static int iprange_mt6_xlate(const void *ip, const struct xt_entry_match *match,
struct xt_xlate *xl, int numeric)
{
const struct xt_iprange_mtinfo *info = (const void *)match->data;
char *space = "";
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
xt_xlate_add(xl, "!= ");
xt_xlate_add(xl, "ip saddr %s",
xtables_ip6addr_to_numeric(&info->src_min.in6));
xt_xlate_add(xl, "-%s",
xtables_ip6addr_to_numeric(&info->src_max.in6));
space = " ";
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV) {
xt_xlate_add(xl, "%s!= ", space);
space = "";
}
xt_xlate_add(xl, "%sip daddr %s", space,
xtables_ip6addr_to_numeric(&info->dst_min.in6));
xt_xlate_add(xl, "-%s",
xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
return 1;
}
static void
iprange_mt6_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
const struct xt_iprange_mtinfo *info = (const void *)match->data;
if (info->flags & IPRANGE_SRC) {
printf("source IP range ");
if (info->flags & IPRANGE_SRC_INV)
printf("! ");
/*
* ipaddr_to_numeric() uses a static buffer, so cannot
* combine the printf() calls.
*/
printf("%s", xtables_ip6addr_to_numeric(&info->src_min.in6));
printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6));
}
if (info->flags & IPRANGE_DST) {
printf("destination IP range ");
if (info->flags & IPRANGE_DST_INV)
printf("! ");
printf("%s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
}
void nat64_tg6_save(const void *entry, const struct xt_entry_target *target)
{
const struct xt_nat64_tginfo *info = (const void *)target->data;
if (info->flags & XT_NAT64_IPV6_DST) {
printf("--ipdst %s %s",
xtables_ip6addr_to_numeric(&info->ip6dst.in6),
xtables_ip6addr_to_numeric(&info->ip6dst_mask.in6));
}
}
static void DNPT_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
const struct ip6t_npt_tginfo *npt = (const void *)target->data;
printf(" DNPT src-pfx %s/%u", xtables_ip6addr_to_numeric(&npt->src_pfx.in6),
npt->src_pfx_len);
printf(" dst-pfx %s/%u", xtables_ip6addr_to_numeric(&npt->dst_pfx.in6),
npt->dst_pfx_len);
}
static void
conntrack_dump_addr(const union nf_inet_addr *addr,
const union nf_inet_addr *mask,
unsigned int family, bool numeric)
{
if (family == NFPROTO_IPV4) {
if (!numeric && addr->ip == 0) {
printf("anywhere ");
return;
}
if (numeric)
printf("%s ", xtables_ipaddr_to_numeric(&addr->in));
else
printf("%s ", xtables_ipaddr_to_anyname(&addr->in));
} else if (family == NFPROTO_IPV6) {
if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
addr->ip6[2] == 0 && addr->ip6[3] == 0) {
printf("anywhere ");
return;
}
if (numeric)
printf("%s ", xtables_ip6addr_to_numeric(&addr->in6));
else
printf("%s ", xtables_ip6addr_to_anyname(&addr->in6));
}
}
/* Shamelessly copied from libxt_conntrack.c */
static void ipvs_mt_dump_addr(const union nf_inet_addr *addr,
const union nf_inet_addr *mask,
unsigned int family, bool numeric)
{
char buf[BUFSIZ];
if (family == NFPROTO_IPV4) {
if (!numeric && addr->ip == 0) {
printf("anywhere ");
return;
}
if (numeric)
strcpy(buf, xtables_ipaddr_to_numeric(&addr->in));
else
strcpy(buf, xtables_ipaddr_to_anyname(&addr->in));
strcat(buf, xtables_ipmask_to_numeric(&mask->in));
printf("%s ", buf);
} else if (family == NFPROTO_IPV6) {
if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
addr->ip6[2] == 0 && addr->ip6[3] == 0) {
printf("anywhere ");
return;
}
if (numeric)
