From ba9cae9b9083ea6b4d1fe3d9431ceabdbea5479f Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Thu, 17 Dec 2009 01:31:13 +0000
Subject: [PATCH] contrib/fwd: add fwd_xt_parse_frag(), fwd_xt_append_rule()
 and fwd_xt_insert_rule() - completes xtables api

---
 contrib/fwd/src/fwd_rules.c   | 42 +++++++++++++++++------------------
 contrib/fwd/src/fwd_xtables.c | 30 +++++++++++++++++++++++--
 contrib/fwd/src/fwd_xtables.h |  4 +++-
 3 files changed, 52 insertions(+), 24 deletions(-)

diff --git a/contrib/fwd/src/fwd_rules.c b/contrib/fwd/src/fwd_rules.c
index 595b1e7f4e..300939d7f3 100644
--- a/contrib/fwd/src/fwd_rules.c
+++ b/contrib/fwd/src/fwd_rules.c
@@ -45,7 +45,7 @@ static void fwd_r_jump_chain(
 	if( (r = fwd_xt_init_rule(h)) != NULL )
 	{
 		fwd_xt_get_target(r, chain2);
-		fwd_xt_exec_rule(r, chain1);
+		fwd_xt_append_rule(r, chain1);
 	}
 }
 
@@ -61,7 +61,7 @@ static void fwd_r_drop_invalid(struct iptc_handle *h, const char *chain)
 		{
 			fwd_xt_parse_match(r, m, "--state", "INVALID");
 			fwd_xt_get_target(r, "DROP");
-			fwd_xt_exec_rule(r, chain);
+			fwd_xt_append_rule(r, chain);
 		}
 	}
 }
@@ -78,7 +78,7 @@ static void fwd_r_accept_related(struct iptc_handle *h, const char *chain)
 		{
 			fwd_xt_parse_match(r, m, "--state", "RELATED,ESTABLISHED");
 			fwd_xt_get_target(r, "ACCEPT");
-			fwd_xt_exec_rule(r, chain);
+			fwd_xt_append_rule(r, chain);
 		}
 	}
 }
@@ -95,14 +95,14 @@ static void fwd_r_accept_lo(struct iptc_handle *h)
 	{
 		fwd_xt_parse_in(r, &n, 0);
 		fwd_xt_get_target(r, "ACCEPT");
-		fwd_xt_exec_rule(r, "INPUT");
+		fwd_xt_append_rule(r, "INPUT");
 	}
 
 	if( (r = fwd_xt_init_rule(h)) != NULL )
 	{
 		fwd_xt_parse_out(r, &n, 0);
 		fwd_xt_get_target(r, "ACCEPT");
-		fwd_xt_exec_rule(r, "OUTPUT");
+		fwd_xt_append_rule(r, "OUTPUT");
 	}
 }
 
@@ -142,7 +142,7 @@ static void fwd_r_add_synflood(struct iptc_handle *h, struct fwd_defaults *def)
 
 		/* -j RETURN; -A syn_flood */
 		fwd_xt_get_target(r, "RETURN");
-		fwd_xt_exec_rule(r, "syn_flood");
+		fwd_xt_append_rule(r, "syn_flood");
 	}
 
 	/* drop rule */
@@ -150,7 +150,7 @@ static void fwd_r_add_synflood(struct iptc_handle *h, struct fwd_defaults *def)
 	{	
 		/* -j DROP; -A syn_flood */
 		fwd_xt_get_target(r, "DROP");
-		fwd_xt_exec_rule(r, "syn_flood");
+		fwd_xt_append_rule(r, "syn_flood");
 	}
 
 	/* jump to syn_flood rule */
@@ -168,7 +168,7 @@ static void fwd_r_add_synflood(struct iptc_handle *h, struct fwd_defaults *def)
 
 		/* -j syn_flood; -A INPUT */
 		fwd_xt_get_target(r, "syn_flood");
-		fwd_xt_exec_rule(r, "INPUT");
+		fwd_xt_append_rule(r, "INPUT");
 	}
 }
 
@@ -196,7 +196,7 @@ static void fwd_r_handle_reject(struct iptc_handle *h)
 		}
 
 		/* -A handle_reject */
-		fwd_xt_exec_rule(r, "handle_reject");
+		fwd_xt_append_rule(r, "handle_reject");
 	}
 
 	/* common reject rule */
@@ -210,7 +210,7 @@ static void fwd_r_handle_reject(struct iptc_handle *h)
 		}
 
 		/* -A handle_reject */
-		fwd_xt_exec_rule(r, "handle_reject");
+		fwd_xt_append_rule(r, "handle_reject");
 	}
 }
 
@@ -227,7 +227,7 @@ static void fwd_r_handle_drop(struct iptc_handle *h)
 	{
 		/* -j DROP; -A handle_reject */
 		fwd_xt_get_target(r, "DROP");
-		fwd_xt_exec_rule(r, "handle_reject");
+		fwd_xt_append_rule(r, "handle_reject");
 	}
 }
 
