[PATCH] firewall3: don't cater to old iptables

Rui Salvaterra rsalvaterra at gmail.com
Sun Jan 9 02:54:16 PST 2022 

It's been eight years, we can safely assume iptables is recent enough.

Signed-off-by: Rui Salvaterra <rsalvaterra at gmail.com>
---

This has obviously been build/run-tested without any issues whatsoever. Even
though firewall3 isn't a priority, this is a nice cleanup in itself.

 iptables.c                |  13 +--
 xtables-5.h               | 221 --------------------------------------
 xtables-10.h => xtables.h |   4 +-
 3 files changed, 3 insertions(+), 235 deletions(-)
 delete mode 100644 xtables-5.h
 rename xtables-10.h => xtables.h (98%)

diff --git a/iptables.c b/iptables.c
index 49b3439..4b11818 100644
--- a/iptables.c
+++ b/iptables.c
@@ -44,14 +44,7 @@
 
 #include "options.h"
 
-/* xtables interface */
-#if (XTABLES_VERSION_CODE >= 10)
-# include "xtables-10.h"
-#elif (XTABLES_VERSION_CODE == 5)
-# include "xtables-5.h"
-#else
-# error "Unsupported xtables version"
-#endif
+#include "xtables.h"
 
 #include "iptables.h"
 
@@ -109,9 +102,7 @@ static struct xtables_globals xtg = {
 	.program_version = "4",
 	.orig_opts = base_opts,
 	.exit_err = fw3_ipt_error_handler,
-#if XTABLES_VERSION_CODE > 10
 	.compat_rev = xtables_compatible_revision,
-#endif
 };
 
 static struct xtables_globals xtg6 = {
@@ -119,9 +110,7 @@ static struct xtables_globals xtg6 = {
 	.program_version = "6",
 	.orig_opts = base_opts,
 	.exit_err = fw3_ipt_error_handler,
-#if XTABLES_VERSION_CODE > 10
 	.compat_rev = xtables_compatible_revision,
-#endif
 };
 
 static struct {
diff --git a/xtables-5.h b/xtables-5.h
deleted file mode 100644
index 14b54af..0000000
--- a/xtables-5.h
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * firewall3 - 3rd OpenWrt UCI firewall implementation
- *
- *   Copyright (C) 2013 Jo-Philipp Wich <jo at mein.io>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef __FW3_XTABLES_5_H
-#define __FW3_XTABLES_5_H
-
-static inline void
-fw3_xt_reset(void)
-{
-	xtables_matches = NULL;
-	xtables_targets = NULL;
-}
-
-
-static inline const char *
-fw3_xt_get_match_name(struct xtables_match *m)
-{
-    return m->m->u.user.name;
-}
-
-static inline void
-fw3_xt_set_match_name(struct xtables_match *m)
-{
-    snprintf(m->m->u.user.name, sizeof(m->m->u.user.name), "%s", m->name);
-}
-
-static inline bool
-fw3_xt_has_match_parse(struct xtables_match *m)
-{
-    return !!m->parse;
-}
-
-static inline void
-fw3_xt_free_match_udata(struct xtables_match *m)
-{
-    return;
-}
-
-static inline void
-fw3_xt_merge_match_options(struct xtables_globals *g, struct xtables_match *m)
-{
-	g->opts = xtables_merge_options(g->opts, m->extra_opts, &m->option_offset);
-}
-
-
-static inline const char *
-fw3_xt_get_target_name(struct xtables_target *t)
-{
-    return t->t->u.user.name;
-}
-
-static inline void
-fw3_xt_set_target_name(struct xtables_target *t, const char *name)
-{
-    snprintf(t->t->u.user.name, sizeof(t->t->u.user.name), "%s", name);
-}
-
-static inline bool
-fw3_xt_has_target_parse(struct xtables_target *t)
-{
-    return !!t->parse;
-}
-
-static inline void
-fw3_xt_free_target_udata(struct xtables_target *t)
-{
-    return;
-}
-
-static inline void
-fw3_xt_merge_target_options(struct xtables_globals *g, struct xtables_target *t)
-{
-	g->opts = xtables_merge_options(g->opts, t->extra_opts, &t->option_offset);
-}
-
-static inline void
-fw3_xt_print_matches(void *ip, struct xtables_rule_match *matches)
-{
-	struct xtables_rule_match *rm;
-	struct xtables_match *m;
-
-	printf(" ");
-
-	for (rm = matches; rm; rm = rm->next)
-	{
-		m = rm->match;
-		printf("-m %s ", fw3_xt_get_match_name(m));
-
-		if (m->save)
-			m->save(ip, m->m);
-	}
-}
-
-static inline void
-fw3_xt_print_target(void *ip, struct xtables_target *target)
-{
-	if (target)
-	{
-		printf("-j %s ", fw3_xt_get_target_name(target));
-
-		if (target->save)
-			target->save(ip, target->t);
-	}
-}
-
-
-/* xtables api addons */
-
-static inline void
-xtables_option_mpcall(unsigned int c, char **argv, bool invert,
-                      struct xtables_match *m, void *fw)
-{
-	if (m->parse)
-		m->parse(c - m->option_offset, argv, invert, &m->mflags, fw, &m->m);
-}
-
-static inline void
-xtables_option_mfcall(struct xtables_match *m)
-{
-	if (m->final_check)
-		m->final_check(m->mflags);
-}
-
-static inline void
-xtables_option_tpcall(unsigned int c, char **argv, bool invert,
-                      struct xtables_target *t, void *fw)
-{
-	if (t->parse)
-		t->parse(c - t->option_offset, argv, invert, &t->tflags, fw, &t->t);
-}
-
-static inline void
-xtables_option_tfcall(struct xtables_target *t)
-{
-	if (t->final_check)
-		t->final_check(t->tflags);
-}
-
-static inline void
-xtables_rule_matches_free(struct xtables_rule_match **matches)
-{
-	struct xtables_rule_match *mp, *tmp;
-
-	for (mp = *matches; mp;)
-	{
-		tmp = mp->next;
-
-		if (mp->match->m)
-		{
-			free(mp->match->m);
-			mp->match->m = NULL;
-		}
-
-		if (mp->match == mp->match->next)
-		{
-			free(mp->match);
-			mp->match = NULL;
-		}
-
-		free(mp);
-		mp = tmp;
-	}
-
-	*matches = NULL;
-}
-
-static inline int
-xtables_ipmask_to_cidr(const struct in_addr *mask)
-{
-	int bits;
-	uint32_t m;
-
-	for (m = ntohl(mask->s_addr), bits = 0; m & 0x80000000; m <<= 1)
-		bits++;
-
-	return bits;
-}
-
-static inline int
-xtables_ip6mask_to_cidr(const struct in6_addr *mask)
-{
-	int bits = 0;
-	uint32_t a, b, c, d;
-
-	a = ntohl(mask->s6_addr32[0]);
-	b = ntohl(mask->s6_addr32[1]);
-	c = ntohl(mask->s6_addr32[2]);
-	d = ntohl(mask->s6_addr32[3]);
-
-	while (a & 0x80000000U)
-	{
-		a <<= 1;
-		a  |= (b >> 31) & 1;
-		b <<= 1;
-		b  |= (c >> 31) & 1;
-		c <<= 1;
-		c  |= (d >> 31) & 1;
-		d <<= 1;
-
-		bits++;
-	}
-
-	return bits;
-}
-
-#endif
diff --git a/xtables-10.h b/xtables.h
similarity index 98%
rename from xtables-10.h
rename to xtables.h
index 6a2275d..8fd8293 100644
--- a/xtables-10.h
+++ b/xtables.h
@@ -16,8 +16,8 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#ifndef __FW3_XTABLES_10_H
-#define __FW3_XTABLES_10_H
+#ifndef __FW3_XTABLES_H
+#define __FW3_XTABLES_H
 
 extern struct xtables_match *xtables_pending_matches;
 extern struct xtables_target *xtables_pending_targets;
-- 
2.34.1

More information about the openwrt-devel mailing list