Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>
---
Makefile.am | 4 +-
configure.ac | 2 +
extensions/GNUmakefile.in | 2 +-
include/iptables/internal.h | 6 ++
iptables.c | 2 +-
m4/gcc4_visibility.m4 | 21 ++++++++
xtables.c | 109 ++++++++++++++++++++++++-------------------
7 files changed, 94 insertions(+), 52 deletions(-)
create mode 100644 m4/gcc4_visibility.m4
diff --git a/Makefile.am b/Makefile.am
index cfccbf2..a560113 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -29,11 +29,11 @@ libiptc_libip6tc_la_LDFLAGS = -version-info 0:0:0 ${libiptc_LDFLAGS2}
lib_LTLIBRARIES += libxtables.la
libxtables_la_SOURCES = xtables.c
libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage}
+libxtables_la_CFLAGS = ${AM_CFLAGS} ${GCC_FVISIBILITY_HIDDEN}
if ENABLE_SHARED
-libxtables_la_CFLAGS = ${AM_CFLAGS}
libxtables_la_LIBADD = -ldl
else
-libxtables_la_CFLAGS = ${AM_CFLAGS} -DNO_SHARED_LIBS=1
+libxtables_la_CFLAGS += -DNO_SHARED_LIBS=1
libxtables_la_LIBADD =
endif
diff --git a/configure.ac b/configure.ac
index 94d5ab2..cba1dc5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -14,6 +14,8 @@ AM_PROG_CC_C_O
AC_DISABLE_STATIC
AM_PROG_LIBTOOL
+CHECK_GCC_FVISIBILITY
+
AC_ARG_WITH([kernel],
AS_HELP_STRING([--with-kernel=PATH],
[Path to kernel source/build directory]),
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
index 74a058c..899a52d 100644
--- a/extensions/GNUmakefile.in
+++ b/extensions/GNUmakefile.in
@@ -18,7 +18,7 @@ LDFLAGS := @LDFLAGS@
regular_CFLAGS := @regular_CFLAGS@
kinclude_CFLAGS := @kinclude_CFLAGS@
-AM_CFLAGS := ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include ${kinclude_CFLAGS}
+AM_CFLAGS := ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include ${kinclude_CFLAGS} -I${top_builddir}
AM_DEPFLAGS = -Wp,-MMD,$(@D)/.$(@F).d,-MT,$@
ifeq (${V},)
diff --git a/include/iptables/internal.h b/include/iptables/internal.h
index 531fe4f..89d11cb 100644
--- a/include/iptables/internal.h
+++ b/include/iptables/internal.h
@@ -3,6 +3,12 @@
#include "config.h"
+#ifdef HAVE_VISIBILITY_HIDDEN
+# define EXPORT_SYMBOL __attribute__((visibility("default")))
+#else
+# define EXPORT_SYMBOL
+#endif
+
#define IPTABLES_VERSION PACKAGE_VERSION
/**
diff --git a/iptables.c b/iptables.c
index 504bcd8..1bc9d84 100644
--- a/iptables.c
+++ b/iptables.c
@@ -200,7 +200,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] =
#define prog_name iptables_globals.program_name
#define prog_vers iptables_globals.program_version
-int kernel_version;
+EXPORT_SYMBOL int kernel_version;
/* Primitive headers... */
/* defined in netinet/in.h */
diff --git a/m4/gcc4_visibility.m4 b/m4/gcc4_visibility.m4
new file mode 100644
index 0000000..84959f3
--- /dev/null
+++ b/m4/gcc4_visibility.m4
@@ -0,0 +1,21 @@
+
+# GCC 4.x -fvisibility=hidden
+
+AC_DEFUN([CHECK_GCC_FVISIBILITY], [
+ AC_LANG_PUSH([C])
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$saved_CFLAGS -fvisibility=hidden"
+ AC_CACHE_CHECK([whether compiler accepts -fvisibility=hidden],
+ [ac_cv_fvisibility_hidden], AC_COMPILE_IFELSE(
+ AC_LANG_PROGRAM([], []),
+ [ac_cv_fvisibility_hidden=yes],
+ [ac_cv_fvisibility_hidden=no]
+ ))
+ if test "$ac_cv_fvisibility_hidden" = "yes"; then
+ AC_DEFINE([HAVE_VISIBILITY_HIDDEN], [1],
+ [True if compiler supports -fvisibility=hidden])
+ AC_SUBST([GCC_FVISIBILITY_HIDDEN], [-fvisibility=hidden])
+ fi
+ CFLAGS="$saved_CFLAGS"
+ AC_LANG_POP([C])
+])
diff --git a/xtables.c b/xtables.c
index fc59f75..4425f38 100644
--- a/xtables.c
+++ b/xtables.c
@@ -50,6 +50,7 @@
#endif
#include <getopt.h>
#include "xshared.h"
+#include "iptables/internal.h"
#define NPROTO 255
@@ -59,7 +60,7 @@
void basic_exit_err(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
-struct xtables_globals *xt_params = NULL;
+EXPORT_SYMBOL struct xtables_globals *xt_params;
void basic_exit_err(enum xtables_exittype status, const char *msg, ...)
{
@@ -73,7 +74,7 @@ void basic_exit_err(enum xtables_exittype status, const char *msg, ...)
exit(status);
}
-void xtables_free_opts(int unused)
+EXPORT_SYMBOL void xtables_free_opts(int unused)
{
if (xt_params->opts != xt_params->orig_opts) {
free(xt_params->opts);
@@ -81,10 +82,10 @@ void xtables_free_opts(int unused)
}
}
-struct option *xtables_merge_options(struct option *orig_opts,
- struct option *oldopts,
- const struct option *newopts,
- unsigned int *option_offset)
+EXPORT_SYMBOL struct option *
+xtables_merge_options(struct option *orig_opts, struct option *oldopts,
+ const struct option *newopts,
+ unsigned int *option_offset)
{
unsigned int num_oold = 0, num_old = 0, num_new = 0, i;
struct option *merge, *mp;
@@ -172,11 +173,11 @@ static const struct xtables_afinfo *afinfo;
static const char *xtables_libdir;
/* the path to command to load kernel module */
-const char *xtables_modprobe_program;
+EXPORT_SYMBOL const char *xtables_modprobe_program;
/* Keeping track of external matches and targets: linked lists. */
-struct xtables_match *xtables_matches;
-struct xtables_target *xtables_targets;
+EXPORT_SYMBOL struct xtables_match *xtables_matches;
+EXPORT_SYMBOL struct xtables_target *xtables_targets;
void xtables_init(void)
{
@@ -230,7 +231,7 @@ void xtables_set_nfproto(uint8_t nfproto)
*
* Returns -1 on failure to set and 0 on success
*/
-int xtables_set_params(struct xtables_globals *xtp)
+EXPORT_SYMBOL int xtables_set_params(struct xtables_globals *xtp)
{
if (!xtp) {
fprintf(stderr, "%s: Illegal global params\n",__func__);
@@ -245,7 +246,8 @@ int xtables_set_params(struct xtables_globals *xtp)
return 0;
}
-int xtables_init_all(struct xtables_globals *xtp, uint8_t nfproto)
+EXPORT_SYMBOL int
+xtables_init_all(struct xtables_globals *xtp, uint8_t nfproto)
{
xtables_init();
xtables_set_nfproto(nfproto);
@@ -255,7 +257,7 @@ int xtables_init_all(struct xtables_globals *xtp, uint8_t nfproto)
/**
* xtables_*alloc - wrappers that exit on failure
*/
-void *xtables_calloc(size_t count, size_t size)
+EXPORT_SYMBOL void *xtables_calloc(size_t count, size_t size)
{
void *p;
@@ -267,7 +269,7 @@ void *xtables_calloc(size_t count, size_t size)
return p;
}
-void *xtables_malloc(size_t size)
+EXPORT_SYMBOL void *xtables_malloc(size_t size)
{
void *p;
@@ -367,7 +369,7 @@ int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
return -1;
}
-int xtables_load_ko(const char *modprobe, bool quiet)
+EXPORT_SYMBOL int xtables_load_ko(const char *modprobe, bool quiet)
{
static bool loaded = false;
static int ret = -1;
@@ -421,8 +423,9 @@ bool xtables_strtoul(const char *s, char **end, unsigned long *value,
return false;
}
-bool xtables_strtoui(const char *s, char **end, unsigned int *value,
- unsigned int min, unsigned int max)
+EXPORT_SYMBOL bool
+xtables_strtoui(const char *s, char **end, unsigned int *value,
+ unsigned int min, unsigned int max)
{
unsigned long v;
bool ret;
@@ -433,7 +436,7 @@ bool xtables_strtoui(const char *s, char **end, unsigned int *value,
return ret;
}
-int xtables_service_to_port(const char *name, const char *proto)
+EXPORT_SYMBOL int xtables_service_to_port(const char *name, const char *proto)
{
struct servent *service;
@@ -443,7 +446,7 @@ int xtables_service_to_port(const char *name, const char *proto)
return -1;
}
-uint16_t xtables_parse_port(const char *port, const char *proto)
+EXPORT_SYMBOL uint16_t xtables_parse_port(const char *port, const char *proto)
{
unsigned int portnum;
@@ -455,8 +458,8 @@ uint16_t xtables_parse_port(const char *port, const char *proto)
"invalid port/service `%s' specified", port);
}
-void xtables_parse_interface(const char *arg, char *vianame,
- unsigned char *mask)
+EXPORT_SYMBOL void
+xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask)
{
unsigned int vialen = strlen(arg);
unsigned int i;
@@ -547,7 +550,7 @@ static void *load_extension(const char *search_path, const char *af_prefix,
}
#endif
-struct xtables_match *
+EXPORT_SYMBOL struct xtables_match *
xtables_find_match(const char *name, enum xtables_tryload tryload,
struct xtables_rule_match **matches)
{
@@ -628,7 +631,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
return ptr;
}
-struct xtables_target *
+EXPORT_SYMBOL struct xtables_target *
xtables_find_target(const char *name, enum xtables_tryload tryload)
{
struct xtables_target *ptr;
@@ -744,7 +747,7 @@ static void xtables_check_options(const char *name, const struct option *opt)
}
}
-void xtables_register_match(struct xtables_match *me)
+EXPORT_SYMBOL void xtables_register_match(struct xtables_match *me)
{
struct xtables_match **i, *old;
@@ -825,14 +828,15 @@ void xtables_register_match(struct xtables_match *me)
me->mflags = 0;
}
-void xtables_register_matches(struct xtables_match *match, unsigned int n)
+EXPORT_SYMBOL void
+xtables_register_matches(struct xtables_match *match, unsigned int n)
{
do {
xtables_register_match(&match[--n]);
} while (n > 0);
}
-void xtables_register_target(struct xtables_target *me)
+EXPORT_SYMBOL void xtables_register_target(struct xtables_target *me)
{
struct xtables_target *old;
@@ -913,7 +917,8 @@ void xtables_register_target(struct xtables_target *me)
me->tflags = 0;
}
-void xtables_register_targets(struct xtables_target *target, unsigned int n)
+EXPORT_SYMBOL void
+xtables_register_targets(struct xtables_target *target, unsigned int n)
{
do {
xtables_register_target(&target[--n]);
@@ -944,7 +949,7 @@ void xtables_register_targets(struct xtables_target *target, unsigned int n)
*
* Displays an error message and exits the program.
*/
-void xtables_param_act(unsigned int status, const char *p1, ...)
+EXPORT_SYMBOL void xtables_param_act(unsigned int status, const char *p1, ...)
{
const char *p2, *p3;
va_list args;
@@ -992,7 +997,8 @@ void xtables_param_act(unsigned int status, const char *p1, ...)
va_end(args);
}
-const char *xtables_ipaddr_to_numeric(const struct in_addr *addrp)
+EXPORT_SYMBOL const char *
+xtables_ipaddr_to_numeric(const struct in_addr *addrp)
{
static char buf[20];
const unsigned char *bytep = (const void *)&addrp->s_addr;
@@ -1022,7 +1028,7 @@ static const char *ipaddr_to_network(const struct in_addr *addr)
return NULL;
}
-const char *xtables_ipaddr_to_anyname(const struct in_addr *addr)
+EXPORT_SYMBOL const char *xtables_ipaddr_to_anyname(const struct in_addr *addr)
{
const char *name;
@@ -1033,7 +1039,7 @@ const char *xtables_ipaddr_to_anyname(const struct in_addr *addr)
return xtables_ipaddr_to_numeric(addr);
}
-const char *xtables_ipmask_to_numeric(const struct in_addr *mask)
+EXPORT_SYMBOL const char *xtables_ipmask_to_numeric(const struct in_addr *mask)
{
static char buf[20];
uint32_t maskaddr, bits;
@@ -1104,12 +1110,12 @@ static struct in_addr *__numeric_to_ipaddr(const char *dotted, bool is_mask)
return &addr;
}
-struct in_addr *xtables_numeric_to_ipaddr(const char *dotted)
+EXPORT_SYMBOL struct in_addr *xtables_numeric_to_ipaddr(const char *dotted)
{
return __numeric_to_ipaddr(dotted, false);
}
-struct in_addr *xtables_numeric_to_ipmask(const char *dotted)
+EXPORT_SYMBOL struct in_addr *xtables_numeric_to_ipmask(const char *dotted)
{
return __numeric_to_ipaddr(dotted, true);
}
@@ -1197,8 +1203,9 @@ static struct in_addr *parse_ipmask(const char *mask)
return &maskaddr;
}
-void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp,
- struct in_addr **maskpp, unsigned int *naddrs)
+EXPORT_SYMBOL void
+xtables_ipparse_multiple(const char *name, struct in_addr **addrpp,
+ struct in_addr **maskpp, unsigned int *naddrs)
{
struct in_addr *addrp;
char buf[256], *p;
@@ -1284,8 +1291,9 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp,
* m{^($hostname|$networkname|$ipaddr)(/$mask)?}
* "1.2.3.4/5", "1.2.3.4", "hostname", "networkname"
*/
-void xtables_ipparse_any(const char *name, struct in_addr **addrpp,
- struct in_addr *maskp, unsigned int *naddrs)
+EXPORT_SYMBOL void
+xtables_ipparse_any(const char *name, struct in_addr **addrpp,
+ struct in_addr *maskp, unsigned int *naddrs)
{
unsigned int i, j, k, n;
struct in_addr *addrp;
@@ -1318,7 +1326,8 @@ void xtables_ipparse_any(const char *name, struct in_addr **addrpp,
}
}
-const char *xtables_ip6addr_to_numeric(const struct in6_addr *addrp)
+EXPORT_SYMBOL const char *
+xtables_ip6addr_to_numeric(const struct in6_addr *addrp)
{
/* 0000:0000:0000:0000:0000:000.000.000.000
* 0000:0000:0000:0000:0000:0000:0000:0000 */
@@ -1351,7 +1360,8 @@ static const char *ip6addr_to_host(const struct in6_addr *addr)
return hostname;
}
-const char *xtables_ip6addr_to_anyname(const struct in6_addr *addr)
+EXPORT_SYMBOL const char *
+xtables_ip6addr_to_anyname(const struct in6_addr *addr)
{
const char *name;
@@ -1385,7 +1395,8 @@ static int ip6addr_prefix_length(const struct in6_addr *k)
return bits;
}
-const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp)
+EXPORT_SYMBOL const char *
+xtables_ip6mask_to_numeric(const struct in6_addr *addrp)
{
static char buf[50+2];
int l = ip6addr_prefix_length(addrp);
@@ -1399,7 +1410,7 @@ const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp)
return buf;
}
-struct in6_addr *xtables_numeric_to_ip6addr(const char *num)
+EXPORT_SYMBOL struct in6_addr *xtables_numeric_to_ip6addr(const char *num)
{
static struct in6_addr ap;
int err;
@@ -1508,7 +1519,7 @@ static struct in6_addr *parse_ip6mask(char *mask)
return &maskaddr;
}
-void
+EXPORT_SYMBOL void
xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
struct in6_addr **maskpp, unsigned int *naddrs)
{
@@ -1592,8 +1603,9 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
(*addrpp+i)->s6_addr32[j] &= (*maskpp+i)->s6_addr32[j];
}
-void xtables_ip6parse_any(const char *name, struct in6_addr **addrpp,
- struct in6_addr *maskp, unsigned int *naddrs)
+EXPORT_SYMBOL void
+xtables_ip6parse_any(const char *name, struct in6_addr **addrpp,
+ struct in6_addr *maskp, unsigned int *naddrs)
{
static const struct in6_addr zero_addr;
struct in6_addr *addrp;
@@ -1629,7 +1641,7 @@ void xtables_ip6parse_any(const char *name, struct in6_addr **addrpp,
}
}
-void xtables_save_string(const char *value)
+EXPORT_SYMBOL void xtables_save_string(const char *value)
{
static const char no_quote_chars[] = "_-0123456789"
"abcdefghijklmnopqrstuvwxyz"
@@ -1670,8 +1682,9 @@ void xtables_save_string(const char *value)
* Check for option-intrapositional negation.
* Do not use in new code.
*/
-int xtables_check_inverse(const char option[], int *invert,
- int *my_optind, int argc, char **argv)
+EXPORT_SYMBOL int
+xtables_check_inverse(const char *option, int *invert, int *my_optind,
+ int argc, char **argv)
{
if (option == NULL || strcmp(option, "!") != 0)
return false;
@@ -1695,7 +1708,7 @@ int xtables_check_inverse(const char option[], int *invert,
return true;
}
-const struct xtables_pprot xtables_chain_protos[] = {
+EXPORT_SYMBOL const struct xtables_pprot xtables_chain_protos[] = {
{"tcp", IPPROTO_TCP},
{"sctp", IPPROTO_SCTP},
{"udp", IPPROTO_UDP},
@@ -1711,7 +1724,7 @@ const struct xtables_pprot xtables_chain_protos[] = {
{NULL},
};
-uint16_t
+EXPORT_SYMBOL uint16_t
xtables_parse_protocol(const char *s)
{
unsigned int proto;
--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