@@ -244,7 +244,7 @@ static void fwd_r_handle_accept(struct iptc_handle *h)
 	{
 		/* -j ACCEPT; -A handle_accept */
 		fwd_xt_get_target(r, "ACCEPT");
-		fwd_xt_exec_rule(r, "handle_accept");
+		fwd_xt_append_rule(r, "handle_accept");
 	}
 }
 
@@ -603,7 +603,7 @@ void fwd_ipt_addif(struct fwd_handle *h, const char *net)
 			fwd_xt_parse_out(x, n, 0);					/* -o ... */
 			fwd_xt_get_target(x, "MASQUERADE");			/* -j MASQUERADE */
 			fwd_r_add_comment(x, "masq", z, NULL, n);	/* -m comment ... */
-			fwd_xt_exec_rule(x, "zonemasq");			/* -A zonemasq */
+			fwd_xt_append_rule(x, "zonemasq");			/* -A zonemasq */
 		}
 	}
 
@@ -630,7 +630,7 @@ void fwd_ipt_addif(struct fwd_handle *h, const char *net)
 			fwd_r_add_comment(x, "mssfix", z, NULL, n);
 
 			/* -A mssfix */
-			fwd_xt_exec_rule(x, "mssfix");
+			fwd_xt_append_rule(x, "mssfix");
 		}
 	}
 
@@ -650,7 +650,7 @@ void fwd_ipt_addif(struct fwd_handle *h, const char *net)
 				fwd_xt_parse_out(x, n2, 0);				/* -o ... */
 				fwd_r_add_policytarget(x, z->forward);	/* -j handle_... */
 				fwd_r_add_comment(x, "zone", z, n, n2);	/* -m comment ... */
-				fwd_xt_exec_rule(x, "zones");			/* -A zones */
+				fwd_xt_append_rule(x, "zones");			/* -A zones */
 			}
 		}
 	}
@@ -672,7 +672,7 @@ void fwd_ipt_addif(struct fwd_handle *h, const char *net)
 				fwd_xt_parse_out(x, n2, 0);					/* -o ... */
 				fwd_r_add_policytarget(x, FWD_P_ACCEPT);	/* -j handle_... */
 				fwd_r_add_comment(x, "forward", z, n, n2);	/* -m comment ... */
-				fwd_xt_exec_rule(x, "forwardings");			/* -A forwardings */
+				fwd_xt_append_rule(x, "forwardings");			/* -A forwardings */
 			}
 		}
 	}
@@ -695,7 +695,7 @@ void fwd_ipt_addif(struct fwd_handle *h, const char *net)
 			fwd_r_add_srcmac(x, r->src_mac);			/* -m mac --mac-source ... */
 			fwd_r_add_dnattarget(x, r->dest_ip, r->dest_port);	/* -j DNAT ... */
 			fwd_r_add_comment(x, "redir", z, n, NULL);	/* -m comment ... */
-			fwd_xt_exec_rule(x, "redirects");			/* -A redirects */
+			fwd_xt_append_rule(x, "redirects");			/* -A redirects */
 		}
 
 		/* Forward */
@@ -710,7 +710,7 @@ void fwd_ipt_addif(struct fwd_handle *h, const char *net)
 			fwd_r_add_dport(x, r->dest_port);			/* --dport ... */
 			fwd_r_add_policytarget(x, FWD_P_ACCEPT);	/* -j handle_accept */
 			fwd_r_add_comment(x, "redir", z, n, NULL);	/* -m comment ... */
-			fwd_xt_exec_rule(x, "redirects");			/* -A redirects */
+			fwd_xt_append_rule(x, "redirects");			/* -A redirects */
 		}
 
