From 4ac428cbc935df72864ae4c864c9b1181e11cff0 Mon Sep 17 00:00:00 2001 From: Thomas Bernard Date: Sun, 6 Oct 2019 21:25:03 +0200 Subject: [PATCH] netfilter_nft: remove dead code --- miniupnpd/netfilter_nft/nftnlrdr.c | 49 ------- miniupnpd/netfilter_nft/nftnlrdr_misc.c | 173 ------------------------ 2 files changed, 222 deletions(-) diff --git a/miniupnpd/netfilter_nft/nftnlrdr.c b/miniupnpd/netfilter_nft/nftnlrdr.c index 7fa8580..0334720 100644 --- a/miniupnpd/netfilter_nft/nftnlrdr.c +++ b/miniupnpd/netfilter_nft/nftnlrdr.c @@ -767,52 +767,3 @@ list_redirect_rule(const char * ifname) return 0; } #endif - - -#if 0 -/* delete_rule_and_commit() : - * subfunction used in delete_redirect_and_filter_rules() */ -static int -delete_rule_and_commit(unsigned int index, IPTC_HANDLE h, - const char * miniupnpd_chain, - const char * logcaller) -{ -/* TODO: Implement it */ -} - -/* TODO: Implement it */ -static void -print_iface(const char * iface, const unsigned char * mask, int invert) -{ - unsigned i; - if(mask[0] == 0) - return; - if(invert) - printf("! "); - for(i=0; i> 24, (ip >> 16) & 0xff, - (ip >> 8) & 0xff, ip & 0xff); -} -#endif - -#endif /* if 0 */ diff --git a/miniupnpd/netfilter_nft/nftnlrdr_misc.c b/miniupnpd/netfilter_nft/nftnlrdr_misc.c index bde4eba..d256baf 100644 --- a/miniupnpd/netfilter_nft/nftnlrdr_misc.c +++ b/miniupnpd/netfilter_nft/nftnlrdr_misc.c @@ -112,155 +112,6 @@ nft_mnl_disconnect(void) } #ifdef DEBUG -static const char * -get_family_string(uint32_t family) -{ - switch (family) { - case NFPROTO_INET: - return "ipv4/6"; - case NFPROTO_IPV4: - return "ipv4"; - case NFPROTO_IPV6: - return "ipv6"; - } - - return "unknown family"; -} - -static const char * -get_proto_string(uint32_t proto) -{ - switch (proto) { - case IPPROTO_TCP: - return "tcp"; - case IPPROTO_UDP: - return "udp"; - } - - return "unknown proto"; -} - -static const char * -get_verdict_string(uint32_t val) -{ - switch (val) { - case NF_ACCEPT: - return "accept"; - case NF_DROP: - return "drop"; - default: - return "unknown verdict"; - } -} - -void -print_rule(rule_t *r) -{ - struct in_addr addr; - char *iaddr_str = NULL, *rhost_str = NULL, *eaddr_str = NULL; - char iaddr6_str[INET6_ADDRSTRLEN]; - char rhost6_str[INET6_ADDRSTRLEN]; - char ifname_buf[IF_NAMESIZE]; - - switch (r->type) { - case RULE_NAT: - if (r->iaddr != 0) { - addr.s_addr = r->iaddr; - iaddr_str = strdupa(inet_ntoa(addr)); - } - if (r->rhost != 0) { - addr.s_addr = r->rhost; - rhost_str = strdupa(inet_ntoa(addr)); - } - if (r->eaddr != 0) { - addr.s_addr = r->eaddr; - eaddr_str = strdupa(inet_ntoa(addr)); - } - if (r->nat_type == NFT_NAT_DNAT) { - printf("%"PRIu64":[%s/%s] iif %s, %s/%s, %d -> " - "%s:%d (%s)\n", - r->handle, - r->table, r->chain, - if_indextoname(r->ingress_ifidx, ifname_buf), - get_family_string(r->family), - get_proto_string(r->proto), r->eport, - iaddr_str, r->iport, - r->desc); - } else if (r->nat_type == NFT_NAT_SNAT) { - printf("%"PRIu64":[%s/%s] " - "nat type:%d, family:%d, ifidx: %d, " - "eaddr: %s, eport:%d, " - "proto:%d, iaddr: %s, " - "iport:%d, rhost:%s rport:%d (%s)\n", - r->handle, r->table, r->chain, - r->nat_type, r->family, r->ingress_ifidx, - eaddr_str, r->eport, - r->proto, iaddr_str, r->iport, - rhost_str, r->rport, - r->desc); - } else { - printf("%"PRIu64":[%s/%s] " - "nat type:%d, family:%d, ifidx: %d, " - "eaddr: %s, eport:%d, " - "proto:%d, iaddr: %s, iport:%d, rhost:%s (%s)\n", - r->handle, r->table, r->chain, - r->nat_type, r->family, r->ingress_ifidx, - eaddr_str, r->eport, - r->proto, iaddr_str, r->iport, rhost_str, - r->desc); - } - break; - case RULE_FILTER: - if (r->iaddr != 0) { - addr.s_addr = r->iaddr; - iaddr_str = strdupa(inet_ntoa(addr)); - } - if (r->rhost != 0) { - addr.s_addr = r->rhost; - rhost_str = strdupa(inet_ntoa(addr)); - } - inet_ntop(AF_INET6, &r->iaddr6, iaddr6_str, INET6_ADDRSTRLEN); - inet_ntop(AF_INET6, &r->rhost6, rhost6_str, INET6_ADDRSTRLEN); - - if ( (r->iaddr != 0) || (r->rhost != 0) ) { - printf("%"PRIu64":[%s/%s] %s/%s, %s %s:%d: %s (%s)\n", - r->handle, r->table, r->chain, - get_family_string(r->family), get_proto_string(r->proto), - rhost_str, - iaddr_str, r->eport, - get_verdict_string(r->filter_action), - r->desc); - } else { - printf("%"PRIu64":[%s/%s] %s/%s, %s %s:%d: %s (%s)\n", - r->handle, r->table, r->chain, - get_family_string(r->family), get_proto_string(r->proto), - rhost6_str, - iaddr6_str, r->eport, - get_verdict_string(r->filter_action), - r->desc); - } - break; - case RULE_COUNTER: - if (r->iaddr != 0) { - addr.s_addr = r->iaddr; - iaddr_str = strdupa(inet_ntoa(addr)); - } - if (r->rhost != 0) { - addr.s_addr = r->iaddr; - rhost_str = strdupa(inet_ntoa(addr)); - } - printf("%"PRIu64":[%s/%s] %s/%s, %s:%d: " - "packets:%"PRIu64", bytes:%"PRIu64"\n", - r->handle, r->table, r->chain, - get_family_string(r->family), get_proto_string(r->proto), - iaddr_str, r->eport, r->packets, r->bytes); - break; - default: - printf("nftables: unknown type: %d\n", r->type); - } - -} -#else void print_rule(rule_t *r) { @@ -269,7 +120,6 @@ print_rule(rule_t *r) nftnl_rule_snprintf(buf, sizeof(buf), r, NFTNL_OUTPUT_DEFAULT, 0); fprintf(stdout, "%s\n", buf); } -#endif #define debug_rule(rule) do { print_rule(rule); } while (0) #else #define debug_rule(rule) @@ -810,29 +660,6 @@ expr_add_payload(struct nftnl_rule *r, uint32_t base, uint32_t dreg, nftnl_rule_add_expr(r, e); } -#if 0 -static void -expr_add_bitwise(struct nftnl_rule *r, uint32_t sreg, uint32_t dreg, - uint32_t len, uint32_t mask, uint32_t xor) -{ - struct nftnl_expr *e; - - e = nftnl_expr_alloc("bitwise"); - if (e == NULL) { - log_error("nftnl_expr_alloc(\"%s\") FAILED", "expr_add_bitwise()", "bitwise"); - return; - } - - nftnl_expr_set_u32(e, NFTNL_EXPR_BITWISE_SREG, sreg); - nftnl_expr_set_u32(e, NFTNL_EXPR_BITWISE_DREG, dreg); - nftnl_expr_set_u32(e, NFTNL_EXPR_BITWISE_LEN, len); - nftnl_expr_set(e, NFTNL_EXPR_BITWISE_MASK, &mask, sizeof(mask)); - nftnl_expr_set(e, NFTNL_EXPR_BITWISE_XOR, &xor, sizeof(xor)); - - nftnl_rule_add_expr(r, e); -} -#endif - static void expr_add_cmp(struct nftnl_rule *r, uint32_t sreg, uint32_t op, const void *data, uint32_t data_len)