;
quoted = 1;
param_start++;
}
}
if (*curchar == ' '
|| *curchar == '\t' || *curchar == '\n') {
int param_len = curchar - param_start;
if (quote_open)
continue;
if (!param_len) { for (a = 1; a < cur_rule.argc; a++) {
/* two spaces? */ if (strcmp(cur_rule.argv[a - 1], "-A"))
param_start++;
continue; continue;
chain = cur_rule.argv[a];
break;
} }
/* end of one parameter */
strncpy(param_buffer, param_start,
param_len);
*(param_buffer + param_len) = '\0';
/* check if table name specified */
if ((param_buffer[0] == '-' &&
param_buffer[1] != '-' &&
strchr(param_buffer, 't')) ||
(!strncmp(param_buffer, "--t", 3) &&
!strncmp(param_buffer, "--table", strlen(param_buffer)))) {
xtables_error(PARAMETER_PROBLEM,
"Line %u seems to have a "
"-t table option.\n",
line);
exit(1);
}
add_argv(param_buffer, quoted);
if (newargc >= 2
&& 0 ==
strcmp(newargv[newargc - 2], "-A"))
chain = newargv[newargc - 1];
quoted = 0;
param_start += param_len + 1;
} else {
/* regular character, skip */
}
}
DEBUGP("calling do_command4(%u, argv, &%s, handle):\n",
newargc, curTable);
for (a = 0; a < newargc; a++)
DEBUGP("argv[%u]: %s\n", a, newargv[a]);
if (!chain) { if (!chain) {
fprintf(stderr, "%s: line %u failed - no chain found\n", fprintf(stderr, "%s: line %u failed - no chain found\n",
prog_name, line); prog_name, line);
exit(1); exit(1);
} }
needChain(chain);// Should we explicitly look for -A needChain(chain);// Should we explicitly look for -A
do_rule(pcnt, bcnt, newargc, newargv, newargvattr); do_rule(pcnt, bcnt, cur_rule.argc, cur_rule.argv,
cur_rule.argvattr, last_rule.argc, last_rule.argv);
save_argv(); save_argv(&last_rule, &cur_rule);
ret = 1; ret = 1;
} }
if (!ret) { if (!ret) {
...@@ -786,7 +689,7 @@ iptables_xml_main(int argc, char *argv[]) ...@@ -786,7 +689,7 @@ iptables_xml_main(int argc, char *argv[])
fclose(in); fclose(in);
printf("</iptables-rules>\n"); printf("</iptables-rules>\n");
free_argv(); free_argv(&last_rule);
return 0; return 0;
} }
iptables/iptables.8.in
View file @ 268c6aa1
...@@ -245,13 +245,13 @@ add, delete, insert, replace and append commands). ...@@ -245,13 +245,13 @@ add, delete, insert, replace and append commands).
This option has no effect in iptables and iptables-restore. This option has no effect in iptables and iptables-restore.
If a rule using the \fB\-4\fP option is inserted with (and only with) If a rule using the \fB\-4\fP option is inserted with (and only with)
ip6tables-restore, it will be silently ignored. Any other uses will throw an ip6tables-restore, it will be silently ignored. Any other uses will throw an
error. This option allows to put both IPv4 and IPv6 rules in a single rule file error. This option allows IPv4 and IPv6 rules in a single rule file
for use with both iptables-restore and ip6tables-restore. for use with both iptables-restore and ip6tables-restore.
.TP .TP
\fB\-6\fP, \fB\-\-ipv6\fP \fB\-6\fP, \fB\-\-ipv6\fP
If a rule using the \fB\-6\fP option is inserted with (and only with) If a rule using the \fB\-6\fP option is inserted with (and only with)
iptables-restore, it will be silently ignored. Any other uses will throw an iptables-restore, it will be silently ignored. Any other uses will throw an
error. This option allows to put both IPv4 and IPv6 rules in a single rule file error. This option allows IPv4 and IPv6 rules in a single rule file
for use with both iptables-restore and ip6tables-restore. for use with both iptables-restore and ip6tables-restore.
This option has no effect in ip6tables and ip6tables-restore. This option has no effect in ip6tables and ip6tables-restore.