strcpy(buf, xtables_ip6addr_to_numeric(&addr->in6));
else
strcpy(buf, xtables_ip6addr_to_anyname(&addr->in6));
strcat(buf, xtables_ip6mask_to_numeric(&mask->in6));
printf("%s ", buf);
}
}
static void DNPT_save(const void *ip, const struct xt_entry_target *target)
{
static const struct in6_addr zero_addr;
const struct ip6t_npt_tginfo *info = (const void *)target->data;
if (memcmp(&info->src_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 ||
info->src_pfx_len != 0)
printf(" --src-pfx %s/%u",
xtables_ip6addr_to_numeric(&info->src_pfx.in6),
info->src_pfx_len);
if (memcmp(&info->dst_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 ||
info->dst_pfx_len != 0)
printf(" --dst-pfx %s/%u",
xtables_ip6addr_to_numeric(&info->dst_pfx.in6),
info->dst_pfx_len);
}
static void iprange_mt6_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_iprange_mtinfo *info = (const void *)match->data;
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
printf("! ");
printf("--src-range %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6));
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
printf("! ");
printf("--dst-range %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
}
static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
printf(" --gateway %s", xtables_ip6addr_to_numeric(&info->gw.in6));
if (*info->oif != '\0')
printf(" --oif %s", info->oif);
}
const char *xtables_ip6addr_to_anyname(const struct in6_addr *addr)
{
const char *name;
if ((name = ip6addr_to_host(addr)) != NULL)
return name;
return xtables_ip6addr_to_numeric(addr);
}
static void print_range(const struct nf_nat_range *range)
{
if (range->flags & NF_NAT_RANGE_MAP_IPS) {
if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
printf("[");
printf("%s", xtables_ip6addr_to_numeric(&range->min_addr.in6));
if (memcmp(&range->min_addr, &range->max_addr,
sizeof(range->min_addr)))
printf("-%s", xtables_ip6addr_to_numeric(&range->max_addr.in6));
if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
printf("]");
}
if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
printf(":");
printf("%hu", ntohs(range->min_proto.tcp.port));
if (range->max_proto.tcp.port != range->min_proto.tcp.port)
printf("-%hu", ntohs(range->max_proto.tcp.port));
}
}
static void print_entry(const char *prefix, const struct xt_policy_elem *e,
bool numeric, uint8_t family)
{
if (e->match.reqid) {
PRINT_INVERT(e->invert.reqid);
printf("%sreqid %u ", prefix, e->reqid);
}
if (e->match.spi) {
PRINT_INVERT(e->invert.spi);
printf("%sspi 0x%x ", prefix, e->spi);
}
if (e->match.proto) {
PRINT_INVERT(e->invert.proto);
print_proto(prefix, e->proto, numeric);
}
if (e->match.mode) {
PRINT_INVERT(e->invert.mode);
print_mode(prefix, e->mode, numeric);
}
if (e->match.daddr) {
PRINT_INVERT(e->invert.daddr);
if (family == NFPROTO_IPV6)
printf("%stunnel-dst %s%s ", prefix,
xtables_ip6addr_to_numeric(&e->daddr.a6),
xtables_ip6mask_to_numeric(&e->dmask.a6));
else
printf("%stunnel-dst %s%s ", prefix,
xtables_ipaddr_to_numeric(&e->daddr.a4),
xtables_ipmask_to_numeric(&e->dmask.a4));
}
if (e->match.saddr) {
PRINT_INVERT(e->invert.saddr);
if (family == NFPROTO_IPV6)
printf("%stunnel-src %s%s ", prefix,
xtables_ip6addr_to_numeric(&e->saddr.a6),
xtables_ip6mask_to_numeric(&e->smask.a6));
else
printf("%stunnel-src %s%s ", prefix,
xtables_ipaddr_to_numeric(&e->saddr.a4),
xtables_ipmask_to_numeric(&e->smask.a4));
