Skip to content

GitLab

Commit 712749e7 authored by Arturo Borrero Gonzalez's avatar Arturo Borrero Gonzalez
Browse files

Update upstream source from tag 'upstream/1.8.5' 

Update to upstream version '1.8.5'
with Debian dir 8a97bace31de0bf6fa044da123d7fa2e84e9f6aa
parents 214468ea eb1d7c5f
Hide whitespace changes
Inline Side-by-side
iptables/tests/shell/testcases/nft-only/0002invflags_0
View file @ 712749e7
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
set -e set -e
[[ $XT_MULTI == */xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; } [[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
$XT_MULTI iptables -A INPUT -p tcp --dport 53 ! -s 192.168.0.1 -j ACCEPT $XT_MULTI iptables -A INPUT -p tcp --dport 53 ! -s 192.168.0.1 -j ACCEPT
$XT_MULTI ip6tables -A INPUT -p tcp --dport 53 ! -s feed:babe::1 -j ACCEPT $XT_MULTI ip6tables -A INPUT -p tcp --dport 53 ! -s feed:babe::1 -j ACCEPT
......
iptables/tests/shell/testcases/nft-only/0003delete-with-comment_0
View file @ 712749e7
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
set -e set -e
[[ $XT_MULTI == */xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; } [[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
comment1="foo bar" comment1="foo bar"
comment2="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" comment2="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
......
iptables/tests/shell/testcases/nft-only/0006-policy-override_0 0 → 100755
View file @ 712749e7
#!/bin/bash
[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
# make sure none of the commands invoking nft_xt_builtin_init() override
# non-default chain policies via needless chain add.
RC=0
do_test() {
$XT_MULTI $@
$XT_MULTI iptables -S | grep -q -- '-P FORWARD DROP' && return
echo "command '$@' kills chain policies"
$XT_MULTI iptables -P FORWARD DROP
RC=1
}
$XT_MULTI iptables -P FORWARD DROP
do_test iptables -A OUTPUT -j ACCEPT
do_test iptables -F
do_test iptables -N foo
do_test iptables -E foo foo2
do_test iptables -I OUTPUT -j ACCEPT
do_test iptables -nL
do_test iptables -S
exit $RC
iptables/xshared.c
View file @ 712749e7
...@@ -495,7 +495,6 @@ void add_param_to_argv(struct argv_store *store, char *parsestart, int line) ...@@ -495,7 +495,6 @@ void add_param_to_argv(struct argv_store *store, char *parsestart, int line)
continue; continue;
} else if (*curchar == '"') { } else if (*curchar == '"') {
quote_open = 0; quote_open = 0;
*curchar = '"';
} else { } else {
add_param(&param, curchar); add_param(&param, curchar);
continue; continue;
......
iptables/xshared.h
View file @ 712749e7
...@@ -6,6 +6,7 @@ ...@@ -6,6 +6,7 @@
#include <stdint.h> #include <stdint.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <net/if.h> #include <net/if.h>
#include <sys/time.h>
#include <linux/netfilter_arp/arp_tables.h> #include <linux/netfilter_arp/arp_tables.h>
#include <linux/netfilter_ipv4/ip_tables.h> #include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv6/ip6_tables.h> #include <linux/netfilter_ipv6/ip6_tables.h>
......
iptables/xtables-arp-standalone.c
View file @ 712749e7
...@@ -56,6 +56,7 @@ int xtables_arp_main(int argc, char *argv[]) ...@@ -56,6 +56,7 @@ int xtables_arp_main(int argc, char *argv[])
ret = nft_commit(&h); ret = nft_commit(&h);
nft_fini(&h); nft_fini(&h);
xtables_fini();
if (!ret) if (!ret)
fprintf(stderr, "arptables: %s\n", nft_strerror(errno)); fprintf(stderr, "arptables: %s\n", nft_strerror(errno));
......
iptables/xtables-arp.c
View file @ 712749e7
...@@ -235,7 +235,7 @@ exit_tryhelp(int status) ...@@ -235,7 +235,7 @@ exit_tryhelp(int status)
} }
static void static void
exit_printhelp(void) printhelp(void)
{ {
struct xtables_target *t = NULL; struct xtables_target *t = NULL;
int i; int i;
...@@ -325,7 +325,6 @@ exit_printhelp(void) ...@@ -325,7 +325,6 @@ exit_printhelp(void)
printf("\n"); printf("\n");
t->help(); t->help();
} }
exit(0);
} }
static char static char
...@@ -400,7 +399,7 @@ list_entries(struct nft_handle *h, const char *chain, const char *table, ...@@ -400,7 +399,7 @@ list_entries(struct nft_handle *h, const char *chain, const char *table,
if (linenumbers) if (linenumbers)
format |= FMT_LINENUMBERS; format |= FMT_LINENUMBERS;
return nft_rule_list(h, chain, table, rulenum, format); return nft_cmd_rule_list(h, chain, table, rulenum, format);
} }
static int static int
...@@ -427,10 +426,10 @@ append_entry(struct nft_handle *h, ...@@ -427,10 +426,10 @@ append_entry(struct nft_handle *h,
cs->arp.arp.tgt.s_addr = daddrs[j].s_addr; cs->arp.arp.tgt.s_addr = daddrs[j].s_addr;
cs->arp.arp.tmsk.s_addr = dmasks[j].s_addr; cs->arp.arp.tmsk.s_addr = dmasks[j].s_addr;
if (append) { if (append) {
ret = nft_rule_append(h, chain, table, cs, NULL, ret = nft_cmd_rule_append(h, chain, table, cs, NULL,
verbose); verbose);
} else { } else {
ret = nft_rule_insert(h, chain, table, cs, ret = nft_cmd_rule_insert(h, chain, table, cs,
rulenum, verbose); rulenum, verbose);
} }
} }
...@@ -455,7 +454,7 @@ replace_entry(const char *chain, ...@@ -455,7 +454,7 @@ replace_entry(const char *chain,
cs->arp.arp.smsk.s_addr = smask->s_addr; cs->arp.arp.smsk.s_addr = smask->s_addr;
cs->arp.arp.tmsk.s_addr = dmask->s_addr; cs->arp.arp.tmsk.s_addr = dmask->s_addr;
return nft_rule_replace(h, chain, table, cs, rulenum, verbose); return nft_cmd_rule_replace(h, chain, table, cs, rulenum, verbose);
} }
static int static int
...@@ -479,7 +478,7 @@ delete_entry(const char *chain, ...@@ -479,7 +478,7 @@ delete_entry(const char *chain,
for (j = 0; j < ndaddrs; j++) { for (j = 0; j < ndaddrs; j++) {
cs->arp.arp.tgt.s_addr = daddrs[j].s_addr; cs->arp.arp.tgt.s_addr = daddrs[j].s_addr;
cs->arp.arp.tmsk.s_addr = dmasks[j].s_addr; cs->arp.arp.tmsk.s_addr = dmasks[j].s_addr;
ret = nft_rule_delete(h, chain, table, cs, verbose); ret = nft_cmd_rule_delete(h, chain, table, cs, verbose);
} }
} }
...@@ -500,17 +499,10 @@ int nft_init_arp(struct nft_handle *h, const char *pname) ...@@ -500,17 +499,10 @@ int nft_init_arp(struct nft_handle *h, const char *pname)
init_extensionsa(); init_extensionsa();
#endif #endif
memset(h, 0, sizeof(*h)); if (nft_init(h, NFPROTO_ARP, xtables_arp) < 0)
h->family = NFPROTO_ARP;
if (nft_init(h, xtables_arp) < 0)
xtables_error(OTHER_PROBLEM, xtables_error(OTHER_PROBLEM,
"Could not initialize nftables layer."); "Could not initialize nftables layer.");
h->ops = nft_family_ops_lookup(h->family);
if (h->ops == NULL)
xtables_error(PARAMETER_PROBLEM, "Unknown family");
return 0; return 0;
} }
...@@ -673,7 +665,8 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -673,7 +665,8 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
if (!optarg) if (!optarg)
optarg = argv[optind]; optarg = argv[optind];
exit_printhelp(); printhelp();
command = CMD_NONE;
break; break;
case 's': case 's':
check_inverse(optarg, &invert, &optind, argc); check_inverse(optarg, &invert, &optind, argc);
...@@ -888,8 +881,6 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -888,8 +881,6 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