.TP .TP
......
iptables/iptables.c
View file @ 268c6aa1
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/ */
#include "config.h"
#include <getopt.h> #include <getopt.h>
#include <string.h> #include <string.h>
#include <netdb.h> #include <netdb.h>
...@@ -41,33 +41,6 @@ ...@@ -41,33 +41,6 @@
#include <fcntl.h> #include <fcntl.h>
#include "xshared.h" #include "xshared.h"
#ifndef TRUE
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
#define CMD_NONE 0x0000U
#define CMD_INSERT 0x0001U
#define CMD_DELETE 0x0002U
#define CMD_DELETE_NUM 0x0004U
#define CMD_REPLACE 0x0008U
#define CMD_APPEND 0x0010U
#define CMD_LIST 0x0020U
#define CMD_FLUSH 0x0040U
#define CMD_ZERO 0x0080U
#define CMD_NEW_CHAIN 0x0100U
#define CMD_DELETE_CHAIN 0x0200U
#define CMD_SET_POLICY 0x0400U
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
#define CMD_ZERO_NUM 0x2000U
#define CMD_CHECK 0x4000U
#define NUMBER_OF_CMD 16
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
#define OPT_FRAGMENT 0x00800U #define OPT_FRAGMENT 0x00800U
#define NUMBER_OF_OPT ARRAY_SIZE(optflags) #define NUMBER_OF_OPT ARRAY_SIZE(optflags)
static const char optflags[] static const char optflags[]
...@@ -120,7 +93,7 @@ void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __a ...@@ -120,7 +93,7 @@ void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __a
struct xtables_globals iptables_globals = { struct xtables_globals iptables_globals = {
.option_offset = 0, .option_offset = 0,
.program_version = IPTABLES_VERSION, .program_version = PACKAGE_VERSION,
.orig_opts = original_opts, .orig_opts = original_opts,
.exit_err = iptables_exit_error, .exit_err = iptables_exit_error,
.compat_rev = xtables_compatible_revision, .compat_rev = xtables_compatible_revision,
...@@ -335,27 +308,6 @@ opt2char(int option) ...@@ -335,27 +308,6 @@ opt2char(int option)
return *ptr; return *ptr;
} }
static char
cmd2char(int option)
{
const char *ptr;
for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
return *ptr;
}
static void
add_command(unsigned int *cmd, const int newcmd, const int othercmds,
int invert)
{
if (invert)
xtables_error(PARAMETER_PROBLEM, "unexpected ! flag");
if (*cmd & (~othercmds))
xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
*cmd |= newcmd;
}
/* /*
* All functions starting with "parse" should succeed, otherwise * All functions starting with "parse" should succeed, otherwise
* the program fails. * the program fails.
...@@ -366,18 +318,6 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds, ...@@ -366,18 +318,6 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds,
*/ */
/* Christophe Burki wants `-p 6' to imply `-m tcp'. */ /* Christophe Burki wants `-p 6' to imply `-m tcp'. */
/* Can't be zero. */
static int
parse_rulenumber(const char *rule)
{
unsigned int rulenum;
if (!xtables_strtoui(rule, NULL, &rulenum, 1, INT_MAX))
xtables_error(PARAMETER_PROBLEM,
"Invalid rule number `%s'", rule);
return rulenum;
}
static void static void
parse_chain(const char *chainname) parse_chain(const char *chainname)
...@@ -1217,6 +1157,7 @@ int do_command4(int argc, char *argv[], char **table, ...@@ -1217,6 +1157,7 @@ int do_command4(int argc, char *argv[], char **table,
struct xtables_rule_match *matchp; struct xtables_rule_match *matchp;
struct xtables_target *t; struct xtables_target *t;
unsigned long long cnt; unsigned long long cnt;
bool table_set = false;
/* re-set optind to 0 in case do_command4 gets called /* re-set optind to 0 in case do_command4 gets called
* a second time */ * a second time */
...@@ -1494,7 +1435,12 @@ int do_command4(int argc, char *argv[], char **table, ...@@ -1494,7 +1435,12 @@ int do_command4(int argc, char *argv[], char **table,
if (cs.invert) if (cs.invert)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"unexpected ! flag before --table"); "unexpected ! flag before --table");
if (restore && table_set)
xtables_error(PARAMETER_PROBLEM,
"The -t option (seen in line %u) cannot be used in %s.\n",
line, xt_params->program_name);
*table = optarg; *table = optarg;
table_set = true;
break; break;
case 'x': case 'x':
...@@ -1564,7 +1510,7 @@ int do_command4(int argc, char *argv[], char **table, ...@@ -1564,7 +1510,7 @@ int do_command4(int argc, char *argv[], char **table,
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"multiple consecutive ! not" "multiple consecutive ! not"
" allowed"); " allowed");
cs.invert = TRUE; cs.invert = true;
optarg[0] = '\0'; optarg[0] = '\0';
continue; continue;
} }
...@@ -1577,7 +1523,7 @@ int do_command4(int argc, char *argv[], char **table, ...@@ -1577,7 +1523,7 @@ int do_command4(int argc, char *argv[], char **table,
continue; continue;
break; break;
} }
cs.invert = FALSE; cs.invert = false;
} }
if (!wait && wait_interval_set) if (!wait && wait_interval_set)
......