 		/* Add loopback rule if neither src_ip nor src_mac are defined */
@@ -725,7 +725,7 @@ void fwd_ipt_addif(struct fwd_handle *h, const char *net)
 				fwd_r_add_dport(x, r->src_dport);			/* --dport ... */
 				fwd_xt_get_target(x, "MASQUERADE");			/* -j MASQUERADE */
 				fwd_r_add_comment(x, "redir", z, n, NULL);	/* -m comment ... */
-				fwd_xt_exec_rule(x, "loopback");			/* -A loopback */
+				fwd_xt_append_rule(x, "loopback");			/* -A loopback */
 			}
 		}
 	}
@@ -756,7 +756,7 @@ void fwd_ipt_addif(struct fwd_handle *h, const char *net)
 					fwd_r_add_dport(x, c->dest_port);		/* --dport ... */
 					fwd_r_add_policytarget(x, c->target);	/* -j handle_... */
 					fwd_r_add_comment(x, "rule", z, n, n2);	/* -m comment ... */
-					fwd_xt_exec_rule(x, "rules");			/* -A rules */
+					fwd_xt_append_rule(x, "rules");			/* -A rules */
 				}
 			}
 		}
@@ -779,7 +779,7 @@ void fwd_ipt_addif(struct fwd_handle *h, const char *net)
 				fwd_r_add_dport(x, c->dest_port);			/* --dport ... */
 				fwd_r_add_policytarget(x, c->target);		/* -j handle_... */
 				fwd_r_add_comment(x, "rule", z, n, NULL);	/* -m comment ... */
-				fwd_xt_exec_rule(x, "rules");				/* -A rules */
+				fwd_xt_append_rule(x, "rules");				/* -A rules */
 			}
 		}
 	}
diff --git a/contrib/fwd/src/fwd_xtables.c b/contrib/fwd/src/fwd_xtables.c
index 6f569fd27a..c0a3c582d8 100644
--- a/contrib/fwd/src/fwd_xtables.c
+++ b/contrib/fwd/src/fwd_xtables.c
@@ -82,6 +82,17 @@ struct fwd_xt_rule * fwd_xt_init_rule(struct iptc_handle *h)
 	return NULL;
 }
 
+void fwd_xt_parse_frag(
+	struct fwd_xt_rule *r, int frag, int inv
+) {
+	if( frag )
+	{
+		r->entry->ip.flags |= IPT_F_FRAG;
+
+		if( inv )
+			r->entry->ip.invflags |= IPT_INV_FRAG;
+	}
+}
 
 void fwd_xt_parse_proto(
 	struct fwd_xt_rule *r, struct fwd_proto *p, int inv
@@ -312,7 +323,7 @@ void __fwd_xt_parse_target(
 }
 
 
-int fwd_xt_exec_rule(struct fwd_xt_rule *r, const char *chain)
+static int fwd_xt_exec_rule(struct fwd_xt_rule *r, const char *chain, int pos)
 {
 	size_t s;
 	struct xtables_rule_match *m, *next;
@@ -344,7 +355,10 @@ int fwd_xt_exec_rule(struct fwd_xt_rule *r, const char *chain)
 
 		memcpy(e->elems + s, r->target->t, r->target->t->u.target_size);
 
-		rv = iptc_append_entry(chain, e, r->iptc);
+		rv = (pos > -1)
+			? iptc_insert_entry(chain, e, (unsigned int) pos, r->iptc)
+			: iptc_append_entry(chain, e, r->iptc)
+		;
 	}
 	else
 	{
@@ -383,3 +397,15 @@ int fwd_xt_exec_rule(struct fwd_xt_rule *r, const char *chain)
 	return rv;
 }
 
+int fwd_xt_insert_rule(
+	struct fwd_xt_rule *r, const char *chain, unsigned int pos
+) {
+	return fwd_xt_exec_rule(r, chain, pos);
+}
+
+int fwd_xt_append_rule(
+	struct fwd_xt_rule *r, const char *chain
+) {
+	return fwd_xt_exec_rule(r, chain, -1);
+}
+
diff --git a/contrib/fwd/src/fwd_xtables.h b/contrib/fwd/src/fwd_xtables.h
index f894b47e42..45b638a058 100644
--- a/contrib/fwd/src/fwd_xtables.h
+++ b/contrib/fwd/src/fwd_xtables.h
@@ -54,6 +54,7 @@ void fwd_xt_parse_in(struct fwd_xt_rule *r, struct fwd_network_list *n, int inv)
 void fwd_xt_parse_out(struct fwd_xt_rule *r, struct fwd_network_list *n, int inv);
 void fwd_xt_parse_src(struct fwd_xt_rule *r, struct fwd_cidr *c, int inv);
 void fwd_xt_parse_dest(struct fwd_xt_rule *r, struct fwd_cidr *c, int inv);
+void fwd_xt_parse_frag(struct fwd_xt_rule *r, int frag, int inv);
 
 struct xtables_match * fwd_xt_get_match(struct fwd_xt_rule *r, const char *name);
 void __fwd_xt_parse_match(struct fwd_xt_rule *r, struct xtables_match *m, ...);
@@ -63,6 +64,7 @@ struct xtables_target * fwd_xt_get_target(struct fwd_xt_rule *r, const char *nam
 void __fwd_xt_parse_target(struct fwd_xt_rule *r, struct xtables_target *t, ...);
 #define fwd_xt_parse_target(r, t, ...) __fwd_xt_parse_target(r, t, __VA_ARGS__, NULL)
 
-int fwd_xt_exec_rule(struct fwd_xt_rule *r, const char *chain);
+int fwd_xt_append_rule(struct fwd_xt_rule *r, const char *chain);
+int fwd_xt_insert_rule(struct fwd_xt_rule *r, const char *chain, unsigned int pos);
 
 #endif
-- 
2.30.2