Skip to content

GitLab

Commit eb1d7c5f authored by Arturo Borrero Gonzalez's avatar Arturo Borrero Gonzalez
Browse files

New upstream version 1.8.5

parent 290749d4
Show whitespace changes
Inline Side-by-side
iptables/tests/shell/testcases/nft-only/0002invflags_0
View file @ eb1d7c5f
......@@ -2,7 +2,7 @@
set -e
[[ $XT_MULTI == */xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
$XT_MULTI iptables -A INPUT -p tcp --dport 53 ! -s 192.168.0.1 -j ACCEPT
$XT_MULTI ip6tables -A INPUT -p tcp --dport 53 ! -s feed:babe::1 -j ACCEPT
......
iptables/tests/shell/testcases/nft-only/0003delete-with-comment_0
View file @ eb1d7c5f
......@@ -2,7 +2,7 @@
set -e
[[ $XT_MULTI == */xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
comment1="foo bar"
comment2="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
......
iptables/tests/shell/testcases/nft-only/0006-policy-override_0 0 → 100755
View file @ eb1d7c5f
#!/bin/bash
[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
# make sure none of the commands invoking nft_xt_builtin_init() override
# non-default chain policies via needless chain add.
RC=0
do_test() {
$XT_MULTI $@
$XT_MULTI iptables -S | grep -q -- '-P FORWARD DROP' && return
echo "command '$@' kills chain policies"
$XT_MULTI iptables -P FORWARD DROP
RC=1
}
$XT_MULTI iptables -P FORWARD DROP
do_test iptables -A OUTPUT -j ACCEPT
do_test iptables -F
do_test iptables -N foo
do_test iptables -E foo foo2
do_test iptables -I OUTPUT -j ACCEPT
do_test iptables -nL
do_test iptables -S
exit $RC
iptables/xshared.c
View file @ eb1d7c5f
......@@ -495,7 +495,6 @@ void add_param_to_argv(struct argv_store *store, char *parsestart, int line)
continue;
} else if (*curchar == '"') {
quote_open = 0;
*curchar = '"';
} else {
add_param(&param, curchar);
continue;
......
iptables/xshared.h
View file @ eb1d7c5f
......@@ -6,6 +6,7 @@
#include <stdint.h>
#include <netinet/in.h>
#include <net/if.h>
#include <sys/time.h>
#include <linux/netfilter_arp/arp_tables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
......
iptables/xtables-arp-standalone.c
View file @ eb1d7c5f
......@@ -56,6 +56,7 @@ int xtables_arp_main(int argc, char *argv[])
ret = nft_commit(&h);
nft_fini(&h);
xtables_fini();
if (!ret)
fprintf(stderr, "arptables: %s\n", nft_strerror(errno));
......
iptables/xtables-arp.c
View file @ eb1d7c5f
......@@ -235,7 +235,7 @@ exit_tryhelp(int status)
}
static void
exit_printhelp(void)
printhelp(void)
{
struct xtables_target *t = NULL;
int i;
......@@ -325,7 +325,6 @@ exit_printhelp(void)
printf("\n");
t->help();
}
exit(0);
}
static char
......@@ -400,7 +399,7 @@ list_entries(struct nft_handle *h, const char *chain, const char *table,
if (linenumbers)
format |= FMT_LINENUMBERS;
return nft_rule_list(h, chain, table, rulenum, format);
return nft_cmd_rule_list(h, chain, table, rulenum, format);
}
static int
......@@ -427,10 +426,10 @@ append_entry(struct nft_handle *h,
cs->arp.arp.tgt.s_addr = daddrs[j].s_addr;
cs->arp.arp.tmsk.s_addr = dmasks[j].s_addr;
if (append) {
ret = nft_rule_append(h, chain, table, cs, NULL,
ret = nft_cmd_rule_append(h, chain, table, cs, NULL,
verbose);
} else {
ret = nft_rule_insert(h, chain, table, cs,
ret = nft_cmd_rule_insert(h, chain, table, cs,
rulenum, verbose);
}
}
......@@ -455,7 +454,7 @@ replace_entry(const char *chain,
cs->arp.arp.smsk.s_addr = smask->s_addr;
cs->arp.arp.tmsk.s_addr = dmask->s_addr;
return nft_rule_replace(h, chain, table, cs, rulenum, verbose);
return nft_cmd_rule_replace(h, chain, table, cs, rulenum, verbose);
}
static int
