static void
run_test (void)
{
guestfs_h *g;
size_t i;
printf ("Warming up the libguestfs cache ...\n");
for (i = 0; i < NR_WARMUP_PASSES; ++i) {
g = create_handle ();
add_drive (g);
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
guestfs_close (g);
}
printf ("Running the tests in %d passes ...\n", NR_TEST_PASSES);
for (i = 0; i < NR_TEST_PASSES; ++i) {
g = create_handle ();
set_up_event_handlers (g, i);
start_libvirt_thread (i);
add_drive (g);
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
guestfs_close (g);
stop_libvirt_thread ();
printf (" pass %zu: %zu events collected in %" PRIi64 " ns\n",
i+1, pass_data[i].nr_events, pass_data[i].elapsed_ns);
}
if (verbose)
dump_pass_data ();
printf ("Analyzing the results ...\n");
check_pass_data ();
construct_timeline ();
analyze_timeline ();
if (verbose)
dump_timeline ();
printf ("\n");
g = create_handle ();
test_info (g, NR_TEST_PASSES);
guestfs_close (g);
printf ("\n");
print_analysis ();
printf ("\n");
printf ("Longest activities:\n");
printf ("\n");
print_longest_to_shortest ();
free_pass_data ();
free_final_timeline ();
}
NTSTATUS SERVICECALL
NtOpenProcessTokenEx(IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN ULONG HandleAttributes,
OUT PHANDLE TokenHandle)
{
PACCESS_TOKEN token;
NTSTATUS status;
HANDLE htoken;
ktrace("\n");
status = open_process_token(ProcessHandle, &token);
if (NT_SUCCESS(status)) {
status = create_handle((struct eprocess * )get_current_eprocess(), /* TODO */
(void *)token,
DesiredAccess,
FALSE,
&htoken);
deref_object(token);
if (NT_SUCCESS(status))
if (copy_to_user(TokenHandle, &htoken, sizeof(htoken)))
status = STATUS_UNSUCCESSFUL;
}
return status;
}
/* File handle initialization routine. */
void
fh_init (void)
{
inline_file = create_handle ("INLINE", xstrdup ("INLINE"), FH_REF_INLINE);
inline_file->record_width = 80;
inline_file->tab_width = 8;
}
// ---------------------------------------------------------- makeconnection ---
Handle
makeconnection(const Arg args[], const int nargs)
{
if (!args[0].isType(StringType)) {
die("makeconnection", "First argument must be a string giving "
"connection type, e.g. \"mouse\", \"midi\".");
return NULL;
}
if (args[0] == "mouseX" || args[0] == "mouseY") {
die("makeconnection",
"New calling convention for mouse is (\"mouse\", \"X\", ...)");
return NULL;
}
Handle handle = NULL;
#ifndef EMBEDDED
const char *selector = (const char *) args[0];
char loadPath[1024];
const char *dsoPath = Option::dsoPath();
if (strlen(dsoPath) == 0)
dsoPath = SHAREDLIBDIR;
sprintf(loadPath, "%s/lib%sconn.so", dsoPath, selector);
DynamicLib theDSO;
if (theDSO.load(loadPath) == 0) {
HandleCreator creator = NULL;
if (theDSO.loadFunction(&creator, "create_handle") == 0) {
// Pass 2nd thru last args, leaving off selector
handle = (*creator)(&args[1], nargs - 1);
}
else {
die("makeconnection", "symbol lookup failed: %s\n", theDSO.error());
theDSO.unload();
return NULL;
}
}
else {
die("makeconnection", "dso load failed: %s\n", theDSO.error());
return NULL;
}
#else
// BGG -- create_handle() will invoke the RTInletPField stuff in control/maxmsp
// We can't use the 'normal' create_pfield() because of conflict with
// inletglue.cpp function (dyn loading keeps them separate, but we
// don't dynlaod in max/msp)
// same with create_pfbus_handle()
if (args[0] == "inlet") {
handle = create_handle(&args[1], nargs-1);
} else if(args[0] == "pfbus") {
handle = create_pfbus_handle(&args[1], nargs-1);
}
#endif // EMBEDDED
return handle;
}
void ptu_create_( int nlhs
,mxArray *plhs[]
,int nrhs
,const mxArray
*prhs[])
{
printf("debug: ptu_create\n");
OBJ_HANDLE_ = create_handle(new all::act::directed_perception_ptu_t);
}
// ---------------------------------------------------------- makeconnection ---
Handle
makeconnection(const Arg args[], const int nargs)
{
if (!args[0].isType(StringType)) {
die("makeconnection", "First argument must be a string giving "
"connection type, e.g. \"mouse\", \"midi\".");
return NULL;
}
if (args[0] == "mouseX" || args[0] == "mouseY") {
die("makeconnection",
"New calling convention for mouse is (\"mouse\", \"X\", ...)");
return NULL;
}
Handle handle = NULL;
HandleCreator creator = NULL;
const char *selector = (const char *) args[0];
// BGG mm -- in max/msp it is compiled-in, no dso loading
/*
char loadPath[1024];
sprintf(loadPath, "%s/lib%sconn.so", SHAREDLIBDIR, selector);
DynamicLib theDSO;
if (theDSO.load(loadPath) == 0) {
if (theDSO.loadFunction(&creator, "create_handle") == 0) {
// Pass 2nd thru last args, leaving off selector
handle = (*creator)(&args[1], nargs - 1);
}
else {
die("makeconnection", "symbol lookup failed: %s\n", theDSO.error());
theDSO.unload();
}
}
else {
die("makeconnection", "dso load failed: %s\n", theDSO.error());
}
*/
// BGG mm create_handle() is going to invoke the RTInletPField stuff in
// control/maxmsp
// BGG mm
// can't use the 'normal' create_pfield() because of conflict with
// inletglue.cpp function (dyn loading keeps tehm separate, but we
// don't dynlaod in max/msp
if (args[0] == "inlet") {
handle = create_handle(&args[1], nargs-1);
} else if(args[0] == "pfbus") {
handle = create_pfbus_handle(&args[1], nargs-1);
}
return handle;
}
/*prototipo: init_ssystem()
* descricao: inicializa o sistema de armazenamento
* parametros: */
int init_ssystem(void){
// cria o manipulador do cluster
create_handle(&cluster);
if(cluster == NULL){
fprintf(stderr,"[init_rados/iceph.c] cannot create a cluster handle\n");
return 1;
}
return 0;
}
/* Creates a new file handle with the given ID, which must be
unique among existing file identifiers. The new handle is
associated with a dataset file (initially empty). */
struct file_handle *
fh_create_dataset (struct dataset *ds)
{
const char *name;
struct file_handle *handle;
name = dataset_name (ds);
if (name[0] == '\0')
name = _("active dataset");
handle = create_handle (NULL, xstrdup (name), FH_REF_DATASET);
handle->ds = ds;
return handle;
}
/* Creates and returns a new file handle with the given ID, which may be null.
