1e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Code to take an iptables-style command line and do it. */ 2e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 3e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* 4e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Author: Paul.Russell@rustcorp.com.au and mneuling@radlogic.com.au 5e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * 6d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * (C) 2000-2002 by the netfilter coreteam <coreteam@netfilter.org>: 7d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * Paul 'Rusty' Russell <rusty@rustcorp.com.au> 8d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * Marc Boucher <marc+nf@mbsi.ca> 9d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * James Morris <jmorris@intercode.com.au> 10d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * Harald Welte <laforge@gnumonks.org> 11d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 12d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * 13e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * This program is free software; you can redistribute it and/or modify 14e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * it under the terms of the GNU General Public License as published by 15e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * the Free Software Foundation; either version 2 of the License, or 16e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * (at your option) any later version. 17e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * 18e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * This program is distributed in the hope that it will be useful, 19e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * but WITHOUT ANY WARRANTY; without even the implied warranty of 20e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * GNU General Public License for more details. 22e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * 23e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * You should have received a copy of the GNU General Public License 24e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * along with this program; if not, write to the Free Software 25e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 26e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher */ 27e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 28e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <getopt.h> 29e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <string.h> 30e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <netdb.h> 31e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <errno.h> 32c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaaJan Engelhardt#include <stdbool.h> 33e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <stdio.h> 34e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <stdlib.h> 35e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <ctype.h> 36e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <stdarg.h> 37e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <limits.h> 3882dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte#include <unistd.h> 39e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <iptables.h> 403dfa4488b032fc32aaf2470f48ac1fc3a534794fYasuyuki KOZAKAI#include <xtables.h> 4182dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte#include <fcntl.h> 428cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester#include <sys/utsname.h> 43f89c1716a7743ca6e2e6164d3b64c15b2e285e1eJan Engelhardt#include "xshared.h" 44e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 45e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#ifndef TRUE 46e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define TRUE 1 47e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#endif 48e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#ifndef FALSE 49e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FALSE 0 50e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#endif 51e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 52e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FMT_NUMERIC 0x0001 53e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FMT_NOCOUNTS 0x0002 54e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FMT_KILOMEGAGIGA 0x0004 55e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FMT_OPTIONS 0x0008 56e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FMT_NOTABLE 0x0010 57e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FMT_NOTARGET 0x0020 58e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FMT_VIA 0x0040 59e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FMT_NONEWLINE 0x0080 60e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FMT_LINENUMBERS 0x0100 61e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 62e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FMT_PRINT_RULE (FMT_NOCOUNTS | FMT_OPTIONS | FMT_VIA \ 63e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher | FMT_NUMERIC | FMT_NOTABLE) 64e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab)) 65e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 66e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 67e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_NONE 0x0000U 68e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_INSERT 0x0001U 69e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_DELETE 0x0002U 70e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_DELETE_NUM 0x0004U 71e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_REPLACE 0x0008U 72e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_APPEND 0x0010U 73e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_LIST 0x0020U 74e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_FLUSH 0x0040U 75e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_ZERO 0x0080U 76e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_NEW_CHAIN 0x0100U 77e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_DELETE_CHAIN 0x0200U 78e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_SET_POLICY 0x0400U 790eca33f8a830d1aaca53b590abe791109a9524e3Harald Welte#define CMD_RENAME_CHAIN 0x0800U 8096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom#define CMD_LIST_RULES 0x1000U 81b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta#define CMD_ZERO_NUM 0x2000U 82d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek#define CMD_CHECK 0x4000U 83d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek#define NUMBER_OF_CMD 16 84e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', 85d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek 'Z', 'N', 'X', 'P', 'E', 'S', 'C' }; 86e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 87f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt#define OPT_FRAGMENT 0x00800U 88f4b6e5290e869fccb87c03da5603a38b7e55abc5Jan Engelhardt#define NUMBER_OF_OPT ARRAY_SIZE(optflags) 89f4b6e5290e869fccb87c03da5603a38b7e55abc5Jan Engelhardtstatic const char optflags[] 90f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt= { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', '0', 'c', 'f'}; 91e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 92e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic struct option original_opts[] = { 937bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "append", .has_arg = 1, .val = 'A'}, 947bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "delete", .has_arg = 1, .val = 'D'}, 95d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek {.name = "check", .has_arg = 1, .val = 'C'}, 967bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "insert", .has_arg = 1, .val = 'I'}, 977bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "replace", .has_arg = 1, .val = 'R'}, 987bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "list", .has_arg = 2, .val = 'L'}, 9996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom {.name = "list-rules", .has_arg = 2, .val = 'S'}, 1007bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "flush", .has_arg = 2, .val = 'F'}, 1017bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "zero", .has_arg = 2, .val = 'Z'}, 1027bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "new-chain", .has_arg = 1, .val = 'N'}, 1037bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "delete-chain", .has_arg = 2, .val = 'X'}, 1047bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "rename-chain", .has_arg = 1, .val = 'E'}, 1057bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "policy", .has_arg = 1, .val = 'P'}, 1067bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "source", .has_arg = 1, .val = 's'}, 1077bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "destination", .has_arg = 1, .val = 'd'}, 1087bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "src", .has_arg = 1, .val = 's'}, /* synonym */ 1097bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "dst", .has_arg = 1, .val = 'd'}, /* synonym */ 1107bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "protocol", .has_arg = 1, .val = 'p'}, 1117bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "in-interface", .has_arg = 1, .val = 'i'}, 1127bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "jump", .has_arg = 1, .val = 'j'}, 1137bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "table", .has_arg = 1, .val = 't'}, 1147bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "match", .has_arg = 1, .val = 'm'}, 1157bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "numeric", .has_arg = 0, .val = 'n'}, 1167bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "out-interface", .has_arg = 1, .val = 'o'}, 1177bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "verbose", .has_arg = 0, .val = 'v'}, 1187bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "exact", .has_arg = 0, .val = 'x'}, 1197bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "fragments", .has_arg = 0, .val = 'f'}, 1207bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "version", .has_arg = 0, .val = 'V'}, 1217bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "help", .has_arg = 2, .val = 'h'}, 1227bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "line-numbers", .has_arg = 0, .val = '0'}, 1237bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "modprobe", .has_arg = 1, .val = 'M'}, 1247bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "set-counters", .has_arg = 1, .val = 'c'}, 1257bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "goto", .has_arg = 1, .val = 'g'}, 12657664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski {.name = "ipv4", .has_arg = 0, .val = '4'}, 12757664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski {.name = "ipv6", .has_arg = 0, .val = '6'}, 1287bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {NULL}, 129e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher}; 130e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1318b7baebc93989106fd5d26b262d0ce191f8ef7c0Jamal Hadi Salimvoid iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3))); 1328b7baebc93989106fd5d26b262d0ce191f8ef7c0Jamal Hadi Salim 1334dcdc9b3f8f42eb3b5a1d12e1b3d2fc1e2675725Jamal Hadi Salimstruct xtables_globals iptables_globals = { 1344dcdc9b3f8f42eb3b5a1d12e1b3d2fc1e2675725Jamal Hadi Salim .option_offset = 0, 1354dcdc9b3f8f42eb3b5a1d12e1b3d2fc1e2675725Jamal Hadi Salim .program_version = IPTABLES_VERSION, 136139b3fe4bd5121501e60fe07963ea527d7f0bd36Jamal Hadi Salim .orig_opts = original_opts, 1378b7baebc93989106fd5d26b262d0ce191f8ef7c0Jamal Hadi Salim .exit_err = iptables_exit_error, 1384dcdc9b3f8f42eb3b5a1d12e1b3d2fc1e2675725Jamal Hadi Salim}; 1394dcdc9b3f8f42eb3b5a1d12e1b3d2fc1e2675725Jamal Hadi Salim 140e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Table of legal combinations of commands and options. If any of the 141e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * given commands make an option legal, that option is legal (applies to 142e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * CMD_LIST and CMD_ZERO only). 143e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Key: 144e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * + compulsory 145e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * x illegal 146e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * optional 147e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher */ 148e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 149d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardtstatic const char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = 150e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Well, it's better than "Re: Linux vs FreeBSD" */ 151e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 152f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt /* -n -s -d -p -j -v -x -i -o --line -c -f */ 153f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*INSERT*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x',' ',' '}, 154f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*DELETE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x','x',' '}, 1552cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*DELETE_NUM*/{'x','x','x','x','x',' ','x','x','x','x','x','x'}, 156f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*REPLACE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x',' ',' '}, 157f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*APPEND*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x',' ',' '}, 158f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x','x'}, 1592cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 1602cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 161b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 1622cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 1632cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 164f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' ','x'}, 16596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 166d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek/*LIST_RULES*/{'x','x','x','x','x',' ','x','x','x','x','x','x'}, 167d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek/*CHECK*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x','x',' '}, 168e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher}; 169e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 170d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardtstatic const int inverse_for_options[NUMBER_OF_OPT] = 171e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 172e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -n */ 0, 173e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -s */ IPT_INV_SRCIP, 174e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -d */ IPT_INV_DSTIP, 175e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -p */ IPT_INV_PROTO, 176e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -j */ 0, 177e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -v */ 0, 178e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -x */ 0, 179e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -i */ IPT_INV_VIA_IN, 180e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -o */ IPT_INV_VIA_OUT, 181e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -f */ IPT_INV_FRAG, 1822cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*--line*/ 0, 1832cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/* -c */ 0, 184e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher}; 185e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 186f503cb8ad6360ca646e985f02c2eb0c4bfe8a2c8Pablo Neira Ayuso#define opts iptables_globals.opts 1875dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim#define prog_name iptables_globals.program_name 1885dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim#define prog_vers iptables_globals.program_version 189e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1908cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oesterint kernel_version; 1918cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester 192a3e6aaa5371937420dd44949d840d19726998abcRusty Russell/* Primitive headers... */ 193764316a133db8e5e2d1f2a9d941ffae993d7c9d9András Kis-Szabó/* defined in netinet/in.h */ 194764316a133db8e5e2d1f2a9d941ffae993d7c9d9András Kis-Szabó#if 0 195a3e6aaa5371937420dd44949d840d19726998abcRusty Russell#ifndef IPPROTO_ESP 196a3e6aaa5371937420dd44949d840d19726998abcRusty Russell#define IPPROTO_ESP 50 197a3e6aaa5371937420dd44949d840d19726998abcRusty Russell#endif 198a3e6aaa5371937420dd44949d840d19726998abcRusty Russell#ifndef IPPROTO_AH 199a3e6aaa5371937420dd44949d840d19726998abcRusty Russell#define IPPROTO_AH 51 200a3e6aaa5371937420dd44949d840d19726998abcRusty Russell#endif 201764316a133db8e5e2d1f2a9d941ffae993d7c9d9András Kis-Szabó#endif 202a3e6aaa5371937420dd44949d840d19726998abcRusty Russell 203267a57007e69d8f316dea80f79ce2560459e0c30Pablo Neira Ayusoenum { 204267a57007e69d8f316dea80f79ce2560459e0c30Pablo Neira Ayuso IPT_DOTTED_ADDR = 0, 205267a57007e69d8f316dea80f79ce2560459e0c30Pablo Neira Ayuso IPT_DOTTED_MASK 206267a57007e69d8f316dea80f79ce2560459e0c30Pablo Neira Ayuso}; 207267a57007e69d8f316dea80f79ce2560459e0c30Pablo Neira Ayuso 20824bb07802df1608319f40f77c606d45c14d59231Dmitry V. Levinstatic void __attribute__((noreturn)) 209e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherexit_tryhelp(int status) 210e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 211edad9bb71861e807462285331f96f46288cd8b26Maciej Soltysiak if (line != -1) 212a5bb0a65c15ab040bc6b6ee2d6637fec50e80b13Harald Welte fprintf(stderr, "Error occurred at line: %d\n", line); 213e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n", 2145dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim prog_name, prog_name); 215139b3fe4bd5121501e60fe07963ea527d7f0bd36Jamal Hadi Salim xtables_free_opts(1); 216e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher exit(status); 217e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 218e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 2190b63936140032deac44072951451bdf47b54296aPatrick McHardystatic void 220d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardtexit_printhelp(const struct xtables_rule_match *matches) 221e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 222e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf("%s v%s\n\n" 223d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek"Usage: %s -[ACD] chain rule-specification [options]\n" 2241791a45b279db742d6de35ea8dc1ad9dda4acb73Jan Engelhardt" %s -I chain [rulenum] rule-specification [options]\n" 2251791a45b279db742d6de35ea8dc1ad9dda4acb73Jan Engelhardt" %s -R chain rulenum rule-specification [options]\n" 226e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" %s -D chain rulenum [options]\n" 227bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" %s -[LS] [chain [rulenum]] [options]\n" 228bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" %s -[FZ] [chain] [options]\n" 229e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" %s -[NX] chain\n" 230e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" %s -E old-chain-name new-chain-name\n" 231e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" %s -P chain target [options]\n" 232e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" %s -h (print this help information)\n\n", 2335dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim prog_name, prog_vers, prog_name, prog_name, 2345dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim prog_name, prog_name, prog_name, prog_name, 2351791a45b279db742d6de35ea8dc1ad9dda4acb73Jan Engelhardt prog_name, prog_name, prog_name, prog_name); 236e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 237e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf( 238e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher"Commands:\n" 239e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher"Either long or short options are allowed.