......@@ -479,7 +478,7 @@ delete_entry(const char *chain,
for (j = 0; j < ndaddrs; j++) {
cs->arp.arp.tgt.s_addr = daddrs[j].s_addr;
cs->arp.arp.tmsk.s_addr = dmasks[j].s_addr;
ret = nft_rule_delete(h, chain, table, cs, verbose);
ret = nft_cmd_rule_delete(h, chain, table, cs, verbose);
}
}
......@@ -500,17 +499,10 @@ int nft_init_arp(struct nft_handle *h, const char *pname)
init_extensionsa();
#endif
memset(h, 0, sizeof(*h));
h->family = NFPROTO_ARP;
if (nft_init(h, xtables_arp) < 0)
if (nft_init(h, NFPROTO_ARP, xtables_arp) < 0)
xtables_error(OTHER_PROBLEM,
"Could not initialize nftables layer.");
h->ops = nft_family_ops_lookup(h->family);
if (h->ops == NULL)
xtables_error(PARAMETER_PROBLEM, "Unknown family");
return 0;
}
......@@ -673,7 +665,8 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
if (!optarg)
optarg = argv[optind];
exit_printhelp();
printhelp();
command = CMD_NONE;
break;
case 's':
check_inverse(optarg, &invert, &optind, argc);
......@@ -888,8 +881,6 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
if (optind < argc)
xtables_error(PARAMETER_PROBLEM,
"unknown arguments found on commandline");
if (!command)
xtables_error(PARAMETER_PROBLEM, "no command specified");
if (invert)
xtables_error(PARAMETER_PROBLEM,
"nothing appropriate following !");
......@@ -962,7 +953,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
options&OPT_VERBOSE, h);
break;
case CMD_DELETE_NUM:
ret = nft_rule_delete_num(h, chain, *table, rulenum - 1, verbose);
ret = nft_cmd_rule_delete_num(h, chain, *table, rulenum - 1, verbose);
break;
case CMD_REPLACE:
ret = replace_entry(chain, *table, &cs, rulenum - 1,
......@@ -984,10 +975,10 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
options&OPT_LINENUMBERS);
break;
case CMD_FLUSH:
ret = nft_rule_flush(h, chain, *table, options & OPT_VERBOSE);
ret = nft_cmd_rule_flush(h, chain, *table, options & OPT_VERBOSE);
break;
case CMD_ZERO:
ret = nft_chain_zero_counters(h, chain, *table,
ret = nft_cmd_chain_zero_counters(h, chain, *table,
options & OPT_VERBOSE);
break;
case CMD_LIST|CMD_ZERO:
......@@ -997,25 +988,27 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
/*options&OPT_EXPANDED*/0,
options&OPT_LINENUMBERS);
if (ret)
ret = nft_chain_zero_counters(h, chain, *table,
ret = nft_cmd_chain_zero_counters(h, chain, *table,
options & OPT_VERBOSE);
break;
case CMD_NEW_CHAIN:
ret = nft_chain_user_add(h, chain, *table);
ret = nft_cmd_chain_user_add(h, chain, *table);
break;
case CMD_DELETE_CHAIN:
ret = nft_chain_user_del(h, chain, *table,
ret = nft_cmd_chain_user_del(h, chain, *table,
options & OPT_VERBOSE);
break;
case CMD_RENAME_CHAIN:
ret = nft_chain_user_rename(h, chain, *table, newname);
ret = nft_cmd_chain_user_rename(h, chain, *table, newname);
break;
case CMD_SET_POLICY:
ret = nft_chain_set(h, *table, chain, policy, NULL);
ret = nft_cmd_chain_set(h, *table, chain, policy, NULL);
if (ret < 0)
xtables_error(PARAMETER_PROBLEM, "Wrong policy `%s'\n",
policy);
break;
case CMD_NONE:
break;
default:
/* We should never reach this... */
exit_tryhelp(2);
......@@ -1026,9 +1019,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
free(daddrs);
free(dmasks);
if (cs.target)
free(cs.target->t);
nft_clear_iptables_command_state(&cs);
xtables_free_opts(1);
/* if (verbose > 1)
......
iptables/xtables-eb-standalone.c
View file @ eb1d7c5f
......@@ -53,6 +53,8 @@ int xtables_eb_main(int argc, char *argv[])
if (ret)
ret = nft_bridge_commit(&h);
nft_fini_eb(&h);
if (!ret)
fprintf(stderr, "ebtables: %s\n", nft_strerror(errno));
......