If it is non-null, it must be a UTF-8 encoded string that is unique among
existing file identifiers. The new handle is associated with file FILE_NAME
and the given PROPERTIES. */
struct file_handle *
fh_create_file (const char *id, const char *file_name,
const struct fh_properties *properties)
{
char *handle_name;
struct file_handle *handle;
handle_name = id != NULL ? xstrdup (id) : xasprintf ("`%s'", file_name);
handle = create_handle (id, handle_name, FH_REF_FILE);
handle->file_name = xstrdup (file_name);
handle->mode = properties->mode;
handle->record_width = properties->record_width;
handle->tab_width = properties->tab_width;
handle->encoding = properties->encoding;
return handle;
}
int
main (int argc, char *argv[])
{
size_t nr_failed;
guestfs_h *g;
setbuf (stdout, NULL);
no_test_warnings ();
g = create_handle ();
nr_failed = perform_tests (g);
guestfs_close (g);
if (nr_failed > 0) {
printf ("***** %zu / %zu tests FAILED *****\n", nr_failed, nr_tests);
exit (EXIT_FAILURE);
}
exit (EXIT_SUCCESS);
}
int main(int argc, char *argv[])
#endif
{
struct ip6tc_handle *handle = NULL;
char buffer[10240];
int c;
char curtable[IP6T_TABLE_MAXNAMELEN + 1];
FILE *in;
int in_table = 0, testing = 0;
line = 0;
ip6tables_globals.program_name = "ip6tables-restore";
c = xtables_init_all(&ip6tables_globals, NFPROTO_IPV6);
if (c < 0) {
fprintf(stderr, "%s/%s Failed to initialize xtables\n",
ip6tables_globals.program_name,
ip6tables_globals.program_version);
exit(1);
}
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions6();
#endif
while ((c = getopt_long(argc, argv, "bcvthnM:", options, NULL)) != -1) {
switch (c) {
case 'b':
binary = 1;
break;
case 'c':
counters = 1;
break;
case 'v':
verbose = 1;
break;
case 't':
testing = 1;
break;
case 'h':
print_usage("ip6tables-restore",
IPTABLES_VERSION);
break;
case 'n':
noflush = 1;
break;
case 'M':
xtables_modprobe_program = optarg;
break;
}
}
if (optind == argc - 1) {
in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
exit(1);
}
}
else if (optind < argc) {
fprintf(stderr, "Unknown arguments found on commandline\n");
exit(1);
}
else in = stdin;
/* Grab standard input. */
while (fgets(buffer, sizeof(buffer), in)) {
int ret = 0;
line++;
if (buffer[0] == '\n')
continue;
else if (buffer[0] == '#') {
if (verbose)
fputs(buffer, stdout);
continue;
} else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) {
if (!testing) {
DEBUGP("Calling commit\n");
ret = ip6tc_commit(handle);
ip6tc_free(handle);
handle = NULL;
} else {
DEBUGP("Not calling commit, testing\n");
ret = 1;
}
in_table = 0;
} else if ((buffer[0] == '*') && (!in_table)) {
/* New table */
char *table;
table = strtok(buffer+1, " \t\n");
DEBUGP("line %u, table '%s'\n", line, table);
if (!table) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n",
ip6tables_globals.program_name,
line);
exit(1);
}
strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
curtable[IP6T_TABLE_MAXNAMELEN] = '\0';
if (handle)
ip6tc_free(handle);
handle = create_handle(table);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
table);
for_each_chain6(flush_entries6, verbose, 1,
handle);
DEBUGP("Deleting all user-defined chains "
"of table '%s'\n", table);
for_each_chain6(delete_chain6, verbose, 0,
handle);
}
ret = 1;
in_table = 1;
} else if ((buffer[0] == ':') && (in_table)) {
/* New chain. */
char *policy, *chain;
chain = strtok(buffer+1, " \t\n");
DEBUGP("line %u, chain '%s'\n", line, chain);
if (!chain) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
ip6tables_globals.program_name,
line);
exit(1);
}
if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
xtables_error(PARAMETER_PROBLEM,
"Invalid chain name `%s' "
"(%u chars max)",
chain, XT_EXTENSION_MAXNAMELEN - 1);
if (ip6tc_builtin(chain, handle) <= 0) {
if (noflush && ip6tc_is_chain(chain, handle)) {
DEBUGP("Flushing existing user defined chain '%s'\n", chain);
if (!ip6tc_flush_entries(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error flushing chain "
"'%s':%s\n", chain,
strerror(errno));
} else {
DEBUGP("Creating new chain '%s'\n", chain);
if (!ip6tc_create_chain(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error creating chain "
"'%s':%s\n", chain,
strerror(errno));
}
}
policy = strtok(NULL, " \t\n");
DEBUGP("line %u, policy '%s'\n", line, policy);
if (!policy) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n",
ip6tables_globals.program_name,
line);
exit(1);
}
if (strcmp(policy, "-") != 0) {
struct ip6t_counters count;
if (counters) {
char *ctrs;
ctrs = strtok(NULL, " \t\n");
if (!ctrs || !parse_counters(ctrs, &count))
xtables_error(PARAMETER_PROBLEM,
"invalid policy counters "
"for chain '%s'\n", chain);
} else {
memset(&count, 0,
sizeof(struct ip6t_counters));
}
DEBUGP("Setting policy of chain %s to %s\n",
chain, policy);
if (!ip6tc_set_policy(chain, policy, &count,
handle))
xtables_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
policy, chain, line,
ip6tc_strerror(errno));
}
ret = 1;
} else if (in_table) {
int a;
char *ptr = buffer;
char *pcnt = NULL;
char *bcnt = NULL;
char *parsestart;
/* the parser */
char *curchar;
int quote_open, escaped;
size_t param_len;
/* reset the newargv */
newargc = 0;
if (buffer[0] == '[') {
/* we have counters in our input */
ptr = strchr(buffer, ']');
if (!ptr)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
pcnt = strtok(buffer+1, ":");
if (!pcnt)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need :\n",
line);
bcnt = strtok(NULL, "]");
if (!bcnt)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
/* start command parsing after counter */
parsestart = ptr + 1;
} else {
/* start command parsing at start of line */
parsestart = buffer;
}
add_argv(argv[0]);
add_argv("-t");
add_argv(curtable);
if (counters && pcnt && bcnt) {
add_argv("--set-counters");
add_argv((char *) pcnt);
add_argv((char *) bcnt);
}
/* After fighting with strtok enough, here's now
* a 'real' parser. According to Rusty I'm now no
* longer a real hacker, but I can live with that */
quote_open = 0;
escaped = 0;
param_len = 0;
for (curchar = parsestart; *curchar; curchar++) {
char param_buffer[1024];
if (quote_open) {
if (escaped) {
param_buffer[param_len++] = *curchar;
escaped = 0;
continue;
} else if (*curchar == '\\') {
escaped = 1;
continue;
} else if (*curchar == '"') {
quote_open = 0;
*curchar = ' ';
} else {
param_buffer[param_len++] = *curchar;
continue;
}
} else {
if (*curchar == '"') {
quote_open = 1;
continue;
}
}
if (*curchar == ' '
|| *curchar == '\t'
|| * curchar == '\n') {
if (!param_len) {
/* two spaces? */
continue;
}
param_buffer[param_len] = '\0';
/* check if table name specified */
if (!strncmp(param_buffer, "-t", 2)
|| !strncmp(param_buffer, "--table", 8)) {
xtables_error(PARAMETER_PROBLEM,
"Line %u seems to have a "
"-t table option.\n", line);
exit(1);
}
add_argv(param_buffer);
param_len = 0;
} else {
/* regular character, copy to buffer */
param_buffer[param_len++] = *curchar;
if (param_len >= sizeof(param_buffer))
xtables_error(PARAMETER_PROBLEM,
"Parameter too long!");
}
}
DEBUGP("calling do_command6(%u, argv, &%s, handle):\n",
newargc, curtable);
for (a = 0; a < newargc; a++)
DEBUGP("argv[%u]: %s\n", a, newargv[a]);
ret = do_command6(newargc, newargv,
&newargv[2], &handle);
free_argv();
fflush(stdout);
}
if (!ret) {
fprintf(stderr, "%s: line %u failed\n",
ip6tables_globals.program_name,
line);
exit(1);
}
}
if (in_table) {
fprintf(stderr, "%s: COMMIT expected at line %u\n",
ip6tables_globals.program_name,
line + 1);
exit(1);
}
if (in != NULL)
fclose(in);
return 0;
}
int main(int argc, char *argv[])
{
ip6tc_handle_t handle;
char buffer[10240];
unsigned int line = 0;
int c;
char curtable[IP6T_TABLE_MAXNAMELEN + 1];
FILE *in;
const char *modprobe = 0;
program_name = "ip6tables-restore";
program_version = IPTABLES_VERSION;
#ifdef NO_SHARED_LIBS
init_extensions();
#endif
while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) {
switch (c) {
case 'b':
binary = 1;
break;
case 'c':
counters = 1;
break;
case 'v':
verbose = 1;
break;
case 'h':
print_usage("ip6tables-restore",
IPTABLES_VERSION);
break;
case 'n':
noflush = 1;
break;
case 'M':
modprobe = optarg;
break;
}
}
if (optind == argc - 1) {
in = fopen(argv[optind], "r");
if (!in) {
fprintf(stderr, "Can't open %s: %s", argv[optind],
strerror(errno));
exit(1);
}
}
else if (optind < argc) {
fprintf(stderr, "Unknown arguments found on commandline");
exit(1);
}
else in = stdin;
/* Grab standard input. */
while (fgets(buffer, sizeof(buffer), in)) {
int ret;
line++;
if (buffer[0] == '\n') continue;
else if (buffer[0] == '#') {
if (verbose) fputs(buffer, stdout);
continue;
} else if (strcmp(buffer, "COMMIT\n") == 0) {
DEBUGP("Calling commit\n");
ret = ip6tc_commit(&handle);
} else if (buffer[0] == '*') {
/* New table */
char *table;
table = strtok(buffer+1, " \t\n");
DEBUGP("line %u, table '%s'\n", line, table);
if (!table) {
exit_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n",
program_name, line);
exit(1);
}
strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
handle = create_handle(table, modprobe);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
table);
for_each_chain(flush_entries, verbose, 1,
&handle);
DEBUGP("Deleting all user-defined chains "
"of table '%s'\n", table);
for_each_chain(delete_chain, verbose, 0,
&handle) ;
}
ret = 1;
} else if (buffer[0] == ':') {
/* New chain. */
char *policy, *chain;
chain = strtok(buffer+1, " \t\n");
DEBUGP("line %u, chain '%s'\n", line, chain);
if (!chain) {
exit_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
program_name, line);
exit(1);
}
if (!ip6tc_builtin(chain, handle)) {
DEBUGP("Creating new chain '%s'\n", chain);
if (!ip6tc_create_chain(chain, &handle))
exit_error(PARAMETER_PROBLEM,
"error creating chain "
"'%s':%s\n", chain,
strerror(errno));
}
policy = strtok(NULL, " \t\n");
DEBUGP("line %u, policy '%s'\n", line, policy);
if (!policy) {
exit_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n",
program_name, line);
exit(1);
}
if (strcmp(policy, "-") != 0) {
struct ip6t_counters count;
if (counters) {
char *ctrs;
ctrs = strtok(NULL, " \t\n");
parse_counters(ctrs, &count);
} else {
memset(&count, 0,
sizeof(struct ip6t_counters));
}
DEBUGP("Setting policy of chain %s to %s\n",
chain, policy);
if (!ip6tc_set_policy(chain, policy, &count,
&handle))
exit_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
chain, policy, line,
ip6tc_strerror(errno));
}
ret = 1;
} else {
int a;
char *ptr = buffer;
char *pcnt = NULL;
char *bcnt = NULL;
char *parsestart;
/* the parser */
char *param_start, *curchar;
int quote_open;
/* reset the newargv */
newargc = 0;
if (buffer[0] == '[') {
/* we have counters in our input */
ptr = strchr(buffer, ']');
if (!ptr)
exit_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
pcnt = strtok(buffer+1, ":");
if (!pcnt)
exit_error(PARAMETER_PROBLEM,
"Bad line %u: need :\n",
line);
bcnt = strtok(NULL, "]");
if (!bcnt)
exit_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
/* start command parsing after counter */
parsestart = ptr + 1;
} else {
/* start command parsing at start of line */
parsestart = buffer;
}
add_argv(argv[0]);
add_argv("-t");
add_argv((char *) &curtable);
if (counters && pcnt && bcnt) {
add_argv("--set-counters");
add_argv((char *) pcnt);
add_argv((char *) bcnt);
}
/* After fighting with strtok enough, here's now
* a 'real' parser. According to Rusty I'm now no
* longer a real hacker, but I can live with that */
quote_open = 0;
param_start = parsestart;
for (curchar = parsestart; *curchar; curchar++) {
if (*curchar == '"') {
if (quote_open) {
quote_open = 0;
*curchar = ' ';
} else {
quote_open = 1;
param_start++;
}
}
if (*curchar == ' '
|| *curchar == '\t'
|| * curchar == '\n') {
char param_buffer[1024];
int param_len = curchar-param_start;
if (quote_open)
continue;
if (!param_len) {
/* two spaces? */
param_start++;
continue;
}
/* end of one parameter */
strncpy(param_buffer, param_start,
param_len);
*(param_buffer+param_len) = '\0';
/* check if table name specified */