iptables/nft-arp.c
View file @ 268c6aa1
...@@ -114,29 +114,6 @@ mask_to_dotted(const struct in_addr *mask) ...@@ -114,29 +114,6 @@ mask_to_dotted(const struct in_addr *mask)
return buf; return buf;
} }
static void print_mac(const unsigned char *mac, int l)
{
int j;
for (j = 0; j < l; j++)
printf("%02x%s", mac[j],
(j==l-1) ? "" : ":");
}
static void print_mac_and_mask(const unsigned char *mac, const unsigned char *mask, int l)
{
int i;
print_mac(mac, l);
for (i = 0; i < l ; i++)
if (mask[i] != 255)
break;
if (i == l)
return;
printf("/");
print_mac(mask, l);
}
static bool need_devaddr(struct arpt_devaddr_info *info) static bool need_devaddr(struct arpt_devaddr_info *info)
{ {
int i; int i;
...@@ -149,7 +126,7 @@ static bool need_devaddr(struct arpt_devaddr_info *info) ...@@ -149,7 +126,7 @@ static bool need_devaddr(struct arpt_devaddr_info *info)
return false; return false;
} }
static int nft_arp_add(struct nftnl_rule *r, void *data) static int nft_arp_add(struct nft_handle *h, struct nftnl_rule *r, void *data)
{ {
struct iptables_command_state *cs = data; struct iptables_command_state *cs = data;
struct arpt_entry *fw = &cs->arp; struct arpt_entry *fw = &cs->arp;
...@@ -506,8 +483,8 @@ static void nft_arp_print_rule_details(const struct iptables_command_state *cs, ...@@ -506,8 +483,8 @@ static void nft_arp_print_rule_details(const struct iptables_command_state *cs,
printf("%s%s", sep, fw->arp.invflags & ARPT_INV_SRCDEVADDR printf("%s%s", sep, fw->arp.invflags & ARPT_INV_SRCDEVADDR
? "! " : ""); ? "! " : "");
printf("--src-mac "); printf("--src-mac ");
print_mac_and_mask((unsigned char *)fw->arp.src_devaddr.addr, xtables_print_mac_and_mask((unsigned char *)fw->arp.src_devaddr.addr,
(unsigned char *)fw->arp.src_devaddr.mask, ETH_ALEN); (unsigned char *)fw->arp.src_devaddr.mask);
sep = " "; sep = " ";
after_devsrc: after_devsrc:
...@@ -532,8 +509,8 @@ after_devsrc: ...@@ -532,8 +509,8 @@ after_devsrc:
printf("%s%s", sep, fw->arp.invflags & ARPT_INV_TGTDEVADDR printf("%s%s", sep, fw->arp.invflags & ARPT_INV_TGTDEVADDR
? "! " : ""); ? "! " : "");
printf("--dst-mac "); printf("--dst-mac ");
print_mac_and_mask((unsigned char *)fw->arp.tgt_devaddr.addr, xtables_print_mac_and_mask((unsigned char *)fw->arp.tgt_devaddr.addr,
(unsigned char *)fw->arp.tgt_devaddr.mask, ETH_ALEN); (unsigned char *)fw->arp.tgt_devaddr.mask);
sep = " "; sep = " ";
after_devdst: after_devdst:
...@@ -605,14 +582,15 @@ nft_arp_save_rule(const void *data, unsigned int format) ...@@ -605,14 +582,15 @@ nft_arp_save_rule(const void *data, unsigned int format)
} }
static void static void
nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format) nft_arp_print_rule(struct nft_handle *h, struct nftnl_rule *r,
unsigned int num, unsigned int format)
{ {
struct iptables_command_state cs = {}; struct iptables_command_state cs = {};
if (format & FMT_LINENUMBERS) if (format & FMT_LINENUMBERS)
printf("%u ", num); printf("%u ", num);
nft_rule_to_iptables_command_state(r, &cs); nft_rule_to_iptables_command_state(h, r, &cs);
nft_arp_print_rule_details(&cs, format); nft_arp_print_rule_details(&cs, format);
print_matches_and_target(&cs, format); print_matches_and_target(&cs, format);
...@@ -626,6 +604,8 @@ nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format) ...@@ -626,6 +604,8 @@ nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format)