iptables/xtables-eb.c
View file @ eb1d7c5f
......@@ -150,9 +150,9 @@ append_entry(struct nft_handle *h,
int ret = 1;
if (append)
ret = nft_rule_append(h, chain, table, cs, NULL, verbose);
ret = nft_cmd_rule_append(h, chain, table, cs, NULL, verbose);
else
ret = nft_rule_insert(h, chain, table, cs, rule_nr, verbose);
ret = nft_cmd_rule_insert(h, chain, table, cs, rule_nr, verbose);
return ret;
}
......@@ -169,10 +169,10 @@ delete_entry(struct nft_handle *h,
int ret = 1;
if (rule_nr == -1)
ret = nft_rule_delete(h, chain, table, cs, verbose);
ret = nft_cmd_rule_delete(h, chain, table, cs, verbose);
else {
do {
ret = nft_rule_delete_num(h, chain, table,
ret = nft_cmd_rule_delete_num(h, chain, table,
rule_nr, verbose);
rule_nr++;
} while (rule_nr < rule_nr_end);
......@@ -427,7 +427,7 @@ static int list_rules(struct nft_handle *h, const char *chain, const char *table
if (!counters)
format |= FMT_NOCOUNTS;
return nft_rule_list(h, chain, table, rule_nr, format);
return nft_cmd_rule_list(h, chain, table, rule_nr, format);
}
static int parse_rule_range(const char *argv, int *rule_nr, int *rule_nr_end)
......@@ -739,16 +739,9 @@ int nft_init_eb(struct nft_handle *h, const char *pname)
init_extensionsb();
#endif
memset(h, 0, sizeof(*h));
h->family = NFPROTO_BRIDGE;
if (nft_init(h, xtables_bridge) < 0)
if (nft_init(h, NFPROTO_BRIDGE, xtables_bridge) < 0)
xtables_error(OTHER_PROBLEM,
"Could not initialize nftables layer.");
h->ops = nft_family_ops_lookup(h->family);
if (!h->ops)
xtables_error(PARAMETER_PROBLEM, "Unknown family");
/* manually registering ebt matches, given the original ebtables parser
* don't use '-m matchname' and the match can't be loaded dynamically when
......@@ -759,6 +752,24 @@ int nft_init_eb(struct nft_handle *h, const char *pname)
return 0;
}
void nft_fini_eb(struct nft_handle *h)
{
struct xtables_match *match;
struct xtables_target *target;
for (match = xtables_matches; match; match = match->next) {
free(match->m);
}
for (target = xtables_targets; target; target = target->next) {
free(target->t);
}
free(opts);
nft_fini(h);
xtables_fini();
}
int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
bool restore)
{
......@@ -820,7 +831,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
flags |= OPT_COMMAND;
if (c == 'N') {
ret = nft_chain_user_add(h, chain, *table);
ret = nft_cmd_chain_user_add(h, chain, *table);
break;
} else if (c == 'X') {
/* X arg is optional, optarg is NULL */
......@@ -828,7 +839,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
chain = argv[optind];
optind++;
}
ret = nft_chain_user_del(h, chain, *table, 0);
ret = nft_cmd_chain_user_del(h, chain, *table, 0);
break;
}
......@@ -842,7 +853,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
else if (strchr(argv[optind], ' ') != NULL)
xtables_error(PARAMETER_PROBLEM, "Use of ' ' not allowed in chain names");
ret = nft_chain_user_rename(h, chain, *table,
ret = nft_cmd_chain_user_rename(h, chain, *table,
argv[optind]);
if (ret != 0 && errno == ENOENT)
xtables_error(PARAMETER_PROBLEM, "Chain '%s' doesn't exists", chain);
......@@ -1144,7 +1155,7 @@ print_zero:
/*case 7 :*/ /* atomic-init */
/*case 10:*/ /* atomic-save */
case 11: /* init-table */
nft_table_flush(h, *table);
nft_cmd_table_flush(h, *table);
return 1;
/*
replace->command = c;
......@@ -1207,7 +1218,7 @@ print_zero:
if (command == 'h' && !(flags & OPT_ZERO)) {
print_help(cs.target, cs.matches, *table);
exit(0);
ret = 1;
}
/* Do the final checks */
......@@ -1232,13 +1243,13 @@ print_zero:
if (command == 'P') {
if (selected_chain >= NF_BR_NUMHOOKS) {
ret = ebt_set_user_chain_policy(h, *table, chain, policy);
ret = ebt_cmd_user_chain_policy(h, *table, chain, policy);
} else {
if (strcmp(policy, "RETURN") == 0) {
xtables_error(PARAMETER_PROBLEM,
"Policy RETURN only allowed for user defined chains");
}
ret = nft_chain_set(h, *table, chain, policy, NULL);
ret = nft_cmd_chain_set(h, *table, chain, policy, NULL);
if (ret < 0)
xtables_error(PARAMETER_PROBLEM, "Wrong policy");
}
......@@ -1251,9 +1262,9 @@ print_zero:
flags&LIST_C);
}
if (flags & OPT_ZERO) {
ret = nft_chain_zero_counters(h, chain, *table, 0);
ret = nft_cmd_chain_zero_counters(h, chain, *table, 0);
} else if (command == 'F') {
ret = nft_rule_flush(h, chain, *table, 0);
ret = nft_cmd_rule_flush(h, chain, *table, 0);
} else if (command == 'A') {
ret = append_entry(h, chain, *table, &cs, 0, 0, true);
} else if (command == 'I') {
......