if (!strncmp(param_buffer, "-t", 3)
|| !strncmp(param_buffer, "--table", 8)) {
exit_error(PARAMETER_PROBLEM,
"Line %u seems to have a "
"-t table option.\n", line);
exit(1);
}
add_argv(param_buffer);
param_start += param_len + 1;
} else {
/* regular character, skip */
}
}
DEBUGP("calling do_command6(%u, argv, &%s, handle):\n",
newargc, curtable);
for (a = 0; a < newargc; a++)
DEBUGP("argv[%u]: %s\n", a, newargv[a]);
ret = do_command6(newargc, newargv,
&newargv[2], &handle);
free_argv();
}
if (!ret) {
fprintf(stderr, "%s: line %u failed\n",
program_name, line);
exit(1);
}
}
return 0;
}
int
iptables_restore_main(int argc, char *argv[])
{
struct xtc_handle *handle = NULL;
char buffer[10240];
int c;
char curtable[XT_TABLE_MAXNAMELEN + 1];
FILE *in;
int in_table = 0, testing = 0;
const char *tablename = NULL;
const struct xtc_ops *ops = &iptc_ops;
line = 0;
iptables_globals.program_name = "iptables-restore";
c = xtables_init_all(&iptables_globals, NFPROTO_IPV4);
if (c < 0) {
fprintf(stderr, "%s/%s Failed to initialize xtables\n",
iptables_globals.program_name,
iptables_globals.program_version);
exit(1);
}
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
#endif
while ((c = getopt_long(argc, argv, "bcvthnM:T:", options, NULL)) != -1) {
switch (c) {
case 'b':
binary = 1;
break;
case 'c':
counters = 1;
break;
case 'v':
verbose = 1;
break;
case 't':
testing = 1;
break;
case 'h':
print_usage("iptables-restore",
IPTABLES_VERSION);
break;
case 'n':
noflush = 1;
break;
case 'M':
xtables_modprobe_program = optarg;
break;
case 'T':
tablename = optarg;
break;
}
}
if (optind == argc - 1) {
in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
exit(1);
}
}
else if (optind < argc) {
fprintf(stderr, "Unknown arguments found on commandline\n");
exit(1);
}
else in = stdin;
/* Grab standard input. */
while (fgets(buffer, sizeof(buffer), in)) {
int ret = 0;
line++;
if (buffer[0] == '\n')
continue;
else if (buffer[0] == '#') {
if (verbose)
fputs(buffer, stdout);
continue;
} else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) {
if (!testing) {
DEBUGP("Calling commit\n");
ret = ops->commit(handle);
ops->free(handle);
handle = NULL;
} else {
DEBUGP("Not calling commit, testing\n");
ret = 1;
}
in_table = 0;
} else if ((buffer[0] == '*') && (!in_table)) {
/* New table */
char *table;
table = strtok(buffer+1, " \t\n");
DEBUGP("line %u, table '%s'\n", line, table);
if (!table) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n",
xt_params->program_name, line);
exit(1);
}
strncpy(curtable, table, XT_TABLE_MAXNAMELEN);
curtable[XT_TABLE_MAXNAMELEN] = '\0';
if (tablename && (strcmp(tablename, table) != 0))
continue;
if (handle)
ops->free(handle);
handle = create_handle(table);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
table);
for_each_chain4(flush_entries4, verbose, 1,
handle);
DEBUGP("Deleting all user-defined chains "
"of table '%s'\n", table);
for_each_chain4(delete_chain4, verbose, 0,
handle);
}
ret = 1;
in_table = 1;
} else if ((buffer[0] == ':') && (in_table)) {
/* New chain. */
char *policy, *chain;
chain = strtok(buffer+1, " \t\n");
DEBUGP("line %u, chain '%s'\n", line, chain);
if (!chain) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
xt_params->program_name, line);
exit(1);
}
if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
xtables_error(PARAMETER_PROBLEM,
"Invalid chain name `%s' "
"(%u chars max)",
chain, XT_EXTENSION_MAXNAMELEN - 1);
if (ops->builtin(chain, handle) <= 0) {
if (noflush && ops->is_chain(chain, handle)) {
DEBUGP("Flushing existing user defined chain '%s'\n", chain);
if (!ops->flush_entries(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error flushing chain "
"'%s':%s\n", chain,
strerror(errno));
} else {
DEBUGP("Creating new chain '%s'\n", chain);
if (!ops->create_chain(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error creating chain "
"'%s':%s\n", chain,
strerror(errno));
}
}
policy = strtok(NULL, " \t\n");
DEBUGP("line %u, policy '%s'\n", line, policy);
if (!policy) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n",
xt_params->program_name, line);
exit(1);
}
if (strcmp(policy, "-") != 0) {
struct xt_counters count;
if (counters) {
char *ctrs;
ctrs = strtok(NULL, " \t\n");
if (!ctrs || !parse_counters(ctrs, &count))
xtables_error(PARAMETER_PROBLEM,
"invalid policy counters "
"for chain '%s'\n", chain);
} else {
memset(&count, 0, sizeof(count));
}
DEBUGP("Setting policy of chain %s to %s\n",
chain, policy);
if (!ops->set_policy(chain, policy, &count,
handle))
xtables_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
policy, chain, line,
ops->strerror(errno));
}
ret = 1;
} else if (in_table) {
int a;
char *ptr = buffer;
char *pcnt = NULL;
char *bcnt = NULL;
char *parsestart;
/* reset the newargv */
newargc = 0;
if (buffer[0] == '[') {
/* we have counters in our input */
ptr = strchr(buffer, ']');
if (!ptr)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
pcnt = strtok(buffer+1, ":");
if (!pcnt)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need :\n",
line);
bcnt = strtok(NULL, "]");
if (!bcnt)
xtables_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
/* start command parsing after counter */
parsestart = ptr + 1;
} else {
/* start command parsing at start of line */
parsestart = buffer;
}
add_argv(argv[0]);
add_argv("-t");
add_argv(curtable);
if (counters && pcnt && bcnt) {
add_argv("--set-counters");
add_argv((char *) pcnt);
add_argv((char *) bcnt);
}
add_param_to_argv(parsestart);
DEBUGP("calling do_command4(%u, argv, &%s, handle):\n",
newargc, curtable);
for (a = 0; a < newargc; a++)
DEBUGP("argv[%u]: %s\n", a, newargv[a]);
ret = do_command4(newargc, newargv,
&newargv[2], &handle);
free_argv();
fflush(stdout);
}
if (tablename && (strcmp(tablename, curtable) != 0))
continue;
if (!ret) {
fprintf(stderr, "%s: line %u failed\n",
xt_params->program_name, line);
exit(1);
}
}
if (in_table) {
fprintf(stderr, "%s: COMMIT expected at line %u\n",
xt_params->program_name, line + 1);
exit(1);
}
fclose(in);
return 0;
}
int
main(int argc, char *argv[])
{
struct radclock_handle *handle;
struct radclock_config *conf;
int is_daemon = 0;
/* File and command line reading */
int ch;
/* Mask variable used to know which parameter to update */
uint32_t param_mask = 0;
/* PID lock file for daemon */
int daemon_pid_fd = 0;
/* Initialize PID lockfile to a default value */
const char *pid_lockfile = DAEMON_LOCK_FILE;
/* Misc */
int err;
/* turn off buffering to allow results to be seen immediately if JDEBUG*/
#ifdef WITH_JDEBUG
setvbuf(stdout, (char *)NULL, _IONBF, 0);
setvbuf(stderr, (char *)NULL, _IONBF, 0);
#endif
/*
* Register Signal handlers. We use sigaction() instead of signal() to catch
* signals. The main reason concerns the SIGHUP signal. In Linux, the
* syscalls are restarted as soon as the signal handler returns. This
* prevent pcap_breakloop() to do its job (see pcap man page). Using
* sigaction() we can overwrite the default flag to prevent this behavior
*/
sigset_t block_mask;
sigfillset (&block_mask);
struct sigaction sig_struct;
sig_struct.sa_handler = signal_handler;
sig_struct.sa_mask = block_mask;
sig_struct.sa_flags = 0;
sigaction(SIGHUP, &sig_struct, NULL); /* hangup signal (1) */
sigaction(SIGTERM, &sig_struct, NULL); /* software termination signal (15) */
sigaction(SIGUSR1, &sig_struct, NULL); /* user signal 1 (30) */
sigaction(SIGUSR2, &sig_struct, NULL); /* user signal 2 (31) */
/* Initialise verbose data to defaults */
verbose_data.handle = NULL;
verbose_data.is_daemon = 0;
verbose_data.verbose_level = 0;
verbose_data.fd = NULL;
strcpy(verbose_data.logfile, "");
pthread_mutex_init(&(verbose_data.vmutex), NULL);
/* Management of configuration options */
conf = (struct radclock_config *) malloc(sizeof(struct radclock_config));
JDEBUG_MEMORY(JDBG_MALLOC, conf);
memset(conf, 0, sizeof(struct radclock_config));
/*
* The command line arguments are given the priority and override possible
* values of the configuration file But the configuration file is parsed
* after the command line because we need to know if we are running a daemon
* or not (configuration file is different if we run a daemon or not). Use
* the param_mask variable to indicate which values have to be updated from
* the config file
*/
/* Initialize the physical parameters, and other config parameters. */
config_init(conf);
/* Init the mask we use to signal configuration updates */
param_mask = UPDMASK_NOUPD;
/* Reading the command line arguments */
while ((ch = getopt(argc, argv, "dxvhc:i:l:n:t:r:w:s:a:o:p:P:U:D:V")) != -1)
switch (ch) {
case 'x':
SET_UPDATE(param_mask, UPDMASK_SERVER_IPC);
conf->server_ipc = BOOL_OFF;
break;
case 'c':
strcpy(conf->conffile, optarg);
break;
case 'd':
is_daemon = 1;
break;
case 'l':
strcpy(conf->logfile, optarg);
break;
case 'n':
if (strlen(optarg) > MAXLINE) {
fprintf(stdout, "ERROR: parameter too long\n");
exit (1);
}
SET_UPDATE(param_mask, UPDMASK_HOSTNAME);
strcpy(conf->hostname, optarg);
break;
case 'p':
SET_UPDATE(param_mask, UPDMASK_POLLPERIOD);
if ( atoi(optarg) < RAD_MINPOLL ) {
conf->poll_period = RAD_MINPOLL;
fprintf(stdout, "Warning: Poll period too small, set to %d\n",
conf->poll_period);
}
else
conf->poll_period = atoi(optarg);
if ( conf->poll_period > RAD_MAXPOLL ) {
conf->poll_period = RAD_MAXPOLL;
fprintf(stdout, "Warning: Poll period too big, set to %d\n",
conf->poll_period);
}
break;
case 't':
if (strlen(optarg) > MAXLINE) {
fprintf(stdout, "ERROR: parameter too long\n");
exit (1);
}
SET_UPDATE(param_mask, UPDMASK_TIME_SERVER);
strcpy(conf->time_server, optarg);
break;
case 'i':
if (strlen(optarg) > MAXLINE) {
fprintf(stdout, "ERROR: parameter too long\n");
exit (1);
}
SET_UPDATE(param_mask, UPDMASK_NETWORKDEV);
strcpy(conf->network_device, optarg);
break;
case 'r':
if (strlen(optarg) > MAXLINE) {
fprintf(stdout, "ERROR: parameter too long\n");
exit (1);
}
SET_UPDATE(param_mask, UPDMASK_SYNC_IN_PCAP);
strcpy(conf->sync_in_pcap, optarg);
break;
case 'w':
if (strlen(optarg) > MAXLINE) {
fprintf(stdout, "ERROR: parameter too long\n");
exit (1);
}
SET_UPDATE(param_mask, UPDMASK_SYNC_OUT_PCAP);
strcpy(conf->sync_out_pcap, optarg);
break;
case 's':
if (strlen(optarg) > MAXLINE) {
fprintf(stdout, "ERROR: parameter too long\n");
exit (1);
}
SET_UPDATE(param_mask, UPDMASK_SYNC_IN_ASCII);
strcpy(conf->sync_in_ascii, optarg);
break;
case 'a':
if (strlen(optarg) > MAXLINE) {
fprintf(stdout, "ERROR: parameter too long\n");
exit (1);
}
SET_UPDATE(param_mask, UPDMASK_SYNC_OUT_ASCII);
strcpy(conf->sync_out_ascii, optarg);
break;
case 'o':
if (strlen(optarg) > MAXLINE) {
fprintf(stdout, "ERROR: parameter too long\n");
exit (1);
}
SET_UPDATE(param_mask, UPDMASK_CLOCK_OUT_ASCII);
strcpy(conf->clock_out_ascii, optarg);
break;
case 'P':
if (strlen(optarg) > MAXLINE) {
fprintf(stdout, "ERROR: parameter too long\n");
exit (1);
}
SET_UPDATE(param_mask, UPDMASK_PID_FILE);
pid_lockfile = optarg;
break;
case 'v':
SET_UPDATE(param_mask, UPDMASK_VERBOSE);
conf->verbose_level++;
break;
case 'U':
SET_UPDATE(param_mask, UPD_NTP_UPSTREAM_PORT);
conf->ntp_upstream_port = atoi(optarg);
break;
case 'D':
SET_UPDATE(param_mask, UPD_NTP_DOWNSTREAM_PORT);
conf->ntp_downstream_port = atoi(optarg);
break;
case 'V':
fprintf(stdout, "%s version %s\n", PACKAGE_NAME, PACKAGE_VERSION);
case 'h':
case '?':
default:
usage();
}
argc -= optind;
argv += optind;
/* Little hack to deal with parsing of long options in the command line */
if (conf->verbose_level > 0)
SET_UPDATE(param_mask, UPDMASK_VERBOSE);
/* Create the radclock handle */
clock_handle = create_handle(conf, is_daemon);
if (!clock_handle) {
verbose(LOG_ERR, "Could not create clock handle");
return (-1);
}
handle = clock_handle;
/*
* Have not parsed the config file yet, so will have to do it again since it
* may not be the right settings. Handles config parse messages in the right
* log file though. So far clock has not been sent to init, no syscall
* registered, pass a NULL pointer to verbose.