if (!(format & FMT_NONEWLINE)) if (!(format & FMT_NONEWLINE))
fputc('\n', stdout); fputc('\n', stdout);
nft_clear_iptables_command_state(&cs);
} }
static bool nft_arp_is_same(const void *data_a, static bool nft_arp_is_same(const void *data_a,
...@@ -655,31 +635,6 @@ static bool nft_arp_is_same(const void *data_a, ...@@ -655,31 +635,6 @@ static bool nft_arp_is_same(const void *data_a,
(unsigned char *)b->arp.outiface_mask); (unsigned char *)b->arp.outiface_mask);
} }
static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
void *data)
{
const struct iptables_command_state *cs = data;
struct iptables_command_state this = {};
bool ret = false;
/* Delete by matching rule case */
nft_rule_to_iptables_command_state(r, &this);
if (!nft_arp_is_same(&cs->arp, &this.arp))
goto out;
if (!compare_targets(cs->target, this.target))
goto out;
if (this.jumpto && strcmp(cs->jumpto, this.jumpto) != 0)
goto out;
ret = true;
out:
ops->clear_cs(&this);
return ret;
}
static void nft_arp_save_chain(const struct nftnl_chain *c, const char *policy) static void nft_arp_save_chain(const struct nftnl_chain *c, const char *policy)
{ {
const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME); const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
...@@ -697,11 +652,9 @@ struct nft_family_ops nft_family_ops_arp = { ...@@ -697,11 +652,9 @@ struct nft_family_ops nft_family_ops_arp = {
.print_header = nft_arp_print_header, .print_header = nft_arp_print_header,
.print_rule = nft_arp_print_rule, .print_rule = nft_arp_print_rule,
.save_rule = nft_arp_save_rule, .save_rule = nft_arp_save_rule,
.save_counters = save_counters,
.save_chain = nft_arp_save_chain, .save_chain = nft_arp_save_chain,
.post_parse = NULL, .post_parse = NULL,
.rule_to_cs = nft_rule_to_iptables_command_state, .rule_to_cs = nft_rule_to_iptables_command_state,
.clear_cs = nft_clear_iptables_command_state, .clear_cs = nft_clear_iptables_command_state,
.rule_find = nft_arp_rule_find,
.parse_target = nft_ipv46_parse_target, .parse_target = nft_ipv46_parse_target,
}; };
iptables/nft-bridge.c
View file @ 268c6aa1
...@@ -17,12 +17,13 @@ ...@@ -17,12 +17,13 @@
#include <libiptc/libxtc.h> #include <libiptc/libxtc.h>
#include <linux/netfilter/nf_tables.h> #include <linux/netfilter/nf_tables.h>
#include <libnftnl/set.h>
#include "nft-shared.h" #include "nft-shared.h"
#include "nft-bridge.h" #include "nft-bridge.h"
#include "nft-cache.h"
#include "nft.h" #include "nft.h"
static bool ebt_legacy_counter_fmt;
void ebt_cs_clean(struct iptables_command_state *cs) void ebt_cs_clean(struct iptables_command_state *cs)
{ {
struct ebt_match *m, *nm; struct ebt_match *m, *nm;
...@@ -128,7 +129,8 @@ static int _add_action(struct nftnl_rule *r, struct iptables_command_state *cs) ...@@ -128,7 +129,8 @@ static int _add_action(struct nftnl_rule *r, struct iptables_command_state *cs)
return add_action(r, cs, false); return add_action(r, cs, false);
} }
static int nft_bridge_add(struct nftnl_rule *r, void *data) static int nft_bridge_add(struct nft_handle *h,
struct nftnl_rule *r, void *data)
{ {
struct iptables_command_state *cs = data; struct iptables_command_state *cs = data;
struct ebt_match *iter; struct ebt_match *iter;
...@@ -184,7 +186,7 @@ static int nft_bridge_add(struct nftnl_rule *r, void *data) ...@@ -184,7 +186,7 @@ static int nft_bridge_add(struct nftnl_rule *r, void *data)
