X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=iptables.c;h=2684933970ef26d08bbbeaafffbaaa5fe0cf9fb8;hp=9c5f80a067b1e92d1b0a80e5ff5657cbae84153b;hb=35d57952d708007f5a08a72421fe55e775e3fd0f;hpb=6b27a6665c288937eb5028063064e3350dcab545 diff --git a/iptables.c b/iptables.c index 9c5f80a..2684933 100644 --- a/iptables.c +++ b/iptables.c @@ -54,6 +54,19 @@ get_kernel_version(void) kernel_version = LINUX_VERSION(x, y, z); } +#undef __ipt_module +#define __ipt_module(x) libxt_##x##_init, libipt_##x##_init, libip6t_##x##_init, + +static void fw3_init_extensions(void) +{ + int i; + void (*initfuncs[])(void) = { FW3_IPT_MODULES }; + + for (i = 0; i < sizeof(initfuncs)/sizeof(initfuncs[0]); i++) + if (initfuncs[i]) + initfuncs[i](); +} + struct fw3_ipt_handle * fw3_ipt_open(enum fw3_family family, enum fw3_table table) { @@ -94,17 +107,31 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table) xtables_matches = NULL; xtables_targets = NULL; - init_extensions(); - init_extensions4(); - init_extensions6(); + fw3_init_extensions(); return h; } +static void +debug(struct fw3_ipt_handle *h, const char *fmt, ...) +{ + va_list ap; + + printf("%s -t %s ", (h->family == FW3_FAMILY_V6) ? "ip6tables" : "iptables", + fw3_flag_names[h->table]); + + va_start(ap, fmt); + vprintf(fmt, ap); + va_end(ap); +} + void fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain, enum fw3_flag policy) { + if (fw3_pr_debug) + debug(h, "-P %s %s\n", chain, fw3_flag_names[policy]); + if (h->family == FW3_FAMILY_V6) ip6tc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle); else @@ -116,8 +143,8 @@ fw3_ipt_delete_chain(struct fw3_ipt_handle *h, const char *chain) { if (fw3_pr_debug) { - printf("-F %s\n", chain); - printf("-X %s\n", chain); + debug(h, "-F %s\n", chain); + debug(h, "-X %s\n", chain); } if (h->family == FW3_FAMILY_V6) @@ -160,7 +187,7 @@ fw3_ipt_delete_rules(struct fw3_ipt_handle *h, const char *target) if (*t && !strcmp(t, target)) { if (fw3_pr_debug) - printf("-D %s %u\n", chain, num + 1); + debug(h, "-D %s %u\n", chain, num + 1); ip6tc_delete_num_entry(chain, num, h->handle); found = true; @@ -188,7 +215,7 @@ fw3_ipt_delete_rules(struct fw3_ipt_handle *h, const char *target) if (*t && !strcmp(t, target)) { if (fw3_pr_debug) - printf("-D %s %u\n", chain, num + 1); + debug(h, "-D %s %u\n", chain, num + 1); iptc_delete_num_entry(chain, num, h->handle); found = true; @@ -201,6 +228,22 @@ fw3_ipt_delete_rules(struct fw3_ipt_handle *h, const char *target) } void +fw3_ipt_create_chain(struct fw3_ipt_handle *h, const char *fmt, ...) +{ + char buf[32]; + va_list ap; + + va_start(ap, fmt); + vsnprintf(buf, sizeof(buf) - 1, fmt, ap); + va_end(ap); + + if (fw3_pr_debug) + debug(h, "-N %s\n", buf); + + iptc_create_chain(buf, h->handle); +} + +void fw3_ipt_flush(struct fw3_ipt_handle *h) { const char *chain; @@ -975,7 +1018,7 @@ rule_print(struct fw3_ipt_rule *r, const char *chain) struct xtables_match *m; struct xtables_target *t; - printf("-A %s", chain); + debug(r->h, "-A %s", chain); if (r->h->family == FW3_FAMILY_V6) rule_print6(&r->e6); @@ -1119,7 +1162,7 @@ fw3_ipt_rule_append(struct fw3_ipt_rule *r, const char *fmt, ...) if (!em) { fprintf(stderr, "fw3_ipt_rule_append(): Can't find match '%s'\n", optarg); - return; + goto free; } init_match(r, em, true); @@ -1131,7 +1174,7 @@ fw3_ipt_rule_append(struct fw3_ipt_rule *r, const char *fmt, ...) if (!et) { fprintf(stderr, "fw3_ipt_rule_append(): Can't find target '%s'\n", optarg); - return; + goto free; } break; @@ -1220,6 +1263,7 @@ fw3_ipt_rule_append(struct fw3_ipt_rule *r, const char *fmt, ...) free(e); } +free: for (i = 1; i < r->argc; i++) free(r->argv[i]); @@ -1227,7 +1271,9 @@ fw3_ipt_rule_append(struct fw3_ipt_rule *r, const char *fmt, ...) xtables_rule_matches_free(&r->matches); - free(r->target->t); + if (r->target) + free(r->target->t); + free(r); /* reset all targets and matches */