iptables/xtables-monitor.c
View file @ eb1d7c5f
......@@ -615,7 +615,7 @@ int xtables_monitor_main(int argc, char *argv[])
init_extensions4();
#endif
if (nft_init(&h, xtables_ipv4)) {
if (nft_init(&h, AF_INET, xtables_ipv4)) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
......@@ -688,6 +688,8 @@ int xtables_monitor_main(int argc, char *argv[])
}
mnl_socket_close(nl);
xtables_fini();
return EXIT_SUCCESS;
}
iptables/xtables-restore.c
View file @ eb1d7c5f
......@@ -61,11 +61,11 @@ static void print_usage(const char *name, const char *version)
static const struct nft_xt_restore_cb restore_cb = {
.commit = nft_commit,
.abort = nft_abort,
.table_new = nft_table_new,
.table_flush = nft_table_flush,
.table_new = nft_cmd_table_new,
.table_flush = nft_cmd_table_flush,
.do_command = do_commandx,
.chain_set = nft_chain_set,
.chain_restore = nft_chain_restore,
.chain_set = nft_cmd_chain_set,
.chain_restore = nft_cmd_chain_restore,
};
struct nft_xt_restore_state {
......@@ -85,8 +85,10 @@ static void xtables_restore_parse_line(struct nft_handle *h,
if (buffer[0] == '\n')
return;
else if (buffer[0] == '#') {
if (verbose)
if (verbose) {
fputs(buffer, stdout);
fflush(stdout);
}
return;
} else if (state->in_table &&
(strncmp(buffer, "COMMIT", 6) == 0) &&
......@@ -126,6 +128,10 @@ static void xtables_restore_parse_line(struct nft_handle *h,
if (p->tablename && (strcmp(p->tablename, table) != 0))
return;
/* implicit commit if no explicit COMMIT supported */
if (!p->commit)
cb->commit(h);
if (h->noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n", table);
if (cb->table_flush)
......@@ -189,7 +195,7 @@ static void xtables_restore_parse_line(struct nft_handle *h,
"cannot create chain '%s' (%s)\n",
chain, strerror(errno));
} else if (h->family == NFPROTO_BRIDGE &&
!ebt_set_user_chain_policy(h, state->curtable->name,
!ebt_cmd_user_chain_policy(h, state->curtable->name,
chain, policy)) {
xtables_error(OTHER_PROBLEM,
"Can't set policy `%s' on `%s' line %u: %s\n",
......@@ -248,95 +254,16 @@ static void xtables_restore_parse_line(struct nft_handle *h,
}
}
/* Return true if given iptables-restore line will require a full cache.
* Typically these are commands referring to an existing rule
* (either by number or content) or commands listing the ruleset. */
static bool cmd_needs_full_cache(char *cmd)
{
char c, chain[32];
int rulenum, mcount;
mcount = sscanf(cmd, "-%c %31s %d", &c, chain, &rulenum);
if (mcount == 3)
return true;
if (mcount < 1)
return false;
switch (c) {
case 'D':
case 'C':
case 'S':
case 'L':
case 'Z':
return true;
}
return false;
}
#define PREBUFSIZ 65536
void xtables_restore_parse(struct nft_handle *h,
const struct nft_xt_restore_parse *p)
{
struct nft_xt_restore_state state = {};
char preload_buffer[PREBUFSIZ] = {}, buffer[10240], *ptr;
if (!h->noflush) {
nft_fake_cache(h);
} else {
ssize_t pblen = sizeof(preload_buffer);
bool do_cache = false;
ptr = preload_buffer;
while (fgets(buffer, sizeof(buffer), p->in)) {
size_t blen = strlen(buffer);
/* drop trailing newline; xtables_restore_parse_line()
* uses strtok() which replaces them by nul-characters,
* causing unpredictable string delimiting in
* preload_buffer */
if (buffer[blen - 1] == '\n')
buffer[blen - 1] = '\0';
else
blen++;
pblen -= blen;
if (pblen <= 0) {
/* buffer exhausted */
do_cache = true;
break;
}
if (cmd_needs_full_cache(buffer)) {
do_cache = true;
break;
}
/* copy string including terminating nul-char */
memcpy(ptr, buffer, blen);
ptr += blen;
buffer[0] = '\0';
}
char buffer[10240] = {};
if (do_cache)
nft_build_cache(h, NULL);
}
if (!h->noflush)
nft_cache_level_set(h, NFT_CL_FAKE, NULL);
line = 0;
ptr = preload_buffer;
while (*ptr) {
h->error.lineno = ++line;
DEBUGP("%s: buffered line %d: '%s'\n", __func__, line, ptr);
xtables_restore_parse_line(h, p, &state, ptr);
ptr += strlen(ptr) + 1;
}
if (*buffer) {
h->error.lineno = ++line;
DEBUGP("%s: overrun line %d: '%s'\n", __func__, line, buffer);
xtables_restore_parse_line(h, p, &state, buffer);
}
while (fgets(buffer, sizeof(buffer), p->in)) {
h->error.lineno = ++line;
DEBUGP("%s: input line %d: '%s'\n", __func__, line, buffer);
......@@ -356,15 +283,13 @@ static int
xtables_restore_main(int family, const char *progname, int argc, char *argv[])
{
const struct builtin_table *tables;
struct nft_handle h = {
.family = family,
.restore = true,
};
int c;
struct nft_xt_restore_parse p = {
.commit = true,
.cb = &restore_cb,
};
bool noflush = false;
struct nft_handle h;
int c;
line = 0;
......@@ -377,7 +302,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
exit(1);
}
while ((c = getopt_long(argc, argv, "bcvVthnM:T:46wW", options, NULL)) != -1) {
while ((c = getopt_long(argc, argv, "bcvVthnM:T:wW", options, NULL)) != -1) {
switch (c) {
case 'b':
fprintf(stderr, "-b/--binary option is not implemented\n");
......@@ -398,7 +323,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
print_usage(prog_name, PACKAGE_VERSION);
exit(0);
case 'n':
h.noflush = 1;
noflush = true;
break;
case 'M':
xtables_modprobe_program = optarg;
......@@ -406,13 +331,6 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
case 'T':
p.tablename = optarg;
break;
case '4':
h.family = AF_INET;
break;
case '6':
h.family = AF_INET6;
xtables_set_nfproto(AF_INET6);
break;
case 'w': /* fallthrough. Ignored by xt-restore */
case 'W':
if (!optarg && xs_has_arg(argc, argv))
......@@ -460,17 +378,20 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
return 1;
}
if (nft_init(&h, tables) < 0) {
if (nft_init(&h, family, tables) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
strerror(errno));
exit(EXIT_FAILURE);
}
h.noflush = noflush;
h.restore = true;
xtables_restore_parse(&h, &p);
nft_fini(&h);
xtables_fini();
fclose(p.in);
return 0;
}
......@@ -487,20 +408,13 @@ int xtables_ip6_restore_main(int argc, char *argv[])
argc, argv);
}
static int ebt_table_flush(struct nft_handle *h, const char *table)
{
/* drop any pending policy rule add/removal jobs */
nft_abort_policy_rule(h, table);
return nft_table_flush(h, table);
}
static const struct nft_xt_restore_cb ebt_restore_cb = {
.commit = nft_bridge_commit,
.table_new = nft_table_new,
.table_flush = ebt_table_flush,
.table_new = nft_cmd_table_new,
.table_flush = nft_cmd_table_flush,
.do_command = do_commandeb,
.chain_set = nft_chain_set,
.chain_restore = nft_chain_restore,
.chain_set = nft_cmd_chain_set,
.chain_restore = nft_cmd_chain_restore,
};
static const struct option ebt_restore_options[] = {
......@@ -535,18 +449,18 @@ int xtables_eb_restore_main(int argc, char *argv[])
nft_init_eb(&h, "ebtables-restore");
h.noflush = noflush;
xtables_restore_parse(&h, &p);
nft_fini(&h);
nft_fini_eb(&h);
return 0;
}
static const struct nft_xt_restore_cb arp_restore_cb = {
.commit = nft_commit,
.table_new = nft_table_new,
.table_flush = nft_table_flush,
.table_new = nft_cmd_table_new,
.table_flush = nft_cmd_table_flush,
.do_command = do_commandarp,
.chain_set = nft_chain_set,
.chain_restore = nft_chain_restore,
.chain_set = nft_cmd_chain_set,
.chain_restore = nft_cmd_chain_restore,
};
int xtables_arp_restore_main(int argc, char *argv[])
......@@ -560,6 +474,7 @@ int xtables_arp_restore_main(int argc, char *argv[])
nft_init_arp(&h, "arptables-restore");
xtables_restore_parse(&h, &p);
nft_fini(&h);
xtables_fini();
return 0;
}
iptables/xtables-save.c
View file @ eb1d7c5f
......@@ -32,7 +32,7 @@
#define prog_name xtables_globals.program_name
#define prog_vers xtables_globals.program_version
static const char *ipt_save_optstring = "bcdt:M:f:46V";
static const char *ipt_save_optstring = "bcdt:M:f:V";
static const struct option ipt_save_options[] = {
{.name = "counters", .has_arg = false, .val = 'c'},
{.name = "version", .has_arg = false, .val = 'V'},
......@@ -40,8 +40,6 @@ static const struct option ipt_save_options[] = {
{.name = "table", .has_arg = true, .val = 't'},
{.name = "modprobe", .has_arg = true, .val = 'M'},
{.name = "file", .has_arg = true, .val = 'f'},
{.name = "ipv4", .has_arg = false, .val = '4'},
{.name = "ipv6", .has_arg = false, .val = '6'},
{NULL},
};
......@@ -139,10 +137,8 @@ xtables_save_main(int family, int argc, char *argv[],
struct do_output_data d = {
.format = FMT_NOCOUNTS,
};
struct nft_handle h;
bool dump = false;
struct nft_handle h = {
.family = family,
};
FILE *file = NULL;
int ret, c;
......@@ -189,13 +185,6 @@ xtables_save_main(int family, int argc, char *argv[],
case 'd':
dump = true;
break;
case '4':
h.family = AF_INET;
break;
case '6':
h.family = AF_INET6;
xtables_set_nfproto(AF_INET6);
break;
case 'V':
printf("%s v%s (nf_tables)\n", prog_name, prog_vers);
exit(0);
......@@ -242,19 +231,20 @@ xtables_save_main(int family, int argc, char *argv[],
return 1;
}
if (nft_init(&h, tables) < 0) {
if (nft_init(&h, family, tables) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
strerror(errno));
exit(EXIT_FAILURE);
}
h.ops = nft_family_ops_lookup(h.family);
if (!h.ops)
xtables_error(PARAMETER_PROBLEM, "Unknown family");
nft_cache_level_set(&h, NFT_CL_RULES, NULL);
nft_cache_build(&h);
ret = do_output(&h, tablename, &d);
nft_fini(&h);
xtables_fini();
if (dump)
exit(0);
......
iptables/xtables-standalone.c
View file @ eb1d7c5f
......@@ -44,9 +44,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
{
int ret;
char *table = "filter";
struct nft_handle h = {
.family = family,
};
struct nft_handle h;
xtables_globals.program_name = progname;
ret = xtables_init_all(&xtables_globals, family);
......@@ -61,7 +59,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
init_extensions4();
#endif
if (nft_init(&h, xtables_ipv4) < 0) {
if (nft_init(&h, family, xtables_ipv4) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
......@@ -74,6 +72,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
ret = nft_commit(&h);
nft_fini(&h);
xtables_fini();
if (!ret) {
if (errno == EINVAL) {
......
iptables/xtables-translate.c
View file @ eb1d7c5f
......@@ -32,16 +32,38 @@
void xlate_ifname(struct xt_xlate *xl, const char *nftmeta, const char *ifname,
bool invert)
{
char iface[IFNAMSIZ];
int ifaclen;
int ifaclen = strlen(ifname), i, j;
char iface[IFNAMSIZ * 2];
if (ifname[0] == '\0')
if (ifaclen < 1 || ifaclen >= IFNAMSIZ)
return;
strcpy(iface, ifname);
ifaclen = strlen(iface);
if (iface[ifaclen - 1] == '+')
iface[ifaclen - 1] = '*';
for (i = 0, j = 0; i < ifaclen + 1; i++, j++) {
switch (ifname[i]) {
case '*':
iface[j++] = '\\';
/* fall through */
default:
iface[j] = ifname[i];
break;
}
}
if (ifaclen == 1 && ifname[0] == '+') {
/* Nftables does not support wildcard only string. Workaround
* is easy, given that this will match always or never
* depending on 'invert' value. To match always, simply don't
* generate an expression. To match never, use an invalid
* interface name (kernel doesn't accept '/' in names) to match
* against. */
if (!invert)
return;
strcpy(iface, "INVAL/D");
invert = false;
}
if (iface[j - 2] == '+')
iface[j - 2] = '*';
xt_xlate_add(xl, "%s %s\"%s\" ", nftmeta, invert ? "!= " : "", iface);
}
......@@ -458,7 +480,7 @@ static int xtables_xlate_main_common(struct nft_handle *h,
return 1;
}
if (nft_init(h, tables) < 0) {
if (nft_init(h, family, tables) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
......@@ -487,6 +509,7 @@ static int xtables_xlate_main(int family, const char *progname, int argc,
fprintf(stderr, "Translation not implemented\n");
nft_fini(&h);
xtables_fini();
exit(!ret);
}
......@@ -541,6 +564,7 @@ static int xtables_restore_xlate_main(int family, const char *progname,
printf("# Completed on %s", ctime(&now));
nft_fini(&h);
xtables_fini();
fclose(p.in);
exit(0);
}
......
iptables/xtables.c
View file @ eb1d7c5f
......@@ -161,7 +161,7 @@ exit_tryhelp(int status)
}
static void
exit_printhelp(const struct xtables_rule_match *matches)
printhelp(const struct xtables_rule_match *matches)
{
printf("%s v%s\n\n"
"Usage: %s -[ACD] chain rule-specification [options]\n"
......@@ -240,7 +240,6 @@ exit_printhelp(const struct xtables_rule_match *matches)
"[!] --version -V print package version.\n");
print_extension_helps(xtables_targets, matches);
exit(0);
}
void
......@@ -361,11 +360,11 @@ add_entry(const char *chain,
cs->fw.ip.dmsk.s_addr = d.mask.v4[j].s_addr;
if (append) {
ret = nft_rule_append(h, chain, table,
ret = nft_cmd_rule_append(h, chain, table,
cs, NULL,
verbose);
} else {
ret = nft_rule_insert(h, chain, table,
ret = nft_cmd_rule_insert(h, chain, table,
cs, rulenum,
verbose);
}
......@@ -381,11 +380,11 @@ add_entry(const char *chain,
memcpy(&cs->fw6.ipv6.dmsk,
&d.mask.v6[j], sizeof(struct in6_addr));
if (append) {
ret = nft_rule_append(h, chain, table,
ret = nft_cmd_rule_append(h, chain, table,
cs, NULL,
verbose);
} else {
ret = nft_rule_insert(h, chain, table,
ret = nft_cmd_rule_insert(h, chain, table,
cs, rulenum,
verbose);
}
......@@ -418,7 +417,7 @@ replace_entry(const char *chain, const char *table,
} else
return 1;
return nft_rule_replace(h, chain, table, cs, rulenum, verbose);
return nft_cmd_rule_replace(h, chain, table, cs, rulenum, verbose);
}
static int
......@@ -440,7 +439,7 @@ delete_entry(const char *chain, const char *table,
for (j = 0; j < d.naddrs; j++) {
cs->fw.ip.dst.s_addr = d.addr.v4[j].s_addr;
cs->fw.ip.dmsk.s_addr = d.mask.v4[j].s_addr;
ret = nft_rule_delete(h, chain,
ret = nft_cmd_rule_delete(h, chain,
table, cs, verbose);
}
} else if (family == AF_INET6) {
......@@ -453,7 +452,7 @@ delete_entry(const char *chain, const char *table,
&d.addr.v6[j], sizeof(struct in6_addr));
memcpy(&cs->fw6.ipv6.dmsk,
&d.mask.v6[j], sizeof(struct in6_addr));
ret = nft_rule_delete(h, chain,
ret = nft_cmd_rule_delete(h, chain,
table, cs, verbose);
}
}
......@@ -480,7 +479,7 @@ check_entry(const char *chain, const char *table,
for (j = 0; j < d.naddrs; j++) {
cs->fw.ip.dst.s_addr = d.addr.v4[j].s_addr;
cs->fw.ip.dmsk.s_addr = d.mask.v4[j].s_addr;
ret = nft_rule_check(h, chain,
ret = nft_cmd_rule_check(h, chain,
table, cs, verbose);
}
} else if (family == AF_INET6) {
......@@ -493,7 +492,7 @@ check_entry(const char *chain, const char *table,
&d.addr.v6[j], sizeof(struct in6_addr));
memcpy(&cs->fw6.ipv6.dmsk,
&d.mask.v6[j], sizeof(struct in6_addr));
ret = nft_rule_check(h, chain,
ret = nft_cmd_rule_check(h, chain,
table, cs, verbose);
}
}
......@@ -524,7 +523,7 @@ list_entries(struct nft_handle *h, const char *chain, const char *table,
if (linenumbers)