for (iter = cs->match_list; iter; iter = iter->next) { for (iter = cs->match_list; iter; iter = iter->next) {
if (iter->ismatch) { if (iter->ismatch) {
if (add_match(r, iter->u.match->m)) if (add_match(h, r, iter->u.match->m))
break; break;
} else { } else {
if (add_target(r, iter->u.watcher->t)) if (add_target(r, iter->u.watcher->t))
...@@ -292,6 +294,221 @@ static void nft_bridge_parse_immediate(const char *jumpto, bool nft_goto, ...@@ -292,6 +294,221 @@ static void nft_bridge_parse_immediate(const char *jumpto, bool nft_goto,
cs->jumpto = jumpto; cs->jumpto = jumpto;
} }
/* return 0 if saddr, 1 if daddr, -1 on error */
static int
lookup_check_ether_payload(uint32_t base, uint32_t offset, uint32_t len)
{
if (base != 0 || len != ETH_ALEN)
return -1;
switch (offset) {
case offsetof(struct ether_header, ether_dhost):
return 1;
case offsetof(struct ether_header, ether_shost):
return 0;
default:
return -1;
}
}
/* return 0 if saddr, 1 if daddr, -1 on error */
static int
lookup_check_iphdr_payload(uint32_t base, uint32_t offset, uint32_t len)
{
if (base != 1 || len != 4)
return -1;
switch (offset) {
case offsetof(struct iphdr, daddr):
return 1;
case offsetof(struct iphdr, saddr):
return 0;
default:
return -1;
}
}
/* Make sure previous payload expression(s) is/are consistent and extract if
* matching on source or destination address and if matching on MAC and IP or
* only MAC address. */
static int lookup_analyze_payloads(const struct nft_xt_ctx *ctx,
bool *dst, bool *ip)
{
int val, val2 = -1;
if (ctx->flags & NFT_XT_CTX_PREV_PAYLOAD) {
val = lookup_check_ether_payload(ctx->prev_payload.base,
ctx->prev_payload.offset,
ctx->prev_payload.len);
if (val < 0) {
DEBUGP("unknown payload base/offset/len %d/%d/%d\n",
ctx->prev_payload.base, ctx->prev_payload.offset,
ctx->prev_payload.len);
return -1;
}
if (!(ctx->flags & NFT_XT_CTX_PAYLOAD)) {
DEBUGP("Previous but no current payload?\n");
return -1;
}
val2 = lookup_check_iphdr_payload(ctx->payload.base,
ctx->payload.offset,
ctx->payload.len);
if (val2 < 0) {
DEBUGP("unknown payload base/offset/len %d/%d/%d\n",
ctx->payload.base, ctx->payload.offset,
ctx->payload.len);
return -1;
} else if (val != val2) {
DEBUGP("mismatching payload match offsets\n");
return -1;
}
} else if (ctx->flags & NFT_XT_CTX_PAYLOAD) {
val = lookup_check_ether_payload(ctx->payload.base,
ctx->payload.offset,
ctx->payload.len);
if (val < 0) {
DEBUGP("unknown payload base/offset/len %d/%d/%d\n",
ctx->payload.base, ctx->payload.offset,
ctx->payload.len);
return -1;
}
} else {
DEBUGP("unknown LHS of lookup expression\n");
return -1;
}
if (dst)
*dst = (val == 1);
if (ip)
*ip = (val2 != -1);
return 0;
}
static int set_elems_to_among_pairs(struct nft_among_pair *pairs,
const struct nftnl_set *s, int cnt)
{
struct nftnl_set_elems_iter *iter = nftnl_set_elems_iter_create(s);
struct nftnl_set_elem *elem;
size_t tmpcnt = 0;
const void *data;
uint32_t datalen;
int ret = -1;
if (!iter) {
fprintf(stderr, "BUG: set elems iter allocation failed\n");
return ret;
}
while ((elem = nftnl_set_elems_iter_next(iter))) {
data = nftnl_set_elem_get(elem, NFTNL_SET_ELEM_KEY, &datalen);
if (!data) {
fprintf(stderr, "BUG: set elem without key\n");
goto err;
}
if (datalen > sizeof(*pairs)) {
fprintf(stderr, "BUG: overlong set elem\n");
goto err;
