kernel_version = LINUX_VERSION(x, y, z);
}
+#undef __ipt_module
+#define __ipt_module(x) libxt_##x##_init, libipt_##x##_init, libip6t_##x##_init,
+
+static void fw3_init_extensions(void)
+{
+ int i;
+ void (*initfuncs[])(void) = { FW3_IPT_MODULES };
+
+ for (i = 0; i < sizeof(initfuncs)/sizeof(initfuncs[0]); i++)
+ if (initfuncs[i])
+ initfuncs[i]();
+}
+
struct fw3_ipt_handle *
fw3_ipt_open(enum fw3_family family, enum fw3_table table)
{
xtables_matches = NULL;
xtables_targets = NULL;
- init_extensions();
- init_extensions4();
- init_extensions6();
+ fw3_init_extensions();
return h;
}
+static void
+debug(struct fw3_ipt_handle *h, const char *fmt, ...)
+{
+ va_list ap;
+
+ printf("%s -t %s ", (h->family == FW3_FAMILY_V6) ? "ip6tables" : "iptables",
+ fw3_flag_names[h->table]);
+
+ va_start(ap, fmt);
+ vprintf(fmt, ap);
+ va_end(ap);
+}
+
void
fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain,
enum fw3_flag policy)
{
+ if (fw3_pr_debug)
+ debug(h, "-P %s %s\n", chain, fw3_flag_names[policy]);
+
if (h->family == FW3_FAMILY_V6)
ip6tc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle);
else
{
if (fw3_pr_debug)
{
- printf("-F %s\n", chain);
- printf("-X %s\n", chain);
+ debug(h, "-F %s\n", chain);
+ debug(h, "-X %s\n", chain);
}
if (h->family == FW3_FAMILY_V6)
if (*t && !strcmp(t, target))
{
if (fw3_pr_debug)
- printf("-D %s %u\n", chain, num + 1);
+ debug(h, "-D %s %u\n", chain, num + 1);
ip6tc_delete_num_entry(chain, num, h->handle);
found = true;
if (*t && !strcmp(t, target))
{
if (fw3_pr_debug)
- printf("-D %s %u\n", chain, num + 1);
+ debug(h, "-D %s %u\n", chain, num + 1);
iptc_delete_num_entry(chain, num, h->handle);
found = true;
}
void
+fw3_ipt_create_chain(struct fw3_ipt_handle *h, const char *fmt, ...)
+{
+ char buf[32];
+ va_list ap;
+
+ va_start(ap, fmt);
+ vsnprintf(buf, sizeof(buf) - 1, fmt, ap);
+ va_end(ap);
+
+ if (fw3_pr_debug)
+ debug(h, "-N %s\n", buf);
+
+ iptc_create_chain(buf, h->handle);
+}
+
+void
fw3_ipt_flush(struct fw3_ipt_handle *h)
{
const char *chain;
struct xtables_match *m;
struct xtables_target *t;
- printf("-A %s", chain);
+ debug(r->h, "-A %s", chain);
if (r->h->family == FW3_FAMILY_V6)
rule_print6(&r->e6);
if (!em)
{
fprintf(stderr, "fw3_ipt_rule_append(): Can't find match '%s'\n", optarg);
- return;
+ goto free;
}
init_match(r, em, true);
if (!et)
{
fprintf(stderr, "fw3_ipt_rule_append(): Can't find target '%s'\n", optarg);
- return;
+ goto free;
}
break;
free(e);
}
+free:
for (i = 1; i < r->argc; i++)
free(r->argv[i]);
xtables_rule_matches_free(&r->matches);
- free(r->target->t);
+ if (r->target)
+ free(r->target->t);
+
free(r);
/* reset all targets and matches */