format |= FMT_LINENUMBERS;
return nft_rule_list(h, chain, table, rulenum, format);
return nft_cmd_rule_list(h, chain, table, rulenum, format);
}
static int
......@@ -534,7 +533,7 @@ list_rules(struct nft_handle *h, const char *chain, const char *table,
if (counters)
counters = -1; /* iptables -c format */
return nft_rule_list_save(h, chain, table, rulenum, counters);
return nft_cmd_rule_list_save(h, chain, table, rulenum, counters);
}
void do_parse(struct nft_handle *h, int argc, char *argv[],
......@@ -571,10 +570,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
demand-load a protocol. */
opterr = 0;
h->ops = nft_family_ops_lookup(h->family);
if (h->ops == NULL)
xtables_error(PARAMETER_PROBLEM, "Unknown family");
opts = xt_params->orig_opts;
while ((cs->c = getopt_long(argc, argv,
"-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvw::W::nt:m:xc:g:46",
......@@ -728,7 +723,9 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
xtables_find_match(cs->protocol,
XTF_TRY_LOAD, &cs->matches);
exit_printhelp(cs->matches);
printhelp(cs->matches);
p->command = CMD_NONE;
return;
/*
* Option selection
......@@ -917,27 +914,22 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
break;
case '4':
if (args->family == AF_INET)
break;
if (p->restore && args->family == AF_INET6)
return;
if (args->family != AF_INET)
exit_tryhelp(2);
h->ops = nft_family_ops_lookup(args->family);
case '6':
if (args->family == AF_INET6)
break;
case '6':
if (p->restore && args->family == AF_INET)
return;
args->family = AF_INET6;
xtables_set_nfproto(AF_INET6);
h->ops = nft_family_ops_lookup(args->family);
if (h->ops == NULL)
xtables_error(PARAMETER_PROBLEM,
"Unknown family");
break;
exit_tryhelp(2);
case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') {
......@@ -1031,11 +1023,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
opt2char(OPT_VIANAMEIN),
p->chain);
}
if (!p->xlate && !cs->target && strlen(cs->jumpto) > 0 &&
!nft_chain_exists(h, p->table, cs->jumpto))
xtables_error(PARAMETER_PROBLEM,
"Chain '%s' does not exist", cs->jumpto);
}
}
......@@ -1066,7 +1053,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
cs.options & OPT_VERBOSE, h);
break;
case CMD_DELETE_NUM:
ret = nft_rule_delete_num(h, p.chain, p.table,
ret = nft_cmd_rule_delete_num(h, p.chain, p.table,
p.rulenum - 1, p.verbose);
break;
case CMD_CHECK:
......@@ -1085,15 +1072,15 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
cs.options&OPT_VERBOSE, h, false);
break;
case CMD_FLUSH:
ret = nft_rule_flush(h, p.chain, p.table,
ret = nft_cmd_rule_flush(h, p.chain, p.table,
cs.options & OPT_VERBOSE);
break;
case CMD_ZERO:
ret = nft_chain_zero_counters(h, p.chain, p.table,
ret = nft_cmd_chain_zero_counters(h, p.chain, p.table,
cs.options & OPT_VERBOSE);
break;
case CMD_ZERO_NUM:
ret = nft_rule_zero_counters(h, p.chain, p.table,
ret = nft_cmd_rule_zero_counters(h, p.chain, p.table,
p.rulenum - 1);
break;
case CMD_LIST:
......@@ -1105,11 +1092,11 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
cs.options & OPT_EXPANDED,
cs.options & OPT_LINENUMBERS);
if (ret && (p.command & CMD_ZERO)) {
ret = nft_chain_zero_counters(h, p.chain, p.table,
ret = nft_cmd_chain_zero_counters(h, p.chain, p.table,
cs.options & OPT_VERBOSE);
}
if (ret && (p.command & CMD_ZERO_NUM)) {
ret = nft_rule_zero_counters(h, p.chain, p.table,
ret = nft_cmd_rule_zero_counters(h, p.chain, p.table,
p.rulenum - 1);
}
nft_check_xt_legacy(h->family, false);
......@@ -1120,27 +1107,27 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
ret = list_rules(h, p.chain, p.table, p.rulenum,
cs.options & OPT_VERBOSE);
if (ret && (p.command & CMD_ZERO)) {
ret = nft_chain_zero_counters(h, p.chain, p.table,
ret = nft_cmd_chain_zero_counters(h, p.chain, p.table,
cs.options & OPT_VERBOSE);
}
if (ret && (p.command & CMD_ZERO_NUM)) {
ret = nft_rule_zero_counters(h, p.chain, p.table,
ret = nft_cmd_rule_zero_counters(h, p.chain, p.table,
p.rulenum - 1);
}
nft_check_xt_legacy(h->family, false);
break;
case CMD_NEW_CHAIN:
ret = nft_chain_user_add(h, p.chain, p.table);
ret = nft_cmd_chain_user_add(h, p.chain, p.table);
break;
case CMD_DELETE_CHAIN:
ret = nft_chain_user_del(h, p.chain, p.table,
ret = nft_cmd_chain_user_del(h, p.chain, p.table,
cs.options & OPT_VERBOSE);
break;
case CMD_RENAME_CHAIN:
ret = nft_chain_user_rename(h, p.chain, p.table, p.newname);
ret = nft_cmd_chain_user_rename(h, p.chain, p.table, p.newname);
break;
case CMD_SET_POLICY:
ret = nft_chain_set(h, p.table, p.chain, p.policy, NULL);