}
nft_among_insert_pair(pairs, &tmpcnt, data);
}
ret = 0;
err:
nftnl_set_elems_iter_destroy(iter);
return ret;
}
static struct nftnl_set *set_from_lookup_expr(struct nft_xt_ctx *ctx,
const struct nftnl_expr *e)
{
const char *set_name = nftnl_expr_get_str(e, NFTNL_EXPR_LOOKUP_SET);
uint32_t set_id = nftnl_expr_get_u32(e, NFTNL_EXPR_LOOKUP_SET_ID);
struct nftnl_set_list *slist;
struct nftnl_set *set;
slist = nft_set_list_get(ctx->h, ctx->table, set_name);
if (slist) {
set = nftnl_set_list_lookup_byname(slist, set_name);
if (set)
return set;
set = nft_set_batch_lookup_byid(ctx->h, set_id);
if (set)
return set;
}
return NULL;
}
static void nft_bridge_parse_lookup(struct nft_xt_ctx *ctx,
struct nftnl_expr *e, void *data)
{
struct xtables_match *match = NULL;
struct nft_among_data *among_data;
bool is_dst, have_ip, inv;
struct ebt_match *ematch;
struct nftnl_set *s;
size_t poff, size;
uint32_t cnt;
if (lookup_analyze_payloads(ctx, &is_dst, &have_ip))
return;
s = set_from_lookup_expr(ctx, e);
if (!s)
xtables_error(OTHER_PROBLEM,
"BUG: lookup expression references unknown set");
cnt = nftnl_set_get_u32(s, NFTNL_SET_DESC_SIZE);
for (ematch = ctx->cs->match_list; ematch; ematch = ematch->next) {
if (!ematch->ismatch || strcmp(ematch->u.match->name, "among"))
continue;
match = ematch->u.match;
among_data = (struct nft_among_data *)match->m->data;
size = cnt + among_data->src.cnt + among_data->dst.cnt;
size *= sizeof(struct nft_among_pair);
size += XT_ALIGN(sizeof(struct xt_entry_match)) +
sizeof(struct nft_among_data);
match->m = xtables_realloc(match->m, size);
break;
}
if (!match) {
match = xtables_find_match("among", XTF_TRY_LOAD,
&ctx->cs->matches);
size = cnt * sizeof(struct nft_among_pair);
size += XT_ALIGN(sizeof(struct xt_entry_match)) +
sizeof(struct nft_among_data);
match->m = xtables_calloc(1, size);
strcpy(match->m->u.user.name, match->name);
match->m->u.user.revision = match->revision;
xs_init_match(match);
if (ctx->h->ops->parse_match != NULL)
ctx->h->ops->parse_match(match, ctx->cs);
}
if (!match)
return;
match->m->u.match_size = size;
inv = !!(nftnl_expr_get_u32(e, NFTNL_EXPR_LOOKUP_FLAGS) &
NFT_LOOKUP_F_INV);
among_data = (struct nft_among_data *)match->m->data;
poff = nft_among_prepare_data(among_data, is_dst, cnt, inv, have_ip);
if (set_elems_to_among_pairs(among_data->pairs + poff, s, cnt))
xtables_error(OTHER_PROBLEM,
"ebtables among pair parsing failed");
ctx->flags &= ~(NFT_XT_CTX_PAYLOAD | NFT_XT_CTX_PREV_PAYLOAD);
}
static void parse_watcher(void *object, struct ebt_match **match_list, static void parse_watcher(void *object, struct ebt_match **match_list,
bool ismatch) bool ismatch)
{ {
...@@ -334,11 +551,12 @@ static void nft_bridge_parse_target(struct xtables_target *t, void *data) ...@@ -334,11 +551,12 @@ static void nft_bridge_parse_target(struct xtables_target *t, void *data)
cs->target = t; cs->target = t;
} }
static void nft_rule_to_ebtables_command_state(const struct nftnl_rule *r, static void nft_rule_to_ebtables_command_state(struct nft_handle *h,
const struct nftnl_rule *r,
struct iptables_command_state *cs) struct iptables_command_state *cs)
{ {
cs->eb.bitmask = EBT_NOPROTO; cs->eb.bitmask = EBT_NOPROTO;
nft_rule_to_iptables_command_state(r, cs); nft_rule_to_iptables_command_state(h, r, cs);
} }