*/
set_verbose(handle, handle->conf->verbose_level, 0);
set_logger(logger_verbose_bridge);
/* Daemonize now, so that we can open the log files and close connection to
* stdin since we parsed the command line
*/
if (handle->is_daemon) {
struct stat sb;
if (stat(RADCLOCK_RUN_DIRECTORY, &sb) < 0) {
if (mkdir(RADCLOCK_RUN_DIRECTORY, 0755) < 0) {
verbose(LOG_ERR, "Cannot create %s directory. Run as root or "
"(!daemon && !server)", RADCLOCK_RUN_DIRECTORY);
return (1);
}
}
/* Check this everytime in case something happened */
chmod(RADCLOCK_RUN_DIRECTORY, 00755);
if (!(daemonize(pid_lockfile, &daemon_pid_fd))) {
fprintf(stderr, "Error: did not manage to create the daemon\n");
exit(EXIT_FAILURE);
}
}
/*
* Retrieve configuration from the config file (write it down if it does not
* exist) That should be the only occasion when get_config() is called and
* the param_mask is not positioned to UPDMASK_NOUPD !!! Only the
* parameters not specified on the command line are updated
*/
if (!config_parse(handle->conf, ¶m_mask, handle->is_daemon))
return (0);
/*
* Now that we have the configuration to use (verbose level), let's
* initialise the verbose level to correct value
*/
set_verbose(handle, handle->conf->verbose_level, 0);
set_logger(logger_verbose_bridge);
/* Check for incompatible configurations and correct them */
if (( handle->conf->synchro_type == SYNCTYPE_SPY ) ||
( handle->conf->synchro_type == SYNCTYPE_PIGGY ))
{
if (handle->conf->server_ntp == BOOL_ON) {
verbose(LOG_ERR, "Configuration error. Disabling NTP server "
"(incompatible with spy or piggy mode).");
handle->conf->server_ntp = BOOL_OFF;
}
if ( handle->conf->adjust_sysclock == BOOL_ON )
{
verbose(LOG_ERR, "Configuration error. Disabling adjust system "
"clock (incompatible with spy or piggy mode).");
handle->conf->adjust_sysclock = BOOL_OFF;
}
}
/* Diagnosis output for the configuration used */
config_print(LOG_NOTICE, handle->conf);
/* Reinit the mask that counts updated values */
param_mask = UPDMASK_NOUPD;
// TODO extract extra checks from is_live_source and make an input fix
// function instead, would be clearer
// TODO the conf->network_device business is way too messy
/*
* Need to know if we are replaying data or not. If not, no need to create
* shared global data on the system or open a BPF. This define input to the
* init of the radclock handle
*/
if (!is_live_source(handle))
handle->run_mode = RADCLOCK_SYNC_DEAD;
else
handle->run_mode = RADCLOCK_SYNC_LIVE;
/* Init clock handle and private data */
if (handle->run_mode == RADCLOCK_SYNC_LIVE) {
err = clock_init_live(handle->clock, &handle->rad_data);
if (err) {
verbose(LOG_ERR, "Could not initialise the RADclock");
return (1);
}
}
/* Init radclock specific stuff */
err = init_handle(handle);
if (err) {
verbose(LOG_ERR, "Radclock process specific init failed.");
return (1);
}
/*
* Now 2 cases. Either we are running live or we are replaying some data.
* If we run live, we will spawn some threads and do some smart things. If
* we replay data, no need to do all of that, we access data and process it
* in the same thread.
*/
if (handle->run_mode == RADCLOCK_SYNC_DEAD) {
// TODO : manage peers better !!
struct bidir_peer peer;
/* Some basic initialisation which is required */
init_peer_stamp_queue(&peer);
peer.stamp_i = 0;
// TODO XXX Need to manage peers better !!
/* Register active peer */
handle->active_peer = (void *)&peer;
while (1) {
err = process_rawdata(handle, &peer);
if (err < 0)
break;
}
destroy_peer_stamp_queue(&peer);
}
/*
* We loop in here in case we are rehashed. Threads are (re-)created every
* time we loop in
*/
else {
while (err == 0) {
err = start_live(handle);
if (err == 0) {
if (rehash_daemon(handle, param_mask))
verbose(LOG_ERR, "SIGHUP - Failed to rehash daemon !!.");
}
}
}
// TODO: look into making the stats a separate structure. Could be much
// TODO: easier to manage
long int n_stamp;
unsigned int ref_count;
n_stamp = ((struct bidir_output *)handle->algo_output)->n_stamps;
ref_count = ((struct stampsource*)(handle->stamp_source))->ntp_stats.ref_count;
verbose(LOG_NOTICE, "%u NTP packets captured", ref_count);
verbose(LOG_NOTICE,"%ld missed NTP packets", ref_count - 2 * n_stamp);
verbose(LOG_NOTICE, "%ld valid timestamp tuples extracted", n_stamp);
/* Close output files */
close_output_stamp(handle);
/* Print out last good phat value */
verbose(LOG_NOTICE, "Last estimate of the clock source period: %12.10lg",
RAD_DATA(handle)->phat);
/* Say bye and close syslog */
verbose(LOG_NOTICE, "RADclock stopped");
if (handle->is_daemon)
closelog ();
unset_verbose();
/* Free the lock file */
if (handle->is_daemon) {
write(daemon_pid_fd, "", 0);
lockf(daemon_pid_fd, F_ULOCK, 0);
}
// TODO: all the destructors have to be re-written
destroy_source(handle, (struct stampsource *)(handle->stamp_source));
/* Clear thread stuff */
pthread_mutex_destroy(&(handle->globaldata_mutex));
pthread_mutex_destroy(&(handle->wakeup_mutex));
pthread_cond_destroy(&(handle->wakeup_cond));
/* Detach IPC shared memory if were running as IPC server. */
if (handle->conf->server_ipc == BOOL_ON)
shm_detach(handle->clock);
/* Free the clock structure. All done. */
pthread_mutex_destroy(&(handle->pcap_queue->rdb_mutex));
pthread_mutex_destroy(&(handle->ieee1588eq_queue->rdb_mutex));
free(handle->pcap_queue);
free(handle->ieee1588eq_queue);
free(handle);
handle = NULL;
clock_handle = NULL;
exit(EXIT_SUCCESS);
}
long shim_do_sandbox_create (int flags, const char * fs_sb,
struct net_sb * net_sb)
{
unsigned int sbid;
char uri[24];
PAL_HANDLE handle = NULL;
int ret = create_handle("file:sandbox-", uri, 24, &handle, &sbid);
if (ret < 0)
return ret;
debug("create manifest: %s\n", uri);
struct config_store * newcfg = __alloca(sizeof(struct config_store));
memset(newcfg, 0, sizeof(struct config_store));
newcfg->malloc = __malloc;
newcfg->free = __free;
if ((ret = copy_config(root_config, newcfg)) < 0) {
newcfg = NULL;
goto err;
}
if (flags & SANDBOX_FS)
if ((ret = isolate_fs(newcfg, fs_sb)) < 0)
goto err;
if (flags & SANDBOX_NET)
if ((ret = isolate_net(newcfg, net_sb)) < 0)
goto err;
struct cfg_arg arg;
arg.handle = handle;
arg.offset = 0;
if ((ret = write_config(&arg, __write, newcfg)) < 0)
goto err;
DkObjectClose(handle);
PAL_BOL success = DkProcessSandboxCreate(uri, flags & SANDBOX_RPC ?
PAL_SANDBOX_PIPE : 0);
if (!success) {
ret = -PAL_ERRNO;
goto err;
}
if (sandbox_info.sbid) {
if (!sandbox_info.parent_sbid ||
sandbox_info.parent_vmid != cur_process.vmid) {
sandbox_info.parent_sbid = sandbox_info.sbid;
sandbox_info.parent_vmid = cur_process.vmid;
}
}
if (flags & SANDBOX_RPC)
del_all_ipc_ports(0);
if ((ret = free_config(root_config)) < 0)
goto err;
handle = DkStreamOpen(uri, PAL_ACCESS_RDONLY, 0, 0, 0);
if (!handle)
return -PAL_ERRNO;
root_config = newcfg;
sandbox_info.sbid = sbid;
return sbid;
err:
free_config(newcfg);
DkStreamDelete(handle, 0);
DkObjectClose(handle);
return ret;
}
ent::Handle ent::Manager::new_entity() {
ent::Handle handle = create_handle(++m_next_entity_id);
m_entities.push_back(handle.get_id());
return handle;
}
mexp_h *
mexp_spawnvf (unsigned flags, const char *file, char **argv)
{
mexp_h *h = NULL;
int fd = -1;
int err;
char slave[1024];
pid_t pid = 0;
fd = posix_openpt (O_RDWR|O_NOCTTY);
if (fd == -1)
goto error;
if (grantpt (fd) == -1)
goto error;
if (unlockpt (fd) == -1)
goto error;
/* Get the slave pty name now, but don't open it in the parent. */
if (ptsname_r (fd, slave, sizeof slave) != 0)
goto error;
/* Create the handle last before we fork. */
h = create_handle ();
if (h == NULL)
goto error;
pid = fork ();
if (pid == -1)
goto error;
if (pid == 0) { /* Child. */
int slave_fd;
if (!(flags & MEXP_SPAWN_KEEP_SIGNALS)) {
struct sigaction sa;
int i;
/* Remove all signal handlers. See the justification here:
* https://www.redhat.com/archives/libvir-list/2008-August/msg00303.html
* We don't mask signal handlers yet, so this isn't completely
* race-free, but better than not doing it at all.
*/
memset (&sa, 0, sizeof sa);
sa.sa_handler = SIG_DFL;
sa.sa_flags = 0;
sigemptyset (&sa.sa_mask);
for (i = 1; i < NSIG; ++i)
sigaction (i, &sa, NULL);
}
setsid ();
/* Open the slave side of the pty. We must do this in the child
* after setsid so it becomes our controlling tty.
*/
slave_fd = open (slave, O_RDWR);
if (slave_fd == -1)
goto error;
if (!(flags & MEXP_SPAWN_COOKED_MODE)) {
struct termios termios;
/* Set raw mode. */
tcgetattr (slave_fd, &termios);
cfmakeraw (&termios);
tcsetattr (slave_fd, TCSANOW, &termios);
}
/* Set up stdin, stdout, stderr to point to the pty. */
dup2 (slave_fd, 0);
dup2 (slave_fd, 1);
dup2 (slave_fd, 2);
close (slave_fd);
/* Close the master side of the pty - do this late to avoid a
* kernel bug, see sshpass source code.
*/
close (fd);
if (!(flags & MEXP_SPAWN_KEEP_FDS)) {
int i, max_fd;
/* Close all other file descriptors. This ensures that we don't
* hold open (eg) pipes from the parent process.
*/
max_fd = sysconf (_SC_OPEN_MAX);
if (max_fd == -1)
max_fd = 1024;
if (max_fd > 65536)
max_fd = 65536; /* bound the amount of work we do here */
for (i = 3; i < max_fd; ++i)
close (i);
}
/* Run the subprocess. */
execvp (file, argv);
perror (file);
_exit (EXIT_FAILURE);
}
/* Parent. */
h->fd = fd;
h->pid = pid;
return h;
error:
err = errno;
if (fd >= 0)
close (fd);
if (pid > 0)
waitpid (pid, NULL, 0);
if (h != NULL)
mexp_close (h);
errno = err;
return NULL;
}
void vg_init_object(struct vg_object *obj, struct vg_context *ctx, enum vg_object_type type)
{
obj->type = type;
obj->ctx = ctx;
obj->handle = create_handle(obj);
}
int
main(int argc, char *argv[])
#endif
{
iptc_handle_t handle = NULL;
char buffer[10240];
int c;
char curtable[IPT_TABLE_MAXNAMELEN + 1];
FILE *in;
const char *modprobe = 0;
int in_table = 0, testing = 0;
const char *tablename = 0;
program_name = "iptables-restore";
program_version = IPTABLES_VERSION;
line = 0;
lib_dir = getenv("IPTABLES_LIB_DIR");
if (!lib_dir)
lib_dir = IPT_LIB_DIR;
#ifdef NO_SHARED_LIBS
init_extensions();
#endif
while ((c = getopt_long(argc, argv, "bcvthnM:T:", options, NULL)) != -1) {
switch (c) {
case 'b':
binary = 1;
break;
case 'c':
counters = 1;
break;
case 'v':
verbose = 1;
break;
case 't':
testing = 1;
break;
case 'h':
print_usage("iptables-restore",
IPTABLES_VERSION);
break;
case 'n':
noflush = 1;
break;
case 'M':
modprobe = optarg;
break;
case 'T':
tablename = optarg;
break;
}
}
if (optind == argc - 1) {
in = fopen(argv[optind], "r");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
exit(1);
}
}
else if (optind < argc) {
fprintf(stderr, "Unknown arguments found on commandline\n");
exit(1);
}
else in = stdin;
/* Grab standard input. */
while (fgets(buffer, sizeof(buffer), in)) {
int ret = 0;
line++;
if (buffer[0] == '\n')
continue;
else if (buffer[0] == '#') {
if (verbose)
fputs(buffer, stdout);
continue;
} else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) {
if (!testing) {
DEBUGP("Calling commit\n");
ret = iptc_commit(&handle);
} else {
DEBUGP("Not calling commit, testing\n");
ret = 1;
}
in_table = 0;
} else if ((buffer[0] == '*') && (!in_table)) {
/* New table */
char *table;
table = strtok(buffer+1, " \t\n");
DEBUGP("line %u, table '%s'\n", line, table);
if (!table) {
exit_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n",
program_name, line);
exit(1);
}
strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
curtable[IPT_TABLE_MAXNAMELEN] = '\0';
if (tablename && (strcmp(tablename, table) != 0))
continue;
if (handle)
iptc_free(&handle);
handle = create_handle(table, modprobe);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
table);
for_each_chain(flush_entries, verbose, 1,
&handle);
DEBUGP("Deleting all user-defined chains "
"of table '%s'\n", table);
for_each_chain(delete_chain, verbose, 0,
&handle) ;
}
ret = 1;
in_table = 1;
} else if ((buffer[0] == ':') && (in_table)) {
/* New chain. */
char *policy, *chain;
chain = strtok(buffer+1, " \t\n");
DEBUGP("line %u, chain '%s'\n", line, chain);
if (!chain) {
exit_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
program_name, line);
exit(1);
}
if (iptc_builtin(chain, handle) <= 0) {
if (noflush && iptc_is_chain(chain, handle)) {
DEBUGP("Flushing existing user defined chain '%s'\n", chain);
if (!iptc_flush_entries(chain, &handle))
exit_error(PARAMETER_PROBLEM,
"error flushing chain "
"'%s':%s\n", chain,
strerror(errno));
} else {
DEBUGP("Creating new chain '%s'\n", chain);
if (!iptc_create_chain(chain, &handle))
exit_error(PARAMETER_PROBLEM,
"error creating chain "
"'%s':%s\n", chain,
strerror(errno));
}
}
policy = strtok(NULL, " \t\n");
DEBUGP("line %u, policy '%s'\n", line, policy);
if (!policy) {
exit_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n",
program_name, line);
exit(1);
}
if (strcmp(policy, "-") != 0) {
struct ipt_counters count;
if (counters) {
char *ctrs;
ctrs = strtok(NULL, " \t\n");
if (!ctrs || !parse_counters(ctrs, &count))
exit_error(PARAMETER_PROBLEM,
"invalid policy counters "
"for chain '%s'\n", chain);
} else {
memset(&count, 0,
sizeof(struct ipt_counters));
}
DEBUGP("Setting policy of chain %s to %s\n",
chain, policy);
if (!iptc_set_policy(chain, policy, &count,
&handle))
exit_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
chain, policy, line,
iptc_strerror(errno));
}
ret = 1;
} else if (in_table) {
int a;
char *ptr = buffer;
char *pcnt = NULL;
char *bcnt = NULL;
char *parsestart;
/* the parser */
char *curchar;
int quote_open;
int param_len;
/* reset the newargv */
newargc = 0;
if (buffer[0] == '[') {
/* we have counters in our input */
ptr = strchr(buffer, ']');
if (!ptr)
exit_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
pcnt = strtok(buffer+1, ":");
if (!pcnt)
exit_error(PARAMETER_PROBLEM,
"Bad line %u: need :\n",
line);
bcnt = strtok(NULL, "]");
if (!bcnt)
exit_error(PARAMETER_PROBLEM,
"Bad line %u: need ]\n",
line);
/* start command parsing after counter */
parsestart = ptr + 1;
} else {
/* start command parsing at start of line */
parsestart = buffer;
}
add_argv(argv[0]);
add_argv("-t");
add_argv((char *) &curtable);
if (counters && pcnt && bcnt) {
add_argv("--set-counters");
add_argv((char *) pcnt);
add_argv((char *) bcnt);
}
/* After fighting with strtok enough, here's now
* a 'real' parser. According to Rusty I'm now no
* longer a real hacker, but I can live with that */
quote_open = 0;
param_len = 0;
for (curchar = parsestart; *curchar; curchar++) {
char param_buffer[1024];
if (*curchar == '"') {
/* quote_open cannot be true if there
* was no previous character. Thus,
* curchar-1 has to be within bounds */
if (quote_open &&
*(curchar-1) != '\\') {
quote_open = 0;
*curchar = ' ';
} else if (!quote_open) {
quote_open = 1;
continue;
}
}
if (*curchar == ' '
|| *curchar == '\t'
|| * curchar == '\n') {
if (quote_open) {
param_buffer[param_len++] =
*curchar;
continue;
}
if (!param_len) {
/* two spaces? */
continue;
}
param_buffer[param_len] = '\0';
/* check if table name specified */
if (!strncmp(param_buffer, "-t", 3)
|| !strncmp(param_buffer, "--table", 8)) {
exit_error(PARAMETER_PROBLEM,
"Line %u seems to have a "
"-t table option.\n", line);
exit(1);
}
add_argv(param_buffer);
param_len = 0;
} else {
/* Skip backslash that escapes quote:
* the standard input does not require
* escaping. However, the output
* generated by iptables-save
* introduces bashlash to keep
* consistent with iptables
*/
if (quote_open &&
*curchar == '\\' &&
*(curchar+1) == '"')
continue;
/* regular character, copy to buffer */
param_buffer[param_len++] = *curchar;
if (param_len >= sizeof(param_buffer))
exit_error(PARAMETER_PROBLEM,
"Parameter too long!");
}
}
DEBUGP("calling do_command(%u, argv, &%s, handle):\n",
newargc, curtable);
for (a = 0; a < newargc; a++)
DEBUGP("argv[%u]: %s\n", a, newargv[a]);
ret = do_command(newargc, newargv,
&newargv[2], &handle);
free_argv();
}
if (tablename && (strcmp(tablename, curtable) != 0))
continue;
if (!ret) {
fprintf(stderr, "%s: line %u failed\n",
program_name, line);
exit(1);
}
}
if (in_table) {
fprintf(stderr, "%s: COMMIT expected at line %u\n",
program_name, line + 1);
exit(1);
}
return 0;
}
int avcodec(void *handle, avc_cmd_t cmd, void* pin, void* pout)
{
AVCodecContext* ctx = handle;
switch (cmd)
{
case AVC_OPEN_BY_NAME:
{
// pin char* codec name
private_handle_t* h = create_handle();
(private_handle_t**)pout = h;
if (!h)
return -ENOMEM;
if (!h->avcodec)
{
destroy_handle(h);
(private_handle_t**)pout = NULL;
return -1;// better error
}
return 0;
}
case AVC_OPEN_BY_CODEC_ID:
{
// pin uint32_t codec fourcc
private_handle_t* h = create_handle();
(private_handle_t**)pout = h;
if (!h)
return -ENOMEM;
if (!h->avcodec)
{
destroy_handle(h);
(private_handle_t**)pout = NULL;
return -1;// better error
}
return 0;
}
case AVC_OPEN_BY_FOURCC:
{
// pin uint32_t codec fourcc
private_handle_t* h = create_handle();
(private_handle_t**)pout = h;
if (!h)
return -ENOMEM;
h->avcodec = avcodec_find_by_fcc((uint32_t) pin);
if (!h->avcodec)
{
destroy_handle(h);
(private_handle_t**)pout = NULL;
return -1;// better error
}
return 0;
}
case AVC_CLOSE:
// uninit part
// eventually close all allocated space if this was last
// instance
destroy_handle(handle);
break;
case AVC_FLUSH:
break;
case AVC_DECODE:
break;
case AVC_ENCODE:
break;
case AVC_GET_VERSION:
(int*) pout = 500;
default:
return -1;
}
return 0;
}