if (optind < argc) if (optind < argc)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"unknown arguments found on commandline"); "unknown arguments found on commandline");
if (!command)
xtables_error(PARAMETER_PROBLEM, "no command specified");
if (invert) if (invert)
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"nothing appropriate following !"); "nothing appropriate following !");
...@@ -962,7 +953,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -962,7 +953,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
options&OPT_VERBOSE, h); options&OPT_VERBOSE, h);
break; break;
case CMD_DELETE_NUM: case CMD_DELETE_NUM:
ret = nft_rule_delete_num(h, chain, *table, rulenum - 1, verbose); ret = nft_cmd_rule_delete_num(h, chain, *table, rulenum - 1, verbose);
break; break;
case CMD_REPLACE: case CMD_REPLACE:
ret = replace_entry(chain, *table, &cs, rulenum - 1, ret = replace_entry(chain, *table, &cs, rulenum - 1,
...@@ -984,10 +975,10 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -984,10 +975,10 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
options&OPT_LINENUMBERS); options&OPT_LINENUMBERS);
break; break;
case CMD_FLUSH: case CMD_FLUSH:
ret = nft_rule_flush(h, chain, *table, options & OPT_VERBOSE); ret = nft_cmd_rule_flush(h, chain, *table, options & OPT_VERBOSE);
break; break;
case CMD_ZERO: case CMD_ZERO:
ret = nft_chain_zero_counters(h, chain, *table, ret = nft_cmd_chain_zero_counters(h, chain, *table,
options & OPT_VERBOSE); options & OPT_VERBOSE);
break; break;
case CMD_LIST|CMD_ZERO: case CMD_LIST|CMD_ZERO:
...@@ -997,25 +988,27 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -997,25 +988,27 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
/*options&OPT_EXPANDED*/0, /*options&OPT_EXPANDED*/0,
options&OPT_LINENUMBERS); options&OPT_LINENUMBERS);
if (ret) if (ret)
ret = nft_chain_zero_counters(h, chain, *table, ret = nft_cmd_chain_zero_counters(h, chain, *table,
options & OPT_VERBOSE); options & OPT_VERBOSE);
break; break;
case CMD_NEW_CHAIN: case CMD_NEW_CHAIN:
ret = nft_chain_user_add(h, chain, *table); ret = nft_cmd_chain_user_add(h, chain, *table);
break; break;
case CMD_DELETE_CHAIN: case CMD_DELETE_CHAIN:
ret = nft_chain_user_del(h, chain, *table, ret = nft_cmd_chain_user_del(h, chain, *table,
options & OPT_VERBOSE); options & OPT_VERBOSE);
break; break;
case CMD_RENAME_CHAIN: case CMD_RENAME_CHAIN:
ret = nft_chain_user_rename(h, chain, *table, newname); ret = nft_cmd_chain_user_rename(h, chain, *table, newname);
break; break;
case CMD_SET_POLICY: case CMD_SET_POLICY:
ret = nft_chain_set(h, *table, chain, policy, NULL); ret = nft_cmd_chain_set(h, *table, chain, policy, NULL);
if (ret < 0) if (ret < 0)
xtables_error(PARAMETER_PROBLEM, "Wrong policy `%s'\n", xtables_error(PARAMETER_PROBLEM, "Wrong policy `%s'\n",
policy); policy);
break; break;
case CMD_NONE:
break;
default: default:
/* We should never reach this... */ /* We should never reach this... */
exit_tryhelp(2); exit_tryhelp(2);
...@@ -1026,9 +1019,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -1026,9 +1019,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
free(daddrs); free(daddrs);
free(dmasks); free(dmasks);
if (cs.target) nft_clear_iptables_command_state(&cs);
free(cs.target->t);
xtables_free_opts(1); xtables_free_opts(1);
/* if (verbose > 1) /* if (verbose > 1)
......
iptables/xtables-eb-standalone.c
View file @ 712749e7
...@@ -53,6 +53,8 @@ int xtables_eb_main(int argc, char *argv[]) ...@@ -53,6 +53,8 @@ int xtables_eb_main(int argc, char *argv[])
if (ret) if (ret)
ret = nft_bridge_commit(&h); ret = nft_bridge_commit(&h);
nft_fini_eb(&h);
if (!ret) if (!ret)
fprintf(stderr, "ebtables: %s\n", nft_strerror(errno)); fprintf(stderr, "ebtables: %s\n", nft_strerror(errno));
......
iptables/xtables-eb.c
View file @ 712749e7
...@@ -150,9 +150,9 @@ append_entry(struct nft_handle *h, ...@@ -150,9 +150,9 @@ append_entry(struct nft_handle *h,
int ret = 1; int ret = 1;
if (append) if (append)
ret = nft_rule_append(h, chain, table, cs, NULL, verbose); ret = nft_cmd_rule_append(h, chain, table, cs, NULL, verbose);
else else
ret = nft_rule_insert(h, chain, table, cs, rule_nr, verbose); ret = nft_cmd_rule_insert(h, chain, table, cs, rule_nr, verbose);
return ret; return ret;
} }
...@@ -169,10 +169,10 @@ delete_entry(struct nft_handle *h, ...@@ -169,10 +169,10 @@ delete_entry(struct nft_handle *h,
int ret = 1; int ret = 1;
if (rule_nr == -1) if (rule_nr == -1)
ret = nft_rule_delete(h, chain, table, cs, verbose); ret = nft_cmd_rule_delete(h, chain, table, cs, verbose);
else { else {
do { do {
ret = nft_rule_delete_num(h, chain, table, ret = nft_cmd_rule_delete_num(h, chain, table,
rule_nr, verbose); rule_nr, verbose);
rule_nr++; rule_nr++;
} while (rule_nr < rule_nr_end); } while (rule_nr < rule_nr_end);
...@@ -427,7 +427,7 @@ static int list_rules(struct nft_handle *h, const char *chain, const char *table ...@@ -427,7 +427,7 @@ static int list_rules(struct nft_handle *h, const char *chain, const char *table
if (!counters) if (!counters)
format |= FMT_NOCOUNTS; format |= FMT_NOCOUNTS;
return nft_rule_list(h, chain, table, rule_nr, format); return nft_cmd_rule_list(h, chain, table, rule_nr, format);
} }
static int parse_rule_range(const char *argv, int *rule_nr, int *rule_nr_end) static int parse_rule_range(const char *argv, int *rule_nr, int *rule_nr_end)
...@@ -739,16 +739,9 @@ int nft_init_eb(struct nft_handle *h, const char *pname) ...@@ -739,16 +739,9 @@ int nft_init_eb(struct nft_handle *h, const char *pname)
init_extensionsb(); init_extensionsb();
#endif #endif
memset(h, 0, sizeof(*h)); if (nft_init(h, NFPROTO_BRIDGE, xtables_bridge) < 0)
h->family = NFPROTO_BRIDGE;
if (nft_init(h, xtables_bridge) < 0)
xtables_error(OTHER_PROBLEM, xtables_error(OTHER_PROBLEM,
"Could not initialize nftables layer."); "Could not initialize nftables layer.");
h->ops = nft_family_ops_lookup(h->family);
if (!h->ops)
xtables_error(PARAMETER_PROBLEM, "Unknown family");
/* manually registering ebt matches, given the original ebtables parser /* manually registering ebt matches, given the original ebtables parser
* don't use '-m matchname' and the match can't be loaded dynamically when * don't use '-m matchname' and the match can't be loaded dynamically when
...@@ -759,6 +752,24 @@ int nft_init_eb(struct nft_handle *h, const char *pname) ...@@ -759,6 +752,24 @@ int nft_init_eb(struct nft_handle *h, const char *pname)
return 0; return 0;
} }
void nft_fini_eb(struct nft_handle *h)
{
struct xtables_match *match;
struct xtables_target *target;
for (match = xtables_matches; match; match = match->next) {
free(match->m);
}
for (target = xtables_targets; target; target = target->next) {
free(target->t);
}
free(opts);
nft_fini(h);
xtables_fini();
}
int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
bool restore) bool restore)
{ {
...@@ -820,7 +831,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -820,7 +831,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
flags |= OPT_COMMAND; flags |= OPT_COMMAND;
if (c == 'N') { if (c == 'N') {