static void print_iface(const char *option, const char *name, bool invert) static void print_iface(const char *option, const char *name, bool invert)
...@@ -422,22 +640,6 @@ static void print_protocol(uint16_t ethproto, bool invert, unsigned int bitmask) ...@@ -422,22 +640,6 @@ static void print_protocol(uint16_t ethproto, bool invert, unsigned int bitmask)
printf("%s ", ent->e_name); printf("%s ", ent->e_name);
} }
static void nft_bridge_save_counters(const void *data)
{
const char *ctr;
if (ebt_legacy_counter_fmt)
return;
ctr = getenv("EBTABLES_SAVE_COUNTER");
if (ctr) {
ebt_legacy_counter_fmt = true;
return;
}
save_counters(data);
}
static void nft_bridge_save_rule(const void *data, unsigned int format) static void nft_bridge_save_rule(const void *data, unsigned int format)
{ {
const struct iptables_command_state *cs = data; const struct iptables_command_state *cs = data;
...@@ -474,29 +676,30 @@ static void nft_bridge_save_rule(const void *data, unsigned int format) ...@@ -474,29 +676,30 @@ static void nft_bridge_save_rule(const void *data, unsigned int format)
cs->target->print(&cs->fw, cs->target->t, format & FMT_NUMERIC); cs->target->print(&cs->fw, cs->target->t, format & FMT_NUMERIC);
} }
if ((format & (FMT_NOCOUNTS | FMT_C_COUNTS)) == FMT_C_COUNTS) {
if (format & FMT_EBT_SAVE) if (format & FMT_EBT_SAVE)
printf(" -c %"PRIu64" %"PRIu64"", printf(" -c %"PRIu64" %"PRIu64"",
(uint64_t)cs->counters.pcnt, (uint64_t)cs->counters.pcnt,
(uint64_t)cs->counters.bcnt); (uint64_t)cs->counters.bcnt);
else
if (!(format & FMT_NOCOUNTS))
printf(" , pcnt = %"PRIu64" -- bcnt = %"PRIu64"", printf(" , pcnt = %"PRIu64" -- bcnt = %"PRIu64"",
(uint64_t)cs->counters.pcnt, (uint64_t)cs->counters.pcnt,
(uint64_t)cs->counters.bcnt); (uint64_t)cs->counters.bcnt);
}
if (!(format & FMT_NONEWLINE)) if (!(format & FMT_NONEWLINE))
fputc('\n', stdout); fputc('\n', stdout);
} }
static void nft_bridge_print_rule(struct nftnl_rule *r, unsigned int num, static void nft_bridge_print_rule(struct nft_handle *h, struct nftnl_rule *r,
unsigned int format) unsigned int num, unsigned int format)
{ {
struct iptables_command_state cs = {}; struct iptables_command_state cs = {};
if (format & FMT_LINENUMBERS) if (format & FMT_LINENUMBERS)
printf("%d ", num); printf("%d ", num);
nft_rule_to_ebtables_command_state(r, &cs); nft_rule_to_ebtables_command_state(h, r, &cs);
nft_bridge_save_rule(&cs, format); nft_bridge_save_rule(&cs, format);
ebt_cs_clean(&cs); ebt_cs_clean(&cs);
} }
...@@ -553,41 +756,6 @@ static bool nft_bridge_is_same(const void *data_a, const void *data_b) ...@@ -553,41 +756,6 @@ static bool nft_bridge_is_same(const void *data_a, const void *data_b)
return strcmp(a->in, b->in) == 0 && strcmp(a->out, b->out) == 0; return strcmp(a->in, b->in) == 0 && strcmp(a->out, b->out) == 0;
} }
static bool nft_bridge_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
void *data)
{
struct iptables_command_state *cs = data;
struct iptables_command_state this = {};
bool ret = false;
nft_rule_to_ebtables_command_state(r, &this);
DEBUGP("comparing with... ");
if (!nft_bridge_is_same(cs, &this))
goto out;
if (!compare_matches(cs->matches, this.matches)) {
DEBUGP("Different matches\n");
goto out;
}
if (!compare_targets(cs->target, this.target)) {
DEBUGP("Different target\n");
goto out;
}
if (cs->jumpto != NULL && strcmp(cs->jumpto, this.jumpto) != 0) {
DEBUGP("Different verdict\n");
