Only emit different ip family warnings if the ip wasn't automatically resolved

[project/firewall3.git] / iptables.c

diff --git a/iptables.c b/iptables.c
index fd230d3..2684933 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -54,6 +54,19 @@ get_kernel_version(void)
        kernel_version = LINUX_VERSION(x, y, z);
 }
 
+#undef __ipt_module
+#define __ipt_module(x) libxt_##x##_init, libipt_##x##_init, libip6t_##x##_init,
+
+static void fw3_init_extensions(void)
+{
+       int i;
+       void (*initfuncs[])(void) = { FW3_IPT_MODULES };
+
+       for (i = 0; i < sizeof(initfuncs)/sizeof(initfuncs[0]); i++)
+               if (initfuncs[i])
+                       initfuncs[i]();
+}
+
 struct fw3_ipt_handle *
 fw3_ipt_open(enum fw3_family family, enum fw3_table table)
 {
@@ -94,19 +107,30 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table)
        xtables_matches = NULL;
        xtables_targets = NULL;
 
-       init_extensions();
-       init_extensions4();
-       init_extensions6();
+       fw3_init_extensions();
 
        return h;
 }
 
+static void
+debug(struct fw3_ipt_handle *h, const char *fmt, ...)
+{
+       va_list ap;
+
+       printf("%s -t %s ", (h->family == FW3_FAMILY_V6) ? "ip6tables" : "iptables",
+                           fw3_flag_names[h->table]);
+
+       va_start(ap, fmt);
+       vprintf(fmt, ap);
+       va_end(ap);
+}
+
 void
 fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain,
                    enum fw3_flag policy)
 {
        if (fw3_pr_debug)
-               printf("-P %s %s\n", chain, fw3_flag_names[policy]);
+               debug(h, "-P %s %s\n", chain, fw3_flag_names[policy]);
 
        if (h->family == FW3_FAMILY_V6)
                ip6tc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle);
@@ -119,8 +143,8 @@ fw3_ipt_delete_chain(struct fw3_ipt_handle *h, const char *chain)
 {
        if (fw3_pr_debug)
        {
-               printf("-F %s\n", chain);
-               printf("-X %s\n", chain);
+               debug(h, "-F %s\n", chain);
+               debug(h, "-X %s\n", chain);
        }
 
        if (h->family == FW3_FAMILY_V6)
@@ -163,7 +187,7 @@ fw3_ipt_delete_rules(struct fw3_ipt_handle *h, const char *target)
                                        if (*t && !strcmp(t, target))
                                        {
                                                if (fw3_pr_debug)
-                                                       printf("-D %s %u\n", chain, num + 1);
+                                                       debug(h, "-D %s %u\n", chain, num + 1);
 
                                                ip6tc_delete_num_entry(chain, num, h->handle);
                                                found = true;
@@ -191,7 +215,7 @@ fw3_ipt_delete_rules(struct fw3_ipt_handle *h, const char *target)
                                        if (*t && !strcmp(t, target))
                                        {
                                                if (fw3_pr_debug)
-                                                       printf("-D %s %u\n", chain, num + 1);
+                                                       debug(h, "-D %s %u\n", chain, num + 1);
 
                                                iptc_delete_num_entry(chain, num, h->handle);
                                                found = true;
@@ -204,6 +228,22 @@ fw3_ipt_delete_rules(struct fw3_ipt_handle *h, const char *target)
 }
 
 void
+fw3_ipt_create_chain(struct fw3_ipt_handle *h, const char *fmt, ...)
+{
+       char buf[32];
+       va_list ap;
+
+       va_start(ap, fmt);
+       vsnprintf(buf, sizeof(buf) - 1, fmt, ap);
+       va_end(ap);
+
+       if (fw3_pr_debug)
+               debug(h, "-N %s\n", buf);
+
+       iptc_create_chain(buf, h->handle);
+}
+
+void
 fw3_ipt_flush(struct fw3_ipt_handle *h)
 {
        const char *chain;
@@ -978,7 +1018,7 @@ rule_print(struct fw3_ipt_rule *r, const char *chain)
        struct xtables_match *m;
        struct xtables_target *t;
 
-       printf("-A %s", chain);
+       debug(r->h, "-A %s", chain);
 
        if (r->h->family == FW3_FAMILY_V6)
                rule_print6(&r->e6);
@@ -1122,7 +1162,7 @@ fw3_ipt_rule_append(struct fw3_ipt_rule *r, const char *fmt, ...)
                        if (!em)
                        {
                                fprintf(stderr, "fw3_ipt_rule_append(): Can't find match '%s'\n", optarg);
-                               return;
+                               goto free;
                        }
 
                        init_match(r, em, true);
@@ -1134,7 +1174,7 @@ fw3_ipt_rule_append(struct fw3_ipt_rule *r, const char *fmt, ...)
                        if (!et)
                        {
                                fprintf(stderr, "fw3_ipt_rule_append(): Can't find target '%s'\n", optarg);
-                               return;
+                               goto free;
                        }
 
                        break;
@@ -1223,6 +1263,7 @@ fw3_ipt_rule_append(struct fw3_ipt_rule *r, const char *fmt, ...)
                free(e);
        }
 
+free:
        for (i = 1; i < r->argc; i++)
                free(r->argv[i]);
 
@@ -1230,7 +1271,9 @@ fw3_ipt_rule_append(struct fw3_ipt_rule *r, const char *fmt, ...)
 
        xtables_rule_matches_free(&r->matches);
 
-       free(r->target->t);
+       if (r->target)
+               free(r->target->t);
+
        free(r);
 
        /* reset all targets and matches */