ret = nft_chain_user_add(h, chain, *table); ret = nft_cmd_chain_user_add(h, chain, *table);
break; break;
} else if (c == 'X') { } else if (c == 'X') {
/* X arg is optional, optarg is NULL */ /* X arg is optional, optarg is NULL */
...@@ -828,7 +839,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -828,7 +839,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
chain = argv[optind]; chain = argv[optind];
optind++; optind++;
} }
ret = nft_chain_user_del(h, chain, *table, 0); ret = nft_cmd_chain_user_del(h, chain, *table, 0);
break; break;
} }
...@@ -842,7 +853,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -842,7 +853,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
else if (strchr(argv[optind], ' ') != NULL) else if (strchr(argv[optind], ' ') != NULL)
xtables_error(PARAMETER_PROBLEM, "Use of ' ' not allowed in chain names"); xtables_error(PARAMETER_PROBLEM, "Use of ' ' not allowed in chain names");
ret = nft_chain_user_rename(h, chain, *table, ret = nft_cmd_chain_user_rename(h, chain, *table,
argv[optind]); argv[optind]);
if (ret != 0 && errno == ENOENT) if (ret != 0 && errno == ENOENT)
xtables_error(PARAMETER_PROBLEM, "Chain '%s' doesn't exists", chain); xtables_error(PARAMETER_PROBLEM, "Chain '%s' doesn't exists", chain);
...@@ -1144,7 +1155,7 @@ print_zero: ...@@ -1144,7 +1155,7 @@ print_zero:
/*case 7 :*/ /* atomic-init */ /*case 7 :*/ /* atomic-init */
/*case 10:*/ /* atomic-save */ /*case 10:*/ /* atomic-save */
case 11: /* init-table */ case 11: /* init-table */
nft_table_flush(h, *table); nft_cmd_table_flush(h, *table);
return 1; return 1;
/* /*
replace->command = c; replace->command = c;
...@@ -1207,7 +1218,7 @@ print_zero: ...@@ -1207,7 +1218,7 @@ print_zero:
if (command == 'h' && !(flags & OPT_ZERO)) { if (command == 'h' && !(flags & OPT_ZERO)) {
print_help(cs.target, cs.matches, *table); print_help(cs.target, cs.matches, *table);
exit(0); ret = 1;
} }
/* Do the final checks */ /* Do the final checks */
...@@ -1232,13 +1243,13 @@ print_zero: ...@@ -1232,13 +1243,13 @@ print_zero:
if (command == 'P') { if (command == 'P') {
if (selected_chain >= NF_BR_NUMHOOKS) { if (selected_chain >= NF_BR_NUMHOOKS) {
ret = ebt_set_user_chain_policy(h, *table, chain, policy); ret = ebt_cmd_user_chain_policy(h, *table, chain, policy);
} else { } else {
if (strcmp(policy, "RETURN") == 0) { if (strcmp(policy, "RETURN") == 0) {
xtables_error(PARAMETER_PROBLEM, xtables_error(PARAMETER_PROBLEM,
"Policy RETURN only allowed for user defined chains"); "Policy RETURN only allowed for user defined chains");
} }
ret = nft_chain_set(h, *table, chain, policy, NULL); ret = nft_cmd_chain_set(h, *table, chain, policy, NULL);
if (ret < 0) if (ret < 0)
xtables_error(PARAMETER_PROBLEM, "Wrong policy"); xtables_error(PARAMETER_PROBLEM, "Wrong policy");
} }
...@@ -1251,9 +1262,9 @@ print_zero: ...@@ -1251,9 +1262,9 @@ print_zero:
flags&LIST_C); flags&LIST_C);
} }
if (flags & OPT_ZERO) { if (flags & OPT_ZERO) {
ret = nft_chain_zero_counters(h, chain, *table, 0); ret = nft_cmd_chain_zero_counters(h, chain, *table, 0);
} else if (command == 'F') { } else if (command == 'F') {
ret = nft_rule_flush(h, chain, *table, 0); ret = nft_cmd_rule_flush(h, chain, *table, 0);
} else if (command == 'A') { } else if (command == 'A') {
ret = append_entry(h, chain, *table, &cs, 0, 0, true); ret = append_entry(h, chain, *table, &cs, 0, 0, true);
} else if (command == 'I') { } else if (command == 'I') {
......
iptables/xtables-monitor.c
View file @ 712749e7
...@@ -615,7 +615,7 @@ int xtables_monitor_main(int argc, char *argv[]) ...@@ -615,7 +615,7 @@ int xtables_monitor_main(int argc, char *argv[])
init_extensions4(); init_extensions4();
#endif #endif
if (nft_init(&h, xtables_ipv4)) { if (nft_init(&h, AF_INET, xtables_ipv4)) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name, xtables_globals.program_name,
xtables_globals.program_version, xtables_globals.program_version,
...@@ -688,6 +688,8 @@ int xtables_monitor_main(int argc, char *argv[]) ...@@ -688,6 +688,8 @@ int xtables_monitor_main(int argc, char *argv[])
} }
mnl_socket_close(nl); mnl_socket_close(nl);
xtables_fini();
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }
iptables/xtables-restore.c
View file @ 712749e7
...@@ -61,11 +61,11 @@ static void print_usage(const char *name, const char *version) ...@@ -61,11 +61,11 @@ static void print_usage(const char *name, const char *version)
static const struct nft_xt_restore_cb restore_cb = { static const struct nft_xt_restore_cb restore_cb = {
.commit = nft_commit, .commit = nft_commit,
.abort = nft_abort, .abort = nft_abort,
.table_new = nft_table_new, .table_new = nft_cmd_table_new,
.table_flush = nft_table_flush, .table_flush = nft_cmd_table_flush,
.do_command = do_commandx, .do_command = do_commandx,
.chain_set = nft_chain_set, .chain_set = nft_cmd_chain_set,
.chain_restore = nft_chain_restore, .chain_restore = nft_cmd_chain_restore,
}; };
struct nft_xt_restore_state { struct nft_xt_restore_state {
...@@ -85,8 +85,10 @@ static void xtables_restore_parse_line(struct nft_handle *h, ...@@ -85,8 +85,10 @@ static void xtables_restore_parse_line(struct nft_handle *h,
if (buffer[0] == '\n') if (buffer[0] == '\n')
return; return;
else if (buffer[0] == '#') { else if (buffer[0] == '#') {
if (verbose) if (verbose) {
fputs(buffer, stdout); fputs(buffer, stdout);
fflush(stdout);
}
return; return;
} else if (state->in_table && } else if (state->in_table &&
(strncmp(buffer, "COMMIT", 6) == 0) && (strncmp(buffer, "COMMIT", 6) == 0) &&
...@@ -126,6 +128,10 @@ static void xtables_restore_parse_line(struct nft_handle *h, ...@@ -126,6 +128,10 @@ static void xtables_restore_parse_line(struct nft_handle *h,
if (p->tablename && (strcmp(p->tablename, table) != 0)) if (p->tablename && (strcmp(p->tablename, table) != 0))
return; return;
/* implicit commit if no explicit COMMIT supported */
if (!p->commit)
cb->commit(h);
if (h->noflush == 0) { if (h->noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n", table); DEBUGP("Cleaning all chains of table '%s'\n", table);
if (cb->table_flush) if (cb->table_flush)
...@@ -189,7 +195,7 @@ static void xtables_restore_parse_line(struct nft_handle *h, ...@@ -189,7 +195,7 @@ static void xtables_restore_parse_line(struct nft_handle *h,
"cannot create chain '%s' (%s)\n", "cannot create chain '%s' (%s)\n",
chain, strerror(errno)); chain, strerror(errno));
} else if (h->family == NFPROTO_BRIDGE && } else if (h->family == NFPROTO_BRIDGE &&
!ebt_set_user_chain_policy(h, state->curtable->name, !ebt_cmd_user_chain_policy(h, state->curtable->name,
chain, policy)) { chain, policy)) {
xtables_error(OTHER_PROBLEM, xtables_error(OTHER_PROBLEM,
"Can't set policy `%s' on `%s' line %u: %s\n", "Can't set policy `%s' on `%s' line %u: %s\n",
...@@ -248,95 +254,16 @@ static void xtables_restore_parse_line(struct nft_handle *h, ...@@ -248,95 +254,16 @@ static void xtables_restore_parse_line(struct nft_handle *h,
} }
} }
/* Return true if given iptables-restore line will require a full cache.
* Typically these are commands referring to an existing rule
* (either by number or content) or commands listing the ruleset. */
static bool cmd_needs_full_cache(char *cmd)
{
char c, chain[32];
int rulenum, mcount;
mcount = sscanf(cmd, "-%c %31s %d", &c, chain, &rulenum);
if (mcount == 3)
return true;
if (mcount < 1)
return false;
switch (c) {
case 'D':
case 'C':
case 'S':
case 'L':
case 'Z':
return true;
}
return false;
}
#define PREBUFSIZ 65536
void xtables_restore_parse(struct nft_handle *h, void xtables_restore_parse(struct nft_handle *h,
const struct nft_xt_restore_parse *p) const struct nft_xt_restore_parse *p)
{ {
struct nft_xt_restore_state state = {}; struct nft_xt_restore_state state = {};
char preload_buffer[PREBUFSIZ] = {}, buffer[10240], *ptr; char buffer[10240] = {};
if (!h->noflush) { if (!h->noflush)
nft_fake_cache(h); nft_cache_level_set(h, NFT_CL_FAKE, NULL);
} else {
ssize_t pblen = sizeof(preload_buffer);
bool do_cache = false;
ptr = preload_buffer;
while (fgets(buffer, sizeof(buffer), p->in)) {
size_t blen = strlen(buffer);
/* drop trailing newline; xtables_restore_parse_line()
* uses strtok() which replaces them by nul-characters,
* causing unpredictable string delimiting in
* preload_buffer */
if (buffer[blen - 1] == '\n')
buffer[blen - 1] = '\0';
else
blen++;
pblen -= blen;
if (pblen <= 0) {
/* buffer exhausted */
do_cache = true;
break;
}
if (cmd_needs_full_cache(buffer)) {
do_cache = true;
break;
}
/* copy string including terminating nul-char */
memcpy(ptr, buffer, blen);
ptr += blen;
buffer[0] = '\0';
}
if (do_cache)
nft_build_cache(h, NULL);
}
line = 0; line = 0;
ptr = preload_buffer;
while (*ptr) {
h->error.lineno = ++line;
DEBUGP("%s: buffered line %d: '%s'\n", __func__, line, ptr);
xtables_restore_parse_line(h, p, &state, ptr);
ptr += strlen(ptr) + 1;
}
if (*buffer) {
h->error.lineno = ++line;
DEBUGP("%s: overrun line %d: '%s'\n", __func__, line, buffer);
xtables_restore_parse_line(h, p, &state, buffer);
}
while (fgets(buffer, sizeof(buffer), p->in)) { while (fgets(buffer, sizeof(buffer), p->in)) {
h->error.lineno = ++line; h->error.lineno = ++line;
DEBUGP("%s: input line %d: '%s'\n", __func__, line, buffer); DEBUGP("%s: input line %d: '%s'\n", __func__, line, buffer);
...@@ -356,15 +283,13 @@ static int ...@@ -356,15 +283,13 @@ static int
xtables_restore_main(int family, const char *progname, int argc, char *argv[]) xtables_restore_main(int family, const char *progname, int argc, char *argv[])
{ {
const struct builtin_table *tables; const struct builtin_table *tables;
struct nft_handle h = {
.family = family,
.restore = true,
};
int c;
struct nft_xt_restore_parse p = { struct nft_xt_restore_parse p = {
.commit = true, .commit = true,
.cb = &restore_cb, .cb = &restore_cb,
}; };
bool noflush = false;
struct nft_handle h;
int c;
line = 0; line = 0;
...@@ -377,7 +302,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) ...@@ -377,7 +302,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
exit(1); exit(1);
} }
while ((c = getopt_long(argc, argv, "bcvVthnM:T:46wW", options, NULL)) != -1) { while ((c = getopt_long(argc, argv, "bcvVthnM:T:wW", options, NULL)) != -1) {
switch (c) { switch (c) {
case 'b': case 'b':
fprintf(stderr, "-b/--binary option is not implemented\n"); fprintf(stderr, "-b/--binary option is not implemented\n");
...@@ -398,7 +323,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) ...@@ -398,7 +323,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
print_usage(prog_name, PACKAGE_VERSION); print_usage(prog_name, PACKAGE_VERSION);
exit(0); exit(0);
case 'n': case 'n':
h.noflush = 1; noflush = true;
break; break;
case 'M': case 'M':
xtables_modprobe_program = optarg; xtables_modprobe_program = optarg;
...@@ -406,13 +331,6 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) ...@@ -406,13 +331,6 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
case 'T': case 'T':
p.tablename = optarg; p.tablename = optarg;
break; break;
case '4':
h.family = AF_INET;
break;
case '6':
h.family = AF_INET6;
xtables_set_nfproto(AF_INET6);
break;
case 'w': /* fallthrough. Ignored by xt-restore */ case 'w': /* fallthrough. Ignored by xt-restore */
case 'W': case 'W':
if (!optarg && xs_has_arg(argc, argv)) if (!optarg && xs_has_arg(argc, argv))
...@@ -460,17 +378,20 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) ...@@ -460,17 +378,20 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
return 1; return 1;
} }
if (nft_init(&h, tables) < 0) { if (nft_init(&h, family, tables) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name, xtables_globals.program_name,
xtables_globals.program_version, xtables_globals.program_version,
strerror(errno)); strerror(errno));
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
h.noflush = noflush;
h.restore = true;
xtables_restore_parse(&h, &p); xtables_restore_parse(&h, &p);
nft_fini(&h); nft_fini(&h);
xtables_fini();
fclose(p.in); fclose(p.in);
return 0; return 0;
} }
...@@ -487,20 +408,13 @@ int xtables_ip6_restore_main(int argc, char *argv[]) ...@@ -487,20 +408,13 @@ int xtables_ip6_restore_main(int argc, char *argv[])
argc, argv); argc, argv);
} }
static int ebt_table_flush(struct nft_handle *h, const char *table)
{
/* drop any pending policy rule add/removal jobs */
nft_abort_policy_rule(h, table);
return nft_table_flush(h, table);
}
static const struct nft_xt_restore_cb ebt_restore_cb = { static const struct nft_xt_restore_cb ebt_restore_cb = {
.commit = nft_bridge_commit, .commit = nft_bridge_commit,
.table_new = nft_table_new, .table_new = nft_cmd_table_new,
.table_flush = ebt_table_flush, .table_flush = nft_cmd_table_flush,
.do_command = do_commandeb, .do_command = do_commandeb,
.chain_set = nft_chain_set, .chain_set = nft_cmd_chain_set,
.chain_restore = nft_chain_restore, .chain_restore = nft_cmd_chain_restore,
}; };
static const struct option ebt_restore_options[] = { static const struct option ebt_restore_options[] = {
...@@ -535,18 +449,18 @@ int xtables_eb_restore_main(int argc, char *argv[]) ...@@ -535,18 +449,18 @@ int xtables_eb_restore_main(int argc, char *argv[])
nft_init_eb(&h, "ebtables-restore"); nft_init_eb(&h, "ebtables-restore");
h.noflush = noflush; h.noflush = noflush;
xtables_restore_parse(&h, &p); xtables_restore_parse(&h, &p);
nft_fini(&h); nft_fini_eb(&h);
return 0; return 0;
} }
static const struct nft_xt_restore_cb arp_restore_cb = { static const struct nft_xt_restore_cb arp_restore_cb = {
.commit = nft_commit, .commit = nft_commit,
.table_new = nft_table_new, .table_new = nft_cmd_table_new,
.table_flush = nft_table_flush, .table_flush = nft_cmd_table_flush,
.do_command = do_commandarp, .do_command = do_commandarp,
.chain_set = nft_chain_set, .chain_set = nft_cmd_chain_set,
.chain_restore = nft_chain_restore, .chain_restore = nft_cmd_chain_restore,
}; };
int xtables_arp_restore_main(int argc, char *argv[]) int xtables_arp_restore_main(int argc, char *argv[])
...@@ -560,6 +474,7 @@ int xtables_arp_restore_main(int argc, char *argv[]) ...@@ -560,6 +474,7 @@ int xtables_arp_restore_main(int argc, char *argv[])
nft_init_arp(&h, "arptables-restore"); nft_init_arp(&h, "arptables-restore");
xtables_restore_parse(&h, &p); xtables_restore_parse(&h, &p);
nft_fini(&h); nft_fini(&h);
xtables_fini();
return 0; return 0;
} }
iptables/xtables-save.c
View file @ 712749e7
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
#define prog_name xtables_globals.program_name #define prog_name xtables_globals.program_name
#define prog_vers xtables_globals.program_version #define prog_vers xtables_globals.program_version
static const char *ipt_save_optstring = "bcdt:M:f:46V"; static const char *ipt_save_optstring = "bcdt:M:f:V";
static const struct option ipt_save_options[] = { static const struct option ipt_save_options[] = {
{.name = "counters", .has_arg = false, .val = 'c'}, {.name = "counters", .has_arg = false, .val = 'c'},
{.name = "version", .has_arg = false, .val = 'V'}, {.name = "version", .has_arg = false, .val = 'V'},
...@@ -40,8 +40,6 @@ static const struct option ipt_save_options[] = { ...@@ -40,8 +40,6 @@ static const struct option ipt_save_options[] = {
{.name = "table", .has_arg = true, .val = 't'}, {.name = "table", .has_arg = true, .val = 't'},
{.name = "modprobe", .has_arg = true, .val = 'M'}, {.name = "modprobe", .has_arg = true, .val = 'M'},
{.name = "file", .has_arg = true, .val = 'f'}, {.name = "file", .has_arg = true, .val = 'f'},
{.name = "ipv4", .has_arg = false, .val = '4'},
{.name = "ipv6", .has_arg = false, .val = '6'},
{NULL}, {NULL},
}; };
...@@ -139,10 +137,8 @@ xtables_save_main(int family, int argc, char *argv[], ...@@ -139,10 +137,8 @@ xtables_save_main(int family, int argc, char *argv[],
struct do_output_data d = { struct do_output_data d = {
.format = FMT_NOCOUNTS, .format = FMT_NOCOUNTS,
}; };
struct nft_handle h;
bool dump = false; bool dump = false;
struct nft_handle h = {
.family = family,
};
FILE *file = NULL; FILE *file = NULL;
int ret, c; int ret, c;
...@@ -189,13 +185,6 @@ xtables_save_main(int family, int argc, char *argv[], ...@@ -189,13 +185,6 @@ xtables_save_main(int family, int argc, char *argv[],
case 'd': case 'd':
dump = true; dump = true;
break; break;
case '4':
h.family = AF_INET;
break;
case '6':
h.family = AF_INET6;
xtables_set_nfproto(AF_INET6);
break;
case 'V': case 'V':
printf("%s v%s (nf_tables)\n", prog_name, prog_vers); printf("%s v%s (nf_tables)\n", prog_name, prog_vers);
exit(0); exit(0);
...@@ -242,19 +231,20 @@ xtables_save_main(int family, int argc, char *argv[], ...@@ -242,19 +231,20 @@ xtables_save_main(int family, int argc, char *argv[],
return 1; return 1;
} }
if (nft_init(&h, tables) < 0) { if (nft_init(&h, family, tables) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name, xtables_globals.program_name,
xtables_globals.program_version, xtables_globals.program_version,
strerror(errno)); strerror(errno));
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
h.ops = nft_family_ops_lookup(h.family);
if (!h.ops) nft_cache_level_set(&h, NFT_CL_RULES, NULL);
xtables_error(PARAMETER_PROBLEM, "Unknown family"); nft_cache_build(&h);
ret = do_output(&h, tablename, &d); ret = do_output(&h, tablename, &d);
nft_fini(&h); nft_fini(&h);
xtables_fini();
if (dump) if (dump)
exit(0); exit(0);
......
iptables/xtables-standalone.c
View file @ 712749e7
...@@ -44,9 +44,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[]) ...@@ -44,9 +44,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
{ {
int ret; int ret;
char *table = "filter"; char *table = "filter";
struct nft_handle h = { struct nft_handle h;
.family = family,
};
xtables_globals.program_name = progname; xtables_globals.program_name = progname;
ret = xtables_init_all(&xtables_globals, family); ret = xtables_init_all(&xtables_globals, family);
...@@ -61,7 +59,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[]) ...@@ -61,7 +59,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
init_extensions4(); init_extensions4();
#endif #endif
if (nft_init(&h, xtables_ipv4) < 0) { if (nft_init(&h, family, xtables_ipv4) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name, xtables_globals.program_name,
xtables_globals.program_version, xtables_globals.program_version,
...@@ -74,6 +72,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[]) ...@@ -74,6 +72,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
ret = nft_commit(&h); ret = nft_commit(&h);
nft_fini(&h); nft_fini(&h);
xtables_fini();
if (!ret) { if (!ret) {
if (errno == EINVAL) { if (errno == EINVAL) {
......
iptables/xtables-translate.c
View file @ 712749e7
...@@ -32,16 +32,38 @@ ...@@ -32,16 +32,38 @@
void xlate_ifname(struct xt_xlate *xl, const char *nftmeta, const char *ifname, void xlate_ifname(struct xt_xlate *xl, const char *nftmeta, const char *ifname,
bool invert) bool invert)
{ {
char iface[IFNAMSIZ]; int ifaclen = strlen(ifname), i, j;
int ifaclen; char iface[IFNAMSIZ * 2];
if (ifname[0] == '\0') if (ifaclen < 1 || ifaclen >= IFNAMSIZ)
return; return;
strcpy(iface, ifname); for (i = 0, j = 0; i < ifaclen + 1; i++, j++) {
ifaclen = strlen(iface); switch (ifname[i]) {
if (iface[ifaclen - 1] == '+') case '*':
iface[ifaclen - 1] = '*'; iface[j++] = '\\';
/* fall through */
default:
iface[j] = ifname[i];
break;
}
}
if (ifaclen == 1 && ifname[0] == '+') {
/* Nftables does not support wildcard only string. Workaround
* is easy, given that this will match always or never
* depending on 'invert' value. To match always, simply don't
* generate an expression. To match never, use an invalid
* interface name (kernel doesn't accept '/' in names) to match
* against. */
if (!invert)
return;
strcpy(iface, "INVAL/D");
invert = false;
}
if (iface[j - 2] == '+')
iface[j - 2] = '*';
xt_xlate_add(xl, "%s %s\"%s\" ", nftmeta, invert ? "!= " : "", iface); xt_xlate_add(xl, "%s %s\"%s\" ", nftmeta, invert ? "!= " : "", iface);
} }
...@@ -458,7 +480,7 @@ static int xtables_xlate_main_common(struct nft_handle *h, ...@@ -458,7 +480,7 @@ static int xtables_xlate_main_common(struct nft_handle *h,
return 1; return 1;
} }
if (nft_init(h, tables) < 0) { if (nft_init(h, family, tables) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name, xtables_globals.program_name,
xtables_globals.program_version, xtables_globals.program_version,
...@@ -487,6 +509,7 @@ static int xtables_xlate_main(int family, const char *progname, int argc, ...@@ -487,6 +509,7 @@ static int xtables_xlate_main(int family, const char *progname, int argc,
fprintf(stderr, "Translation not implemented\n"); fprintf(stderr, "Translation not implemented\n");
nft_fini(&h); nft_fini(&h);
xtables_fini();
exit(!ret); exit(!ret);
} }
...@@ -541,6 +564,7 @@ static int xtables_restore_xlate_main(int family, const char *progname, ...@@ -541,6 +564,7 @@ static int xtables_restore_xlate_main(int family, const char *progname,
printf("# Completed on %s", ctime(&now)); printf("# Completed on %s", ctime(&now));
nft_fini(&h); nft_fini(&h);
xtables_fini();
fclose(p.in); fclose(p.in);
exit(0); exit(0);
} }
......
iptables/xtables.c
View file @ 712749e7
...@@ -161,7 +161,7 @@ exit_tryhelp(int status) ...@@ -161,7 +161,7 @@ exit_tryhelp(int status)
} }
static void static void
exit_printhelp(const struct xtables_rule_match *matches) printhelp(const struct xtables_rule_match *matches)
{ {
printf("%s v%s\n\n" printf("%s v%s\n\n"
"Usage: %s -[ACD] chain rule-specification [options]\n" "Usage: %s -[ACD] chain rule-specification [options]\n"
...@@ -240,7 +240,6 @@ exit_printhelp(const struct xtables_rule_match *matches) ...@@ -240,7 +240,6 @@ exit_printhelp(const struct xtables_rule_match *matches)
"[!] --version -V print package version.\n"); "[!] --version -V print package version.\n");
print_extension_helps(xtables_targets, matches); print_extension_helps(xtables_targets, matches);
exit(0);
} }
void void
...@@ -361,11 +360,11 @@ add_entry(const char *chain, ...@@ -361,11 +360,11 @@ add_entry(const char *chain,
cs->fw.ip.dmsk.s_addr = d.mask.v4[j].s_addr; cs->fw.ip.dmsk.s_addr = d.mask.v4[j].s_addr;
if (append) { if (append) {
ret = nft_rule_append(h, chain, table, ret = nft_cmd_rule_append(h, chain, table,
cs, NULL, cs, NULL,
verbose); verbose);
} else { } else {
ret = nft_rule_insert(h, chain, table, ret = nft_cmd_rule_insert(h, chain, table,
cs, rulenum, cs, rulenum,
verbose); verbose);
} }
...@@ -381,11 +380,11 @@ add_entry(const char *chain, ...@@ -381,11 +380,11 @@ add_entry(const char *chain,
memcpy(&cs->fw6.ipv6.dmsk, memcpy(&cs->fw6.ipv6.dmsk,
&d.mask.v6[j], sizeof(struct in6_addr)); &d.mask.v6[j], sizeof(struct in6_addr));
if (append) { if (append) {
ret = nft_rule_append(h, chain, table, ret = nft_cmd_rule_append(h, chain, table,
cs, NULL, cs, NULL,
verbose); verbose);
} else { } else {
ret = nft_rule_insert(h, chain, table, ret = nft_cmd_rule_insert(h, chain, table,
cs, rulenum, cs, rulenum,
verbose); verbose);
} }
...@@ -418,7 +417,7 @@ replace_entry(const char *chain, const char *table, ...@@ -418,7 +417,7 @@ replace_entry(const char *chain, const char *table,
} else } else
return 1; return 1;
return nft_rule_replace(h, chain, table, cs, rulenum, verbose); return nft_cmd_rule_replace(h, chain, table, cs, rulenum, verbose);
} }
static int static int
...@@ -440,7 +439,7 @@ delete_entry(const char *chain, const char *table, ...@@ -440,7 +439,7 @@ delete_entry(const char *chain, const char *table,
for (j = 0; j < d.naddrs; j++) { for (j = 0; j < d.naddrs; j++) {
cs->fw.ip.dst.s_addr = d.addr.v4[j].s_addr; cs->fw.ip.dst.s_addr = d.addr.v4[j].s_addr;
cs->fw.ip.dmsk.s_addr = d.mask.v4[j].s_addr; cs->fw.ip.dmsk.s_addr = d.mask.v4[j].s_addr;
ret = nft_rule_delete(h, chain, ret = nft_cmd_rule_delete(h, chain,
table, cs, verbose); table, cs, verbose);
} }
} else if (family == AF_INET6) { } else if (family == AF_INET6) {
...@@ -453,7 +452,7 @@ delete_entry(const char *chain, const char *table, ...@@ -453,7 +452,7 @@ delete_entry(const char *chain, const char *table,
&d.addr.v6[j], sizeof(struct in6_addr)); &d.addr.v6[j], sizeof(struct in6_addr));
memcpy(&cs->fw6.ipv6.dmsk, memcpy(&cs->fw6.ipv6.dmsk,
&d.mask.v6[j], sizeof(struct in6_addr)); &d.mask.v6[j], sizeof(struct in6_addr));
ret = nft_rule_delete(h, chain, ret = nft_cmd_rule_delete(h, chain,
table, cs, verbose); table, cs, verbose);
} }
} }
...@@ -480,7 +479,7 @@ check_entry(const char *chain, const char *table, ...@@ -480,7 +479,7 @@ check_entry(const char *chain, const char *table,
for (j = 0; j < d.naddrs; j++) { for (j = 0; j < d.naddrs; j++) {
cs->fw.ip.dst.s_addr = d.addr.v4[j].s_addr; cs->fw.ip.dst.s_addr = d.addr.v4[j].s_addr;
cs->fw.ip.dmsk.s_addr = d.mask.v4[j].s_addr; cs->fw.ip.dmsk.s_addr = d.mask.v4[j].s_addr;
ret = nft_rule_check(h, chain, ret = nft_cmd_rule_check(h, chain,
table, cs, verbose); table, cs, verbose);
} }
} else if (family == AF_INET6) { } else if (family == AF_INET6) {
...@@ -493,7 +492,7 @@ check_entry(const char *chain, const char *table, ...@@ -493,7 +492,7 @@ check_entry(const char *chain, const char *table,
&d.addr.v6[j], sizeof(struct in6_addr)); &d.addr.v6[j], sizeof(struct in6_addr));
memcpy(&cs->fw6.ipv6.dmsk, memcpy(&cs->fw6.ipv6.dmsk,
&d.mask.v6[j], sizeof(struct in6_addr)); &d.mask.v6[j], sizeof(struct in6_addr));
ret = nft_rule_check(h, chain, ret = nft_cmd_rule_check(h, chain,
table, cs, verbose); table, cs, verbose);
} }
} }
...@@ -524,7 +523,7 @@ list_entries(struct nft_handle *h, const char *chain, const char *table, ...@@ -524,7 +523,7 @@ list_entries(struct nft_handle *h, const char *chain, const char *table,
if (linenumbers) if (linenumbers)
format |= FMT_LINENUMBERS; format |= FMT_LINENUMBERS;
return nft_rule_list(h, chain, table, rulenum, format); return nft_cmd_rule_list(h, chain, table, rulenum, format);
} }
static int static int