goto out;
}
ret = true;
out:
ops->clear_cs(&this);
return ret;
}
static int xlate_ebmatches(const struct iptables_command_state *cs, struct xt_xlate *xl) static int xlate_ebmatches(const struct iptables_command_state *cs, struct xt_xlate *xl)
{ {
int ret = 1, numeric = cs->options & OPT_NUMERIC; int ret = 1, numeric = cs->options & OPT_NUMERIC;
...@@ -757,17 +925,16 @@ struct nft_family_ops nft_family_ops_bridge = { ...@@ -757,17 +925,16 @@ struct nft_family_ops nft_family_ops_bridge = {
.parse_meta = nft_bridge_parse_meta, .parse_meta = nft_bridge_parse_meta,
.parse_payload = nft_bridge_parse_payload, .parse_payload = nft_bridge_parse_payload,
.parse_immediate = nft_bridge_parse_immediate, .parse_immediate = nft_bridge_parse_immediate,
.parse_lookup = nft_bridge_parse_lookup,
.parse_match = nft_bridge_parse_match, .parse_match = nft_bridge_parse_match,
.parse_target = nft_bridge_parse_target, .parse_target = nft_bridge_parse_target,
.print_table_header = nft_bridge_print_table_header, .print_table_header = nft_bridge_print_table_header,
.print_header = nft_bridge_print_header, .print_header = nft_bridge_print_header,
.print_rule = nft_bridge_print_rule, .print_rule = nft_bridge_print_rule,
.save_rule = nft_bridge_save_rule, .save_rule = nft_bridge_save_rule,
.save_counters = nft_bridge_save_counters,
.save_chain = nft_bridge_save_chain, .save_chain = nft_bridge_save_chain,
.post_parse = NULL, .post_parse = NULL,
.rule_to_cs = nft_rule_to_ebtables_command_state, .rule_to_cs = nft_rule_to_ebtables_command_state,
.clear_cs = ebt_cs_clean, .clear_cs = ebt_cs_clean,
.rule_find = nft_bridge_rule_find,
.xlate = nft_bridge_xlate, .xlate = nft_bridge_xlate,
}; };
iptables/nft-bridge.h
View file @ 268c6aa1
...@@ -122,4 +122,60 @@ void ebt_add_watcher(struct xtables_target *watcher, ...@@ -122,4 +122,60 @@ void ebt_add_watcher(struct xtables_target *watcher,
struct iptables_command_state *cs); struct iptables_command_state *cs);
int ebt_command_default(struct iptables_command_state *cs); int ebt_command_default(struct iptables_command_state *cs);
struct nft_among_pair {
struct ether_addr ether;
struct in_addr in __attribute__((aligned (4)));
};
struct nft_among_data {
struct {
size_t cnt;
bool inv;
bool ip;
} src, dst;
/* first source, then dest pairs */
struct nft_among_pair pairs[0];
};
/* initialize fields, return offset into pairs array to write pairs to */
static inline size_t
nft_among_prepare_data(struct nft_among_data *data, bool dst,
size_t cnt, bool inv, bool ip)
{
size_t poff;
if (dst) {
data->dst.cnt = cnt;
data->dst.inv = inv;
data->dst.ip = ip;
poff = data->src.cnt;
} else {
data->src.cnt = cnt;
data->src.inv = inv;
data->src.ip = ip;
poff = 0;
memmove(data->pairs + cnt, data->pairs,
data->dst.cnt * sizeof(*data->pairs));
}
return poff;
}
static inline void
nft_among_insert_pair(struct nft_among_pair *pairs,
size_t *pcount, const struct nft_among_pair *new)
{
int i;
/* nftables automatically sorts set elements from smallest to largest,
* insert sorted so extension comparison works */
for (i = 0; i < *pcount; i++) {
if (memcmp(new, &pairs[i], sizeof(*new)) < 0)
break;
}
memmove(&pairs[i + 1], &pairs[i], sizeof(*pairs) * (*pcount - i));
memcpy(&pairs[i], new, sizeof(*new));
(*pcount)++;
}
#endif #endif
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment