From b3315d59fb67edf77cfd90519c750ae1ce7e4146 Mon Sep 17 00:00:00 2001
From: Sebastian Harl <sh@tokkee.org>
Date: Sun, 6 Sep 2009 12:14:55 +0000
Subject: [PATCH] iptables plugin: Support the new libiptc API.

When libiptc has been officially made available as a shared library, the API
and ABI have been changed slightly. By checking for the existance of a type
that has been removed in that course, configure now checks which version is
available. This is quite error prone (the type might be re-introduced any
time), so this should be improved some time - currently, I do not have an idea
how to do so, though :-/
---
 configure.in   | 16 ++++++++++++++++
 src/iptables.c | 31 ++++++++++++++++++++++++++++---
 2 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/configure.in b/configure.in
index 4a0b2957..9b08ef9a 100644
--- a/configure.in
+++ b/configure.in
@@ -1304,6 +1304,22 @@ if test "x$with_own_libiptc" = "xyes"
 then
 	AC_DEFINE(OWN_LIBIPTC, 1, [Define to 1 if we use the shipped iptc library.])
 fi
+if test "x$with_libiptc" = "xyes"
+then
+	SAVE_CFLAGS=$CFLAGS
+	CFLAGS="$CFLAGS $KERNEL_CFLAGS"
+
+	AC_CHECK_TYPES([iptc_handle_t], [], [],
+	[
+#if OWN_LIBIPTC
+# include "$srcdir/src/owniptc/libiptc.h"
+#else
+# include <libiptc/libiptc.h>
+#endif
+	])
+
+	CFLAGS=$SAVE_CFLAGS
+fi
 # }}}
 
 # --with-libmysql {{{
diff --git a/src/iptables.c b/src/iptables.c
index 9f56d590..a81dfd7e 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -34,6 +34,22 @@
 #endif
 
 /*
+ * iptc_handle_t was available before libiptc was officially available as a
+ * shared library. Note, that when the shared lib was introduced, the API and
+ * ABI have changed slightly:
+ * 'iptc_handle_t' used to be 'struct iptc_handle *' and most functions used
+ * 'iptc_handle_t *' as an argument. Now, most functions use 'struct
+ * iptc_handle *' (thus removing one level of pointer indirection).
+ *
+ * HAVE_IPTC_HANDLE_T is used to determine which API ought to be used. While
+ * this is somewhat hacky, I didn't find better way to solve that :-/
+ * -tokkee
+ */
+#ifndef HAVE_IPTC_HANDLE_T
+typedef struct iptc_handle iptc_handle_t;
+#endif
+
+/*
  * (Module-)Global variables
  */
 
@@ -291,7 +307,12 @@ static int iptables_read (void)
     /* Init the iptc handle structure and query the correct table */    
     for (i = 0; i < chain_num; i++)
     {
-	iptc_handle_t handle;
+#ifdef HAVE_IPTC_HANDLE_T
+	iptc_handle_t _handle;
+	iptc_handle_t *handle = &_handle;
+#else
+	iptc_handle_t *handle;
+#endif
 	ip_chain_t *chain;
 	
 	chain = chain_list[i];
@@ -301,7 +322,11 @@ static int iptables_read (void)
 	    continue;
 	}
 
+#ifdef HAVE_IPTC_HANDLE_T
+	*handle = iptc_init (chain->table);
+#else
 	handle = iptc_init (chain->table);
+#endif
 	if (!handle)
 	{
 	    ERROR ("iptables plugin: iptc_init (%s) failed: %s",
@@ -310,8 +335,8 @@ static int iptables_read (void)
 	    continue;
 	}
 
-	submit_chain (&handle, chain);
-	iptc_free (&handle);
+	submit_chain (handle, chain);
+	iptc_free (handle);
     } /* for (i = 0 .. chain_num) */
 
     return ((num_failures < chain_num) ? 0 : -1);
-- 
2.11.0