...@@ -534,7 +533,7 @@ list_rules(struct nft_handle *h, const char *chain, const char *table, ...@@ -534,7 +533,7 @@ list_rules(struct nft_handle *h, const char *chain, const char *table,
if (counters) if (counters)
counters = -1; /* iptables -c format */ counters = -1; /* iptables -c format */
return nft_rule_list_save(h, chain, table, rulenum, counters); return nft_cmd_rule_list_save(h, chain, table, rulenum, counters);
} }
void do_parse(struct nft_handle *h, int argc, char *argv[], void do_parse(struct nft_handle *h, int argc, char *argv[],
...@@ -571,10 +570,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], ...@@ -571,10 +570,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
demand-load a protocol. */ demand-load a protocol. */
opterr = 0; opterr = 0;
h->ops = nft_family_ops_lookup(h->family);
if (h->ops == NULL)
xtables_error(PARAMETER_PROBLEM, "Unknown family");
opts = xt_params->orig_opts; opts = xt_params->orig_opts;
while ((cs->c = getopt_long(argc, argv, while ((cs->c = getopt_long(argc, argv,
"-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvw::W::nt:m:xc:g:46", "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvw::W::nt:m:xc:g:46",
...@@ -728,7 +723,9 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], ...@@ -728,7 +723,9 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
xtables_find_match(cs->protocol, xtables_find_match(cs->protocol,
XTF_TRY_LOAD, &cs->matches); XTF_TRY_LOAD, &cs->matches);
exit_printhelp(cs->matches); printhelp(cs->matches);
p->command = CMD_NONE;
return;
/* /*
* Option selection * Option selection
...@@ -917,27 +914,22 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], ...@@ -917,27 +914,22 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
break; break;
case '4': case '4':
if (args->family == AF_INET)
break;
if (p->restore && args->family == AF_INET6) if (p->restore && args->family == AF_INET6)
return; return;
if (args->family != AF_INET) exit_tryhelp(2);
exit_tryhelp(2);
h->ops = nft_family_ops_lookup(args->family);
break;
case '6': case '6':
if (args->family == AF_INET6)
break;
if (p->restore && args->family == AF_INET) if (p->restore && args->family == AF_INET)
return; return;
args->family = AF_INET6; exit_tryhelp(2);
xtables_set_nfproto(AF_INET6);
h->ops = nft_family_ops_lookup(args->family);
if (h->ops == NULL)
xtables_error(PARAMETER_PROBLEM,
"Unknown family");
break;
case 1: /* non option */ case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') { if (optarg[0] == '!' && optarg[1] == '\0') {
...@@ -1031,11 +1023,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], ...@@ -1031,11 +1023,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
opt2char(OPT_VIANAMEIN), opt2char(OPT_VIANAMEIN),
p->chain); p->chain);
} }
if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 &&
!nft_chain_exists(h, p->table, cs->jumpto))
xtables_error(PARAMETER_PROBLEM,
"Chain '%s' does not exist", cs->jumpto);
} }
} }
...@@ -1066,8 +1053,8 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -1066,8 +1053,8 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
cs.options & OPT_VERBOSE, h); cs.options & OPT_VERBOSE, h);
break; break;
case CMD_DELETE_NUM: case CMD_DELETE_NUM:
ret = nft_rule_delete_num(h, p.chain, p.table, ret = nft_cmd_rule_delete_num(h, p.chain, p.table,
p.rulenum - 1, p.verbose); p.rulenum - 1, p.verbose);
break; break;
case CMD_CHECK: case CMD_CHECK:
ret = check_entry(p.chain, p.table, &cs, h->family, ret = check_entry(p.chain, p.table, &cs, h->family,
...@@ -1085,15 +1072,15 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -1085,15 +1072,15 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
cs.options&OPT_VERBOSE, h, false); cs.options&OPT_VERBOSE, h, false);
break; break;
case CMD_FLUSH: case CMD_FLUSH:
ret = nft_rule_flush(h, p.chain, p.table, ret = nft_cmd_rule_flush(h, p.chain, p.table,
cs.options & OPT_VERBOSE); cs.options & OPT_VERBOSE);
break; break;
case CMD_ZERO: case CMD_ZERO:
ret = nft_chain_zero_counters(h, p.chain, p.table, ret = nft_cmd_chain_zero_counters(h, p.chain, p.table,
cs.options & OPT_VERBOSE); cs.options & OPT_VERBOSE);
break; break;
case CMD_ZERO_NUM: case CMD_ZERO_NUM:
ret = nft_rule_zero_counters(h, p.chain, p.table, ret = nft_cmd_rule_zero_counters(h, p.chain, p.table,
p.rulenum - 1); p.rulenum - 1);
break; break;
case CMD_LIST: case CMD_LIST:
...@@ -1105,11 +1092,11 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -1105,11 +1092,11 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
cs.options & OPT_EXPANDED, cs.options & OPT_EXPANDED,
cs.options & OPT_LINENUMBERS); cs.options & OPT_LINENUMBERS);
if (ret && (p.command & CMD_ZERO)) { if (ret && (p.command & CMD_ZERO)) {
ret = nft_chain_zero_counters(h, p.chain, p.table, ret = nft_cmd_chain_zero_counters(h, p.chain, p.table,
cs.options & OPT_VERBOSE); cs.options & OPT_VERBOSE);
} }
if (ret && (p.command & CMD_ZERO_NUM)) { if (ret && (p.command & CMD_ZERO_NUM)) {
ret = nft_rule_zero_counters(h, p.chain, p.table, ret = nft_cmd_rule_zero_counters(h, p.chain, p.table,
p.rulenum - 1); p.rulenum - 1);
} }
nft_check_xt_legacy(h->family, false); nft_check_xt_legacy(h->family, false);
...@@ -1120,27 +1107,27 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -1120,27 +1107,27 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
ret = list_rules(h, p.chain, p.table, p.rulenum, ret = list_rules(h, p.chain, p.table, p.rulenum,
cs.options & OPT_VERBOSE); cs.options & OPT_VERBOSE);
if (ret && (p.command & CMD_ZERO)) { if (ret && (p.command & CMD_ZERO)) {
ret = nft_chain_zero_counters(h, p.chain, p.table, ret = nft_cmd_chain_zero_counters(h, p.chain, p.table,
cs.options & OPT_VERBOSE); cs.options & OPT_VERBOSE);
} }
if (ret && (p.command & CMD_ZERO_NUM)) { if (ret && (p.command & CMD_ZERO_NUM)) {
ret = nft_rule_zero_counters(h, p.chain, p.table, ret = nft_cmd_rule_zero_counters(h, p.chain, p.table,
p.rulenum - 1); p.rulenum - 1);
} }
nft_check_xt_legacy(h->family, false); nft_check_xt_legacy(h->family, false);
break; break;
case CMD_NEW_CHAIN: case CMD_NEW_CHAIN:
ret = nft_chain_user_add(h, p.chain, p.table); ret = nft_cmd_chain_user_add(h, p.chain, p.table);
break; break;
case CMD_DELETE_CHAIN: case CMD_DELETE_CHAIN:
ret = nft_chain_user_del(h, p.chain, p.table, ret = nft_cmd_chain_user_del(h, p.chain, p.table,
cs.options & OPT_VERBOSE); cs.options & OPT_VERBOSE);
break; break;
case CMD_RENAME_CHAIN: case CMD_RENAME_CHAIN:
ret = nft_chain_user_rename(h, p.chain, p.table, p.newname); ret = nft_cmd_chain_user_rename(h, p.chain, p.table, p.newname);
break; break;
case CMD_SET_POLICY: case CMD_SET_POLICY:
ret = nft_chain_set(h, p.table, p.chain, p.policy, NULL); ret = nft_cmd_chain_set(h, p.table, p.chain, p.policy, NULL);
break; break;
case CMD_NONE: case CMD_NONE:
/* do_parse ignored the line (eg: -4 with ip6tables-restore) */ /* do_parse ignored the line (eg: -4 with ip6tables-restore) */
...@@ -1152,11 +1139,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, ...@@ -1152,11 +1139,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
*table = p.table; *table = p.table;
xtables_rule_matches_free(&cs.matches); nft_clear_iptables_command_state(&cs);
if (cs.target) {
free(cs.target->t);
cs.target->t = NULL;
}
if (h->family == AF_INET) { if (h->family == AF_INET) {
free(args.s.addr.v4); free(args.s.addr.v4);
......
