From bd40ba4584141ce34f3d5c42841abafccad06bdd Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sun, 6 Nov 2016 19:14:47 +0100 Subject: [PATCH] iptables: move includes into iptables.c to avoid kernel header clashes In order to avoid header clashes and redefinition errors in compilation units which include iptables.h, move all includes into the iptables.c file and only provide a forward declaration for struct fw3_ipt_rule. This allows us to hide all xtables specific direct and indirect includes in order to only expose a clean interface which does not rely on any kernel header bits. Within iptables.c, reshuffle the includes and predeclare some guard defines to allow compilation on both glibc as well as patched and unpatched musl systems. Signed-off-by: Jo-Philipp Wich --- iptables.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ iptables.h | 46 +--------------------------------------------- 2 files changed, 54 insertions(+), 45 deletions(-) diff --git a/iptables.c b/iptables.c index ccfd29c..e9f4ca7 100644 --- a/iptables.c +++ b/iptables.c @@ -16,9 +16,62 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#define _GNU_SOURCE /* RTLD_NEXT */ + +/* include userspace headers */ +#include +#include +#include +#include +#include +#include +#include + +/* prevent indirect inclusion of kernel headers */ +#define _LINUX_IF_H +#define _LINUX_IN_H +#define _LINUX_IN6_H + +/* prevent libiptc from including kernel headers */ +#define _FWCHAINS_KERNEL_HEADERS_H + +/* finally include libiptc and xtables */ +#include +#include +#include + +#include "options.h" + +/* xtables interface */ +#if (XTABLES_VERSION_CODE == 10 || XTABLES_VERSION_CODE == 11) +# include "xtables-10.h" +#elif (XTABLES_VERSION_CODE == 5) +# include "xtables-5.h" +#else +# error "Unsupported xtables version" +#endif + #include "iptables.h" +struct fw3_ipt_rule { + struct fw3_ipt_handle *h; + + union { + struct ipt_entry e; + struct ip6t_entry e6; + }; + + struct xtables_rule_match *matches; + struct xtables_target *target; + + int argc; + char **argv; + + uint32_t protocol; + bool protocol_loaded; +}; + static struct option base_opts[] = { { .name = "match", .has_arg = 1, .val = 'm' }, { .name = "jump", .has_arg = 1, .val = 'j' }, diff --git a/iptables.h b/iptables.h index 491e598..8a4ce8f 100644 --- a/iptables.h +++ b/iptables.h @@ -19,31 +19,6 @@ #ifndef __FW3_IPTABLES_H #define __FW3_IPTABLES_H -#define _GNU_SOURCE /* RTLD_NEXT */ - -#define _LINUX_IF_H -#define _LINUX_IN_H -#define _LINUX_IN6_H -#include -#include -#include - -#include -#include -#include -#include - -#include "options.h" - -/* xtables interface */ -#if (XTABLES_VERSION_CODE == 10 || XTABLES_VERSION_CODE == 11) -# include "xtables-10.h" -#elif (XTABLES_VERSION_CODE == 5) -# include "xtables-5.h" -#else -# error "Unsupported xtables version" -#endif - #ifndef DISABLE_STATIC_EXTENSIONS /* libipt*ext.so interfaces */ extern void init_extensions(void); @@ -65,23 +40,7 @@ struct fw3_ipt_handle { void *handle; }; -struct fw3_ipt_rule { - struct fw3_ipt_handle *h; - - union { - struct ipt_entry e; - struct ip6t_entry e6; - }; - - struct xtables_rule_match *matches; - struct xtables_target *target; - - int argc; - char **argv; - - uint32_t protocol; - bool protocol_loaded; -}; +struct fw3_ipt_rule; struct fw3_ipt_handle *fw3_ipt_open(enum fw3_family family, enum fw3_table table); @@ -168,7 +127,4 @@ fw3_ipt_rule_target(struct fw3_ipt_rule *r, const char *fmt, ...) fw3_ipt_rule_addarg(r, false, "-j", buf); } -void xtables_register_match(struct xtables_match *me); -void xtables_register_target(struct xtables_target *me); - #endif -- 2.30.2