\n" 240e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --append -A chain Append to chain\n" 241d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek" --check -C chain Check for the existence of a rule\n" 242e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --delete -D chain Delete matching rule from chain\n" 243e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --delete -D chain rulenum\n" 244e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" Delete rule rulenum (1 = first) from chain\n" 245e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --insert -I chain [rulenum]\n" 246e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" Insert in chain as rulenum (default 1=first)\n" 247e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --replace -R chain rulenum\n" 248e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" Replace rule rulenum (1 = first) in chain\n" 249bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" --list -L [chain [rulenum]]\n" 250bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" List the rules in a chain or all chains\n" 251bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" --list-rules -S [chain [rulenum]]\n" 252bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" Print the rules in a chain or all chains\n" 253e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --flush -F [chain] Delete all rules in chain or all chains\n" 254b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta" --zero -Z [chain [rulenum]]\n" 255b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta" Zero counters in chain or all chains\n" 256e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --new -N chain Create a new user-defined chain\n" 257e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --delete-chain\n" 258e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" -X [chain] Delete a user-defined chain\n" 259e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --policy -P chain target\n" 260e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" Change policy on chain to target\n" 261e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --rename-chain\n" 262e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" -E old-chain new-chain\n" 263e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" Change chain name, (moving any references)\n" 264e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 265e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher"Options:\n" 26657664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski" --ipv4 -4 Nothing (line is ignored by ip6tables-restore)\n" 26757664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski" --ipv6 -6 Error (line is ignored by iptables-restore)\n" 268967279231a9ecfa99f26694a954afc535c63db1dJan Engelhardt"[!] --proto -p proto protocol: by number or name, eg. `tcp'\n" 269332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow"[!] --source -s address[/mask][...]\n" 270e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" source specification\n" 271332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow"[!] --destination -d address[/mask][...]\n" 272e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" destination specification\n" 273967279231a9ecfa99f26694a954afc535c63db1dJan Engelhardt"[!] --in-interface -i input name[+]\n" 274e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" network interface name ([+] for wildcard)\n" 275967279231a9ecfa99f26694a954afc535c63db1dJan Engelhardt" --jump -j target\n" 276363112d6100f202124a7a0f0251bfa4c321bd20dRusty Russell" target for rule (may load target extension)\n" 27717fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#ifdef IPT_F_GOTO 27817fc163babc348780bae4321071845748f7b7985Henrik Nordstrom" --goto -g chain\n" 27917fc163babc348780bae4321071845748f7b7985Henrik Nordstrom" jump to chain with no return\n" 28017fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#endif 281363112d6100f202124a7a0f0251bfa4c321bd20dRusty Russell" --match -m match\n" 282363112d6100f202124a7a0f0251bfa4c321bd20dRusty Russell" extended match (may load extension)\n" 283e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --numeric -n numeric output of addresses and ports\n" 284967279231a9ecfa99f26694a954afc535c63db1dJan Engelhardt"[!] --out-interface -o output name[+]\n" 285e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" network interface name ([+] for wildcard)\n" 286e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --table -t table table to manipulate (default: `filter')\n" 287e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --verbose -v verbose mode\n" 28882dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte" --line-numbers print line numbers when listing\n" 289e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --exact -x expand numbers (display exact values)\n" 290e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher"[!] --fragment -f match second or further fragments only\n" 291a4d3e1fea254d63a2dd0e32bf6d70fa0f39159bcRusty Russell" --modprobe=<command> try to insert modules using this command\n" 292ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte" --set-counters PKTS BYTES set the counter during insert/append\n" 293e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher"[!] --version -V print package version.\n"); 294e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 295f89c1716a7743ca6e2e6164d3b64c15b2e285e1eJan Engelhardt print_extension_helps(xtables_targets, matches); 296e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher exit(0); 297e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 298e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 2990b63936140032deac44072951451bdf47b54296aPatrick McHardyvoid 3008b7baebc93989106fd5d26b262d0ce191f8ef7c0Jamal Hadi Salimiptables_exit_error(enum xtables_exittype status, const char *msg, ...) 3010b63936140032deac44072951451bdf47b54296aPatrick McHardy{ 3020b63936140032deac44072951451bdf47b54296aPatrick McHardy va_list args; 3030b63936140032deac44072951451bdf47b54296aPatrick McHardy 3040b63936140032deac44072951451bdf47b54296aPatrick McHardy va_start(args, msg); 3055dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim fprintf(stderr, "%s v%s: ", prog_name, prog_vers); 3060b63936140032deac44072951451bdf47b54296aPatrick McHardy vfprintf(stderr, msg, args); 3070b63936140032deac44072951451bdf47b54296aPatrick McHardy va_end(args); 3080b63936140032deac44072951451bdf47b54296aPatrick McHardy fprintf(stderr, "\n"); 3090b63936140032deac44072951451bdf47b54296aPatrick McHardy if (status == PARAMETER_PROBLEM) 3100b63936140032deac44072951451bdf47b54296aPatrick McHardy exit_tryhelp(status); 3110b63936140032deac44072951451bdf47b54296aPatrick McHardy if (status == VERSION_PROBLEM) 3120b63936140032deac44072951451bdf47b54296aPatrick McHardy fprintf(stderr, 3130b63936140032deac44072951451bdf47b54296aPatrick McHardy "Perhaps iptables or your kernel needs to be upgraded.\n"); 3140b63936140032deac44072951451bdf47b54296aPatrick McHardy /* On error paths, make sure that we don't leak memory */ 315139b3fe4bd5121501e60fe07963ea527d7f0bd36Jamal Hadi Salim xtables_free_opts(1); 3160b63936140032deac44072951451bdf47b54296aPatrick McHardy exit(status); 3170b63936140032deac44072951451bdf47b54296aPatrick McHardy} 3180b63936140032deac44072951451bdf47b54296aPatrick McHardy 319e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 320e6869a8f59d779ff4d5a0984c86d80db7078496Marc Bouchergeneric_opt_check(int command, int options) 321e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 322e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int i, j, legal = 0; 323e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 324e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Check that commands are valid with options. Complicated by the 325e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * fact that if an option is legal with *any* command given, it is 326e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * legal overall (ie. -z and -l). 327e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher */ 328e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (i = 0; i < NUMBER_OF_OPT; i++) { 329e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher legal = 0; /* -1 => illegal, 1 => legal, 0 => undecided. */ 330e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 331e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (j = 0; j < NUMBER_OF_CMD; j++) { 332e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(command & (1<<j))) 333e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher continue; 334e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 335e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(options & (1<<i))) { 336e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (commands_v_options[j][i] == '+') 3371829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 338e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "You need to supply the `-%c' " 339e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "option for this command\n", 340e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher optflags[i]); 341e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } else { 342e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (commands_v_options[j][i] != 'x') 343e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher legal = 1; 344e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (legal == 0) 345e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher legal = -1; 346e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 347e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 348e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (legal == -1) 3491829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 350e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Illegal option `-%c' with this command\n", 351e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher optflags[i]); 352e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 353e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 354e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 355e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic char 356e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucheropt2char(int option) 357e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 358e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *ptr; 359e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (ptr = optflags; option > 1; option >>= 1, ptr++); 360e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 361e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return *ptr; 362e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 363e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 364e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic char 365e6869a8f59d779ff4d5a0984c86d80db7078496Marc Bouchercmd2char(int option) 366e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 367e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *ptr; 368e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (ptr = cmdflags; option > 1; option >>= 1, ptr++); 369e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 370e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return *ptr; 371e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 372e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 373e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 374efa8fc2123a2a9fc229ab471edd2b2688ce1da3aHarald Welteadd_command(unsigned int *cmd, const int newcmd, const int othercmds, 375efa8fc2123a2a9fc229ab471edd2b2688ce1da3aHarald Welte int invert) 376e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 377e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (invert) 3781829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "unexpected ! flag"); 379e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (*cmd & (~othercmds)) 3801829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n", 381e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher cmd2char(newcmd), cmd2char(*cmd & (~othercmds))); 382e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher *cmd |= newcmd; 383e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 384e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 385e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* 386e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * All functions starting with "parse" should succeed, otherwise 387e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * the program fails. 388e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Most routines return pointers to static data that may change 389e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * between calls to the same or other routines with a few exceptions: 390e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * "host_to_addr", "parse_hostnetwork", and "parse_hostnetworkmask" 391e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * return global static data. 392e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher*/ 393e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 39428381a4a8da8c967938de3981644190219380de4Rusty Russell/* Christophe Burki wants `-p 6' to imply `-m tcp'. */ 395e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Can't be zero. */ 396e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 397e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherparse_rulenumber(const char *rule) 398e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 399ed498493949c34e4b3292e93b41cda6776b7915eHarald Welte unsigned int rulenum; 400e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 4015f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507Jan Engelhardt if (!xtables_strtoui(rule, NULL, &rulenum, 1, INT_MAX)) 4021829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 403e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Invalid rule number `%s'", rule); 404e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 405e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return rulenum; 406e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 407e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 408e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic const char * 409e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherparse_target(const char *targetname) 410e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 411e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *ptr; 412e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 413e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (strlen(targetname) < 1) 4141829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 415e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Invalid target name (too short)"); 416e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 4170cb675b8f18c4b074d4c69461638820708e98100Jan Engelhardt if (strlen(targetname) >= XT_EXTENSION_MAXNAMELEN) 4181829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 419a28d495285ad7dd9f286d63958cf20d74eec6bcbMartin Josefsson "Invalid target name `%s' (%u chars max)", 4200cb675b8f18c4b074d4c69461638820708e98100Jan Engelhardt targetname, XT_EXTENSION_MAXNAMELEN - 1); 421e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 422e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (ptr = targetname; *ptr; ptr++) 423e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (isspace(*ptr)) 4241829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 425e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Invalid target name `%s'", targetname); 426e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return targetname; 427e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 428e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 429e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 4307ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardtset_option(unsigned int *options, unsigned int option, uint8_t *invflg, 431e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int invert) 432e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 433e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (*options & option) 4341829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed", 435e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opt2char(option)); 436e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher *options |= option; 437e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 438e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (invert) { 439e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int i; 440e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (i = 0; 1 << i != option; i++); 441e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 442e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!inverse_for_options[i]) 4431829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 444e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "cannot have ! before -%c", 445e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opt2char(option)); 446e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher *invflg |= inverse_for_options[i]; 447e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 448e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 449e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 450e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 4517ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardtprint_num(uint64_t number, unsigned int format) 452a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte{ 453a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte if (format & FMT_KILOMEGAGIGA) { 454a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte if (number > 99999) { 455a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte number = (number + 500) / 1000; 456a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte if (number > 9999) { 457a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte number = (number + 500) / 1000; 458a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte if (number > 9999) { 459a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte number = (number + 500) / 1000; 4605a66fe45d99351c7b96ea68595053a6be5a2529cRusty Russell if (number > 9999) { 4615a66fe45d99351c7b96ea68595053a6be5a2529cRusty Russell number = (number + 500) / 1000; 462a28d495285ad7dd9f286d63958cf20d74eec6bcbMartin Josefsson printf(FMT("%4lluT ","%lluT "), (unsigned long long)number); 4635a66fe45d99351c7b96ea68595053a6be5a2529cRusty Russell } 464a28d495285ad7dd9f286d63958cf20d74eec6bcbMartin Josefsson else printf(FMT("%4lluG ","%lluG "), (unsigned long long)number); 465a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte } 466a28d495285ad7dd9f286d63958cf20d74eec6bcbMartin Josefsson else printf(FMT("%4lluM ","%lluM "), (unsigned long long)number); 467a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte } else 468a28d495285ad7dd9f286d63958cf20d74eec6bcbMartin Josefsson printf(FMT("%4lluK ","%lluK "), (unsigned long long)number); 469a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte } else 470a28d495285ad7dd9f286d63958cf20d74eec6bcbMartin Josefsson printf(FMT("%5llu ","%llu "), (unsigned long long)number); 471a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte } else 472a28d495285ad7dd9f286d63958cf20d74eec6bcbMartin Josefsson printf(FMT("%8llu ","%llu "), (unsigned long long)number); 473a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte} 474a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte 475a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte 476a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Weltestatic void 4771c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardtprint_header(unsigned int format, const char *chain, struct iptc_handle *handle) 478e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 479e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_counters counters; 480e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *pol = iptc_get_policy(chain, &counters, handle); 481e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf("Chain %s", chain); 482e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (pol) { 483e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(" (policy %s", pol); 484a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte if (!(format & FMT_NOCOUNTS)) { 485a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte fputc(' ', stdout); 486a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte print_num(counters.pcnt, (format|FMT_NOTABLE)); 487a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte fputs("packets, ", stdout); 488a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte print_num(counters.bcnt, (format|FMT_NOTABLE)); 489a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte fputs("bytes", stdout); 490a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte } 491e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(")\n"); 492e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } else { 493e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int refs; 4949e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell if (!iptc_get_references(&refs, chain, handle)) 4959e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell printf(" (ERROR obtaining refs)\n"); 4969e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell else 4979e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell printf(" (%u references)\n", refs); 498e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 499e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 500e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_LINENUMBERS) 501e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-4s ", "%s "), "num"); 502e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(format & FMT_NOCOUNTS)) { 503e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_KILOMEGAGIGA) { 504e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%5s ","%s "), "pkts"); 505e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%5s ","%s "), "bytes"); 506e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } else { 507e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%8s ","%s "), "pkts"); 508e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%10s ","%s "), "bytes"); 509e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 510e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 511e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(format & FMT_NOTARGET)) 512e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-9s ","%s "), "target"); 513e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputs(" prot ", stdout); 514e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_OPTIONS) 515e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputs("opt", stdout); 516e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_VIA) { 517e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT(" %-6s ","%s "), "in"); 518e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-6s ","%s "), "out"); 519e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 520e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT(" %-19s ","%s "), "source"); 521e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT(" %-19s "," %s "), "destination"); 522e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf("\n"); 523e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 524e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 525e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 526e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 527e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherprint_match(const struct ipt_entry_match *m, 528e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct ipt_ip *ip, 529e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int numeric) 530e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 531d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct xtables_match *match = 5322338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL); 533e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 534e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (match) { 535e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (match->print) 536e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher match->print(ip, m, numeric); 537629149f7a8f145b760d1d53be22786b12e843083Rusty Russell else 538b039b02c20a321bb26350d0903a6a1137ba237baRusty Russell printf("%s ", match->name); 539e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } else { 540228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell if (m->u.user.name[0]) 541228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell printf("UNKNOWN match `%s' ", m->u.user.name); 542e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 543e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Don't stop iterating. */ 544e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return 0; 545e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 546e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 5476cf172ed4064df729ca83eb71133741dfbd6c6e7Jan Engelhardt/* e is called `fw' here for historical reasons */ 548e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 549e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherprint_firewall(const struct ipt_entry *fw, 550e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *targname, 551e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int num, 552e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int format, 553fd1873110f8e57be578df17fc9d03536b10f4f73Jan Engelhardt struct iptc_handle *const handle) 554e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 555d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct xtables_target *target = NULL; 556e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct ipt_entry_target *t; 5577ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardt uint8_t flags; 558e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher char buf[BUFSIZ]; 559e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 560e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!iptc_is_chain(targname, handle)) 5612338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt target = xtables_find_target(targname, XTF_TRY_LOAD); 562e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 5632338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt target = xtables_find_target(IPT_STANDARD_TARGET, 5642338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt XTF_LOAD_MUST_SUCCEED); 565e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 566e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher t = ipt_get_target((struct ipt_entry *)fw); 567e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher flags = fw->ip.flags; 568e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 569e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_LINENUMBERS) 5701564189568fb63292c7f586563d4fda430a40de3Henrik Nordstrom printf(FMT("%-4u ", "%u "), num); 571e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 572e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(format & FMT_NOCOUNTS)) { 573e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher print_num(fw->counters.pcnt, format); 574e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher print_num(fw->counters.bcnt, format); 575e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 576e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 577e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(format & FMT_NOTARGET)) 578e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-9s ", "%s "), targname); 579e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 580e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc(fw->ip.invflags & IPT_INV_PROTO ? '!' : ' ', stdout); 581e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher { 5821de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt const char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC); 583e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (pname) 584e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-5s", "%s "), pname); 585e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 586e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-5hu", "%hu "), fw->ip.proto); 587e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 588e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 589e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_OPTIONS) { 590e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_NOTABLE) 591e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputs("opt ", stdout); 592e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc(fw->ip.invflags & IPT_INV_FRAG ? '!' : '-', stdout); 593e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc(flags & IPT_F_FRAG ? 'f' : '-', stdout); 594e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc(' ', stdout); 595e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 596e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 597e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_VIA) { 598e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher char iface[IFNAMSIZ+2]; 599e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 600e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.invflags & IPT_INV_VIA_IN) { 601e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher iface[0] = '!'; 602e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher iface[1] = '\0'; 603e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 604e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else iface[0] = '\0'; 605e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 606e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.iniface[0] != '\0') { 607e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher strcat(iface, fw->ip.iniface); 608e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 609e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (format & FMT_NUMERIC) strcat(iface, "*"); 610e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else strcat(iface, "any"); 611e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT(" %-6s ","in %s "), iface); 612e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 613e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.invflags & IPT_INV_VIA_OUT) { 614e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher iface[0] = '!'; 615e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher iface[1] = '\0'; 616e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 617e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else iface[0] = '\0'; 618e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 619e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.outiface[0] != '\0') { 620e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher strcat(iface, fw->ip.outiface); 621e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 622e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (format & FMT_NUMERIC) strcat(iface, "*"); 623e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else strcat(iface, "any"); 624e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-6s ","out %s "), iface); 625e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 626e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 627e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc(fw->ip.invflags & IPT_INV_SRCIP ? '!' : ' ', stdout); 628e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.smsk.s_addr == 0L && !(format & FMT_NUMERIC)) 629e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-19s ","%s "), "anywhere"); 630e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else { 631e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_NUMERIC) 632e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.src)); 633e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 634e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.src)); 635e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcat(buf, xtables_ipmask_to_numeric(&fw->ip.smsk)); 636e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-19s ","%s "), buf); 637e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 638e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 639e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc(fw->ip.invflags & IPT_INV_DSTIP ? '!' : ' ', stdout); 640e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.dmsk.s_addr == 0L && !(format & FMT_NUMERIC)) 64125fc1d7c9ff5df951346d6cf07b24ea8a2f376acHarald Welte printf(FMT("%-19s ","-> %s"), "anywhere"); 642e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else { 643e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_NUMERIC) 644e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.dst)); 645e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 646e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.dst)); 647e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcat(buf, xtables_ipmask_to_numeric(&fw->ip.dmsk)); 64825fc1d7c9ff5df951346d6cf07b24ea8a2f376acHarald Welte printf(FMT("%-19s ","-> %s"), buf); 649e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 650e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 651e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_NOTABLE) 652e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputs(" ", stdout); 653e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 65472bd87e13b76818f5c690a9097080123ff698bc2Harald Welte#ifdef IPT_F_GOTO 65517fc163babc348780bae4321071845748f7b7985Henrik Nordstrom if(fw->ip.flags & IPT_F_GOTO) 65617fc163babc348780bae4321071845748f7b7985Henrik Nordstrom printf("[goto] "); 65772bd87e13b76818f5c690a9097080123ff698bc2Harald Welte#endif 65817fc163babc348780bae4321071845748f7b7985Henrik Nordstrom 659e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher IPT_MATCH_ITERATE(fw, print_match, &fw->ip, format & FMT_NUMERIC); 660e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 661e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (target) { 662e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (target->print) 663e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Print the target information. */ 664e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher target->print(&fw->ip, t, format & FMT_NUMERIC); 665228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell } else if (t->u.target_size != sizeof(*t)) 666e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf("[%u bytes of unknown target data] ", 667a28d495285ad7dd9f286d63958cf20d74eec6bcbMartin Josefsson (unsigned int)(t->u.target_size - sizeof(*t))); 668e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 669e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(format & FMT_NONEWLINE)) 670e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc('\n', stdout); 671e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 672e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 673e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 674e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherprint_firewall_line(const struct ipt_entry *fw, 675fd1873110f8e57be578df17fc9d03536b10f4f73Jan Engelhardt struct iptc_handle *const h) 676e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 677e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry_target *t; 678e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 679e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher t = ipt_get_target((struct ipt_entry *)fw); 680228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell print_firewall(fw, t->u.user.name, 0, FMT_PRINT_RULE, h); 681e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 682e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 683e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 684e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherappend_entry(const ipt_chainlabel chain, 685e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry *fw, 686e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int nsaddrs, 687e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr saddrs[], 688332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr smasks[], 689e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int ndaddrs, 690e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr daddrs[], 691332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr dmasks[], 692e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int verbose, 6931c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt struct iptc_handle *handle) 694e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 695e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int i, j; 696e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int ret = 1; 697e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 698e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (i = 0; i < nsaddrs; i++) { 699e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.src.s_addr = saddrs[i].s_addr; 700332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.smsk.s_addr = smasks[i].s_addr; 701e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (j = 0; j < ndaddrs; j++) { 702e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.dst.s_addr = daddrs[j].s_addr; 703332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.dmsk.s_addr = dmasks[j].s_addr; 704e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 7051c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt print_firewall_line(fw, handle); 706e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret &= iptc_append_entry(chain, fw, handle); 707e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 708e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 709e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 710e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return ret; 711e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 712e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 713e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 714e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherreplace_entry(const ipt_chainlabel chain, 715e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry *fw, 716e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int rulenum, 71775cb763b54a89bf9b9c61740c760abce89df06f3Jan Engelhardt const struct in_addr *saddr, const struct in_addr *smask, 71875cb763b54a89bf9b9c61740c760abce89df06f3Jan Engelhardt const struct in_addr *daddr, const struct in_addr *dmask, 719e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int verbose, 7201c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt struct iptc_handle *handle) 721e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 722e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.src.s_addr = saddr->s_addr; 723e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.dst.s_addr = daddr->s_addr; 72475cb763b54a89bf9b9c61740c760abce89df06f3Jan Engelhardt fw->ip.smsk.s_addr = smask->s_addr; 72575cb763b54a89bf9b9c61740c760abce89df06f3Jan Engelhardt fw->ip.dmsk.s_addr = dmask->s_addr; 726e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 727e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 7281c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt print_firewall_line(fw, handle); 729e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return iptc_replace_entry(chain, fw, rulenum, handle); 730e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 731e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 732e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 733e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherinsert_entry(const ipt_chainlabel chain, 734e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry *fw, 735e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int rulenum, 736e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int nsaddrs, 737e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr saddrs[], 738332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr smasks[], 739e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int ndaddrs, 740e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr daddrs[], 741332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr dmasks[], 742e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int verbose, 7431c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt struct iptc_handle *handle) 744e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 745e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int i, j; 746e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int ret = 1; 747e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 748e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (i = 0; i < nsaddrs; i++) { 749e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.src.s_addr = saddrs[i].s_addr; 750332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.smsk.s_addr = smasks[i].s_addr; 751e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (j = 0; j < ndaddrs; j++) { 752e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.dst.s_addr = daddrs[j].s_addr; 753332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.dmsk.s_addr = dmasks[j].s_addr; 754e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 7551c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt print_firewall_line(fw, handle); 756e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret &= iptc_insert_entry(chain, fw, rulenum, handle); 757e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 758e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 759e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 760e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return ret; 761e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 762e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 7632e0a3216c501753709781769f83e29821e62c805Rusty Russellstatic unsigned char * 764d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardtmake_delete_mask(const struct xtables_rule_match *matches, 7654f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt const struct xtables_target *target) 7662e0a3216c501753709781769f83e29821e62c805Rusty Russell{ 7672e0a3216c501753709781769f83e29821e62c805Rusty Russell /* Establish mask for comparison */ 7682e0a3216c501753709781769f83e29821e62c805Rusty Russell unsigned int size; 769d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct xtables_rule_match *matchp; 7702e0a3216c501753709781769f83e29821e62c805Rusty Russell unsigned char *mask, *mptr; 7712e0a3216c501753709781769f83e29821e62c805Rusty Russell 7722e0a3216c501753709781769f83e29821e62c805Rusty Russell size = sizeof(struct ipt_entry); 77378cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson for (matchp = matches; matchp; matchp = matchp->next) 774dcd1ad89105faf1f3a9a3febdb970b70c5466518Jan Engelhardt size += XT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size; 7752e0a3216c501753709781769f83e29821e62c805Rusty Russell 776630ef48037f3602333addfdb53789c9c6a4bb4c8Jan Engelhardt mask = xtables_calloc(1, size 777dcd1ad89105faf1f3a9a3febdb970b70c5466518Jan Engelhardt + XT_ALIGN(sizeof(struct ipt_entry_target)) 7784f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt + target->size); 7792e0a3216c501753709781769f83e29821e62c805Rusty Russell 7809e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell memset(mask, 0xFF, sizeof(struct ipt_entry)); 7819e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell mptr = mask + sizeof(struct ipt_entry); 7822e0a3216c501753709781769f83e29821e62c805Rusty Russell 78378cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson for (matchp = matches; matchp; matchp = matchp->next) { 7842e0a3216c501753709781769f83e29821e62c805Rusty Russell memset(mptr, 0xFF, 785dcd1ad89105faf1f3a9a3febdb970b70c5466518Jan Engelhardt XT_ALIGN(sizeof(struct ipt_entry_match)) 78678cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson + matchp->match->userspacesize); 787dcd1ad89105faf1f3a9a3febdb970b70c5466518Jan Engelhardt mptr += XT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size; 7882e0a3216c501753709781769f83e29821e62c805Rusty Russell } 7892e0a3216c501753709781769f83e29821e62c805Rusty Russell 790a4d3e1fea254d63a2dd0e32bf6d70fa0f39159bcRusty Russell memset(mptr, 0xFF, 791dcd1ad89105faf1f3a9a3febdb970b70c5466518Jan Engelhardt XT_ALIGN(sizeof(struct ipt_entry_target)) 7924f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt + target->userspacesize); 7932e0a3216c501753709781769f83e29821e62c805Rusty Russell 7942e0a3216c501753709781769f83e29821e62c805Rusty Russell return mask; 7952e0a3216c501753709781769f83e29821e62c805Rusty Russell} 7962e0a3216c501753709781769f83e29821e62c805Rusty Russell 797e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 798e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherdelete_entry(const ipt_chainlabel chain, 799e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry *fw, 800e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int nsaddrs, 801e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr saddrs[], 802332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr smasks[], 803e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int ndaddrs, 804e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr daddrs[], 805332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr dmasks[], 806e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int verbose, 8071c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt struct iptc_handle *handle, 8084f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt struct xtables_rule_match *matches, 8094f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt const struct xtables_target *target) 810e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 811e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int i, j; 812e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int ret = 1; 8132e0a3216c501753709781769f83e29821e62c805Rusty Russell unsigned char *mask; 814e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 8154f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt mask = make_delete_mask(matches, target); 816e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (i = 0; i < nsaddrs; i++) { 817e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.src.s_addr = saddrs[i].s_addr; 818332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.smsk.s_addr = smasks[i].s_addr; 819e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (j = 0; j < ndaddrs; j++) { 820e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.dst.s_addr = daddrs[j].s_addr; 821332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.dmsk.s_addr = dmasks[j].s_addr; 822e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 8231c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt print_firewall_line(fw, handle); 8242e0a3216c501753709781769f83e29821e62c805Rusty Russell ret &= iptc_delete_entry(chain, fw, mask, handle); 825e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 826e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 8274dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson free(mask); 8284dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson 829e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return ret; 830e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 831e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 832d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanekstatic int 833d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanekcheck_entry(const ipt_chainlabel chain, struct ipt_entry *fw, 834d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek unsigned int nsaddrs, const struct in_addr *saddrs, 835d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek const struct in_addr *smasks, unsigned int ndaddrs, 836d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek const struct in_addr *daddrs, const struct in_addr *dmasks, 837d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek bool verbose, struct iptc_handle *handle, 838d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek struct xtables_rule_match *matches, 839d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek const struct xtables_target *target) 840d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek{ 841d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek unsigned int i, j; 842d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek int ret = 1; 843d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek unsigned char *mask; 844d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek 845d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek mask = make_delete_mask(matches, target); 846d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek for (i = 0; i < nsaddrs; i++) { 847d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek fw->ip.src.s_addr = saddrs[i].s_addr; 848d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek fw->ip.smsk.s_addr = smasks[i].s_addr; 849d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek for (j = 0; j < ndaddrs; j++) { 850d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek fw->ip.dst.s_addr = daddrs[j].s_addr; 851d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek fw->ip.dmsk.s_addr = dmasks[j].s_addr; 852d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek if (verbose) 853d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek print_firewall_line(fw, handle); 854d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek ret &= iptc_check_entry(chain, fw, mask, handle); 855d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek } 856d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek } 857d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek 858d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek free(mask); 859d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek return ret; 860d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek} 861d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek 862ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welteint 863e70844a98d125679cfe0c62e48d0f19bf175280dMaciej Zenczykowskifor_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *), 8641c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt int verbose, int builtinstoo, struct iptc_handle *handle) 865e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 866e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int ret = 1; 8679e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell const char *chain; 8689e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell char *chains; 8699e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell unsigned int i, chaincount = 0; 8709e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell 8719e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell chain = iptc_first_chain(handle); 8729e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell while (chain) { 8739e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell chaincount++; 8749e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell chain = iptc_next_chain(handle); 8759e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell } 876e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 877630ef48037f3602333addfdb53789c9c6a4bb4c8Jan Engelhardt chains = xtables_malloc(sizeof(ipt_chainlabel) * chaincount); 8789e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell i = 0; 8799e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell chain = iptc_first_chain(handle); 8809e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell while (chain) { 8819e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell strcpy(chains + i*sizeof(ipt_chainlabel), chain); 8829e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell i++; 8839e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell chain = iptc_next_chain(handle); 884e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 885e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 8869e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell for (i = 0; i < chaincount; i++) { 8879e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell if (!builtinstoo 8889e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell && iptc_builtin(chains + i*sizeof(ipt_chainlabel), 8891c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt handle) == 1) 8909e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell continue; 8919e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell ret &= fn(chains + i*sizeof(ipt_chainlabel), verbose, handle); 8929e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell } 8939e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell 8949e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell free(chains); 895e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return ret; 896e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 897e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 898ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welteint 899cc38d058d14e84d3008a0c0035348e0ad5f0d5d2Maciej Zenczykowskiflush_entries4(const ipt_chainlabel chain, int verbose, 9001c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt struct iptc_handle *handle) 901e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 902e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!chain) 903cc38d058d14e84d3008a0c0035348e0ad5f0d5d2Maciej Zenczykowski return for_each_chain4(flush_entries4, verbose, 1, handle); 9047e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell 9057e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell if (verbose) 9067e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell fprintf(stdout, "Flushing chain `%s'\n", chain); 9077e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell return iptc_flush_entries(chain, handle); 9087e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell} 909e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 910e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 911e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherzero_entries(const ipt_chainlabel chain, int verbose, 9121c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt struct iptc_handle *handle) 913e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 914e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!chain) 915e70844a98d125679cfe0c62e48d0f19bf175280dMaciej Zenczykowski return for_each_chain4(zero_entries, verbose, 1, handle); 9167e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell 917e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 918e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fprintf(stdout, "Zeroing chain `%s'\n", chain); 919e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return iptc_zero_entries(chain, handle); 920e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 921e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 922ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welteint 923e5c061afabf018634a507f00df5b1d0c4bd53a37Maciej Zenczykowskidelete_chain4(const ipt_chainlabel chain, int verbose, 9241c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt struct iptc_handle *handle) 925e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 9269e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell if (!chain) 927e5c061afabf018634a507f00df5b1d0c4bd53a37Maciej Zenczykowski return for_each_chain4(delete_chain4, verbose, 0, handle); 928e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 929e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 9305b76f682f722bebc2f0616fca4600eee2c08dfe2Max Kellermann fprintf(stdout, "Deleting chain `%s'\n", chain); 931e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return iptc_delete_chain(chain, handle); 932e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 933e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 934e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 935bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstromlist_entries(const ipt_chainlabel chain, int rulenum, int verbose, int numeric, 9361c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt int expanded, int linenumbers, struct iptc_handle *handle) 937e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 938e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int found = 0; 9399e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell unsigned int format; 9409e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell const char *this; 941e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 942e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format = FMT_OPTIONS; 943e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!verbose) 944e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format |= FMT_NOCOUNTS; 945e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 946e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format |= FMT_VIA; 947e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 948e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (numeric) 949e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format |= FMT_NUMERIC; 950e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 951e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!expanded) 952e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format |= FMT_KILOMEGAGIGA; 953e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 954e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (linenumbers) 955e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format |= FMT_LINENUMBERS; 956e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 9579e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell for (this = iptc_first_chain(handle); 9589e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell this; 9599e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell this = iptc_next_chain(handle)) { 9609e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell const struct ipt_entry *i; 9619e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell unsigned int num; 962e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 963e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (chain && strcmp(chain, this) != 0) 964e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher continue; 965e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 966e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (found) printf("\n"); 967e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 968bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (!rulenum) 969bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom print_header(format, this, handle); 9709e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell i = iptc_first_rule(this, handle); 9719e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell 9729e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell num = 0; 9739e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell while (i) { 974bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom num++; 975bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (!rulenum || num == rulenum) 976bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom print_firewall(i, 977bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom iptc_get_target(i, handle), 978bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom num, 979bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom format, 9801c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt handle); 9819e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell i = iptc_next_rule(i, handle); 9829e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell } 983e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher found = 1; 984e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 985e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 986e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher errno = ENOENT; 987e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return found; 988e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 989e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 9907ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardtstatic void print_proto(uint16_t proto, int invert) 99196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 99296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (proto) { 99396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom unsigned int i; 99473866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt const char *invertstr = invert ? " !" : ""; 99596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 996d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct protoent *pent = getprotobynumber(proto); 99796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (pent) { 99873866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s -p %s", invertstr, pent->p_name); 99996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return; 100096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 100196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 10021de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt for (i = 0; xtables_chain_protos[i].name != NULL; ++i) 10031de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt if (xtables_chain_protos[i].num == proto) { 100473866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s -p %s", 10051de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt invertstr, xtables_chain_protos[i].name); 100696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return; 100796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 100896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 100973866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s -p %u", invertstr, proto); 101096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 101196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 101296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 101396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom#define IP_PARTS_NATIVE(n) \ 101496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom(unsigned int)((n)>>24)&0xFF, \ 101596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom(unsigned int)((n)>>16)&0xFF, \ 101696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom(unsigned int)((n)>>8)&0xFF, \ 101796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom(unsigned int)((n)&0xFF) 101896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 101996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom#define IP_PARTS(n) IP_PARTS_NATIVE(ntohl(n)) 102096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 102196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom/* This assumes that mask is contiguous, and byte-bounded. */ 102296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstromstatic void 102396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstromprint_iface(char letter, const char *iface, const unsigned char *mask, 102496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom int invert) 102596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 102696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom unsigned int i; 102796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 102896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (mask[0] == 0) 102996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return; 103096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 103173866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s -%c ", invert ? " !" : "", letter); 103296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 103396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom for (i = 0; i < IFNAMSIZ; i++) { 103496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (mask[i] != 0) { 103596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (iface[i] != '\0') 103696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("%c", iface[i]); 103796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } else { 103896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* we can access iface[i-1] here, because 103996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom * a few lines above we make sure that mask[0] != 0 */ 104096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (iface[i-1] != '\0') 104196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("+"); 104296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom break; 104396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 104496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 104596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 104696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 104796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstromstatic int print_match_save(const struct ipt_entry_match *e, 104896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom const struct ipt_ip *ip) 104996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 1050d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct xtables_match *match = 10512338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL); 105296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 105396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (match) { 105473866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" -m %s", e->u.user.name); 105596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 105696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* some matches don't provide a save function */ 105796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (match->save) 105896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom match->save(ip, e); 105996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } else { 106096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (e->u.match_size) { 106196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom fprintf(stderr, 106296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom "Can't find library for match `%s'\n", 106396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e->u.user.name); 106496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom exit(1); 106596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 106696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 106796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return 0; 106896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 106996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 107096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom/* print a given ip including mask if neccessary */ 10717ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardtstatic void print_ip(const char *prefix, uint32_t ip, 10727ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardt uint32_t mask, int invert) 107396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 10747ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardt uint32_t bits, hmask = ntohl(mask); 107596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom int i; 107696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 107796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (!mask && !ip && !invert) 107896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return; 107996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 108073866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s %s %u.%u.%u.%u", 108173866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt invert ? " !" : "", 1082b1d968c30dde563c2738fdacb723c18232fb5ccbJan Engelhardt prefix, 108396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom IP_PARTS(ip)); 108496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 108596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (mask == 0xFFFFFFFFU) { 108673866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("/32"); 108796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return; 108896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 108996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 109096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom i = 32; 109196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom bits = 0xFFFFFFFEU; 109296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom while (--i >= 0 && hmask != bits) 109396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom bits <<= 1; 109496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (i >= 0) 109573866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("/%u", i); 109696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom else 109773866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("/%u.%u.%u.%u", IP_PARTS(mask)); 109896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 109996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 110096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom/* We want this to be readable, so only print out neccessary fields. 110196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom * Because that's the kind of world I want to live in. */ 1102bb9fe8059f40f0dde9c780498f5af42f5aa6a179Maciej Zenczykowskivoid print_rule4(const struct ipt_entry *e, 11031c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt struct iptc_handle *h, const char *chain, int counters) 110496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 1105d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct ipt_entry_target *t; 110696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom const char *target_name; 110796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 110896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* print counters for iptables-save */ 110996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (counters > 0) 111096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt); 111196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 111296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* print chain name */ 111373866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("-A %s", chain); 111496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 111596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* Print IP part. */ 111696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom print_ip("-s", e->ip.src.s_addr,e->ip.smsk.s_addr, 111796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e->ip.invflags & IPT_INV_SRCIP); 111896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 111996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom print_ip("-d", e->ip.dst.s_addr, e->ip.dmsk.s_addr, 112096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e->ip.invflags & IPT_INV_DSTIP); 112196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 112296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom print_iface('i', e->ip.iniface, e->ip.iniface_mask, 112396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e->ip.invflags & IPT_INV_VIA_IN); 112496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 112596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom print_iface('o', e->ip.outiface, e->ip.outiface_mask, 112696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e->ip.invflags & IPT_INV_VIA_OUT); 112796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 112896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom print_proto(e->ip.proto, e->ip.invflags & IPT_INV_PROTO); 112996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 113096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (e->ip.flags & IPT_F_FRAG) 113173866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s -f", 113273866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt e->ip.invflags & IPT_INV_FRAG ? " !" : ""); 113396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 113496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* Print matchinfo part */ 113596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (e->target_offset) { 113696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom IPT_MATCH_ITERATE(e, print_match_save, &e->ip); 113796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 113896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 113996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* print counters for iptables -R */ 114096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (counters < 0) 114173866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" -c %llu %llu", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt); 114296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 114396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* Print target name */ 114496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom target_name = iptc_get_target(e, h); 114596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (target_name && (*target_name != '\0')) 114696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom#ifdef IPT_F_GOTO 114773866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" -%c %s", e->ip.flags & IPT_F_GOTO ? 'g' : 'j', target_name); 114896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom#else 114973866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" -j %s", target_name); 115096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom#endif 115196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 115296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* Print targinfo part */ 115396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom t = ipt_get_target((struct ipt_entry *)e); 115496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (t->u.user.name[0]) { 1155d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct xtables_target *target = 11562338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt xtables_find_target(t->u.user.name, XTF_TRY_LOAD); 115796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 115896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (!target) { 115996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom fprintf(stderr, "Can't find library for target `%s'\n", 116096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom t->u.user.name); 116196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom exit(1); 116296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 116396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 116496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (target->save) 116596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom target->save(&e->ip, t); 116696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom else { 116796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* If the target size is greater than ipt_entry_target 116896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom * there is something to be saved, we just don't know 116996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom * how to print it */ 117096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (t->u.target_size != 117196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom sizeof(struct ipt_entry_target)) { 117296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom fprintf(stderr, "Target `%s' is missing " 117396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom "save function\n", 117496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom t->u.user.name); 117596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom exit(1); 117696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 117796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 117896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 117996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("\n"); 118096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 118196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 118296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstromstatic int 1183bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstromlist_rules(const ipt_chainlabel chain, int rulenum, int counters, 11841c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt struct iptc_handle *handle) 118596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 118696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom const char *this = NULL; 118796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom int found = 0; 118896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 118996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (counters) 119096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom counters = -1; /* iptables -c format */ 119196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 119296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* Dump out chain names first, 119396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom * thereby preventing dependency conflicts */ 1194bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (!rulenum) for (this = iptc_first_chain(handle); 119596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom this; 119696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom this = iptc_next_chain(handle)) { 119796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (chain && strcmp(this, chain) != 0) 119896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom continue; 119996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 12001c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt if (iptc_builtin(this, handle)) { 120196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom struct ipt_counters count; 120296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("-P %s %s", this, iptc_get_policy(this, &count, handle)); 120396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (counters) 120496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf(" -c %llu %llu", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt); 120596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("\n"); 120696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } else { 120796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("-N %s\n", this); 120896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 120996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 121096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 121196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom for (this = iptc_first_chain(handle); 121296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom this; 121396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom this = iptc_next_chain(handle)) { 121496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom const struct ipt_entry *e; 1215bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom int num = 0; 121696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 121796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (chain && strcmp(this, chain) != 0) 121896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom continue; 121996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 122096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* Dump out rules */ 122196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e = iptc_first_rule(this, handle); 122296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom while(e) { 1223bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom num++; 1224bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (!rulenum || num == rulenum) 1225bb9fe8059f40f0dde9c780498f5af42f5aa6a179Maciej Zenczykowski print_rule4(e, handle, this, counters); 122696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e = iptc_next_rule(e, handle); 122796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 122896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom found = 1; 122996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 123096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 123196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom errno = ENOENT; 123296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return found; 123396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 123496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 1235e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic struct ipt_entry * 1236e6869a8f59d779ff4d5a0984c86d80db7078496Marc Bouchergenerate_entry(const struct ipt_entry *fw, 1237395e441e20ea9ab7f37122bcfd76fec527fa447bJan Engelhardt struct xtables_rule_match *matches, 1238e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry_target *target) 1239e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 1240e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int size; 1241395e441e20ea9ab7f37122bcfd76fec527fa447bJan Engelhardt struct xtables_rule_match *matchp; 1242e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry *e; 1243e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1244e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher size = sizeof(struct ipt_entry); 124578cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson for (matchp = matches; matchp; matchp = matchp->next) 124678cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson size += matchp->match->m->u.match_size; 1247e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1248630ef48037f3602333addfdb53789c9c6a4bb4c8Jan Engelhardt e = xtables_malloc(size + target->u.target_size); 1249e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher *e = *fw; 1250e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher e->target_offset = size; 1251228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell e->next_offset = size + target->u.target_size; 1252e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1253e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher size = 0; 125478cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson for (matchp = matches; matchp; matchp = matchp->next) { 125578cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson memcpy(e->elems + size, matchp->match->m, matchp->match->m->u.match_size); 125678cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson size += matchp->match->m->u.match_size; 1257e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1258228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell memcpy(e->elems + size, target, target->u.target_size); 1259e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1260e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return e; 1261e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 1262e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1263395e441e20ea9ab7f37122bcfd76fec527fa447bJan Engelhardtstatic void clear_rule_matches(struct xtables_rule_match **matches) 126478cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson{ 1265395e441e20ea9ab7f37122bcfd76fec527fa447bJan Engelhardt struct xtables_rule_match *matchp, *tmp; 126678cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson 126778cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson for (matchp = *matches; matchp;) { 126878cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson tmp = matchp->next; 1269d6bc6084bca3304a8cc800a57869bef1e21498deHarald Welte if (matchp->match->m) { 12704dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson free(matchp->match->m); 1271d6bc6084bca3304a8cc800a57869bef1e21498deHarald Welte matchp->match->m = NULL; 1272d6bc6084bca3304a8cc800a57869bef1e21498deHarald Welte } 1273a258ad7002ae4b4f366800f512db938fb78d0661Joszef Kadlecsik if (matchp->match == matchp->match->next) { 1274a258ad7002ae4b4f366800f512db938fb78d0661Joszef Kadlecsik free(matchp->match); 1275a258ad7002ae4b4f366800f512db938fb78d0661Joszef Kadlecsik matchp->match = NULL; 1276a258ad7002ae4b4f366800f512db938fb78d0661Joszef Kadlecsik } 127778cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson free(matchp); 127878cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson matchp = tmp; 127978cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson } 128078cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson 128178cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson *matches = NULL; 128278cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson} 128378cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson 12848cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oestervoid 12858cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oesterget_kernel_version(void) { 12868cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester static struct utsname uts; 12878cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester int x = 0, y = 0, z = 0; 12888cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester 12898cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester if (uname(&uts) == -1) { 12908cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester fprintf(stderr, "Unable to retrieve kernel version.\n"); 1291139b3fe4bd5121501e60fe07963ea527d7f0bd36Jamal Hadi Salim xtables_free_opts(1); 12925b76f682f722bebc2f0616fca4600eee2c08dfe2Max Kellermann exit(1); 12938cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester } 12948cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester 12958cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester sscanf(uts.release, "%d.%d.%d", &x, &y, &z); 12968cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester kernel_version = LINUX_VERSION(x, y, z); 12978cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester} 12988cf65913bb6353bf0e92eab0669d1c4c53b43623Phil Oester 12999bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardtstatic void command_jump(struct iptables_command_state *cs) 13009bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt{ 13019bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt size_t size; 13029bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt 13039bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt set_option(&cs->options, OPT_JUMP, &cs->fw.ip.invflags, cs->invert); 13049bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs->jumpto = parse_target(optarg); 13059bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt /* TRY_LOAD (may be chain name) */ 13069bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD); 13079bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt 13089bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt if (cs->target == NULL) 13099bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt return; 13109bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt 1311dcd1ad89105faf1f3a9a3febdb970b70c5466518Jan Engelhardt size = XT_ALIGN(sizeof(struct ipt_entry_target)) 13129bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt + cs->target->size; 13139bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt 13149bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs->target->t = xtables_calloc(1, size); 13159bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs->target->t->u.target_size = size; 13169bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt strcpy(cs->target->t->u.user.name, cs->jumpto); 13179bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs->target->t->u.user.revision = cs->target->revision; 13189bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt if (cs->target->init != NULL) 13199bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs->target->init(cs->target->t); 1320aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt if (cs->target->x6_options != NULL) 1321aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt opts = xtables_options_xfrm(iptables_globals.orig_opts, opts, 1322aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt cs->target->x6_options, 1323aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt &cs->target->option_offset); 1324aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt else 1325aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt opts = xtables_merge_options(iptables_globals.orig_opts, opts, 1326aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt cs->target->extra_opts, 1327aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt &cs->target->option_offset); 13289bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt if (opts == NULL) 13299bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt xtables_error(OTHER_PROBLEM, "can't alloc memory!"); 13309bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt} 13319bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt 133217e310b2610448605567644f667c79f41d76f51eJan Engelhardtstatic void command_match(struct iptables_command_state *cs) 133317e310b2610448605567644f667c79f41d76f51eJan Engelhardt{ 133417e310b2610448605567644f667c79f41d76f51eJan Engelhardt struct xtables_match *m; 133517e310b2610448605567644f667c79f41d76f51eJan Engelhardt size_t size; 133617e310b2610448605567644f667c79f41d76f51eJan Engelhardt 133717e310b2610448605567644f667c79f41d76f51eJan Engelhardt if (cs->invert) 133817e310b2610448605567644f667c79f41d76f51eJan Engelhardt xtables_error(PARAMETER_PROBLEM, 133917e310b2610448605567644f667c79f41d76f51eJan Engelhardt "unexpected ! flag before --match"); 134017e310b2610448605567644f667c79f41d76f51eJan Engelhardt 134117e310b2610448605567644f667c79f41d76f51eJan Engelhardt m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, &cs->matches); 1342dcd1ad89105faf1f3a9a3febdb970b70c5466518Jan Engelhardt size = XT_ALIGN(sizeof(struct ipt_entry_match)) + m->size; 134317e310b2610448605567644f667c79f41d76f51eJan Engelhardt m->m = xtables_calloc(1, size); 134417e310b2610448605567644f667c79f41d76f51eJan Engelhardt m->m->u.match_size = size; 134517e310b2610448605567644f667c79f41d76f51eJan Engelhardt strcpy(m->m->u.user.name, m->name); 134617e310b2610448605567644f667c79f41d76f51eJan Engelhardt m->m->u.user.revision = m->revision; 134717e310b2610448605567644f667c79f41d76f51eJan Engelhardt if (m->init != NULL) 134817e310b2610448605567644f667c79f41d76f51eJan Engelhardt m->init(m->m); 1349aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt if (m == m->next) 1350aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt return; 1351aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt /* Merge options for non-cloned matches */ 1352aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt if (m->x6_options != NULL) 1353aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt opts = xtables_options_xfrm(iptables_globals.orig_opts, opts, 1354aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt m->x6_options, &m->option_offset); 1355aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt else if (m->extra_opts != NULL) 135617e310b2610448605567644f667c79f41d76f51eJan Engelhardt opts = xtables_merge_options(iptables_globals.orig_opts, opts, 135717e310b2610448605567644f667c79f41d76f51eJan Engelhardt m->extra_opts, &m->option_offset); 1358aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt if (opts == NULL) 1359aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt xtables_error(OTHER_PROBLEM, "can't alloc memory!"); 136017e310b2610448605567644f667c79f41d76f51eJan Engelhardt} 136117e310b2610448605567644f667c79f41d76f51eJan Engelhardt 1362c1e04bd1b057151afaf7e6138089f2fe2c1b7d1cMaciej Zenczykowskiint do_command4(int argc, char *argv[], char **table, struct iptc_handle **handle) 1363e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 13643a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt struct iptables_command_state cs; 13653a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt struct ipt_entry *e = NULL; 1366e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int nsaddrs = 0, ndaddrs = 0; 1367332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow struct in_addr *saddrs = NULL, *smasks = NULL; 1368332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow struct in_addr *daddrs = NULL, *dmasks = NULL; 1369e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 13703a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt int verbose = 0; 1371e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *chain = NULL; 1372e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *shostnetworkmask = NULL, *dhostnetworkmask = NULL; 1373e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *policy = NULL, *newname = NULL; 13743a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt unsigned int rulenum = 0, command = 0; 1375ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte const char *pcnt = NULL, *bcnt = NULL; 1376e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int ret = 1; 13778b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt struct xtables_match *m; 1378395e441e20ea9ab7f37122bcfd76fec527fa447bJan Engelhardt struct xtables_rule_match *matchp; 13798b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt struct xtables_target *t; 1380875441ea60d9fd9378475526f2f632b932790553Patrick McHardy unsigned long long cnt; 1381e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 13823a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt memset(&cs, 0, sizeof(cs)); 13839bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs.jumpto = ""; 1384f935ae05040d2d790433abee49ef79f4a8ed393cJan Engelhardt cs.argv = argv; 1385e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1386c1e04bd1b057151afaf7e6138089f2fe2c1b7d1cMaciej Zenczykowski /* re-set optind to 0 in case do_command4 gets called 1387ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte * a second time */ 1388ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte optind = 0; 1389ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte 1390c1e04bd1b057151afaf7e6138089f2fe2c1b7d1cMaciej Zenczykowski /* clear mflags in case do_command4 gets called a second time 1391ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte * (we clear the global list of all matches for security)*/ 13920d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI for (m = xtables_matches; m; m = m->next) 1393ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte m->mflags = 0; 1394ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte 13950d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI for (t = xtables_targets; t; t = t->next) { 1396ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte t->tflags = 0; 1397ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte t->used = 0; 1398ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte } 1399ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte 1400e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Suppress error messages: we may add new options if we 1401e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher demand-load a protocol. */ 1402e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opterr = 0; 1403e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1404d3b2e391e3b944581e20e216af76339cc87d0590Jan Engelhardt opts = xt_params->orig_opts; 14053a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt while ((cs.c = getopt_long(argc, argv, 140657664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:46", 1407e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opts, NULL)) != -1) { 14083a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt switch (cs.c) { 1409e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* 1410e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Command selection 1411e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher */ 1412e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'A': 1413e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_APPEND, CMD_NONE, 14143a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1415e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1416e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1417e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1418d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek case 'C': 1419d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek add_command(&command, CMD_CHECK, CMD_NONE, 1420d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek cs.invert); 1421d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek chain = optarg; 1422d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek break; 1423d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek 1424e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'D': 1425e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_DELETE, CMD_NONE, 14263a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1427e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1428e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc && argv[optind][0] != '-' 1429e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') { 1430e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher rulenum = parse_rulenumber(argv[optind++]); 1431e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher command = CMD_DELETE_NUM; 1432e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1433e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1434e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1435e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'R': 1436e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_REPLACE, CMD_NONE, 14373a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1438e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1439e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc && argv[optind][0] != '-' 1440e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1441e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher rulenum = parse_rulenumber(argv[optind++]); 1442e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 14431829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1444e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "-%c requires a rule number", 1445e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher cmd2char(CMD_REPLACE)); 1446e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1447e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1448e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'I': 1449e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_INSERT, CMD_NONE, 14503a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1451e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1452e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc && argv[optind][0] != '-' 1453e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1454e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher rulenum = parse_rulenumber(argv[optind++]); 1455e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else rulenum = 1; 1456e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1457e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1458e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'L': 1459b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta add_command(&command, CMD_LIST, 14603a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt CMD_ZERO | CMD_ZERO_NUM, cs.invert); 1461e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optarg) chain = optarg; 1462e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (optind < argc && argv[optind][0] != '-' 1463e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1464e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = argv[optind++]; 1465bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (optind < argc && argv[optind][0] != '-' 1466bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom && argv[optind][0] != '!') 1467bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom rulenum = parse_rulenumber(argv[optind++]); 1468e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1469e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 147096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom case 'S': 1471b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta add_command(&command, CMD_LIST_RULES, 14723a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt CMD_ZERO|CMD_ZERO_NUM, cs.invert); 147396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (optarg) chain = optarg; 147496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom else if (optind < argc && argv[optind][0] != '-' 147596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom && argv[optind][0] != '!') 147696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom chain = argv[optind++]; 1477bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (optind < argc && argv[optind][0] != '-' 1478bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom && argv[optind][0] != '!') 1479bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom rulenum = parse_rulenumber(argv[optind++]); 148096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom break; 148196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 1482e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'F': 1483e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_FLUSH, CMD_NONE, 14843a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1485e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optarg) chain = optarg; 1486e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (optind < argc && argv[optind][0] != '-' 1487e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1488e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = argv[optind++]; 1489e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1490e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1491e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'Z': 149296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom add_command(&command, CMD_ZERO, CMD_LIST|CMD_LIST_RULES, 14933a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1494e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optarg) chain = optarg; 1495e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (optind < argc && argv[optind][0] != '-' 1496e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1497e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = argv[optind++]; 1498b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta if (optind < argc && argv[optind][0] != '-' 1499b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta && argv[optind][0] != '!') { 1500b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta rulenum = parse_rulenumber(argv[optind++]); 1501b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta command = CMD_ZERO_NUM; 1502b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta } 1503e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1504e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1505e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'N': 15068d8c8ea5a6150694e7d6fdabd094de15d01bd74bYasuyuki KOZAKAI if (optarg && (*optarg == '-' || *optarg == '!')) 15071829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 15086336bfd128a56450184ec6790825575655b5d56aHarald Welte "chain name not allowed to start " 15098d8c8ea5a6150694e7d6fdabd094de15d01bd74bYasuyuki KOZAKAI "with `%c'\n", *optarg); 15102338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt if (xtables_find_target(optarg, XTF_TRY_LOAD)) 15111829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 151208f1527fbcebc85f7149e551c9b26f526954b3c2Joszef Kadlecsik "chain name may not clash " 151308f1527fbcebc85f7149e551c9b26f526954b3c2Joszef Kadlecsik "with target name\n"); 1514e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_NEW_CHAIN, CMD_NONE, 15153a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1516e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1517e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1518e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1519e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'X': 1520e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_DELETE_CHAIN, CMD_NONE, 15213a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1522e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optarg) chain = optarg; 1523e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (optind < argc && argv[optind][0] != '-' 1524e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1525e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = argv[optind++]; 1526e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1527e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1528e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'E': 1529e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_RENAME_CHAIN, CMD_NONE, 15303a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1531e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1532e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc && argv[optind][0] != '-' 1533e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1534e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher newname = argv[optind++]; 1535c9f20d3e25a09bee55f32733e9150316f5d5e89fM.P.Anand Babu else 15361829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 15375b76f682f722bebc2f0616fca4600eee2c08dfe2Max Kellermann "-%c requires old-chain-name and " 1538c9f20d3e25a09bee55f32733e9150316f5d5e89fM.P.Anand Babu "new-chain-name", 1539c9f20d3e25a09bee55f32733e9150316f5d5e89fM.P.Anand Babu cmd2char(CMD_RENAME_CHAIN)); 1540e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1541e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1542e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'P': 1543e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_SET_POLICY, CMD_NONE, 15443a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1545e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1546e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc && argv[optind][0] != '-' 1547e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1548e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher policy = argv[optind++]; 1549e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 15501829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1551e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "-%c requires a chain and a policy", 1552e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher cmd2char(CMD_SET_POLICY)); 1553e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1554e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1555e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'h': 1556e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!optarg) 1557e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher optarg = argv[optind]; 1558e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 15592e0a3216c501753709781769f83e29821e62c805Rusty Russell /* iptables -p icmp -h */ 15603a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (!cs.matches && cs.protocol) 15613a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt xtables_find_match(cs.protocol, 15623a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt XTF_TRY_LOAD, &cs.matches); 15632e0a3216c501753709781769f83e29821e62c805Rusty Russell 15643a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt exit_printhelp(cs.matches); 1565e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1566e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* 1567e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Option selection 1568e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher */ 1569e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'p': 15703a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); 15713a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_PROTOCOL, &cs.fw.ip.invflags, 15723a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1573e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1574e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Canonicalize into lower case */ 15753a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt for (cs.protocol = optarg; *cs.protocol; cs.protocol++) 15763a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt *cs.protocol = tolower(*cs.protocol); 1577e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 15783a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.protocol = optarg; 15793a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.proto = xtables_parse_protocol(cs.protocol); 1580e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 15813a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.fw.ip.proto == 0 15823a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt && (cs.fw.ip.invflags & IPT_INV_PROTO)) 15831829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1584e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "rule would never match protocol"); 1585e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1586e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1587e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 's': 15883a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); 15893a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_SOURCE, &cs.fw.ip.invflags, 15903a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1591bbe83862a5e1baf15f7c923352d4afdf59bc70e2Jan Engelhardt shostnetworkmask = optarg; 1592e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1593e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1594e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'd': 15953a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); 15963a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_DESTINATION, &cs.fw.ip.invflags, 15973a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1598bbe83862a5e1baf15f7c923352d4afdf59bc70e2Jan Engelhardt dhostnetworkmask = optarg; 1599e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1600e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 160117fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#ifdef IPT_F_GOTO 160217fc163babc348780bae4321071845748f7b7985Henrik Nordstrom case 'g': 16033a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_JUMP, &cs.fw.ip.invflags, 16043a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 16053a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.flags |= IPT_F_GOTO; 16069bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs.jumpto = parse_target(optarg); 160717fc163babc348780bae4321071845748f7b7985Henrik Nordstrom break; 160817fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#endif 160917fc163babc348780bae4321071845748f7b7985Henrik Nordstrom 1610e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'j': 16119bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt command_jump(&cs); 1612e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1613e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1614e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1615e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'i': 16165b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt if (*optarg == '\0') 16175b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt xtables_error(PARAMETER_PROBLEM, 16185b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt "Empty interface is likely to be " 16195b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt "undesired"); 16203a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); 16213a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_VIANAMEIN, &cs.fw.ip.invflags, 16223a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1623bbe83862a5e1baf15f7c923352d4afdf59bc70e2Jan Engelhardt xtables_parse_interface(optarg, 16243a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.iniface, 16253a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.iniface_mask); 1626e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1627e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1628e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'o': 16295b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt if (*optarg == '\0') 16305b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt xtables_error(PARAMETER_PROBLEM, 16315b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt "Empty interface is likely to be " 16325b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt "undesired"); 16333a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); 16343a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_VIANAMEOUT, &cs.fw.ip.invflags, 16353a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1636bbe83862a5e1baf15f7c923352d4afdf59bc70e2Jan Engelhardt xtables_parse_interface(optarg, 16373a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.outiface, 16383a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.outiface_mask); 1639e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1640e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1641e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'f': 16423a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_FRAGMENT, &cs.fw.ip.invflags, 16433a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 16443a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.flags |= IPT_F_FRAG; 1645e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1646e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1647e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'v': 1648e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!verbose) 16493a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_VERBOSE, 16503a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt &cs.fw.ip.invflags, cs.invert); 1651e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher verbose++; 1652e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1653e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 165417e310b2610448605567644f667c79f41d76f51eJan Engelhardt case 'm': 165517e310b2610448605567644f667c79f41d76f51eJan Engelhardt command_match(&cs); 165617e310b2610448605567644f667c79f41d76f51eJan Engelhardt break; 1657e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1658e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'n': 16593a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_NUMERIC, &cs.fw.ip.invflags, 16603a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1661e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1662e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1663e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 't': 16643a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.invert) 16651829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1666e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "unexpected ! flag before --table"); 1667d0cbf5f34d3421064eb0fbbcdc6b90cda4e81f2dJan Engelhardt *table = optarg; 1668e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1669e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1670e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'x': 16713a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_EXPANDED, &cs.fw.ip.invflags, 16723a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1673e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1674e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1675e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'V': 16763a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.invert) 16775dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim printf("Not %s ;-)\n", prog_vers); 1678e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 1679e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf("%s v%s\n", 16805dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim prog_name, prog_vers); 1681e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher exit(0); 1682e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1683e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case '0': 16843a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_LINENUMBERS, &cs.fw.ip.invflags, 16853a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1686e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1687e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 168882dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte case 'M': 1689c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaaJan Engelhardt xtables_modprobe_program = optarg; 169082dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte break; 169182dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte 1692ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte case 'c': 1693ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte 16943a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_COUNTERS, &cs.fw.ip.invflags, 16953a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1696ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte pcnt = optarg; 169760a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom bcnt = strchr(pcnt + 1, ','); 169860a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom if (bcnt) 169960a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom bcnt++; 170060a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom if (!bcnt && optind < argc && argv[optind][0] != '-' 1701ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte && argv[optind][0] != '!') 1702ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte bcnt = argv[optind++]; 170360a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom if (!bcnt) 17041829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1705ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte "-%c requires packet and byte counter", 1706ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte opt2char(OPT_COUNTERS)); 1707ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte 170860a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom if (sscanf(pcnt, "%llu", &cnt) != 1) 17091829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1710ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte "-%c packet counter not numeric", 1711ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte opt2char(OPT_COUNTERS)); 17123a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.counters.pcnt = cnt; 1713ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte 171460a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom if (sscanf(bcnt, "%llu", &cnt) != 1) 17151829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1716ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte "-%c byte counter not numeric", 1717ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte opt2char(OPT_COUNTERS)); 17183a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.counters.bcnt = cnt; 1719ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte break; 1720ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte 172157664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski case '4': 172257664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski /* This is indeed the IPv4 iptables */ 172357664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski break; 172457664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski 172557664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski case '6': 172657664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski /* This is not the IPv6 ip6tables */ 172757664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski if (line != -1) 172857664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski return 1; /* success: line ignored */ 172957664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski fprintf(stderr, "This is the IPv4 version of iptables.\n"); 173057664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski exit_tryhelp(2); 1731ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte 1732e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 1: /* non option */ 1733e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optarg[0] == '!' && optarg[1] == '\0') { 17343a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.invert) 17351829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1736e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "multiple consecutive ! not" 1737e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher " allowed"); 17383a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert = TRUE; 1739e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher optarg[0] = '\0'; 1740e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher continue; 1741e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1742aae4f82eb83d923f59a328d6e13396f424be28f9Max Kellermann fprintf(stderr, "Bad argument `%s'\n", optarg); 1743e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher exit_tryhelp(2); 1744e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1745e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher default: 1746780607f8b040a47cd2d4775376e2d30f567dc049Jan Engelhardt if (command_default(&cs, &iptables_globals) == 1) 1747780607f8b040a47cd2d4775376e2d30f567dc049Jan Engelhardt /* cf. ip6tables.c */ 1748780607f8b040a47cd2d4775376e2d30f567dc049Jan Engelhardt continue; 1749f935ae05040d2d790433abee49ef79f4a8ed393cJan Engelhardt break; 1750e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 17513a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert = FALSE; 1752e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1753e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 17541eada72b7da712bffb87e829b3b9deb3de6bca3cJan Engelhardt if (strcmp(*table, "nat") == 0 && 17551eada72b7da712bffb87e829b3b9deb3de6bca3cJan Engelhardt ((policy != NULL && strcmp(policy, "DROP") == 0) || 17569bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt (cs.jumpto != NULL && strcmp(cs.jumpto, "DROP") == 0))) 1757e0390bee2aa51dd76725c1a9e0d2cb53379767b8Jan Engelhardt xtables_error(PARAMETER_PROBLEM, 1758e0390bee2aa51dd76725c1a9e0d2cb53379767b8Jan Engelhardt "\nThe \"nat\" table is not intended for filtering, " 1759e0390bee2aa51dd76725c1a9e0d2cb53379767b8Jan Engelhardt "the use of DROP is therefore inhibited.\n\n"); 17601eada72b7da712bffb87e829b3b9deb3de6bca3cJan Engelhardt 17613a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt for (matchp = cs.matches; matchp; matchp = matchp->next) 17623af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt xtables_option_mfcall(matchp->match); 17633af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt if (cs.target != NULL) 17643af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt xtables_option_tfcall(cs.target); 1765e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1766e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Fix me: must put inverse options checking here --MN */ 1767e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1768e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc) 17691829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1770e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "unknown arguments found on commandline"); 1771e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!command) 17721829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "no command specified"); 17733a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.invert) 17741829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1775e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "nothing appropriate following !"); 1776e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1777d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND | CMD_CHECK)) { 17783a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (!(cs.options & OPT_DESTINATION)) 1779e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher dhostnetworkmask = "0.0.0.0/0"; 17803a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (!(cs.options & OPT_SOURCE)) 1781e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher shostnetworkmask = "0.0.0.0/0"; 1782e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1783e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1784e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (shostnetworkmask) 1785332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow xtables_ipparse_multiple(shostnetworkmask, &saddrs, 1786332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow &smasks, &nsaddrs); 1787e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1788e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (dhostnetworkmask) 1789332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow xtables_ipparse_multiple(dhostnetworkmask, &daddrs, 1790332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow &dmasks, &ndaddrs); 1791e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1792e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if ((nsaddrs > 1 || ndaddrs > 1) && 17933a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt (cs.fw.ip.invflags & (IPT_INV_SRCIP | IPT_INV_DSTIP))) 17941829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "! not allowed with multiple" 1795e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher " source or destination IP addresses"); 1796e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1797e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (command == CMD_REPLACE && (nsaddrs != 1 || ndaddrs != 1)) 17981829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "Replacement rule does not " 1799e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "specify a unique address"); 1800e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 18013a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt generic_opt_check(command, cs.options); 1802e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 18035429b41c2bb4ac8fe672a1513a041c0ed0c241f6Jan Engelhardt if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN) 18041829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 18055429b41c2bb4ac8fe672a1513a041c0ed0c241f6Jan Engelhardt "chain name `%s' too long (must be under %u chars)", 18065429b41c2bb4ac8fe672a1513a041c0ed0c241f6Jan Engelhardt chain, XT_EXTENSION_MAXNAMELEN); 1807e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1808ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte /* only allocate handle if we weren't called with a handle */ 18098371e15a49d422755fbd185ab8415b9b12ec9d9aMartin Josefsson if (!*handle) 1810ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte *handle = iptc_init(*table); 1811ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte 18128beb0492c84dbec73febce36559ff244f77ec08eRusty Russell /* try to insmod the module if iptc_init failed */ 1813c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaaJan Engelhardt if (!*handle && xtables_load_ko(xtables_modprobe_program, false) != -1) 181482dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte *handle = iptc_init(*table); 181582dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte 1816e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!*handle) 18171829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(VERSION_PROBLEM, 1818e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "can't initialize iptables table `%s': %s", 1819e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher *table, iptc_strerror(errno)); 1820e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 18216336bfd128a56450184ec6790825575655b5d56aHarald Welte if (command == CMD_APPEND 1822e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher || command == CMD_DELETE 1823d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek || command == CMD_CHECK 1824e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher || command == CMD_INSERT 1825e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher || command == CMD_REPLACE) { 1826a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell if (strcmp(chain, "PREROUTING") == 0 1827a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell || strcmp(chain, "INPUT") == 0) { 1828a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell /* -o not valid with incoming packets. */ 18293a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.options & OPT_VIANAMEOUT) 18301829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1831e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Can't use -%c with %s\n", 1832e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opt2char(OPT_VIANAMEOUT), 1833e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain); 1834e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1835e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1836a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell if (strcmp(chain, "POSTROUTING") == 0 1837a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell || strcmp(chain, "OUTPUT") == 0) { 1838a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell /* -i not valid with outgoing packets */ 18393a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.options & OPT_VIANAMEIN) 18401829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1841e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Can't use -%c with %s\n", 1842e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opt2char(OPT_VIANAMEIN), 1843e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain); 1844e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1845e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 18469bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt if (cs.target && iptc_is_chain(cs.jumpto, *handle)) { 1847aae4f82eb83d923f59a328d6e13396f424be28f9Max Kellermann fprintf(stderr, 1848aae4f82eb83d923f59a328d6e13396f424be28f9Max Kellermann "Warning: using chain %s, not extension\n", 18499bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs.jumpto); 1850e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 18513a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.target->t) 18523a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt free(cs.target->t); 18534dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson 18543a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.target = NULL; 1855e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1856e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1857e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* If they didn't specify a target, or it's a chain 1858e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher name, use standard. */ 18593a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (!cs.target 18609bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt && (strlen(cs.jumpto) == 0 18619bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt || iptc_is_chain(cs.jumpto, *handle))) { 1862e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher size_t size; 1863e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 18643a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.target = xtables_find_target(IPT_STANDARD_TARGET, 18652338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt XTF_LOAD_MUST_SUCCEED); 1866e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1867e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher size = sizeof(struct ipt_entry_target) 18683a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt + cs.target->size; 18693a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.target->t = xtables_calloc(1, size); 18703a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.target->t->u.target_size = size; 18719bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt strcpy(cs.target->t->u.user.name, cs.jumpto); 18729bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt if (!iptc_is_chain(cs.jumpto, *handle)) 18733a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.target->t->u.user.revision = cs.target->revision; 18743a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.target->init != NULL) 18753a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.target->init(cs.target->t); 1876e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1877e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 18783a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (!cs.target) { 1879f2a24bd5c8b380d94ac383420b5b8c42141e777bHarald Welte /* it is no chain, and we can't load a plugin. 1880f2a24bd5c8b380d94ac383420b5b8c42141e777bHarald Welte * We cannot know if the plugin is corrupt, non 1881a4d3e1fea254d63a2dd0e32bf6d70fa0f39159bcRusty Russell * existant OR if the user just misspelled a 1882f2a24bd5c8b380d94ac383420b5b8c42141e777bHarald Welte * chain. */ 188317fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#ifdef IPT_F_GOTO 18843a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.fw.ip.flags & IPT_F_GOTO) 18851829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 18869bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt "goto '%s' is not a chain\n", 18879bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs.jumpto); 188817fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#endif 18899bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt xtables_find_target(cs.jumpto, XTF_LOAD_MUST_SUCCEED); 1890e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } else { 18913a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt e = generate_entry(&cs.fw, cs.matches, cs.target->t); 18923a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt free(cs.target->t); 1893e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1894e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1895e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1896e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher switch (command) { 1897e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_APPEND: 1898e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = append_entry(chain, e, 1899332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow nsaddrs, saddrs, smasks, 1900332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow ndaddrs, daddrs, dmasks, 19013a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, 19021c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt *handle); 1903e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1904e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_DELETE: 1905e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = delete_entry(chain, e, 1906332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow nsaddrs, saddrs, smasks, 1907332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow ndaddrs, daddrs, dmasks, 19083a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, 19093a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt *handle, cs.matches, cs.target); 1910e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1911e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_DELETE_NUM: 19121c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt ret = iptc_delete_num_entry(chain, rulenum - 1, *handle); 1913e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1914d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek case CMD_CHECK: 1915d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek ret = check_entry(chain, e, 1916d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek nsaddrs, saddrs, smasks, 1917d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek ndaddrs, daddrs, dmasks, 1918d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek cs.options&OPT_VERBOSE, 1919d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek *handle, cs.matches, cs.target); 1920d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek break; 1921e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_REPLACE: 1922e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = replace_entry(chain, e, rulenum - 1, 192375cb763b54a89bf9b9c61740c760abce89df06f3Jan Engelhardt saddrs, smasks, daddrs, dmasks, 19243a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, *handle); 1925e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1926e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_INSERT: 1927e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = insert_entry(chain, e, rulenum - 1, 1928332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow nsaddrs, saddrs, smasks, 1929332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow ndaddrs, daddrs, dmasks, 19303a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, 19311c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt *handle); 1932e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1933e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_FLUSH: 1934cc38d058d14e84d3008a0c0035348e0ad5f0d5d2Maciej Zenczykowski ret = flush_entries4(chain, cs.options&OPT_VERBOSE, *handle); 1935e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1936e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_ZERO: 19373a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt ret = zero_entries(chain, cs.options&OPT_VERBOSE, *handle); 1938e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1939b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta case CMD_ZERO_NUM: 1940b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta ret = iptc_zero_counter(chain, rulenum, *handle); 1941b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta break; 194296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom case CMD_LIST: 1943e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_LIST|CMD_ZERO: 1944b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta case CMD_LIST|CMD_ZERO_NUM: 1945e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = list_entries(chain, 1946bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom rulenum, 19473a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, 19483a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_NUMERIC, 19493a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_EXPANDED, 19503a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_LINENUMBERS, 19511c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt *handle); 195296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (ret && (command & CMD_ZERO)) 195396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom ret = zero_entries(chain, 19543a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, *handle); 1955b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta if (ret && (command & CMD_ZERO_NUM)) 1956b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta ret = iptc_zero_counter(chain, rulenum, *handle); 195796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom break; 195896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom case CMD_LIST_RULES: 195996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom case CMD_LIST_RULES|CMD_ZERO: 1960b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta case CMD_LIST_RULES|CMD_ZERO_NUM: 196196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom ret = list_rules(chain, 1962bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom rulenum, 19633a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, 19641c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt *handle); 196596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (ret && (command & CMD_ZERO)) 1966e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = zero_entries(chain, 19673a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, *handle); 1968b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta if (ret && (command & CMD_ZERO_NUM)) 1969b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta ret = iptc_zero_counter(chain, rulenum, *handle); 1970e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1971e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_NEW_CHAIN: 19721c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt ret = iptc_create_chain(chain, *handle); 1973e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1974e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_DELETE_CHAIN: 1975e5c061afabf018634a507f00df5b1d0c4bd53a37Maciej Zenczykowski ret = delete_chain4(chain, cs.options&OPT_VERBOSE, *handle); 1976e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1977e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_RENAME_CHAIN: 19781c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt ret = iptc_rename_chain(chain, newname, *handle); 1979e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1980e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_SET_POLICY: 19813a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt ret = iptc_set_policy(chain, policy, cs.options&OPT_COUNTERS ? &cs.fw.counters : NULL, *handle); 1982e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1983e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher default: 1984e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* We should never reach this... */ 1985e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher exit_tryhelp(2); 1986e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1987e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1988e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose > 1) 1989e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher dump_entries(*handle); 1990e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 19913a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt clear_rule_matches(&cs.matches); 199278cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson 19934dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson if (e != NULL) { 19944dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson free(e); 19954dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson e = NULL; 19964dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson } 19974dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson 19986997cdf4ef385771711d877bbf8d67d63bf3ba5dkeso free(saddrs); 1999332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow free(smasks); 20006997cdf4ef385771711d877bbf8d67d63bf3ba5dkeso free(daddrs); 2001332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow free(dmasks); 2002139b3fe4bd5121501e60fe07963ea527d7f0bd36Jamal Hadi Salim xtables_free_opts(1); 20034dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson 2004e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return ret; 2005e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 2006