X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=iptables.c;h=6a569100c7e16d36c86ecb7738e40308340bcfe0;hp=9c5f80a067b1e92d1b0a80e5ff5657cbae84153b;hb=2bcf21ee2e44e9e4158ae4a36a5d73832cd99587;hpb=6b27a6665c288937eb5028063064e3350dcab545

diff --git a/iptables.c b/iptables.c
index 9c5f80a..6a56910 100644
--- a/iptables.c
+++ b/iptables.c
@@ -54,6 +54,33 @@ get_kernel_version(void)
 	kernel_version = LINUX_VERSION(x, y, z);
 }
 
+static void fw3_init_extensions(void)
+{
+	libip6t_icmp6_init();
+	libip6t_LOG_init();
+	libipt_DNAT_init();
+	libipt_icmp_init();
+	libipt_LOG_init();
+	libipt_MASQUERADE_init();
+	libipt_REDIRECT_init();
+	libipt_REJECT_init();
+	libipt_SNAT_init();
+	libxt_comment_init();
+	libxt_conntrack_init();
+	libxt_CT_init();
+	libxt_limit_init();
+	libxt_mac_init();
+	libxt_mark_init();
+	libxt_MARK_init();
+	libxt_set_init();
+	libxt_SET_init();
+	libxt_standard_init();
+	libxt_TCPMSS_init();
+	libxt_tcp_init();
+	libxt_time_init();
+	libxt_udp_init();
+}
+
 struct fw3_ipt_handle *
 fw3_ipt_open(enum fw3_family family, enum fw3_table table)
 {
@@ -94,17 +121,31 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table)
 	xtables_matches = NULL;
 	xtables_targets = NULL;
 
-	init_extensions();
-	init_extensions4();
-	init_extensions6();
+	fw3_init_extensions();
 
 	return h;
 }
 
+static void
+debug(struct fw3_ipt_handle *h, const char *fmt, ...)
+{
+	va_list ap;
+
+	printf("%s -t %s ", (h->family == FW3_FAMILY_V6) ? "ip6tables" : "iptables",
+	                    fw3_flag_names[h->table]);
+
+	va_start(ap, fmt);
+	vprintf(fmt, ap);
+	va_end(ap);
+}
+
 void
 fw3_ipt_set_policy(struct fw3_ipt_handle *h, const char *chain,
                    enum fw3_flag policy)
 {
+	if (fw3_pr_debug)
+		debug(h, "-P %s %s\n", chain, fw3_flag_names[policy]);
+
 	if (h->family == FW3_FAMILY_V6)
 		ip6tc_set_policy(chain, fw3_flag_names[policy], NULL, h->handle);
 	else
@@ -116,8 +157,8 @@ fw3_ipt_delete_chain(struct fw3_ipt_handle *h, const char *chain)
 {
 	if (fw3_pr_debug)
 	{
-		printf("-F %s\n", chain);
-		printf("-X %s\n", chain);
+		debug(h, "-F %s\n", chain);
+		debug(h, "-X %s\n", chain);
 	}
 
 	if (h->family == FW3_FAMILY_V6)
@@ -160,7 +201,7 @@ fw3_ipt_delete_rules(struct fw3_ipt_handle *h, const char *target)
 					if (*t && !strcmp(t, target))
 					{
 						if (fw3_pr_debug)
-							printf("-D %s %u\n", chain, num + 1);
+							debug(h, "-D %s %u\n", chain, num + 1);
 
 						ip6tc_delete_num_entry(chain, num, h->handle);
 						found = true;
@@ -188,7 +229,7 @@ fw3_ipt_delete_rules(struct fw3_ipt_handle *h, const char *target)
 					if (*t && !strcmp(t, target))
 					{
 						if (fw3_pr_debug)
-							printf("-D %s %u\n", chain, num + 1);
+							debug(h, "-D %s %u\n", chain, num + 1);
 
 						iptc_delete_num_entry(chain, num, h->handle);
 						found = true;
@@ -201,6 +242,22 @@ fw3_ipt_delete_rules(struct fw3_ipt_handle *h, const char *target)
 }
 
 void
+fw3_ipt_create_chain(struct fw3_ipt_handle *h, const char *fmt, ...)
+{
+	char buf[32];
+	va_list ap;
+
+	va_start(ap, fmt);
+	vsnprintf(buf, sizeof(buf) - 1, fmt, ap);
+	va_end(ap);
+
+	if (fw3_pr_debug)
+		debug(h, "-N %s\n", buf);
+
+	iptc_create_chain(buf, h->handle);
+}
+
+void
 fw3_ipt_flush(struct fw3_ipt_handle *h)
 {
 	const char *chain;
@@ -975,7 +1032,7 @@ rule_print(struct fw3_ipt_rule *r, const char *chain)
 	struct xtables_match *m;
 	struct xtables_target *t;
 
-	printf("-A %s", chain);
+	debug(r->h, "-A %s", chain);
 
 	if (r->h->family == FW3_FAMILY_V6)
 		rule_print6(&r->e6);