}
}
static void
tproxy_tg_save6(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tproxy_target_info_v1 *info;
info = (const void *)target->data;
printf(" --on-port %u", ntohs(info->lport));
printf(" --on-ip %s", xtables_ip6addr_to_numeric(&info->laddr.in6));
printf(" --tproxy-mark 0x%x/0x%x",
(unsigned int)info->mark_value, (unsigned int)info->mark_mask);
}
static void tee_tg6_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
if (numeric)
printf(" TEE gw:%s", xtables_ip6addr_to_numeric(&info->gw.in6));
else
printf(" TEE gw:%s", xtables_ip6addr_to_anyname(&info->gw.in6));
if (*info->oif != '\0')
printf(" oif=%s", info->oif);
}
static void
tproxy_tg_print6(const void *ip, const struct xt_entry_target *target,
int numeric)
{
const struct xt_tproxy_target_info_v1 *info =
(const void *)target->data;
printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
xtables_ip6addr_to_numeric(&info->laddr.in6),
ntohs(info->lport), (unsigned int)info->mark_value,
(unsigned int)info->mark_mask);
}
const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp)
{
static char buf[50+2];
int l = xtables_ip6mask_to_cidr(addrp);
if (l == -1) {
strcpy(buf, "/");
strcat(buf, xtables_ip6addr_to_numeric(addrp));
return buf;
}
sprintf(buf, "/%d", l);
return buf;
}
void nat64_tg6_print(const void *entry,
const struct xt_entry_target *target, int numeric)
{
const struct xt_nat64_tginfo *info = (const void *)target->data;
if (info->flags & XT_NAT64_IPV6_DST) {
printf("dst IP ");
printf("%s ", numeric ?
xtables_ip6addr_to_numeric(&info->ip6dst.in6):
xtables_ip6addr_to_anyname(&info->ip6dst.in6));
}
}
static int tee_tg6_xlate(const void *ip, const struct xt_entry_target *target,
struct xt_xlate *xl, int numeric)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
if (numeric)
xt_xlate_add(xl, "dup to %s",
xtables_ip6addr_to_numeric(&info->gw.in6));
else
xt_xlate_add(xl, "dup to %s",
xtables_ip6addr_to_anyname(&info->gw.in6));
if (*info->oif != '\0')
xt_xlate_add(xl, " device %s", info->oif);
return 1;
}
const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp)
{
static char buf[50+2];
int l = xtables_ip6mask_to_cidr(addrp);
if (l == -1) {
strcpy(buf, "/");
strcat(buf, xtables_ip6addr_to_numeric(addrp));
return buf;
}
/* we don't want to see "/128" */
if (l == 128)
return "";
else
sprintf(buf, "/%d", l);
return buf;
}
static struct in6_addr *
host_to_ip6addr(const char *name, unsigned int *naddr)
{
struct in6_addr *addr;
struct addrinfo hints;
struct addrinfo *res, *p;
int err;
unsigned int i;
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
hints.ai_family = AF_INET6;
hints.ai_socktype = SOCK_RAW;
*naddr = 0;
if ((err = getaddrinfo(name, NULL, &hints, &res)) != 0) {
#ifdef DEBUG
fprintf(stderr,"Name2IP: %s\n",gai_strerror(err));
#endif
return NULL;
} else {
/* Find length of address chain */
for (p = res; p != NULL; p = p->ai_next)
++*naddr;
#ifdef DEBUG
fprintf(stderr, "resolved: len=%d %s ", res->ai_addrlen,
xtables_ip6addr_to_numeric(&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr));
#endif
/* Copy each element of the address chain */
addr = xtables_calloc(*naddr, sizeof(struct in6_addr));
for (i = 0, p = res; p != NULL; p = p->ai_next)
memcpy(&addr[i++],
&((const struct sockaddr_in6 *)p->ai_addr)->sin6_addr,
sizeof(struct in6_addr));
freeaddrinfo(res);
return addr;
}
return NULL;
}
