Remove support for IPv6 for rules shared with IPv4

bastien-roucaries · Aug 8, 2018 · d33c240 · d33c240
1 parent e147a6b
commit d33c240
Showing 1 changed file with 22 additions and 22 deletions.
diff --git a/server/fw_util_iptables.c b/server/fw_util_iptables.c
@@ -187,15 +187,15 @@ rule_exists_no_chk_support(const fko_srv_options_t * const opts,
 
 static int
 rule_exists_chk_support(const fko_srv_options_t * const opts,
-        const char * const chain, const char * const rule, int ipv6)
+        const char * const chain, const char * const rule)
 {
     int     rule_exists = 0;
     int     res = 0;
 
     zero_cmd_buffers();
 
     snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_CHK_RULE_ARGS,
-            ipv6 ? opts->fw_config->fw_command6 : opts->fw_config->fw_command,
+            opts->fw_config->fw_command,
             chain, rule);
 
     res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
@@ -239,7 +239,7 @@ rule_exists(const fko_srv_options_t * const opts,
     int rule_exists = 0;
 
     if(have_ipt_chk_support == 1)
-        rule_exists = rule_exists_chk_support(opts, fwc->to_chain, rule, ipv6);
+        rule_exists = rule_exists_chk_support(opts, fwc->to_chain, rule);
     else
         rule_exists = rule_exists_no_chk_support(opts, fwc, proto, srcip,
                 (opts->fw_config->use_destination ? dstip : NULL), port,
@@ -400,14 +400,14 @@ comment_match_exists(const fko_srv_options_t * const opts, int ipv6)
 }
 
 static int
-add_jump_rule(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
+add_jump_rule(const fko_srv_options_t * const opts, const int chain_num)
 {
     int res = 0, rv = 0;
 
     zero_cmd_buffers();
 
     snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_ADD_JUMP_RULE_ARGS,
-        ipv6 ? fwc.fw_command6 : fwc.fw_command,
+        fwc.fw_command,
         fwc.chain[chain_num].table,
         fwc.chain[chain_num].from_chain,
         fwc.chain[chain_num].jump_rule_pos,
@@ -435,14 +435,14 @@ add_jump_rule(const fko_srv_options_t * const opts, const int chain_num, int ipv
 }
 
 static int
-chain_exists(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
+chain_exists(const fko_srv_options_t * const opts, const int chain_num)
 {
     int res = 0;
 
     zero_cmd_buffers();
 
     snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_CHAIN_EXISTS_ARGS,
-        ipv6 ? fwc.fw_command6 : fwc.fw_command,
+        fwc.fw_command,
         fwc.chain[chain_num].table,
         fwc.chain[chain_num].to_chain
     );
@@ -466,7 +466,7 @@ chain_exists(const fko_srv_options_t * const opts, const int chain_num, int ipv6
 }
 
 static int
-jump_rule_exists_chk_support(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
+jump_rule_exists_chk_support(const fko_srv_options_t * const opts, const int chain_num)
 {
     int    exists = 0;
     char   rule_buf[CMD_BUFSIZE] = {0};
@@ -476,7 +476,7 @@ jump_rule_exists_chk_support(const fko_srv_options_t * const opts, const int cha
         fwc.chain[chain_num].to_chain
     );
 
-    if(rule_exists_chk_support(opts, fwc.chain[chain_num].from_chain, rule_buf, ipv6) == 1)
+    if(rule_exists_chk_support(opts, fwc.chain[chain_num].from_chain, rule_buf) == 1)
     {
         log_msg(LOG_DEBUG, "jump_rule_exists_chk_support() jump rule found");
         exists = 1;
@@ -518,12 +518,12 @@ jump_rule_exists_no_chk_support(const fko_srv_options_t * const opts,
 }
 
 static int
-jump_rule_exists(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
+jump_rule_exists(const fko_srv_options_t * const opts, const int chain_num)
 {
     int    exists = 0;
 
     if(have_ipt_chk_support == 1)
-        exists = jump_rule_exists_chk_support(opts, chain_num, ipv6);
+        exists = jump_rule_exists_chk_support(opts, chain_num);
     else
         exists = jump_rule_exists_no_chk_support(opts, chain_num);
 
@@ -696,7 +696,7 @@ delete_all_chains(const fko_srv_options_t * const opts, int ipv6)
          * is there.
         */
         cmd_ctr = 0;
-        while(cmd_ctr < CMD_LOOP_TRIES && (jump_rule_exists(opts, i, ipv6) == 1))
+        while(cmd_ctr < CMD_LOOP_TRIES && (jump_rule_exists(opts, i) == 1))
         {
             zero_cmd_buffers();
 
@@ -834,7 +834,7 @@ delete_all_chains(const fko_srv_options_t * const opts, int ipv6)
 }
 
 static int
-create_chain(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
+create_chain(const fko_srv_options_t * const opts, const int chain_num)
 {
     int res = 0, rv = 0;
 
@@ -843,7 +843,7 @@ create_chain(const fko_srv_options_t * const opts, const int chain_num, int ipv6
     /* Create the custom chain.
     */
     snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_NEW_CHAIN_ARGS,
-        ipv6 ? fwc.fw_command6 : fwc.fw_command,
+        fwc.fw_command,
         fwc.chain[chain_num].table,
         fwc.chain[chain_num].to_chain
     );
@@ -866,18 +866,18 @@ create_chain(const fko_srv_options_t * const opts, const int chain_num, int ipv6
 }
 
 static int
-mk_chain(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
+mk_chain(const fko_srv_options_t * const opts, const int chain_num)
 {
     int err = 0;
 
     /* Make sure the required chain and jump rule exist
     */
-    if(! chain_exists(opts, chain_num, ipv6))
-        if(! create_chain(opts, chain_num, ipv6))
+    if(! chain_exists(opts, chain_num))
+        if(! create_chain(opts, chain_num))
             err++;
 
-    if (! jump_rule_exists(opts, chain_num, ipv6))
-        if(! add_jump_rule(opts, chain_num, ipv6))
+    if (! jump_rule_exists(opts, chain_num))
+        if(! add_jump_rule(opts, chain_num))
             err++;
 
     return err;
@@ -898,7 +898,7 @@ create_fw_chains(const fko_srv_options_t * const opts, int ipv6)
         if(fwc.chain[i].target[0] == '\0')
             continue;
 
-        got_err += mk_chain(opts, i, ipv6);
+        got_err += mk_chain(opts, i);
     }
 
 #if USE_LIBNETFILTER_QUEUE
@@ -932,7 +932,7 @@ create_fw_chains(const fko_srv_options_t * const opts, int ipv6)
         /* Create the rule to direct traffic to the NFQ chain.
         */
         snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_ADD_JUMP_RULE_ARGS,
-            ipv6 ? fwc.fw_command6 : fwc.fw_command,
+            fwc.fw_command,
             opts->config[CONF_NFQ_TABLE],
             "INPUT",
             1,
@@ -1301,7 +1301,7 @@ ipt_rule(const fko_srv_options_t * const opts,
 
     /* Check to make sure that the chain and jump rule exist
     */
-    mk_chain(opts, chain->type, ipv6);
+    mk_chain(opts, chain->type);
 
     if(rule_exists(opts, chain, rule_buf, proto, srcip,
                 dstip, port, nat_ip, nat_port, exp_ts, ipv6) == 0)