libipq/Makefile.in
View file @ 712749e7
# Makefile.in generated by automake 1.15 from Makefile.am. # Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc. # Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
...@@ -154,7 +154,8 @@ am__v_at_0 = @ ...@@ -154,7 +154,8 @@ am__v_at_0 = @
am__v_at_1 = am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__depfiles_maybe = depfiles am__maybe_remake_depfiles = depfiles
am__depfiles_remade = ./$(DEPDIR)/libipq.Plo
am__mv = mv -f am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
...@@ -383,8 +384,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status ...@@ -383,8 +384,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \ *config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \ *) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac; esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
...@@ -442,7 +443,13 @@ mostlyclean-compile: ...@@ -442,7 +443,13 @@ mostlyclean-compile:
distclean-compile: distclean-compile:
-rm -f *.tab.c -rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libipq.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libipq.Plo@am__quote@ # am--include-marker
$(am__depfiles_remade):
@$(MKDIR_P) $(@D)
@echo '# dummy' >$@-t && $(am__mv) $@-t $@
am--depfiles: $(am__depfiles_remade)
.c.o: .c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
...@@ -587,7 +594,10 @@ cscopelist-am: $(am__tagged_files) ...@@ -587,7 +594,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags: distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES) distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \ list='$(DISTFILES)'; \
...@@ -660,7 +670,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ ...@@ -660,7 +670,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
mostlyclean-am mostlyclean-am
distclean: distclean-am distclean: distclean-am
-rm -rf ./$(DEPDIR) -rm -f ./$(DEPDIR)/libipq.Plo
-rm -f Makefile -rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \ distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags distclean-tags
...@@ -706,7 +716,7 @@ install-ps-am: ...@@ -706,7 +716,7 @@ install-ps-am:
installcheck-am: installcheck-am:
maintainer-clean: maintainer-clean-am maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR) -rm -f ./$(DEPDIR)/libipq.Plo
-rm -f Makefile -rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic maintainer-clean-am: distclean-am maintainer-clean-generic
...@@ -730,9 +740,9 @@ uninstall-man: uninstall-man3 ...@@ -730,9 +740,9 @@ uninstall-man: uninstall-man3
.MAKE: install-am install-strip .MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ .PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \ clean-generic clean-libLTLIBRARIES clean-libtool cscopelist-am \
ctags-am distclean distclean-compile distclean-generic \ ctags ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \ distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \ html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \ install-data-am install-dvi install-dvi-am install-exec \
......
libipq/ipq_set_verdict.3
View file @ 712749e7
...@@ -30,7 +30,7 @@ The ...@@ -30,7 +30,7 @@ The
.B ipq_set_verdict .B ipq_set_verdict
function issues a verdict on a packet previously obtained with function issues a verdict on a packet previously obtained with
.BR ipq_read , .BR ipq_read ,
specifing the intended disposition of the packet, and optionally specifying the intended disposition of the packet, and optionally
supplying a modified version of the payload data. supplying a modified version of the payload data.
.PP .PP
The The
......
libiptc/Makefile.in
View file @ 712749e7
# Makefile.in generated by automake 1.15 from Makefile.am. # Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc. # Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
...@@ -162,7 +162,9 @@ am__v_at_0 = @ ...@@ -162,7 +162,9 @@ am__v_at_0 = @
am__v_at_1 = am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__depfiles_maybe = depfiles am__maybe_remake_depfiles = depfiles
am__depfiles_remade = ./$(DEPDIR)/libip4tc.Plo \
./$(DEPDIR)/libip6tc.Plo
am__mv = mv -f am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
...@@ -387,8 +389,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status ...@@ -387,8 +389,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \ *config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \ *) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac; esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
...@@ -453,8 +455,14 @@ mostlyclean-compile: ...@@ -453,8 +455,14 @@ mostlyclean-compile:
distclean-compile: distclean-compile:
-rm -f *.tab.c -rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libip4tc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libip4tc.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libip6tc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libip6tc.Plo@am__quote@ # am--include-marker
$(am__depfiles_remade):
@$(MKDIR_P) $(@D)
@echo '# dummy' >$@-t && $(am__mv) $@-t $@
am--depfiles: $(am__depfiles_remade)
.c.o: .c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
...@@ -556,7 +564,10 @@ cscopelist-am: $(am__tagged_files) ...@@ -556,7 +564,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags: distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES) distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \ list='$(DISTFILES)'; \
...@@ -629,7 +640,8 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ ...@@ -629,7 +640,8 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
mostlyclean-am mostlyclean-am
distclean: distclean-am distclean: distclean-am
-rm -rf ./$(DEPDIR) -rm -f ./$(DEPDIR)/libip4tc.Plo
-rm -f ./$(DEPDIR)/libip6tc.Plo
-rm -f Makefile -rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \ distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags distclean-tags
...@@ -675,7 +687,8 @@ install-ps-am: ...@@ -675,7 +687,8 @@ install-ps-am:
installcheck-am: installcheck-am:
maintainer-clean: maintainer-clean-am maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR) -rm -f ./$(DEPDIR)/libip4tc.Plo
-rm -f ./$(DEPDIR)/libip6tc.Plo
-rm -f Makefile -rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic maintainer-clean-am: distclean-am maintainer-clean-generic
...@@ -696,9 +709,9 @@ uninstall-am: uninstall-libLTLIBRARIES uninstall-pkgconfigDATA ...@@ -696,9 +709,9 @@ uninstall-am: uninstall-libLTLIBRARIES uninstall-pkgconfigDATA
.MAKE: install-am install-strip .MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ .PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \ clean-generic clean-libLTLIBRARIES clean-libtool cscopelist-am \
ctags-am distclean distclean-compile distclean-generic \ ctags ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \ distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \ html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \ install-data-am install-dvi install-dvi-am install-exec \
......
libiptc/libip4tc.c
View file @ 712749e7
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
#define inline #define inline
#endif #endif
#if !defined(__GLIBC__) || (__GLIBC__ < 2) #if !defined(__BIONIC__) && (!defined(__GLIBC__) || (__GLIBC__ < 2))
typedef unsigned int socklen_t; typedef unsigned int socklen_t;
#endif #endif
......
libiptc/libip6tc.c
View file @ 712749e7
...@@ -23,7 +23,7 @@ ...@@ -23,7 +23,7 @@
#define inline #define inline
#endif #endif
#if !defined(__GLIBC__) || (__GLIBC__ < 2) #if !defined(__BIONIC__) && (!defined(__GLIBC__) || (__GLIBC__ < 2))
typedef unsigned int socklen_t; typedef unsigned int socklen_t;
#endif #endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment