1e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Code to take an iptables-style command line and do it. */ 2e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 3e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* 4e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Author: Paul.Russell@rustcorp.com.au and mneuling@radlogic.com.au 5e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * 6d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * (C) 2000-2002 by the netfilter coreteam <coreteam@netfilter.org>: 7d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * Paul 'Rusty' Russell <rusty@rustcorp.com.au> 8d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * Marc Boucher <marc+nf@mbsi.ca> 9d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * James Morris <jmorris@intercode.com.au> 10d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * Harald Welte <laforge@gnumonks.org> 11d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 12d4ab5ad2b2c72d303c6ef8161076a973bc77ad3dHarald Welte * 13e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * This program is free software; you can redistribute it and/or modify 14e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * it under the terms of the GNU General Public License as published by 15e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * the Free Software Foundation; either version 2 of the License, or 16e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * (at your option) any later version. 17e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * 18e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * This program is distributed in the hope that it will be useful, 19e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * but WITHOUT ANY WARRANTY; without even the implied warranty of 20e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * GNU General Public License for more details. 22e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * 23e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * You should have received a copy of the GNU General Public License 24e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * along with this program; if not, write to the Free Software 25e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 26e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher */ 27e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 28e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <getopt.h> 29e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <string.h> 30e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <netdb.h> 31e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <errno.h> 32c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaaJan Engelhardt#include <stdbool.h> 33e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <stdio.h> 34e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <stdlib.h> 35e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <ctype.h> 36e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <stdarg.h> 37e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <limits.h> 3882dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte#include <unistd.h> 39e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <iptables.h> 403dfa4488b032fc32aaf2470f48ac1fc3a534794fYasuyuki KOZAKAI#include <xtables.h> 4182dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte#include <fcntl.h> 42f89c1716a7743ca6e2e6164d3b64c15b2e285e1eJan Engelhardt#include "xshared.h" 43e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 44e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#ifndef TRUE 45e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define TRUE 1 46e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#endif 47e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#ifndef FALSE 48e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define FALSE 0 49e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#endif 50e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 51e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_NONE 0x0000U 52e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_INSERT 0x0001U 53e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_DELETE 0x0002U 54e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_DELETE_NUM 0x0004U 55e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_REPLACE 0x0008U 56e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_APPEND 0x0010U 57e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_LIST 0x0020U 58e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_FLUSH 0x0040U 59e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_ZERO 0x0080U 60e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_NEW_CHAIN 0x0100U 61e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_DELETE_CHAIN 0x0200U 62e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define CMD_SET_POLICY 0x0400U 630eca33f8a830d1aaca53b590abe791109a9524e3Harald Welte#define CMD_RENAME_CHAIN 0x0800U 6496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom#define CMD_LIST_RULES 0x1000U 65b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta#define CMD_ZERO_NUM 0x2000U 66d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek#define CMD_CHECK 0x4000U 67d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek#define NUMBER_OF_CMD 16 68e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z', 69067a9baf6dc82babe466078ab3c05354c7741271Pablo Neira Ayuso 'N', 'X', 'P', 'E', 'S', 'Z', 'C' }; 70e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 71f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt#define OPT_FRAGMENT 0x00800U 72f4b6e5290e869fccb87c03da5603a38b7e55abc5Jan Engelhardt#define NUMBER_OF_OPT ARRAY_SIZE(optflags) 73f4b6e5290e869fccb87c03da5603a38b7e55abc5Jan Engelhardtstatic const char optflags[] 74f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt= { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', '0', 'c', 'f'}; 75e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 76e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic struct option original_opts[] = { 777bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "append", .has_arg = 1, .val = 'A'}, 787bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "delete", .has_arg = 1, .val = 'D'}, 79d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek {.name = "check", .has_arg = 1, .val = 'C'}, 807bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "insert", .has_arg = 1, .val = 'I'}, 817bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "replace", .has_arg = 1, .val = 'R'}, 827bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "list", .has_arg = 2, .val = 'L'}, 8396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom {.name = "list-rules", .has_arg = 2, .val = 'S'}, 847bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "flush", .has_arg = 2, .val = 'F'}, 857bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "zero", .has_arg = 2, .val = 'Z'}, 867bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "new-chain", .has_arg = 1, .val = 'N'}, 877bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "delete-chain", .has_arg = 2, .val = 'X'}, 887bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "rename-chain", .has_arg = 1, .val = 'E'}, 897bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "policy", .has_arg = 1, .val = 'P'}, 907bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "source", .has_arg = 1, .val = 's'}, 917bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "destination", .has_arg = 1, .val = 'd'}, 927bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "src", .has_arg = 1, .val = 's'}, /* synonym */ 937bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "dst", .has_arg = 1, .val = 'd'}, /* synonym */ 947bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "protocol", .has_arg = 1, .val = 'p'}, 957bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "in-interface", .has_arg = 1, .val = 'i'}, 967bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "jump", .has_arg = 1, .val = 'j'}, 977bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "table", .has_arg = 1, .val = 't'}, 987bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "match", .has_arg = 1, .val = 'm'}, 997bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "numeric", .has_arg = 0, .val = 'n'}, 1007bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "out-interface", .has_arg = 1, .val = 'o'}, 1017bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "verbose", .has_arg = 0, .val = 'v'}, 10293587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester {.name = "wait", .has_arg = 0, .val = 'w'}, 1037bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "exact", .has_arg = 0, .val = 'x'}, 1047bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "fragments", .has_arg = 0, .val = 'f'}, 1057bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "version", .has_arg = 0, .val = 'V'}, 1067bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "help", .has_arg = 2, .val = 'h'}, 1077bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "line-numbers", .has_arg = 0, .val = '0'}, 1087bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "modprobe", .has_arg = 1, .val = 'M'}, 1097bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "set-counters", .has_arg = 1, .val = 'c'}, 1107bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {.name = "goto", .has_arg = 1, .val = 'g'}, 11157664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski {.name = "ipv4", .has_arg = 0, .val = '4'}, 11257664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski {.name = "ipv6", .has_arg = 0, .val = '6'}, 1137bc3cb7eec4c4db5edc4b503a5dfab799e0bce62Gáspár Lajos {NULL}, 114e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher}; 115e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1168b7baebc93989106fd5d26b262d0ce191f8ef7c0Jamal Hadi Salimvoid iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3))); 1178b7baebc93989106fd5d26b262d0ce191f8ef7c0Jamal Hadi Salim 1184dcdc9b3f8f42eb3b5a1d12e1b3d2fc1e2675725Jamal Hadi Salimstruct xtables_globals iptables_globals = { 1194dcdc9b3f8f42eb3b5a1d12e1b3d2fc1e2675725Jamal Hadi Salim .option_offset = 0, 1204dcdc9b3f8f42eb3b5a1d12e1b3d2fc1e2675725Jamal Hadi Salim .program_version = IPTABLES_VERSION, 121139b3fe4bd5121501e60fe07963ea527d7f0bd36Jamal Hadi Salim .orig_opts = original_opts, 1228b7baebc93989106fd5d26b262d0ce191f8ef7c0Jamal Hadi Salim .exit_err = iptables_exit_error, 1234dcdc9b3f8f42eb3b5a1d12e1b3d2fc1e2675725Jamal Hadi Salim}; 1244dcdc9b3f8f42eb3b5a1d12e1b3d2fc1e2675725Jamal Hadi Salim 125e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Table of legal combinations of commands and options. If any of the 126e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * given commands make an option legal, that option is legal (applies to 127e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * CMD_LIST and CMD_ZERO only). 128e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Key: 129e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * + compulsory 130e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * x illegal 131e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * optional 132e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher */ 133e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 134d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardtstatic const char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = 135e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Well, it's better than "Re: Linux vs FreeBSD" */ 136e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 137f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt /* -n -s -d -p -j -v -x -i -o --line -c -f */ 138f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*INSERT*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x',' ',' '}, 139f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*DELETE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x','x',' '}, 1402cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*DELETE_NUM*/{'x','x','x','x','x',' ','x','x','x','x','x','x'}, 141f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*REPLACE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x',' ',' '}, 142f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*APPEND*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x',' ',' '}, 143f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x','x'}, 1442cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 1452cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 146b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 1472cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 1482cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 149f1e71016dddb65709afe0746a96a3fefbec3ba27Jan Engelhardt/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' ','x'}, 15096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}, 151d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek/*LIST_RULES*/{'x','x','x','x','x',' ','x','x','x','x','x','x'}, 152d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek/*CHECK*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x','x',' '}, 153e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher}; 154e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 155d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardtstatic const int inverse_for_options[NUMBER_OF_OPT] = 156e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 157e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -n */ 0, 158e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -s */ IPT_INV_SRCIP, 159e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -d */ IPT_INV_DSTIP, 16014da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt/* -p */ XT_INV_PROTO, 161e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -j */ 0, 162e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -v */ 0, 163e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -x */ 0, 164e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -i */ IPT_INV_VIA_IN, 165e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* -o */ IPT_INV_VIA_OUT, 1662cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/*--line*/ 0, 1672cfbd9f565e91356679bdee3f1e9b3133a9d14adPatrick McHardyHarald Welte/* -c */ 0, 16832cea83f26a2c342b9410e6dfb0530b33f8af928Jan Engelhardt/* -f */ IPT_INV_FRAG, 169e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher}; 170e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 171f503cb8ad6360ca646e985f02c2eb0c4bfe8a2c8Pablo Neira Ayuso#define opts iptables_globals.opts 1725dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim#define prog_name iptables_globals.program_name 1735dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim#define prog_vers iptables_globals.program_version 174e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 17524bb07802df1608319f40f77c606d45c14d59231Dmitry V. Levinstatic void __attribute__((noreturn)) 176e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherexit_tryhelp(int status) 177e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 178edad9bb71861e807462285331f96f46288cd8b26Maciej Soltysiak if (line != -1) 179a5bb0a65c15ab040bc6b6ee2d6637fec50e80b13Harald Welte fprintf(stderr, "Error occurred at line: %d\n", line); 180e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n", 1815dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim prog_name, prog_name); 182139b3fe4bd5121501e60fe07963ea527d7f0bd36Jamal Hadi Salim xtables_free_opts(1); 183e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher exit(status); 184e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 185e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1860b63936140032deac44072951451bdf47b54296aPatrick McHardystatic void 187d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardtexit_printhelp(const struct xtables_rule_match *matches) 188e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 189e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf("%s v%s\n\n" 190d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek"Usage: %s -[ACD] chain rule-specification [options]\n" 1911791a45b279db742d6de35ea8dc1ad9dda4acb73Jan Engelhardt" %s -I chain [rulenum] rule-specification [options]\n" 1921791a45b279db742d6de35ea8dc1ad9dda4acb73Jan Engelhardt" %s -R chain rulenum rule-specification [options]\n" 193e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" %s -D chain rulenum [options]\n" 194bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" %s -[LS] [chain [rulenum]] [options]\n" 195bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" %s -[FZ] [chain] [options]\n" 196e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" %s -[NX] chain\n" 197e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" %s -E old-chain-name new-chain-name\n" 198e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" %s -P chain target [options]\n" 199e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" %s -h (print this help information)\n\n", 2005dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim prog_name, prog_vers, prog_name, prog_name, 2015dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim prog_name, prog_name, prog_name, prog_name, 2021791a45b279db742d6de35ea8dc1ad9dda4acb73Jan Engelhardt prog_name, prog_name, prog_name, prog_name); 203e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 204e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf( 205e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher"Commands:\n" 206e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher"Either long or short options are allowed.\n" 207e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --append -A chain Append to chain\n" 208d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek" --check -C chain Check for the existence of a rule\n" 209e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --delete -D chain Delete matching rule from chain\n" 210e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --delete -D chain rulenum\n" 211e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" Delete rule rulenum (1 = first) from chain\n" 212e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --insert -I chain [rulenum]\n" 213e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" Insert in chain as rulenum (default 1=first)\n" 214e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --replace -R chain rulenum\n" 215e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" Replace rule rulenum (1 = first) in chain\n" 216bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" --list -L [chain [rulenum]]\n" 217bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" List the rules in a chain or all chains\n" 218bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" --list-rules -S [chain [rulenum]]\n" 219bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom" Print the rules in a chain or all chains\n" 220e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --flush -F [chain] Delete all rules in chain or all chains\n" 221b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta" --zero -Z [chain [rulenum]]\n" 222b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta" Zero counters in chain or all chains\n" 223e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --new -N chain Create a new user-defined chain\n" 224e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --delete-chain\n" 225e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" -X [chain] Delete a user-defined chain\n" 226e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --policy -P chain target\n" 227e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" Change policy on chain to target\n" 228e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --rename-chain\n" 229e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" -E old-chain new-chain\n" 230e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" Change chain name, (moving any references)\n" 231e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 232e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher"Options:\n" 23357664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski" --ipv4 -4 Nothing (line is ignored by ip6tables-restore)\n" 23457664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski" --ipv6 -6 Error (line is ignored by iptables-restore)\n" 235bf75fc041b35c75c2c592e01f1906771e00ce4ebMart Frauenlob"[!] --protocol -p proto protocol: by number or name, eg. `tcp'\n" 236332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow"[!] --source -s address[/mask][...]\n" 237e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" source specification\n" 238332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow"[!] --destination -d address[/mask][...]\n" 239e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" destination specification\n" 240967279231a9ecfa99f26694a954afc535c63db1dJan Engelhardt"[!] --in-interface -i input name[+]\n" 241e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" network interface name ([+] for wildcard)\n" 242967279231a9ecfa99f26694a954afc535c63db1dJan Engelhardt" --jump -j target\n" 243363112d6100f202124a7a0f0251bfa4c321bd20dRusty Russell" target for rule (may load target extension)\n" 24417fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#ifdef IPT_F_GOTO 24517fc163babc348780bae4321071845748f7b7985Henrik Nordstrom" --goto -g chain\n" 24617fc163babc348780bae4321071845748f7b7985Henrik Nordstrom" jump to chain with no return\n" 24717fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#endif 248363112d6100f202124a7a0f0251bfa4c321bd20dRusty Russell" --match -m match\n" 249363112d6100f202124a7a0f0251bfa4c321bd20dRusty Russell" extended match (may load extension)\n" 250e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --numeric -n numeric output of addresses and ports\n" 251967279231a9ecfa99f26694a954afc535c63db1dJan Engelhardt"[!] --out-interface -o output name[+]\n" 252e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" network interface name ([+] for wildcard)\n" 253e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --table -t table table to manipulate (default: `filter')\n" 254e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --verbose -v verbose mode\n" 25593587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester" --wait -w wait for the xtables lock\n" 25682dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte" --line-numbers print line numbers when listing\n" 257e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher" --exact -x expand numbers (display exact values)\n" 258e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher"[!] --fragment -f match second or further fragments only\n" 259a4d3e1fea254d63a2dd0e32bf6d70fa0f39159bcRusty Russell" --modprobe=<command> try to insert modules using this command\n" 260ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte" --set-counters PKTS BYTES set the counter during insert/append\n" 261e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher"[!] --version -V print package version.\n"); 262e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 263f89c1716a7743ca6e2e6164d3b64c15b2e285e1eJan Engelhardt print_extension_helps(xtables_targets, matches); 264e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher exit(0); 265e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 266e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 2670b63936140032deac44072951451bdf47b54296aPatrick McHardyvoid 2688b7baebc93989106fd5d26b262d0ce191f8ef7c0Jamal Hadi Salimiptables_exit_error(enum xtables_exittype status, const char *msg, ...) 2690b63936140032deac44072951451bdf47b54296aPatrick McHardy{ 2700b63936140032deac44072951451bdf47b54296aPatrick McHardy va_list args; 2710b63936140032deac44072951451bdf47b54296aPatrick McHardy 2720b63936140032deac44072951451bdf47b54296aPatrick McHardy va_start(args, msg); 2735dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim fprintf(stderr, "%s v%s: ", prog_name, prog_vers); 2740b63936140032deac44072951451bdf47b54296aPatrick McHardy vfprintf(stderr, msg, args); 2750b63936140032deac44072951451bdf47b54296aPatrick McHardy va_end(args); 2760b63936140032deac44072951451bdf47b54296aPatrick McHardy fprintf(stderr, "\n"); 2770b63936140032deac44072951451bdf47b54296aPatrick McHardy if (status == PARAMETER_PROBLEM) 2780b63936140032deac44072951451bdf47b54296aPatrick McHardy exit_tryhelp(status); 2790b63936140032deac44072951451bdf47b54296aPatrick McHardy if (status == VERSION_PROBLEM) 2800b63936140032deac44072951451bdf47b54296aPatrick McHardy fprintf(stderr, 2810b63936140032deac44072951451bdf47b54296aPatrick McHardy "Perhaps iptables or your kernel needs to be upgraded.\n"); 2820b63936140032deac44072951451bdf47b54296aPatrick McHardy /* On error paths, make sure that we don't leak memory */ 283139b3fe4bd5121501e60fe07963ea527d7f0bd36Jamal Hadi Salim xtables_free_opts(1); 2840b63936140032deac44072951451bdf47b54296aPatrick McHardy exit(status); 2850b63936140032deac44072951451bdf47b54296aPatrick McHardy} 2860b63936140032deac44072951451bdf47b54296aPatrick McHardy 287e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 288e6869a8f59d779ff4d5a0984c86d80db7078496Marc Bouchergeneric_opt_check(int command, int options) 289e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 290e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int i, j, legal = 0; 291e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 292e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Check that commands are valid with options. Complicated by the 293e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * fact that if an option is legal with *any* command given, it is 294e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * legal overall (ie. -z and -l). 295e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher */ 296e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (i = 0; i < NUMBER_OF_OPT; i++) { 297e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher legal = 0; /* -1 => illegal, 1 => legal, 0 => undecided. */ 298e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 299e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (j = 0; j < NUMBER_OF_CMD; j++) { 300e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(command & (1<<j))) 301e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher continue; 302e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 303e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(options & (1<<i))) { 304e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (commands_v_options[j][i] == '+') 3051829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 306e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "You need to supply the `-%c' " 307e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "option for this command\n", 308e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher optflags[i]); 309e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } else { 310e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (commands_v_options[j][i] != 'x') 311e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher legal = 1; 312e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (legal == 0) 313e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher legal = -1; 314e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 315e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 316e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (legal == -1) 3171829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 318e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Illegal option `-%c' with this command\n", 319e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher optflags[i]); 320e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 321e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 322e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 323e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic char 324e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucheropt2char(int option) 325e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 326e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *ptr; 327e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (ptr = optflags; option > 1; option >>= 1, ptr++); 328e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 329e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return *ptr; 330e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 331e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 332e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic char 333e6869a8f59d779ff4d5a0984c86d80db7078496Marc Bouchercmd2char(int option) 334e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 335e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *ptr; 336e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (ptr = cmdflags; option > 1; option >>= 1, ptr++); 337e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 338e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return *ptr; 339e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 340e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 341e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 342efa8fc2123a2a9fc229ab471edd2b2688ce1da3aHarald Welteadd_command(unsigned int *cmd, const int newcmd, const int othercmds, 343efa8fc2123a2a9fc229ab471edd2b2688ce1da3aHarald Welte int invert) 344e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 345e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (invert) 3461829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "unexpected ! flag"); 347e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (*cmd & (~othercmds)) 3481829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n", 349e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher cmd2char(newcmd), cmd2char(*cmd & (~othercmds))); 350e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher *cmd |= newcmd; 351e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 352e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 353e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* 354e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * All functions starting with "parse" should succeed, otherwise 355e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * the program fails. 356e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Most routines return pointers to static data that may change 357e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * between calls to the same or other routines with a few exceptions: 358e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * "host_to_addr", "parse_hostnetwork", and "parse_hostnetworkmask" 359e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * return global static data. 360e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher*/ 361e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 36228381a4a8da8c967938de3981644190219380de4Rusty Russell/* Christophe Burki wants `-p 6' to imply `-m tcp'. */ 363e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Can't be zero. */ 364e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 365e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherparse_rulenumber(const char *rule) 366e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 367ed498493949c34e4b3292e93b41cda6776b7915eHarald Welte unsigned int rulenum; 368e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 3695f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507Jan Engelhardt if (!xtables_strtoui(rule, NULL, &rulenum, 1, INT_MAX)) 3701829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 371e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Invalid rule number `%s'", rule); 372e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 373e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return rulenum; 374e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 375e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 376e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic const char * 377e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherparse_target(const char *targetname) 378e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 379e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *ptr; 380e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 381e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (strlen(targetname) < 1) 3821829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 383e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Invalid target name (too short)"); 384e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 3850cb675b8f18c4b074d4c69461638820708e98100Jan Engelhardt if (strlen(targetname) >= XT_EXTENSION_MAXNAMELEN) 3861829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 387a28d495285ad7dd9f286d63958cf20d74eec6bcbMartin Josefsson "Invalid target name `%s' (%u chars max)", 3880cb675b8f18c4b074d4c69461638820708e98100Jan Engelhardt targetname, XT_EXTENSION_MAXNAMELEN - 1); 389e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 390e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (ptr = targetname; *ptr; ptr++) 391e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (isspace(*ptr)) 3921829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 393e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Invalid target name `%s'", targetname); 394e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return targetname; 395e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 396e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 397e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 3987ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardtset_option(unsigned int *options, unsigned int option, uint8_t *invflg, 399e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int invert) 400e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 401e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (*options & option) 4021829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed", 403e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opt2char(option)); 404e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher *options |= option; 405e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 406e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (invert) { 407e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int i; 408e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (i = 0; 1 << i != option; i++); 409e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 410e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!inverse_for_options[i]) 4111829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 412e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "cannot have ! before -%c", 413e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opt2char(option)); 414e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher *invflg |= inverse_for_options[i]; 415e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 416e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 417e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 418e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 4191639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardtprint_header(unsigned int format, const char *chain, struct xtc_handle *handle) 420e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 42114da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt struct xt_counters counters; 422e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *pol = iptc_get_policy(chain, &counters, handle); 423e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf("Chain %s", chain); 424e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (pol) { 425e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(" (policy %s", pol); 426a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte if (!(format & FMT_NOCOUNTS)) { 427a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte fputc(' ', stdout); 4282f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso xtables_print_num(counters.pcnt, (format|FMT_NOTABLE)); 429a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte fputs("packets, ", stdout); 4302f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso xtables_print_num(counters.bcnt, (format|FMT_NOTABLE)); 431a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte fputs("bytes", stdout); 432a0b4f797dc8227ebebd2de2568026e8f27cc4750Harald Welte } 433e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(")\n"); 434e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } else { 435e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int refs; 4369e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell if (!iptc_get_references(&refs, chain, handle)) 4379e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell printf(" (ERROR obtaining refs)\n"); 4389e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell else 4399e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell printf(" (%u references)\n", refs); 440e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 441e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 442e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_LINENUMBERS) 443e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-4s ", "%s "), "num"); 444e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(format & FMT_NOCOUNTS)) { 445e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_KILOMEGAGIGA) { 446e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%5s ","%s "), "pkts"); 447e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%5s ","%s "), "bytes"); 448e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } else { 449e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%8s ","%s "), "pkts"); 450e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%10s ","%s "), "bytes"); 451e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 452e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 453e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(format & FMT_NOTARGET)) 454e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-9s ","%s "), "target"); 455e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputs(" prot ", stdout); 456e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_OPTIONS) 457e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputs("opt", stdout); 458e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_VIA) { 459e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT(" %-6s ","%s "), "in"); 460e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-6s ","%s "), "out"); 461e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 462e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT(" %-19s ","%s "), "source"); 463e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT(" %-19s "," %s "), "destination"); 464e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf("\n"); 465e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 466e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 467e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 468e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 46914da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardtprint_match(const struct xt_entry_match *m, 470e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct ipt_ip *ip, 471e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int numeric) 472e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 473d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct xtables_match *match = 4742338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL); 475e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 476e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (match) { 477e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (match->print) 478e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher match->print(ip, m, numeric); 479629149f7a8f145b760d1d53be22786b12e843083Rusty Russell else 480b039b02c20a321bb26350d0903a6a1137ba237baRusty Russell printf("%s ", match->name); 481e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } else { 482228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell if (m->u.user.name[0]) 483228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell printf("UNKNOWN match `%s' ", m->u.user.name); 484e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 485e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Don't stop iterating. */ 486e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return 0; 487e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 488e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 4896cf172ed4064df729ca83eb71133741dfbd6c6e7Jan Engelhardt/* e is called `fw' here for historical reasons */ 490e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 491e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherprint_firewall(const struct ipt_entry *fw, 492e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *targname, 493e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int num, 494e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int format, 4951639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt struct xtc_handle *const handle) 496e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 497d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct xtables_target *target = NULL; 49814da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt const struct xt_entry_target *t; 4997ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardt uint8_t flags; 500e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher char buf[BUFSIZ]; 501e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 502e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!iptc_is_chain(targname, handle)) 5032338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt target = xtables_find_target(targname, XTF_TRY_LOAD); 504e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 50514da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt target = xtables_find_target(XT_STANDARD_TARGET, 5062338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt XTF_LOAD_MUST_SUCCEED); 507e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 508e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher t = ipt_get_target((struct ipt_entry *)fw); 509e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher flags = fw->ip.flags; 510e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 511e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_LINENUMBERS) 5121564189568fb63292c7f586563d4fda430a40de3Henrik Nordstrom printf(FMT("%-4u ", "%u "), num); 513e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 514e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(format & FMT_NOCOUNTS)) { 5152f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso xtables_print_num(fw->counters.pcnt, format); 5162f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso xtables_print_num(fw->counters.bcnt, format); 517e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 518e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 519e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(format & FMT_NOTARGET)) 520e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-9s ", "%s "), targname); 521e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 52214da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt fputc(fw->ip.invflags & XT_INV_PROTO ? '!' : ' ', stdout); 523e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher { 5241de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt const char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC); 525e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (pname) 526e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-5s", "%s "), pname); 527e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 528e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-5hu", "%hu "), fw->ip.proto); 529e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 530e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 531e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_OPTIONS) { 532e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_NOTABLE) 533e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputs("opt ", stdout); 534e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc(fw->ip.invflags & IPT_INV_FRAG ? '!' : '-', stdout); 535e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc(flags & IPT_F_FRAG ? 'f' : '-', stdout); 536e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc(' ', stdout); 537e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 538e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 539e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_VIA) { 540e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher char iface[IFNAMSIZ+2]; 541e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 542e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.invflags & IPT_INV_VIA_IN) { 543e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher iface[0] = '!'; 544e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher iface[1] = '\0'; 545e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 546e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else iface[0] = '\0'; 547e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 548e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.iniface[0] != '\0') { 549e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher strcat(iface, fw->ip.iniface); 550e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 551e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (format & FMT_NUMERIC) strcat(iface, "*"); 552e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else strcat(iface, "any"); 553e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT(" %-6s ","in %s "), iface); 554e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 555e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.invflags & IPT_INV_VIA_OUT) { 556e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher iface[0] = '!'; 557e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher iface[1] = '\0'; 558e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 559e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else iface[0] = '\0'; 560e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 561e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.outiface[0] != '\0') { 562e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher strcat(iface, fw->ip.outiface); 563e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 564e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (format & FMT_NUMERIC) strcat(iface, "*"); 565e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else strcat(iface, "any"); 566e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-6s ","out %s "), iface); 567e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 568e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 569e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc(fw->ip.invflags & IPT_INV_SRCIP ? '!' : ' ', stdout); 570e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.smsk.s_addr == 0L && !(format & FMT_NUMERIC)) 571e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-19s ","%s "), "anywhere"); 572e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else { 573e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_NUMERIC) 574e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.src)); 575e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 576e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.src)); 577e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcat(buf, xtables_ipmask_to_numeric(&fw->ip.smsk)); 578e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf(FMT("%-19s ","%s "), buf); 579e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 580e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 581e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc(fw->ip.invflags & IPT_INV_DSTIP ? '!' : ' ', stdout); 582e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (fw->ip.dmsk.s_addr == 0L && !(format & FMT_NUMERIC)) 58325fc1d7c9ff5df951346d6cf07b24ea8a2f376acHarald Welte printf(FMT("%-19s ","-> %s"), "anywhere"); 584e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else { 585e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_NUMERIC) 586e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.dst)); 587e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 588e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.dst)); 589e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardt strcat(buf, xtables_ipmask_to_numeric(&fw->ip.dmsk)); 59025fc1d7c9ff5df951346d6cf07b24ea8a2f376acHarald Welte printf(FMT("%-19s ","-> %s"), buf); 591e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 592e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 593e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (format & FMT_NOTABLE) 594e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputs(" ", stdout); 595e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 59672bd87e13b76818f5c690a9097080123ff698bc2Harald Welte#ifdef IPT_F_GOTO 59717fc163babc348780bae4321071845748f7b7985Henrik Nordstrom if(fw->ip.flags & IPT_F_GOTO) 59817fc163babc348780bae4321071845748f7b7985Henrik Nordstrom printf("[goto] "); 59972bd87e13b76818f5c690a9097080123ff698bc2Harald Welte#endif 60017fc163babc348780bae4321071845748f7b7985Henrik Nordstrom 601e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher IPT_MATCH_ITERATE(fw, print_match, &fw->ip, format & FMT_NUMERIC); 602e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 603e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (target) { 604e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (target->print) 605e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Print the target information. */ 606e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher target->print(&fw->ip, t, format & FMT_NUMERIC); 607228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell } else if (t->u.target_size != sizeof(*t)) 608e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf("[%u bytes of unknown target data] ", 609a28d495285ad7dd9f286d63958cf20d74eec6bcbMartin Josefsson (unsigned int)(t->u.target_size - sizeof(*t))); 610e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 611e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!(format & FMT_NONEWLINE)) 612e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fputc('\n', stdout); 613e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 614e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 615e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic void 616e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherprint_firewall_line(const struct ipt_entry *fw, 6171639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt struct xtc_handle *const h) 618e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 61914da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt struct xt_entry_target *t; 620e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 621e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher t = ipt_get_target((struct ipt_entry *)fw); 622228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell print_firewall(fw, t->u.user.name, 0, FMT_PRINT_RULE, h); 623e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 624e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 625e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 6267e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardtappend_entry(const xt_chainlabel chain, 627e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry *fw, 628e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int nsaddrs, 629e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr saddrs[], 630332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr smasks[], 631e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int ndaddrs, 632e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr daddrs[], 633332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr dmasks[], 634e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int verbose, 6351639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt struct xtc_handle *handle) 636e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 637e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int i, j; 638e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int ret = 1; 639e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 640e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (i = 0; i < nsaddrs; i++) { 641e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.src.s_addr = saddrs[i].s_addr; 642332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.smsk.s_addr = smasks[i].s_addr; 643e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (j = 0; j < ndaddrs; j++) { 644e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.dst.s_addr = daddrs[j].s_addr; 645332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.dmsk.s_addr = dmasks[j].s_addr; 646e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 6471c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt print_firewall_line(fw, handle); 648e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret &= iptc_append_entry(chain, fw, handle); 649e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 650e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 651e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 652e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return ret; 653e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 654e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 655e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 6567e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardtreplace_entry(const xt_chainlabel chain, 657e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry *fw, 658e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int rulenum, 65975cb763b54a89bf9b9c61740c760abce89df06f3Jan Engelhardt const struct in_addr *saddr, const struct in_addr *smask, 66075cb763b54a89bf9b9c61740c760abce89df06f3Jan Engelhardt const struct in_addr *daddr, const struct in_addr *dmask, 661e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int verbose, 6621639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt struct xtc_handle *handle) 663e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 664e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.src.s_addr = saddr->s_addr; 665e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.dst.s_addr = daddr->s_addr; 66675cb763b54a89bf9b9c61740c760abce89df06f3Jan Engelhardt fw->ip.smsk.s_addr = smask->s_addr; 66775cb763b54a89bf9b9c61740c760abce89df06f3Jan Engelhardt fw->ip.dmsk.s_addr = dmask->s_addr; 668e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 669e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 6701c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt print_firewall_line(fw, handle); 671e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return iptc_replace_entry(chain, fw, rulenum, handle); 672e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 673e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 674e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 6757e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardtinsert_entry(const xt_chainlabel chain, 676e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry *fw, 677e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int rulenum, 678e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int nsaddrs, 679e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr saddrs[], 680332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr smasks[], 681e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int ndaddrs, 682e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr daddrs[], 683332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr dmasks[], 684e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int verbose, 6851639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt struct xtc_handle *handle) 686e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 687e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int i, j; 688e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int ret = 1; 689e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 690e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (i = 0; i < nsaddrs; i++) { 691e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.src.s_addr = saddrs[i].s_addr; 692332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.smsk.s_addr = smasks[i].s_addr; 693e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (j = 0; j < ndaddrs; j++) { 694e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.dst.s_addr = daddrs[j].s_addr; 695332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.dmsk.s_addr = dmasks[j].s_addr; 696e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 6971c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt print_firewall_line(fw, handle); 698e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret &= iptc_insert_entry(chain, fw, rulenum, handle); 699e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 700e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 701e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 702e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return ret; 703e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 704e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 7052e0a3216c501753709781769f83e29821e62c805Rusty Russellstatic unsigned char * 706d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardtmake_delete_mask(const struct xtables_rule_match *matches, 7074f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt const struct xtables_target *target) 7082e0a3216c501753709781769f83e29821e62c805Rusty Russell{ 7092e0a3216c501753709781769f83e29821e62c805Rusty Russell /* Establish mask for comparison */ 7102e0a3216c501753709781769f83e29821e62c805Rusty Russell unsigned int size; 711d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct xtables_rule_match *matchp; 7122e0a3216c501753709781769f83e29821e62c805Rusty Russell unsigned char *mask, *mptr; 7132e0a3216c501753709781769f83e29821e62c805Rusty Russell 7142e0a3216c501753709781769f83e29821e62c805Rusty Russell size = sizeof(struct ipt_entry); 71578cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson for (matchp = matches; matchp; matchp = matchp->next) 71614da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size; 7172e0a3216c501753709781769f83e29821e62c805Rusty Russell 718630ef48037f3602333addfdb53789c9c6a4bb4c8Jan Engelhardt mask = xtables_calloc(1, size 71914da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt + XT_ALIGN(sizeof(struct xt_entry_target)) 7204f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt + target->size); 7212e0a3216c501753709781769f83e29821e62c805Rusty Russell 7229e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell memset(mask, 0xFF, sizeof(struct ipt_entry)); 7239e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell mptr = mask + sizeof(struct ipt_entry); 7242e0a3216c501753709781769f83e29821e62c805Rusty Russell 72578cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson for (matchp = matches; matchp; matchp = matchp->next) { 7262e0a3216c501753709781769f83e29821e62c805Rusty Russell memset(mptr, 0xFF, 72714da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt XT_ALIGN(sizeof(struct xt_entry_match)) 72878cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson + matchp->match->userspacesize); 72914da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size; 7302e0a3216c501753709781769f83e29821e62c805Rusty Russell } 7312e0a3216c501753709781769f83e29821e62c805Rusty Russell 732a4d3e1fea254d63a2dd0e32bf6d70fa0f39159bcRusty Russell memset(mptr, 0xFF, 73314da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt XT_ALIGN(sizeof(struct xt_entry_target)) 7344f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt + target->userspacesize); 7352e0a3216c501753709781769f83e29821e62c805Rusty Russell 7362e0a3216c501753709781769f83e29821e62c805Rusty Russell return mask; 7372e0a3216c501753709781769f83e29821e62c805Rusty Russell} 7382e0a3216c501753709781769f83e29821e62c805Rusty Russell 739e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 7407e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardtdelete_entry(const xt_chainlabel chain, 741e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry *fw, 742e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int nsaddrs, 743e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr saddrs[], 744332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr smasks[], 745e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int ndaddrs, 746e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const struct in_addr daddrs[], 747332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow const struct in_addr dmasks[], 748e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int verbose, 7491639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt struct xtc_handle *handle, 7504f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt struct xtables_rule_match *matches, 7514f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt const struct xtables_target *target) 752e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 753e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int i, j; 754e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int ret = 1; 7552e0a3216c501753709781769f83e29821e62c805Rusty Russell unsigned char *mask; 756e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 7574f0d7b660e0ae8f678142fd2a1722b27ad472169Jan Engelhardt mask = make_delete_mask(matches, target); 758e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (i = 0; i < nsaddrs; i++) { 759e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.src.s_addr = saddrs[i].s_addr; 760332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.smsk.s_addr = smasks[i].s_addr; 761e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher for (j = 0; j < ndaddrs; j++) { 762e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fw->ip.dst.s_addr = daddrs[j].s_addr; 763332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow fw->ip.dmsk.s_addr = dmasks[j].s_addr; 764e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 7651c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt print_firewall_line(fw, handle); 7662e0a3216c501753709781769f83e29821e62c805Rusty Russell ret &= iptc_delete_entry(chain, fw, mask, handle); 767e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 768e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 7694dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson free(mask); 7704dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson 771e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return ret; 772e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 773e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 774d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanekstatic int 7757e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardtcheck_entry(const xt_chainlabel chain, struct ipt_entry *fw, 776d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek unsigned int nsaddrs, const struct in_addr *saddrs, 777d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek const struct in_addr *smasks, unsigned int ndaddrs, 778d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek const struct in_addr *daddrs, const struct in_addr *dmasks, 7791639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt bool verbose, struct xtc_handle *handle, 780d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek struct xtables_rule_match *matches, 781d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek const struct xtables_target *target) 782d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek{ 783d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek unsigned int i, j; 784d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek int ret = 1; 785d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek unsigned char *mask; 786d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek 787d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek mask = make_delete_mask(matches, target); 788d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek for (i = 0; i < nsaddrs; i++) { 789d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek fw->ip.src.s_addr = saddrs[i].s_addr; 790d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek fw->ip.smsk.s_addr = smasks[i].s_addr; 791d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek for (j = 0; j < ndaddrs; j++) { 792d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek fw->ip.dst.s_addr = daddrs[j].s_addr; 793d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek fw->ip.dmsk.s_addr = dmasks[j].s_addr; 794d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek if (verbose) 795d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek print_firewall_line(fw, handle); 796d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek ret &= iptc_check_entry(chain, fw, mask, handle); 797d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek } 798d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek } 799d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek 800d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek free(mask); 801d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek return ret; 802d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek} 803d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek 804ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welteint 8051639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardtfor_each_chain4(int (*fn)(const xt_chainlabel, int, struct xtc_handle *), 8061639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt int verbose, int builtinstoo, struct xtc_handle *handle) 807e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 808e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int ret = 1; 8099e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell const char *chain; 8109e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell char *chains; 8119e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell unsigned int i, chaincount = 0; 8129e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell 8139e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell chain = iptc_first_chain(handle); 8149e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell while (chain) { 8159e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell chaincount++; 8169e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell chain = iptc_next_chain(handle); 8179e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell } 818e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 8197e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardt chains = xtables_malloc(sizeof(xt_chainlabel) * chaincount); 8209e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell i = 0; 8219e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell chain = iptc_first_chain(handle); 8229e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell while (chain) { 8237e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardt strcpy(chains + i*sizeof(xt_chainlabel), chain); 8249e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell i++; 8259e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell chain = iptc_next_chain(handle); 826e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 827e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 8289e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell for (i = 0; i < chaincount; i++) { 8299e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell if (!builtinstoo 8307e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardt && iptc_builtin(chains + i*sizeof(xt_chainlabel), 8311c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt handle) == 1) 8329e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell continue; 8337e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardt ret &= fn(chains + i*sizeof(xt_chainlabel), verbose, handle); 8349e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell } 8359e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell 8369e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell free(chains); 837e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return ret; 838e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 839e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 840ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welteint 8417e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardtflush_entries4(const xt_chainlabel chain, int verbose, 8421639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt struct xtc_handle *handle) 843e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 844e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!chain) 845cc38d058d14e84d3008a0c0035348e0ad5f0d5d2Maciej Zenczykowski return for_each_chain4(flush_entries4, verbose, 1, handle); 8467e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell 8477e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell if (verbose) 8487e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell fprintf(stdout, "Flushing chain `%s'\n", chain); 8497e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell return iptc_flush_entries(chain, handle); 8507e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell} 851e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 852e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 8537e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardtzero_entries(const xt_chainlabel chain, int verbose, 8541639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt struct xtc_handle *handle) 855e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 856e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!chain) 857e70844a98d125679cfe0c62e48d0f19bf175280dMaciej Zenczykowski return for_each_chain4(zero_entries, verbose, 1, handle); 8587e53bf9c2a697abdb6f1385557338423a86612a3Rusty Russell 859e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 860e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher fprintf(stdout, "Zeroing chain `%s'\n", chain); 861e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return iptc_zero_entries(chain, handle); 862e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 863e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 864ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welteint 8657e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardtdelete_chain4(const xt_chainlabel chain, int verbose, 8661639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt struct xtc_handle *handle) 867e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 8689e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell if (!chain) 869e5c061afabf018634a507f00df5b1d0c4bd53a37Maciej Zenczykowski return for_each_chain4(delete_chain4, verbose, 0, handle); 870e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 871e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose) 8725b76f682f722bebc2f0616fca4600eee2c08dfe2Max Kellermann fprintf(stdout, "Deleting chain `%s'\n", chain); 873e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return iptc_delete_chain(chain, handle); 874e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 875e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 876e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic int 8777e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardtlist_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric, 8781639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt int expanded, int linenumbers, struct xtc_handle *handle) 879e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 880e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int found = 0; 8819e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell unsigned int format; 8829e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell const char *this; 883e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 884e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format = FMT_OPTIONS; 885e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!verbose) 886e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format |= FMT_NOCOUNTS; 887e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 888e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format |= FMT_VIA; 889e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 890e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (numeric) 891e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format |= FMT_NUMERIC; 892e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 893e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!expanded) 894e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format |= FMT_KILOMEGAGIGA; 895e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 896e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (linenumbers) 897e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher format |= FMT_LINENUMBERS; 898e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 8999e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell for (this = iptc_first_chain(handle); 9009e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell this; 9019e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell this = iptc_next_chain(handle)) { 9029e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell const struct ipt_entry *i; 9039e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell unsigned int num; 904e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 905e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (chain && strcmp(chain, this) != 0) 906e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher continue; 907e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 908e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (found) printf("\n"); 909e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 910bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (!rulenum) 911bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom print_header(format, this, handle); 9129e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell i = iptc_first_rule(this, handle); 9139e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell 9149e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell num = 0; 9159e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell while (i) { 916bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom num++; 917bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (!rulenum || num == rulenum) 918bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom print_firewall(i, 919bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom iptc_get_target(i, handle), 920bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom num, 921bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom format, 9221c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt handle); 9239e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell i = iptc_next_rule(i, handle); 9249e1d214b30b916df55b4c1c5db224200f02e15a5Rusty Russell } 925e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher found = 1; 926e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 927e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 928e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher errno = ENOENT; 929e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return found; 930e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 931e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 9327ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardtstatic void print_proto(uint16_t proto, int invert) 93396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 93496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (proto) { 93596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom unsigned int i; 93673866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt const char *invertstr = invert ? " !" : ""; 93796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 938d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct protoent *pent = getprotobynumber(proto); 93996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (pent) { 94073866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s -p %s", invertstr, pent->p_name); 94196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return; 94296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 94396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 9441de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt for (i = 0; xtables_chain_protos[i].name != NULL; ++i) 9451de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt if (xtables_chain_protos[i].num == proto) { 94673866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s -p %s", 9471de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt invertstr, xtables_chain_protos[i].name); 94896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return; 94996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 95096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 95173866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s -p %u", invertstr, proto); 95296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 95396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 95496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 95596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom#define IP_PARTS_NATIVE(n) \ 95696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom(unsigned int)((n)>>24)&0xFF, \ 95796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom(unsigned int)((n)>>16)&0xFF, \ 95896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom(unsigned int)((n)>>8)&0xFF, \ 95996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom(unsigned int)((n)&0xFF) 96096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 96196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom#define IP_PARTS(n) IP_PARTS_NATIVE(ntohl(n)) 96296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 96396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom/* This assumes that mask is contiguous, and byte-bounded. */ 96496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstromstatic void 96596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstromprint_iface(char letter, const char *iface, const unsigned char *mask, 96696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom int invert) 96796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 96896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom unsigned int i; 96996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 97096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (mask[0] == 0) 97196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return; 97296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 97373866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s -%c ", invert ? " !" : "", letter); 97496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 97596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom for (i = 0; i < IFNAMSIZ; i++) { 97696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (mask[i] != 0) { 97796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (iface[i] != '\0') 97896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("%c", iface[i]); 97996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } else { 98096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* we can access iface[i-1] here, because 98196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom * a few lines above we make sure that mask[0] != 0 */ 98296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (iface[i-1] != '\0') 98396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("+"); 98496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom break; 98596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 98696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 98796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 98896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 98914da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardtstatic int print_match_save(const struct xt_entry_match *e, 99096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom const struct ipt_ip *ip) 99196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 992d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct xtables_match *match = 9932338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL); 99496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 99596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (match) { 996efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik printf(" -m %s", 997efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik match->alias ? match->alias(e) : e->u.user.name); 99896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 99996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* some matches don't provide a save function */ 100096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (match->save) 100196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom match->save(ip, e); 100296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } else { 100396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (e->u.match_size) { 100496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom fprintf(stderr, 100596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom "Can't find library for match `%s'\n", 100696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e->u.user.name); 100796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom exit(1); 100896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 100996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 101096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return 0; 101196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 101296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 101396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom/* print a given ip including mask if neccessary */ 10147ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardtstatic void print_ip(const char *prefix, uint32_t ip, 10157ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardt uint32_t mask, int invert) 101696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 10177ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardt uint32_t bits, hmask = ntohl(mask); 101896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom int i; 101996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 102096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (!mask && !ip && !invert) 102196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return; 102296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 102373866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s %s %u.%u.%u.%u", 102473866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt invert ? " !" : "", 1025b1d968c30dde563c2738fdacb723c18232fb5ccbJan Engelhardt prefix, 102696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom IP_PARTS(ip)); 102796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 102896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (mask == 0xFFFFFFFFU) { 102973866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("/32"); 103096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return; 103196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 103296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 103396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom i = 32; 103496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom bits = 0xFFFFFFFEU; 103596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom while (--i >= 0 && hmask != bits) 103696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom bits <<= 1; 103796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (i >= 0) 103873866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("/%u", i); 103996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom else 104073866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("/%u.%u.%u.%u", IP_PARTS(mask)); 104196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 104296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 104396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom/* We want this to be readable, so only print out neccessary fields. 104496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom * Because that's the kind of world I want to live in. */ 1045bb9fe8059f40f0dde9c780498f5af42f5aa6a179Maciej Zenczykowskivoid print_rule4(const struct ipt_entry *e, 10461639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt struct xtc_handle *h, const char *chain, int counters) 104796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 104814da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt const struct xt_entry_target *t; 104996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom const char *target_name; 105096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 105196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* print counters for iptables-save */ 105296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (counters > 0) 105396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt); 105496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 105596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* print chain name */ 105673866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("-A %s", chain); 105796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 105896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* Print IP part. */ 105996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom print_ip("-s", e->ip.src.s_addr,e->ip.smsk.s_addr, 106096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e->ip.invflags & IPT_INV_SRCIP); 106196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 106296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom print_ip("-d", e->ip.dst.s_addr, e->ip.dmsk.s_addr, 106396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e->ip.invflags & IPT_INV_DSTIP); 106496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 106596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom print_iface('i', e->ip.iniface, e->ip.iniface_mask, 106696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e->ip.invflags & IPT_INV_VIA_IN); 106796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 106896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom print_iface('o', e->ip.outiface, e->ip.outiface_mask, 106996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e->ip.invflags & IPT_INV_VIA_OUT); 107096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 107114da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt print_proto(e->ip.proto, e->ip.invflags & XT_INV_PROTO); 107296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 107396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (e->ip.flags & IPT_F_FRAG) 107473866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf("%s -f", 107573866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt e->ip.invflags & IPT_INV_FRAG ? " !" : ""); 107696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 107796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* Print matchinfo part */ 107896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (e->target_offset) { 107996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom IPT_MATCH_ITERATE(e, print_match_save, &e->ip); 108096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 108196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 108296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* print counters for iptables -R */ 108396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (counters < 0) 108473866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" -c %llu %llu", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt); 108596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 1086efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik /* Print target name and targinfo part */ 108796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom target_name = iptc_get_target(e, h); 108896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom t = ipt_get_target((struct ipt_entry *)e); 108996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (t->u.user.name[0]) { 1090d1435e0772e40c310dff35abe7bf1e7de5b18ee4Jan Engelhardt const struct xtables_target *target = 10912338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt xtables_find_target(t->u.user.name, XTF_TRY_LOAD); 109296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 109396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (!target) { 109496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom fprintf(stderr, "Can't find library for target `%s'\n", 109596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom t->u.user.name); 109696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom exit(1); 109796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 109896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 1099efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik printf(" -j %s", target->alias ? target->alias(t) : target_name); 110096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (target->save) 110196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom target->save(&e->ip, t); 110296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom else { 110314da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt /* If the target size is greater than xt_entry_target 110496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom * there is something to be saved, we just don't know 110596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom * how to print it */ 110696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (t->u.target_size != 110714da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt sizeof(struct xt_entry_target)) { 110896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom fprintf(stderr, "Target `%s' is missing " 110996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom "save function\n", 111096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom t->u.user.name); 111196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom exit(1); 111296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 111396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 1114efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik } else if (target_name && (*target_name != '\0')) 1115efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik#ifdef IPT_F_GOTO 1116efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik printf(" -%c %s", e->ip.flags & IPT_F_GOTO ? 'g' : 'j', target_name); 1117efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik#else 1118efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik printf(" -j %s", target_name); 1119efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik#endif 1120efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik 112196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("\n"); 112296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 112396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 112496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstromstatic int 11257e5e866a36a76c153e5903b8251f90cfe07a1d34Jan Engelhardtlist_rules(const xt_chainlabel chain, int rulenum, int counters, 11261639fe86579f86f5f6a954a9b0adde2e16ad1980Jan Engelhardt struct xtc_handle *handle) 112796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom{ 112896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom const char *this = NULL; 112996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom int found = 0; 113096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 113196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (counters) 113296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom counters = -1; /* iptables -c format */ 113396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 113496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* Dump out chain names first, 113596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom * thereby preventing dependency conflicts */ 1136bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (!rulenum) for (this = iptc_first_chain(handle); 113796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom this; 113896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom this = iptc_next_chain(handle)) { 113996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (chain && strcmp(this, chain) != 0) 114096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom continue; 114196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 11421c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt if (iptc_builtin(this, handle)) { 114314da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt struct xt_counters count; 114496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("-P %s %s", this, iptc_get_policy(this, &count, handle)); 114596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (counters) 114696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf(" -c %llu %llu", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt); 114796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("\n"); 114896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } else { 114996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom printf("-N %s\n", this); 115096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 115196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 115296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 115396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom for (this = iptc_first_chain(handle); 115496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom this; 115596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom this = iptc_next_chain(handle)) { 115696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom const struct ipt_entry *e; 1157bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom int num = 0; 115896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 115996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (chain && strcmp(this, chain) != 0) 116096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom continue; 116196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 116296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom /* Dump out rules */ 116396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e = iptc_first_rule(this, handle); 116496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom while(e) { 1165bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom num++; 1166bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (!rulenum || num == rulenum) 1167bb9fe8059f40f0dde9c780498f5af42f5aa6a179Maciej Zenczykowski print_rule4(e, handle, this, counters); 116896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom e = iptc_next_rule(e, handle); 116996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 117096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom found = 1; 117196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom } 117296296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 117396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom errno = ENOENT; 117496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom return found; 117596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom} 117696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 1177e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherstatic struct ipt_entry * 1178e6869a8f59d779ff4d5a0984c86d80db7078496Marc Bouchergenerate_entry(const struct ipt_entry *fw, 1179395e441e20ea9ab7f37122bcfd76fec527fa447bJan Engelhardt struct xtables_rule_match *matches, 118014da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt struct xt_entry_target *target) 1181e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 1182e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int size; 1183395e441e20ea9ab7f37122bcfd76fec527fa447bJan Engelhardt struct xtables_rule_match *matchp; 1184e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher struct ipt_entry *e; 1185e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1186e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher size = sizeof(struct ipt_entry); 118778cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson for (matchp = matches; matchp; matchp = matchp->next) 118878cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson size += matchp->match->m->u.match_size; 1189e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1190630ef48037f3602333addfdb53789c9c6a4bb4c8Jan Engelhardt e = xtables_malloc(size + target->u.target_size); 1191e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher *e = *fw; 1192e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher e->target_offset = size; 1193228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell e->next_offset = size + target->u.target_size; 1194e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1195e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher size = 0; 119678cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson for (matchp = matches; matchp; matchp = matchp->next) { 119778cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson memcpy(e->elems + size, matchp->match->m, matchp->match->m->u.match_size); 119878cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson size += matchp->match->m->u.match_size; 1199e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1200228e98dd6303af11925235af4cf3c3ec450f3f41Rusty Russell memcpy(e->elems + size, target, target->u.target_size); 1201e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1202e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return e; 1203e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 1204e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 12059bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardtstatic void command_jump(struct iptables_command_state *cs) 12069bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt{ 12079bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt size_t size; 12089bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt 12099bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt set_option(&cs->options, OPT_JUMP, &cs->fw.ip.invflags, cs->invert); 12109bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs->jumpto = parse_target(optarg); 12119bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt /* TRY_LOAD (may be chain name) */ 12129bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD); 12139bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt 12149bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt if (cs->target == NULL) 12159bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt return; 12169bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt 121714da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt size = XT_ALIGN(sizeof(struct xt_entry_target)) 12189bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt + cs->target->size; 12199bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt 12209bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs->target->t = xtables_calloc(1, size); 12219bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs->target->t->u.target_size = size; 1222dd43527cb6bdf3d469100850ca10dcd2fb761304Jan Engelhardt if (cs->target->real_name == NULL) { 12232aaa7ec29059027756f076c4767b4fa034ebd166Pablo Neira Ayuso strcpy(cs->target->t->u.user.name, cs->jumpto); 1224dd43527cb6bdf3d469100850ca10dcd2fb761304Jan Engelhardt } else { 1225cd2f9bdbb7f9b737e5d640aafeb78bcd8e3a7adfJan Engelhardt /* Alias support for userspace side */ 1226dd43527cb6bdf3d469100850ca10dcd2fb761304Jan Engelhardt strcpy(cs->target->t->u.user.name, cs->target->real_name); 1227efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik if (!(cs->target->ext_flags & XTABLES_EXT_ALIAS)) 1228efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik fprintf(stderr, "Notice: The %s target is converted into %s target " 1229efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik "in rule listing and saving.\n", 1230efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik cs->jumpto, cs->target->real_name); 1231dd43527cb6bdf3d469100850ca10dcd2fb761304Jan Engelhardt } 1232dd43527cb6bdf3d469100850ca10dcd2fb761304Jan Engelhardt cs->target->t->u.user.revision = cs->target->revision; 1233cd2f9bdbb7f9b737e5d640aafeb78bcd8e3a7adfJan Engelhardt 123414190986f87301b18bcc473c842bd82d778d87a2Jan Engelhardt xs_init_target(cs->target); 123514190986f87301b18bcc473c842bd82d778d87a2Jan Engelhardt 1236aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt if (cs->target->x6_options != NULL) 1237aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt opts = xtables_options_xfrm(iptables_globals.orig_opts, opts, 1238aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt cs->target->x6_options, 1239aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt &cs->target->option_offset); 1240aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt else 1241aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt opts = xtables_merge_options(iptables_globals.orig_opts, opts, 1242aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt cs->target->extra_opts, 1243aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt &cs->target->option_offset); 12449bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt if (opts == NULL) 12459bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt xtables_error(OTHER_PROBLEM, "can't alloc memory!"); 12469bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt} 12479bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt 124817e310b2610448605567644f667c79f41d76f51eJan Engelhardtstatic void command_match(struct iptables_command_state *cs) 124917e310b2610448605567644f667c79f41d76f51eJan Engelhardt{ 125017e310b2610448605567644f667c79f41d76f51eJan Engelhardt struct xtables_match *m; 125117e310b2610448605567644f667c79f41d76f51eJan Engelhardt size_t size; 125217e310b2610448605567644f667c79f41d76f51eJan Engelhardt 125317e310b2610448605567644f667c79f41d76f51eJan Engelhardt if (cs->invert) 125417e310b2610448605567644f667c79f41d76f51eJan Engelhardt xtables_error(PARAMETER_PROBLEM, 125517e310b2610448605567644f667c79f41d76f51eJan Engelhardt "unexpected ! flag before --match"); 125617e310b2610448605567644f667c79f41d76f51eJan Engelhardt 125717e310b2610448605567644f667c79f41d76f51eJan Engelhardt m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, &cs->matches); 125814da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size; 125917e310b2610448605567644f667c79f41d76f51eJan Engelhardt m->m = xtables_calloc(1, size); 126017e310b2610448605567644f667c79f41d76f51eJan Engelhardt m->m->u.match_size = size; 1261dd43527cb6bdf3d469100850ca10dcd2fb761304Jan Engelhardt if (m->real_name == NULL) { 1262dd43527cb6bdf3d469100850ca10dcd2fb761304Jan Engelhardt strcpy(m->m->u.user.name, m->name); 1263dd43527cb6bdf3d469100850ca10dcd2fb761304Jan Engelhardt } else { 1264dd43527cb6bdf3d469100850ca10dcd2fb761304Jan Engelhardt strcpy(m->m->u.user.name, m->real_name); 1265efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik if (!(m->ext_flags & XTABLES_EXT_ALIAS)) 1266efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik fprintf(stderr, "Notice: the %s match is converted into %s match " 1267efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik "in rule listing and saving.\n", m->name, m->real_name); 1268dd43527cb6bdf3d469100850ca10dcd2fb761304Jan Engelhardt } 1269dd43527cb6bdf3d469100850ca10dcd2fb761304Jan Engelhardt m->m->u.user.revision = m->revision; 1270c436dad7cfdd80ca4a05ceed556c39babc266f55Jan Engelhardt 127114190986f87301b18bcc473c842bd82d778d87a2Jan Engelhardt xs_init_match(m); 1272aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt if (m == m->next) 1273aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt return; 1274aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt /* Merge options for non-cloned matches */ 1275aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt if (m->x6_options != NULL) 1276aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt opts = xtables_options_xfrm(iptables_globals.orig_opts, opts, 1277aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt m->x6_options, &m->option_offset); 1278aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt else if (m->extra_opts != NULL) 127917e310b2610448605567644f667c79f41d76f51eJan Engelhardt opts = xtables_merge_options(iptables_globals.orig_opts, opts, 128017e310b2610448605567644f667c79f41d76f51eJan Engelhardt m->extra_opts, &m->option_offset); 1281aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt if (opts == NULL) 1282aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt xtables_error(OTHER_PROBLEM, "can't alloc memory!"); 128317e310b2610448605567644f667c79f41d76f51eJan Engelhardt} 128417e310b2610448605567644f667c79f41d76f51eJan Engelhardt 1285d7aeda5ed45ac7ca959f12180690caa371b5b14bPablo Neira Ayusoint do_command4(int argc, char *argv[], char **table, 1286d7aeda5ed45ac7ca959f12180690caa371b5b14bPablo Neira Ayuso struct xtc_handle **handle, bool restore) 1287e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher{ 12883a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt struct iptables_command_state cs; 12893a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt struct ipt_entry *e = NULL; 1290e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher unsigned int nsaddrs = 0, ndaddrs = 0; 1291332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow struct in_addr *saddrs = NULL, *smasks = NULL; 1292332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow struct in_addr *daddrs = NULL, *dmasks = NULL; 1293e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 12943a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt int verbose = 0; 129593587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester bool wait = false; 1296e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *chain = NULL; 1297e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *shostnetworkmask = NULL, *dhostnetworkmask = NULL; 1298e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher const char *policy = NULL, *newname = NULL; 12993a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt unsigned int rulenum = 0, command = 0; 1300ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte const char *pcnt = NULL, *bcnt = NULL; 1301e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher int ret = 1; 13028b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt struct xtables_match *m; 1303395e441e20ea9ab7f37122bcfd76fec527fa447bJan Engelhardt struct xtables_rule_match *matchp; 13048b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt struct xtables_target *t; 1305875441ea60d9fd9378475526f2f632b932790553Patrick McHardy unsigned long long cnt; 1306e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 13073a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt memset(&cs, 0, sizeof(cs)); 13089bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs.jumpto = ""; 1309f935ae05040d2d790433abee49ef79f4a8ed393cJan Engelhardt cs.argv = argv; 1310e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1311c1e04bd1b057151afaf7e6138089f2fe2c1b7d1cMaciej Zenczykowski /* re-set optind to 0 in case do_command4 gets called 1312ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte * a second time */ 1313ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte optind = 0; 1314ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte 1315c1e04bd1b057151afaf7e6138089f2fe2c1b7d1cMaciej Zenczykowski /* clear mflags in case do_command4 gets called a second time 1316ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte * (we clear the global list of all matches for security)*/ 13170d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI for (m = xtables_matches; m; m = m->next) 1318ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte m->mflags = 0; 1319ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte 13200d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI for (t = xtables_targets; t; t = t->next) { 1321ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte t->tflags = 0; 1322ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte t->used = 0; 1323ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte } 1324ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte 1325e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Suppress error messages: we may add new options if we 1326e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher demand-load a protocol. */ 1327e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opterr = 0; 1328e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1329d3b2e391e3b944581e20e216af76339cc87d0590Jan Engelhardt opts = xt_params->orig_opts; 13303a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt while ((cs.c = getopt_long(argc, argv, 133193587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvwnt:m:xc:g:46", 1332e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opts, NULL)) != -1) { 13333a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt switch (cs.c) { 1334e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* 1335e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Command selection 1336e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher */ 1337e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'A': 1338e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_APPEND, CMD_NONE, 13393a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1340e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1341e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1342e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1343d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek case 'C': 1344d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek add_command(&command, CMD_CHECK, CMD_NONE, 1345d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek cs.invert); 1346d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek chain = optarg; 1347d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek break; 1348d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek 1349e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'D': 1350e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_DELETE, CMD_NONE, 13513a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1352e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1353e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc && argv[optind][0] != '-' 1354e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') { 1355e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher rulenum = parse_rulenumber(argv[optind++]); 1356e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher command = CMD_DELETE_NUM; 1357e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1358e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1359e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1360e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'R': 1361e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_REPLACE, CMD_NONE, 13623a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1363e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1364e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc && argv[optind][0] != '-' 1365e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1366e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher rulenum = parse_rulenumber(argv[optind++]); 1367e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 13681829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1369e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "-%c requires a rule number", 1370e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher cmd2char(CMD_REPLACE)); 1371e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1372e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1373e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'I': 1374e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_INSERT, CMD_NONE, 13753a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1376e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1377e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc && argv[optind][0] != '-' 1378e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1379e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher rulenum = parse_rulenumber(argv[optind++]); 1380e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else rulenum = 1; 1381e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1382e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1383e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'L': 1384b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta add_command(&command, CMD_LIST, 13853a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt CMD_ZERO | CMD_ZERO_NUM, cs.invert); 1386e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optarg) chain = optarg; 1387e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (optind < argc && argv[optind][0] != '-' 1388e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1389e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = argv[optind++]; 1390bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (optind < argc && argv[optind][0] != '-' 1391bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom && argv[optind][0] != '!') 1392bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom rulenum = parse_rulenumber(argv[optind++]); 1393e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1394e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 139596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom case 'S': 1396b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta add_command(&command, CMD_LIST_RULES, 13973a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt CMD_ZERO|CMD_ZERO_NUM, cs.invert); 139896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (optarg) chain = optarg; 139996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom else if (optind < argc && argv[optind][0] != '-' 140096296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom && argv[optind][0] != '!') 140196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom chain = argv[optind++]; 1402bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom if (optind < argc && argv[optind][0] != '-' 1403bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom && argv[optind][0] != '!') 1404bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom rulenum = parse_rulenumber(argv[optind++]); 140596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom break; 140696296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom 1407e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'F': 1408e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_FLUSH, CMD_NONE, 14093a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1410e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optarg) chain = optarg; 1411e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (optind < argc && argv[optind][0] != '-' 1412e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1413e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = argv[optind++]; 1414e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1415e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1416e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'Z': 141796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom add_command(&command, CMD_ZERO, CMD_LIST|CMD_LIST_RULES, 14183a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1419e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optarg) chain = optarg; 1420e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (optind < argc && argv[optind][0] != '-' 1421e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1422e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = argv[optind++]; 1423b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta if (optind < argc && argv[optind][0] != '-' 1424b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta && argv[optind][0] != '!') { 1425b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta rulenum = parse_rulenumber(argv[optind++]); 1426b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta command = CMD_ZERO_NUM; 1427b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta } 1428e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1429e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1430e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'N': 14318d8c8ea5a6150694e7d6fdabd094de15d01bd74bYasuyuki KOZAKAI if (optarg && (*optarg == '-' || *optarg == '!')) 14321829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 14336336bfd128a56450184ec6790825575655b5d56aHarald Welte "chain name not allowed to start " 14348d8c8ea5a6150694e7d6fdabd094de15d01bd74bYasuyuki KOZAKAI "with `%c'\n", *optarg); 14352338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt if (xtables_find_target(optarg, XTF_TRY_LOAD)) 14361829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 143708f1527fbcebc85f7149e551c9b26f526954b3c2Joszef Kadlecsik "chain name may not clash " 143808f1527fbcebc85f7149e551c9b26f526954b3c2Joszef Kadlecsik "with target name\n"); 1439e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_NEW_CHAIN, CMD_NONE, 14403a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1441e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1442e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1443e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1444e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'X': 1445e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_DELETE_CHAIN, CMD_NONE, 14463a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1447e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optarg) chain = optarg; 1448e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else if (optind < argc && argv[optind][0] != '-' 1449e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1450e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = argv[optind++]; 1451e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1452e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1453e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'E': 1454e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_RENAME_CHAIN, CMD_NONE, 14553a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1456e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1457e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc && argv[optind][0] != '-' 1458e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1459e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher newname = argv[optind++]; 1460c9f20d3e25a09bee55f32733e9150316f5d5e89fM.P.Anand Babu else 14611829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 14625b76f682f722bebc2f0616fca4600eee2c08dfe2Max Kellermann "-%c requires old-chain-name and " 1463c9f20d3e25a09bee55f32733e9150316f5d5e89fM.P.Anand Babu "new-chain-name", 1464c9f20d3e25a09bee55f32733e9150316f5d5e89fM.P.Anand Babu cmd2char(CMD_RENAME_CHAIN)); 1465e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1466e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1467e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'P': 1468e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher add_command(&command, CMD_SET_POLICY, CMD_NONE, 14693a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1470e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain = optarg; 1471e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc && argv[optind][0] != '-' 1472e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher && argv[optind][0] != '!') 1473e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher policy = argv[optind++]; 1474e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 14751829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1476e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "-%c requires a chain and a policy", 1477e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher cmd2char(CMD_SET_POLICY)); 1478e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1479e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1480e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'h': 1481e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!optarg) 1482e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher optarg = argv[optind]; 1483e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 14842e0a3216c501753709781769f83e29821e62c805Rusty Russell /* iptables -p icmp -h */ 14853a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (!cs.matches && cs.protocol) 14863a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt xtables_find_match(cs.protocol, 14873a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt XTF_TRY_LOAD, &cs.matches); 14882e0a3216c501753709781769f83e29821e62c805Rusty Russell 14893a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt exit_printhelp(cs.matches); 1490e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1491e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* 1492e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher * Option selection 1493e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher */ 1494e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'p': 14953a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_PROTOCOL, &cs.fw.ip.invflags, 14963a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1497e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1498e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Canonicalize into lower case */ 14993a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt for (cs.protocol = optarg; *cs.protocol; cs.protocol++) 15003a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt *cs.protocol = tolower(*cs.protocol); 1501e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 15023a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.protocol = optarg; 15033a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.proto = xtables_parse_protocol(cs.protocol); 1504e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 15053a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.fw.ip.proto == 0 150614da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt && (cs.fw.ip.invflags & XT_INV_PROTO)) 15071829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1508e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "rule would never match protocol"); 1509e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1510e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1511e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 's': 15123a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_SOURCE, &cs.fw.ip.invflags, 15133a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1514bbe83862a5e1baf15f7c923352d4afdf59bc70e2Jan Engelhardt shostnetworkmask = optarg; 1515e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1516e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1517e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'd': 15183a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_DESTINATION, &cs.fw.ip.invflags, 15193a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1520bbe83862a5e1baf15f7c923352d4afdf59bc70e2Jan Engelhardt dhostnetworkmask = optarg; 1521e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1522e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 152317fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#ifdef IPT_F_GOTO 152417fc163babc348780bae4321071845748f7b7985Henrik Nordstrom case 'g': 15253a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_JUMP, &cs.fw.ip.invflags, 15263a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 15273a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.flags |= IPT_F_GOTO; 15289bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs.jumpto = parse_target(optarg); 152917fc163babc348780bae4321071845748f7b7985Henrik Nordstrom break; 153017fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#endif 153117fc163babc348780bae4321071845748f7b7985Henrik Nordstrom 1532e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'j': 15339bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt command_jump(&cs); 1534e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1535e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1536e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1537e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'i': 15385b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt if (*optarg == '\0') 15395b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt xtables_error(PARAMETER_PROBLEM, 15405b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt "Empty interface is likely to be " 15415b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt "undesired"); 15423a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_VIANAMEIN, &cs.fw.ip.invflags, 15433a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1544bbe83862a5e1baf15f7c923352d4afdf59bc70e2Jan Engelhardt xtables_parse_interface(optarg, 15453a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.iniface, 15463a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.iniface_mask); 1547e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1548e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1549e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'o': 15505b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt if (*optarg == '\0') 15515b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt xtables_error(PARAMETER_PROBLEM, 15525b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt "Empty interface is likely to be " 15535b1fecc7d017df093db7c667bcd1718e45b1df67Jan Engelhardt "undesired"); 15543a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_VIANAMEOUT, &cs.fw.ip.invflags, 15553a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1556bbe83862a5e1baf15f7c923352d4afdf59bc70e2Jan Engelhardt xtables_parse_interface(optarg, 15573a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.outiface, 15583a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.outiface_mask); 1559e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1560e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1561e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'f': 15623a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_FRAGMENT, &cs.fw.ip.invflags, 15633a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 15643a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.ip.flags |= IPT_F_FRAG; 1565e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1566e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1567e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'v': 1568e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!verbose) 15693a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_VERBOSE, 15703a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt &cs.fw.ip.invflags, cs.invert); 1571e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher verbose++; 1572e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1573e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 157493587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester case 'w': 1575d7aeda5ed45ac7ca959f12180690caa371b5b14bPablo Neira Ayuso if (restore) { 1576d7aeda5ed45ac7ca959f12180690caa371b5b14bPablo Neira Ayuso xtables_error(PARAMETER_PROBLEM, 1577d7aeda5ed45ac7ca959f12180690caa371b5b14bPablo Neira Ayuso "You cannot use `-w' from " 1578d7aeda5ed45ac7ca959f12180690caa371b5b14bPablo Neira Ayuso "iptables-restore"); 1579d7aeda5ed45ac7ca959f12180690caa371b5b14bPablo Neira Ayuso } 158093587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester wait = true; 158193587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester break; 158293587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester 158317e310b2610448605567644f667c79f41d76f51eJan Engelhardt case 'm': 158417e310b2610448605567644f667c79f41d76f51eJan Engelhardt command_match(&cs); 158517e310b2610448605567644f667c79f41d76f51eJan Engelhardt break; 1586e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1587e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'n': 15883a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_NUMERIC, &cs.fw.ip.invflags, 15893a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1590e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1591e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1592e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 't': 15933a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.invert) 15941829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1595e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "unexpected ! flag before --table"); 1596d0cbf5f34d3421064eb0fbbcdc6b90cda4e81f2dJan Engelhardt *table = optarg; 1597e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1598e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1599e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'x': 16003a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_EXPANDED, &cs.fw.ip.invflags, 16013a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1602e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1603e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1604e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 'V': 16053a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.invert) 16065dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim printf("Not %s ;-)\n", prog_vers); 1607e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher else 1608e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher printf("%s v%s\n", 16095dd19de34380c91ad07bbe79a34726e59891cf54Jamal Hadi Salim prog_name, prog_vers); 1610e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher exit(0); 1611e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1612e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case '0': 16133a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_LINENUMBERS, &cs.fw.ip.invflags, 16143a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1615e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1616e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 161782dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte case 'M': 1618c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaaJan Engelhardt xtables_modprobe_program = optarg; 161982dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte break; 162082dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte 1621ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte case 'c': 1622ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte 16233a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt set_option(&cs.options, OPT_COUNTERS, &cs.fw.ip.invflags, 16243a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert); 1625ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte pcnt = optarg; 162660a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom bcnt = strchr(pcnt + 1, ','); 162760a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom if (bcnt) 162860a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom bcnt++; 162960a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom if (!bcnt && optind < argc && argv[optind][0] != '-' 1630ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte && argv[optind][0] != '!') 1631ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte bcnt = argv[optind++]; 163260a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom if (!bcnt) 16331829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1634ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte "-%c requires packet and byte counter", 1635ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte opt2char(OPT_COUNTERS)); 1636ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte 163760a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom if (sscanf(pcnt, "%llu", &cnt) != 1) 16381829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1639ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte "-%c packet counter not numeric", 1640ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte opt2char(OPT_COUNTERS)); 16413a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.counters.pcnt = cnt; 1642ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte 164360a6073690a456770bf18d190beb57e8f2c8759fHenrik Nordstrom if (sscanf(bcnt, "%llu", &cnt) != 1) 16441829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1645ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte "-%c byte counter not numeric", 1646ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte opt2char(OPT_COUNTERS)); 16473a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.fw.counters.bcnt = cnt; 1648ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte break; 1649ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte 165057664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski case '4': 165157664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski /* This is indeed the IPv4 iptables */ 165257664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski break; 165357664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski 165457664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski case '6': 165557664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski /* This is not the IPv6 ip6tables */ 165657664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski if (line != -1) 165757664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski return 1; /* success: line ignored */ 165857664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski fprintf(stderr, "This is the IPv4 version of iptables.\n"); 165957664121bce6d3ae05a186c7627c919fb0799649Maciej Żenczykowski exit_tryhelp(2); 1660ccd49e5688c1edebc6b8a980c72a269618046acbHarald Welte 1661e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case 1: /* non option */ 1662e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optarg[0] == '!' && optarg[1] == '\0') { 16633a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.invert) 16641829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1665e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "multiple consecutive ! not" 1666e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher " allowed"); 16673a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert = TRUE; 1668e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher optarg[0] = '\0'; 1669e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher continue; 1670e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1671aae4f82eb83d923f59a328d6e13396f424be28f9Max Kellermann fprintf(stderr, "Bad argument `%s'\n", optarg); 1672e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher exit_tryhelp(2); 1673e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1674e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher default: 1675780607f8b040a47cd2d4775376e2d30f567dc049Jan Engelhardt if (command_default(&cs, &iptables_globals) == 1) 1676780607f8b040a47cd2d4775376e2d30f567dc049Jan Engelhardt /* cf. ip6tables.c */ 1677780607f8b040a47cd2d4775376e2d30f567dc049Jan Engelhardt continue; 1678f935ae05040d2d790433abee49ef79f4a8ed393cJan Engelhardt break; 1679e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 16803a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.invert = FALSE; 1681e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1682e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 16831eada72b7da712bffb87e829b3b9deb3de6bca3cJan Engelhardt if (strcmp(*table, "nat") == 0 && 16841eada72b7da712bffb87e829b3b9deb3de6bca3cJan Engelhardt ((policy != NULL && strcmp(policy, "DROP") == 0) || 16859bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt (cs.jumpto != NULL && strcmp(cs.jumpto, "DROP") == 0))) 1686e0390bee2aa51dd76725c1a9e0d2cb53379767b8Jan Engelhardt xtables_error(PARAMETER_PROBLEM, 1687e0390bee2aa51dd76725c1a9e0d2cb53379767b8Jan Engelhardt "\nThe \"nat\" table is not intended for filtering, " 1688e0390bee2aa51dd76725c1a9e0d2cb53379767b8Jan Engelhardt "the use of DROP is therefore inhibited.\n\n"); 16891eada72b7da712bffb87e829b3b9deb3de6bca3cJan Engelhardt 16903a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt for (matchp = cs.matches; matchp; matchp = matchp->next) 16913af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt xtables_option_mfcall(matchp->match); 16923af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt if (cs.target != NULL) 16933af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt xtables_option_tfcall(cs.target); 1694e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1695e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* Fix me: must put inverse options checking here --MN */ 1696e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1697e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (optind < argc) 16981829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1699e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "unknown arguments found on commandline"); 1700e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!command) 17011829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "no command specified"); 17023a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.invert) 17031829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1704e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "nothing appropriate following !"); 1705e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1706d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND | CMD_CHECK)) { 17073a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (!(cs.options & OPT_DESTINATION)) 1708e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher dhostnetworkmask = "0.0.0.0/0"; 17093a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (!(cs.options & OPT_SOURCE)) 1710e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher shostnetworkmask = "0.0.0.0/0"; 1711e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1712e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1713e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (shostnetworkmask) 1714332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow xtables_ipparse_multiple(shostnetworkmask, &saddrs, 1715332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow &smasks, &nsaddrs); 1716e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1717e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (dhostnetworkmask) 1718332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow xtables_ipparse_multiple(dhostnetworkmask, &daddrs, 1719332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow &dmasks, &ndaddrs); 1720e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1721e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if ((nsaddrs > 1 || ndaddrs > 1) && 17223a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt (cs.fw.ip.invflags & (IPT_INV_SRCIP | IPT_INV_DSTIP))) 17231829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "! not allowed with multiple" 1724e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher " source or destination IP addresses"); 1725e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1726e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (command == CMD_REPLACE && (nsaddrs != 1 || ndaddrs != 1)) 17271829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "Replacement rule does not " 1728e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "specify a unique address"); 1729e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 17303a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt generic_opt_check(command, cs.options); 1731e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 17325429b41c2bb4ac8fe672a1513a041c0ed0c241f6Jan Engelhardt if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN) 17331829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 17345429b41c2bb4ac8fe672a1513a041c0ed0c241f6Jan Engelhardt "chain name `%s' too long (must be under %u chars)", 17355429b41c2bb4ac8fe672a1513a041c0ed0c241f6Jan Engelhardt chain, XT_EXTENSION_MAXNAMELEN); 1736e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 173793587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester /* Attempt to acquire the xtables lock */ 1738d7aeda5ed45ac7ca959f12180690caa371b5b14bPablo Neira Ayuso if (!restore && !xtables_lock(wait)) { 173993587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester fprintf(stderr, "Another app is currently holding the xtables lock. " 174093587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester "Perhaps you want to use the -w option?\n"); 174193587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester xtables_free_opts(1); 174293587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester exit(RESOURCE_PROBLEM); 174393587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester } 174493587a04d0f2511e108bbc4d87a8b9d28a5c5dd8Phil Oester 1745ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte /* only allocate handle if we weren't called with a handle */ 17468371e15a49d422755fbd185ab8415b9b12ec9d9aMartin Josefsson if (!*handle) 1747ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte *handle = iptc_init(*table); 1748ae1ff9f96a80379a650dec979b9902528a10d45aHarald Welte 17498beb0492c84dbec73febce36559ff244f77ec08eRusty Russell /* try to insmod the module if iptc_init failed */ 1750c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaaJan Engelhardt if (!*handle && xtables_load_ko(xtables_modprobe_program, false) != -1) 175182dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte *handle = iptc_init(*table); 175282dd2ec8eef4991bd717f885b26080d993dd3498Harald Welte 1753e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (!*handle) 17541829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(VERSION_PROBLEM, 1755e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "can't initialize iptables table `%s': %s", 1756e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher *table, iptc_strerror(errno)); 1757e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 17586336bfd128a56450184ec6790825575655b5d56aHarald Welte if (command == CMD_APPEND 1759e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher || command == CMD_DELETE 1760d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek || command == CMD_CHECK 1761e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher || command == CMD_INSERT 1762e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher || command == CMD_REPLACE) { 1763a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell if (strcmp(chain, "PREROUTING") == 0 1764a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell || strcmp(chain, "INPUT") == 0) { 1765a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell /* -o not valid with incoming packets. */ 17663a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.options & OPT_VIANAMEOUT) 17671829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1768e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Can't use -%c with %s\n", 1769e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opt2char(OPT_VIANAMEOUT), 1770e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain); 1771e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1772e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1773a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell if (strcmp(chain, "POSTROUTING") == 0 1774a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell || strcmp(chain, "OUTPUT") == 0) { 1775a4860fd18610d1f12ecf11357744f65d8ca226f3Rusty Russell /* -i not valid with outgoing packets */ 17763a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.options & OPT_VIANAMEIN) 17771829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 1778e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher "Can't use -%c with %s\n", 1779e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher opt2char(OPT_VIANAMEIN), 1780e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher chain); 1781e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1782e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 17839bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt if (cs.target && iptc_is_chain(cs.jumpto, *handle)) { 1784aae4f82eb83d923f59a328d6e13396f424be28f9Max Kellermann fprintf(stderr, 1785aae4f82eb83d923f59a328d6e13396f424be28f9Max Kellermann "Warning: using chain %s, not extension\n", 17869bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs.jumpto); 1787e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 17883a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.target->t) 17893a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt free(cs.target->t); 17904dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson 17913a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.target = NULL; 1792e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1793e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1794e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* If they didn't specify a target, or it's a chain 1795e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher name, use standard. */ 17963a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (!cs.target 17979bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt && (strlen(cs.jumpto) == 0 17989bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt || iptc_is_chain(cs.jumpto, *handle))) { 1799e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher size_t size; 1800e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 180114da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt cs.target = xtables_find_target(XT_STANDARD_TARGET, 18022338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt XTF_LOAD_MUST_SUCCEED); 1803e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 180414da56743c6cdf25da35b7b5ca7a5d201771990dJan Engelhardt size = sizeof(struct xt_entry_target) 18053a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt + cs.target->size; 18063a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.target->t = xtables_calloc(1, size); 18073a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.target->t->u.target_size = size; 18089bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt strcpy(cs.target->t->u.user.name, cs.jumpto); 18099bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt if (!iptc_is_chain(cs.jumpto, *handle)) 18103a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.target->t->u.user.revision = cs.target->revision; 181114190986f87301b18bcc473c842bd82d778d87a2Jan Engelhardt xs_init_target(cs.target); 1812e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1813e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 18143a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (!cs.target) { 1815f2a24bd5c8b380d94ac383420b5b8c42141e777bHarald Welte /* it is no chain, and we can't load a plugin. 1816f2a24bd5c8b380d94ac383420b5b8c42141e777bHarald Welte * We cannot know if the plugin is corrupt, non 1817a4d3e1fea254d63a2dd0e32bf6d70fa0f39159bcRusty Russell * existant OR if the user just misspelled a 1818f2a24bd5c8b380d94ac383420b5b8c42141e777bHarald Welte * chain. */ 181917fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#ifdef IPT_F_GOTO 18203a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt if (cs.fw.ip.flags & IPT_F_GOTO) 18211829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, 18229bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt "goto '%s' is not a chain\n", 18239bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt cs.jumpto); 182417fc163babc348780bae4321071845748f7b7985Henrik Nordstrom#endif 18259bb76094b26d22c7a85d98a075640f054b7910f4Jan Engelhardt xtables_find_target(cs.jumpto, XTF_LOAD_MUST_SUCCEED); 1826e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } else { 18273a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt e = generate_entry(&cs.fw, cs.matches, cs.target->t); 18283a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt free(cs.target->t); 1829e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1830e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1831e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1832e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher switch (command) { 1833e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_APPEND: 1834e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = append_entry(chain, e, 1835332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow nsaddrs, saddrs, smasks, 1836332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow ndaddrs, daddrs, dmasks, 18373a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, 18381c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt *handle); 1839e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1840e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_DELETE: 1841e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = delete_entry(chain, e, 1842332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow nsaddrs, saddrs, smasks, 1843332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow ndaddrs, daddrs, dmasks, 18443a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, 18453a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt *handle, cs.matches, cs.target); 1846e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1847e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_DELETE_NUM: 18481c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt ret = iptc_delete_num_entry(chain, rulenum - 1, *handle); 1849e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1850d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek case CMD_CHECK: 1851d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek ret = check_entry(chain, e, 1852d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek nsaddrs, saddrs, smasks, 1853d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek ndaddrs, daddrs, dmasks, 1854d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek cs.options&OPT_VERBOSE, 1855d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek *handle, cs.matches, cs.target); 1856d59b9db031abee37a9aa9776662dd15370faabf4Stefan Tomanek break; 1857e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_REPLACE: 1858e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = replace_entry(chain, e, rulenum - 1, 185975cb763b54a89bf9b9c61740c760abce89df06f3Jan Engelhardt saddrs, smasks, daddrs, dmasks, 18603a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, *handle); 1861e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1862e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_INSERT: 1863e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = insert_entry(chain, e, rulenum - 1, 1864332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow nsaddrs, saddrs, smasks, 1865332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow ndaddrs, daddrs, dmasks, 18663a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, 18671c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt *handle); 1868e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1869e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_FLUSH: 1870cc38d058d14e84d3008a0c0035348e0ad5f0d5d2Maciej Zenczykowski ret = flush_entries4(chain, cs.options&OPT_VERBOSE, *handle); 1871e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1872e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_ZERO: 18733a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt ret = zero_entries(chain, cs.options&OPT_VERBOSE, *handle); 1874e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1875b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta case CMD_ZERO_NUM: 1876b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta ret = iptc_zero_counter(chain, rulenum, *handle); 1877b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta break; 187896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom case CMD_LIST: 1879e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_LIST|CMD_ZERO: 1880b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta case CMD_LIST|CMD_ZERO_NUM: 1881e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = list_entries(chain, 1882bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom rulenum, 18833a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, 18843a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_NUMERIC, 18853a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_EXPANDED, 18863a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_LINENUMBERS, 18871c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt *handle); 188896296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (ret && (command & CMD_ZERO)) 188996296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom ret = zero_entries(chain, 18903a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, *handle); 1891b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta if (ret && (command & CMD_ZERO_NUM)) 1892b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta ret = iptc_zero_counter(chain, rulenum, *handle); 189396296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom break; 189496296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom case CMD_LIST_RULES: 189596296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom case CMD_LIST_RULES|CMD_ZERO: 1896b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta case CMD_LIST_RULES|CMD_ZERO_NUM: 189796296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom ret = list_rules(chain, 1898bb34082de25ec7fb6bffe5702062f087ca887466Henrik Nordstrom rulenum, 18993a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, 19001c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt *handle); 190196296cfb7e01298234c7fa9403619f50391620d1Henrik Nordstrom if (ret && (command & CMD_ZERO)) 1902e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher ret = zero_entries(chain, 19033a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt cs.options&OPT_VERBOSE, *handle); 1904b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta if (ret && (command & CMD_ZERO_NUM)) 1905b34199ee303d98ba00ed5ee19d4d5b19dd4cf563Mohit Mehta ret = iptc_zero_counter(chain, rulenum, *handle); 1906e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1907e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_NEW_CHAIN: 19081c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt ret = iptc_create_chain(chain, *handle); 1909e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1910e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_DELETE_CHAIN: 1911e5c061afabf018634a507f00df5b1d0c4bd53a37Maciej Zenczykowski ret = delete_chain4(chain, cs.options&OPT_VERBOSE, *handle); 1912e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1913e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_RENAME_CHAIN: 19141c9015b2cb483678f153121255e10ec0bbfde3e6Jan Engelhardt ret = iptc_rename_chain(chain, newname, *handle); 1915e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1916e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher case CMD_SET_POLICY: 19173a9d8b0bcaeeb7f260c881fbaaea62f705d0d47eJan Engelhardt ret = iptc_set_policy(chain, policy, cs.options&OPT_COUNTERS ? &cs.fw.counters : NULL, *handle); 1918e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher break; 1919e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher default: 1920e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher /* We should never reach this... */ 1921e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher exit_tryhelp(2); 1922e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher } 1923e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1924e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher if (verbose > 1) 1925e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher dump_entries(*handle); 1926e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher 1927d1e7922a587a239e16e0dbe654e63f76e1375e49Pablo Neira Ayuso xtables_rule_matches_free(&cs.matches); 192878cafdaf474a333fa39efab4aa4c9aed88ab9518Martin Josefsson 19294dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson if (e != NULL) { 19304dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson free(e); 19314dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson e = NULL; 19324dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson } 19334dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson 19346997cdf4ef385771711d877bbf8d67d63bf3ba5dkeso free(saddrs); 1935332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow free(smasks); 19366997cdf4ef385771711d877bbf8d67d63bf3ba5dkeso free(daddrs); 1937332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow free(dmasks); 1938139b3fe4bd5121501e60fe07963ea527d7f0bd36Jamal Hadi Salim xtables_free_opts(1); 19394dd5fedadee415a646bc0e70d0b17668897ede63Martin Josefsson 1940e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher return ret; 1941e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher} 1942