ret = nft_cmd_chain_set(h, p.table, p.chain, p.policy, NULL);
break;
case CMD_NONE:
/* do_parse ignored the line (eg: -4 with ip6tables-restore) */
......@@ -1152,11 +1139,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
*table = p.table;
xtables_rule_matches_free(&cs.matches);
if (cs.target) {
free(cs.target->t);
cs.target->t = NULL;
}
nft_clear_iptables_command_state(&cs);
if (h->family == AF_INET) {
free(args.s.addr.v4);
......
libipq/Makefile.in
View file @ eb1d7c5f
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -154,7 +154,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__depfiles_maybe = depfiles
am__maybe_remake_depfiles = depfiles
am__depfiles_remade = ./$(DEPDIR)/libipq.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
......@@ -383,8 +384,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
......@@ -442,7 +443,13 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libipq.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libipq.Plo@am__quote@ # am--include-marker
$(am__depfiles_remade):
@$(MKDIR_P) $(@D)
@echo '# dummy' >$@-t && $(am__mv) $@-t $@
am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
......@@ -587,7 +594,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
......@@ -660,7 +670,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f ./$(DEPDIR)/libipq.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
......@@ -706,7 +716,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f ./$(DEPDIR)/libipq.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
......@@ -730,9 +740,9 @@ uninstall-man: uninstall-man3
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \
ctags-am distclean distclean-compile distclean-generic \
.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
clean-generic clean-libLTLIBRARIES clean-libtool cscopelist-am \
ctags ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \
......
libipq/ipq_set_verdict.3
View file @ eb1d7c5f
......@@ -30,7 +30,7 @@ The
.B ipq_set_verdict
function issues a verdict on a packet previously obtained with
.BR ipq_read ,
specifing the intended disposition of the packet, and optionally
specifying the intended disposition of the packet, and optionally
supplying a modified version of the payload data.
.PP
The
......
libiptc/Makefile.in
View file @ eb1d7c5f
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -162,7 +162,9 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__depfiles_maybe = depfiles
am__maybe_remake_depfiles = depfiles
am__depfiles_remade = ./$(DEPDIR)/libip4tc.Plo \
./$(DEPDIR)/libip6tc.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
......@@ -387,8 +389,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
......@@ -453,8 +455,14 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libip4tc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libip6tc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libip4tc.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libip6tc.Plo@am__quote@ # am--include-marker
$(am__depfiles_remade):
@$(MKDIR_P) $(@D)
@echo '# dummy' >$@-t && $(am__mv) $@-t $@
am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
......@@ -556,7 +564,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
......@@ -629,7 +640,8 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f ./$(DEPDIR)/libip4tc.Plo
-rm -f ./$(DEPDIR)/libip6tc.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
......@@ -675,7 +687,8 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f ./$(DEPDIR)/libip4tc.Plo
-rm -f ./$(DEPDIR)/libip6tc.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
......@@ -696,9 +709,9 @@ uninstall-am: uninstall-libLTLIBRARIES uninstall-pkgconfigDATA
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \
ctags-am distclean distclean-compile distclean-generic \
.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
clean-generic clean-libLTLIBRARIES clean-libtool cscopelist-am \
ctags ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \
......
libiptc/libip4tc.c
View file @ eb1d7c5f
......@@ -22,7 +22,7 @@
#define inline
#endif
#if !defined(__GLIBC__) || (__GLIBC__ < 2)
#if !defined(__BIONIC__) && (!defined(__GLIBC__) || (__GLIBC__ < 2))
typedef unsigned int socklen_t;
#endif
......
libiptc/libip6tc.c
View file @ eb1d7c5f
......@@ -23,7 +23,7 @@
#define inline
#endif
#if !defined(__GLIBC__) || (__GLIBC__ < 2)
#if !defined(__BIONIC__) && (!defined(__GLIBC__) || (__GLIBC__ < 2))
typedef unsigned int socklen_t;
#endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment