On Saturday 2009-01-17 20:44, jamal wrote:
>
>As an example of something that would work and i could use as a base,
>see attached against git tree - compile tested.
It's a lot of code at once.
I think it is nicer to proceed in single steps (and commits),
as that shows what other problems we must bump over.
Here, this is what I think should be the first patch (see below).
This already turns up some further issues that need to be
resolved first, among:
- the XTABLES_LIBDIR define must be changeable at ./configure time
- it would make sense to rename most of the iptables functions
to have a prefix (i'll prepare that)
- making most of the functions inside m_ipt.c static so they do
not cause a dynamic linker overlap (e.g. xtables_register_target
which is as of yet still replicated)
What do you think?
# iproute git
diff --git a/tc/Makefile b/tc/Makefile
index bd9b833..7a1611d 100644
--- a/tc/Makefile
+++ b/tc/Makefile
@@ -4,6 +4,8 @@ TCOBJ= tc.o tc_qdisc.o tc_class.o tc_filter.o tc_util.o \
include ../Config
+CFLAGS += -DXTABLES_LIBDIR=\"/usr/libexec/xtables\"
+
TCMODULES :=
TCMODULES += q_fifo.o
TCMODULES += q_sfq.o
diff --git a/tc/m_ipt.c b/tc/m_ipt.c
index f5b7b3c..ea83b58 100644
--- a/tc/m_ipt.c
+++ b/tc/m_ipt.c
@@ -1,5 +1,5 @@
/*
- * m_ipt.c iptables based targets
+ * m_ipt.c Xtables based targets
* utilities mostly ripped from iptables <duh, its the linux way>
*
* This program is free software; you can distribute it and/or
@@ -15,7 +15,6 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <linux/if.h>
-#include <iptables.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include "utils.h"
@@ -34,6 +33,7 @@
#include <unistd.h>
#include <fcntl.h>
#include <sys/wait.h>
+#include <xtables.h>
static const char *pname = "tc-ipt";
static const char *tname = "mangle";
@@ -52,7 +52,7 @@ static struct option original_opts[] = {
{0, 0, 0, 0}
};
-static struct iptables_target *t_list = NULL;
+static struct xtables_target *t_list = NULL;
static struct option *opts = original_opts;
static unsigned int global_option_offset = 0;
#define OPTION_OFFSET 256
@@ -60,7 +60,7 @@ static unsigned int global_option_offset = 0;
char *lib_dir;
void
-register_target(struct iptables_target *me)
+register_target(struct xtables_target *me)
{
/* fprintf(stderr, "\nDummy register_target %s \n", me->name);
*/
@@ -70,7 +70,7 @@ register_target(struct iptables_target *me)
}
void
-xtables_register_target(struct iptables_target *me)
+xtables_register_target(struct xtables_target *me)
{
me->next = t_list;
t_list = me;
@@ -84,24 +84,6 @@ exit_tryhelp(int status)
exit(status);
}
-void
-exit_error(enum exittype status, char *msg, ...)
-{
- va_list args;
-
- va_start(args, msg);
- fprintf(stderr, "%s v%s: ", pname, pversion);
- vfprintf(stderr, msg, args);
- va_end(args);
- fprintf(stderr, "\n");
- if (status == PARAMETER_PROBLEM)
- exit_tryhelp(status);
- if (status == VERSION_PROBLEM)
- fprintf(stderr,
- "Perhaps iptables or your kernel needs to be
upgraded.\n");
- exit(status);
-}
-
/* stolen from iptables 1.2.11
They should really have them as a library so i can link to them
Email them next time i remember
@@ -206,10 +188,10 @@ fw_calloc(size_t count, size_t size)
return p;
}
-static struct iptables_target *
+static struct xtables_target *
find_t(char *name)
{
- struct iptables_target *m;
+ struct xtables_target *m;
for (m = t_list; m; m = m->next) {
if (strcmp(m->name, name) == 0)
return m;
@@ -218,13 +200,13 @@ find_t(char *name)
return NULL;
}
-static struct iptables_target *
+static struct xtables_target *
get_target_name(const char *name)
{
void *handle;
char *error;
char *new_name, *lname;
- struct iptables_target *m;
+ struct xtables_target *m;
char path[strlen(lib_dir) + sizeof ("/libipt_.so") + strlen(name)];
new_name = malloc(strlen(name) + 1);
@@ -284,7 +266,7 @@ get_target_name(const char *name)
m = dlsym(handle, new_name);
if ((error = dlerror()) != NULL) {
- m = (struct iptables_target *) dlsym(handle, lname);
+ m = dlsym(handle, lname);
if ((error = dlerror()) != NULL) {
m = find_t(new_name);
if (NULL == m) {
@@ -352,10 +334,8 @@ static void set_revision(char *name, u_int8_t revision)
* we may need to check for version mismatch
*/
int
-build_st(struct iptables_target *target, struct ipt_entry_target *t)
+build_st(struct xtables_target *target, struct ipt_entry_target *t)
{
- unsigned int nfcache = 0;
-
if (target) {
size_t size;
@@ -367,7 +347,7 @@ build_st(struct iptables_target *target, struct
ipt_entry_target *t)
target->t->u.target_size = size;
if (target->init != NULL)
- target->init(target->t, &nfcache);
+ target->init(target->t);
set_revision(target->t->u.user.name, target->revision);
} else {
target->t = t;
@@ -382,7 +362,7 @@ build_st(struct iptables_target *target, struct
ipt_entry_target *t)
static int parse_ipt(struct action_util *a,int *argc_p,
char ***argv_p, int tca_id, struct nlmsghdr *n)
{
- struct iptables_target *m = NULL;
+ struct xtables_target *m = NULL;
struct ipt_entry fw;
struct rtattr *tail;
int c;
@@ -396,9 +376,9 @@ static int parse_ipt(struct action_util *a,int *argc_p,
__u32 hook = 0, index = 0;
res = 0;
- lib_dir = getenv("IPTABLES_LIB_DIR");
+ lib_dir = getenv("XTABLES_LIBDIR");
if (!lib_dir)
- lib_dir = IPT_LIB_DIR;
+ lib_dir = XTABLES_LIBDIR;
{
int i;
@@ -538,9 +518,9 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr
*arg)
if (arg == NULL)
return -1;
- lib_dir = getenv("IPTABLES_LIB_DIR");
+ lib_dir = getenv("XTABLES_LIBDIR");
if (!lib_dir)
- lib_dir = IPT_LIB_DIR;
+ lib_dir = XTABLES_LIBDIR;
parse_rtattr_nested(tb, TCA_IPT_MAX, arg);
@@ -564,7 +544,7 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr
*arg)
fprintf(f, "\t[NULL ipt target parameters ] \n");
return -1;
} else {
- struct iptables_target *m = NULL;
+ struct xtables_target *m = NULL;
t = RTA_DATA(tb[TCA_IPT_TARG]);
m = get_target_name(t->u.user.name);
if (NULL != m) {
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
