static int iprange_mt6_xlate(const void *ip, const struct xt_entry_match *match, struct xt_xlate *xl, int numeric) { const struct xt_iprange_mtinfo *info = (const void *)match->data; char *space = ""; if (info->flags & IPRANGE_SRC) { if (info->flags & IPRANGE_SRC_INV) xt_xlate_add(xl, "!= "); xt_xlate_add(xl, "ip saddr %s", xtables_ip6addr_to_numeric(&info->src_min.in6)); xt_xlate_add(xl, "-%s", xtables_ip6addr_to_numeric(&info->src_max.in6)); space = " "; } if (info->flags & IPRANGE_DST) { if (info->flags & IPRANGE_DST_INV) { xt_xlate_add(xl, "%s!= ", space); space = ""; } xt_xlate_add(xl, "%sip daddr %s", space, xtables_ip6addr_to_numeric(&info->dst_min.in6)); xt_xlate_add(xl, "-%s", xtables_ip6addr_to_numeric(&info->dst_max.in6)); } return 1; }
static void iprange_mt6_print(const void *ip, const struct xt_entry_match *match, int numeric) { const struct xt_iprange_mtinfo *info = (const void *)match->data; if (info->flags & IPRANGE_SRC) { printf("source IP range "); if (info->flags & IPRANGE_SRC_INV) printf("! "); /* * ipaddr_to_numeric() uses a static buffer, so cannot * combine the printf() calls. */ printf("%s", xtables_ip6addr_to_numeric(&info->src_min.in6)); printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6)); } if (info->flags & IPRANGE_DST) { printf("destination IP range "); if (info->flags & IPRANGE_DST_INV) printf("! "); printf("%s", xtables_ip6addr_to_numeric(&info->dst_min.in6)); printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6)); } }
void nat64_tg6_save(const void *entry, const struct xt_entry_target *target) { const struct xt_nat64_tginfo *info = (const void *)target->data; if (info->flags & XT_NAT64_IPV6_DST) { printf("--ipdst %s %s", xtables_ip6addr_to_numeric(&info->ip6dst.in6), xtables_ip6addr_to_numeric(&info->ip6dst_mask.in6)); } }
static void DNPT_print(const void *ip, const struct xt_entry_target *target, int numeric) { const struct ip6t_npt_tginfo *npt = (const void *)target->data; printf(" DNPT src-pfx %s/%u", xtables_ip6addr_to_numeric(&npt->src_pfx.in6), npt->src_pfx_len); printf(" dst-pfx %s/%u", xtables_ip6addr_to_numeric(&npt->dst_pfx.in6), npt->dst_pfx_len); }
static void conntrack_dump_addr(const union nf_inet_addr *addr, const union nf_inet_addr *mask, unsigned int family, bool numeric) { if (family == NFPROTO_IPV4) { if (!numeric && addr->ip == 0) { printf("anywhere "); return; } if (numeric) printf("%s ", xtables_ipaddr_to_numeric(&addr->in)); else printf("%s ", xtables_ipaddr_to_anyname(&addr->in)); } else if (family == NFPROTO_IPV6) { if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 && addr->ip6[2] == 0 && addr->ip6[3] == 0) { printf("anywhere "); return; } if (numeric) printf("%s ", xtables_ip6addr_to_numeric(&addr->in6)); else printf("%s ", xtables_ip6addr_to_anyname(&addr->in6)); } }
/* Shamelessly copied from libxt_conntrack.c */ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr, const union nf_inet_addr *mask, unsigned int family, bool numeric) { char buf[BUFSIZ]; if (family == NFPROTO_IPV4) { if (!numeric && addr->ip == 0) { printf("anywhere "); return; } if (numeric) strcpy(buf, xtables_ipaddr_to_numeric(&addr->in)); else strcpy(buf, xtables_ipaddr_to_anyname(&addr->in)); strcat(buf, xtables_ipmask_to_numeric(&mask->in)); printf("%s ", buf); } else if (family == NFPROTO_IPV6) { if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 && addr->ip6[2] == 0 && addr->ip6[3] == 0) { printf("anywhere "); return; } if (numeric) strcpy(buf, xtables_ip6addr_to_numeric(&addr->in6)); else strcpy(buf, xtables_ip6addr_to_anyname(&addr->in6)); strcat(buf, xtables_ip6mask_to_numeric(&mask->in6)); printf("%s ", buf); } }
static void DNPT_save(const void *ip, const struct xt_entry_target *target) { static const struct in6_addr zero_addr; const struct ip6t_npt_tginfo *info = (const void *)target->data; if (memcmp(&info->src_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 || info->src_pfx_len != 0) printf(" --src-pfx %s/%u", xtables_ip6addr_to_numeric(&info->src_pfx.in6), info->src_pfx_len); if (memcmp(&info->dst_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 || info->dst_pfx_len != 0) printf(" --dst-pfx %s/%u", xtables_ip6addr_to_numeric(&info->dst_pfx.in6), info->dst_pfx_len); }
static void iprange_mt6_save(const void *ip, const struct xt_entry_match *match) { const struct xt_iprange_mtinfo *info = (const void *)match->data; if (info->flags & IPRANGE_SRC) { if (info->flags & IPRANGE_SRC_INV) printf("! "); printf("--src-range %s", xtables_ip6addr_to_numeric(&info->src_min.in6)); printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6)); } if (info->flags & IPRANGE_DST) { if (info->flags & IPRANGE_DST_INV) printf("! "); printf("--dst-range %s", xtables_ip6addr_to_numeric(&info->dst_min.in6)); printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6)); } }
static void tee_tg6_save(const void *ip, const struct xt_entry_target *target) { const struct xt_tee_tginfo *info = (const void *)target->data; printf(" --gateway %s", xtables_ip6addr_to_numeric(&info->gw.in6)); if (*info->oif != '\0') printf(" --oif %s", info->oif); }
const char *xtables_ip6addr_to_anyname(const struct in6_addr *addr) { const char *name; if ((name = ip6addr_to_host(addr)) != NULL) return name; return xtables_ip6addr_to_numeric(addr); }
static void print_range(const struct nf_nat_range *range) { if (range->flags & NF_NAT_RANGE_MAP_IPS) { if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) printf("["); printf("%s", xtables_ip6addr_to_numeric(&range->min_addr.in6)); if (memcmp(&range->min_addr, &range->max_addr, sizeof(range->min_addr))) printf("-%s", xtables_ip6addr_to_numeric(&range->max_addr.in6)); if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) printf("]"); } if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) { printf(":"); printf("%hu", ntohs(range->min_proto.tcp.port)); if (range->max_proto.tcp.port != range->min_proto.tcp.port) printf("-%hu", ntohs(range->max_proto.tcp.port)); } }
static void print_entry(const char *prefix, const struct xt_policy_elem *e, bool numeric, uint8_t family) { if (e->match.reqid) { PRINT_INVERT(e->invert.reqid); printf("%sreqid %u ", prefix, e->reqid); } if (e->match.spi) { PRINT_INVERT(e->invert.spi); printf("%sspi 0x%x ", prefix, e->spi); } if (e->match.proto) { PRINT_INVERT(e->invert.proto); print_proto(prefix, e->proto, numeric); } if (e->match.mode) { PRINT_INVERT(e->invert.mode); print_mode(prefix, e->mode, numeric); } if (e->match.daddr) { PRINT_INVERT(e->invert.daddr); if (family == NFPROTO_IPV6) printf("%stunnel-dst %s%s ", prefix, xtables_ip6addr_to_numeric(&e->daddr.a6), xtables_ip6mask_to_numeric(&e->dmask.a6)); else printf("%stunnel-dst %s%s ", prefix, xtables_ipaddr_to_numeric(&e->daddr.a4), xtables_ipmask_to_numeric(&e->dmask.a4)); } if (e->match.saddr) { PRINT_INVERT(e->invert.saddr); if (family == NFPROTO_IPV6) printf("%stunnel-src %s%s ", prefix, xtables_ip6addr_to_numeric(&e->saddr.a6), xtables_ip6mask_to_numeric(&e->smask.a6)); else printf("%stunnel-src %s%s ", prefix, xtables_ipaddr_to_numeric(&e->saddr.a4), xtables_ipmask_to_numeric(&e->smask.a4)); } }
static void tproxy_tg_save6(const void *ip, const struct xt_entry_target *target) { const struct xt_tproxy_target_info_v1 *info; info = (const void *)target->data; printf(" --on-port %u", ntohs(info->lport)); printf(" --on-ip %s", xtables_ip6addr_to_numeric(&info->laddr.in6)); printf(" --tproxy-mark 0x%x/0x%x", (unsigned int)info->mark_value, (unsigned int)info->mark_mask); }
static void tee_tg6_print(const void *ip, const struct xt_entry_target *target, int numeric) { const struct xt_tee_tginfo *info = (const void *)target->data; if (numeric) printf(" TEE gw:%s", xtables_ip6addr_to_numeric(&info->gw.in6)); else printf(" TEE gw:%s", xtables_ip6addr_to_anyname(&info->gw.in6)); if (*info->oif != '\0') printf(" oif=%s", info->oif); }
static void tproxy_tg_print6(const void *ip, const struct xt_entry_target *target, int numeric) { const struct xt_tproxy_target_info_v1 *info = (const void *)target->data; printf(" TPROXY redirect %s:%u mark 0x%x/0x%x", xtables_ip6addr_to_numeric(&info->laddr.in6), ntohs(info->lport), (unsigned int)info->mark_value, (unsigned int)info->mark_mask); }
const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp) { static char buf[50+2]; int l = xtables_ip6mask_to_cidr(addrp); if (l == -1) { strcpy(buf, "/"); strcat(buf, xtables_ip6addr_to_numeric(addrp)); return buf; } sprintf(buf, "/%d", l); return buf; }
void nat64_tg6_print(const void *entry, const struct xt_entry_target *target, int numeric) { const struct xt_nat64_tginfo *info = (const void *)target->data; if (info->flags & XT_NAT64_IPV6_DST) { printf("dst IP "); printf("%s ", numeric ? xtables_ip6addr_to_numeric(&info->ip6dst.in6): xtables_ip6addr_to_anyname(&info->ip6dst.in6)); } }
static int tee_tg6_xlate(const void *ip, const struct xt_entry_target *target, struct xt_xlate *xl, int numeric) { const struct xt_tee_tginfo *info = (const void *)target->data; if (numeric) xt_xlate_add(xl, "dup to %s", xtables_ip6addr_to_numeric(&info->gw.in6)); else xt_xlate_add(xl, "dup to %s", xtables_ip6addr_to_anyname(&info->gw.in6)); if (*info->oif != '\0') xt_xlate_add(xl, " device %s", info->oif); return 1; }
const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp) { static char buf[50+2]; int l = xtables_ip6mask_to_cidr(addrp); if (l == -1) { strcpy(buf, "/"); strcat(buf, xtables_ip6addr_to_numeric(addrp)); return buf; } /* we don't want to see "/128" */ if (l == 128) return ""; else sprintf(buf, "/%d", l); return buf; }
static struct in6_addr * host_to_ip6addr(const char *name, unsigned int *naddr) { struct in6_addr *addr; struct addrinfo hints; struct addrinfo *res, *p; int err; unsigned int i; memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; hints.ai_family = AF_INET6; hints.ai_socktype = SOCK_RAW; *naddr = 0; if ((err = getaddrinfo(name, NULL, &hints, &res)) != 0) { #ifdef DEBUG fprintf(stderr,"Name2IP: %s\n",gai_strerror(err)); #endif return NULL; } else { /* Find length of address chain */ for (p = res; p != NULL; p = p->ai_next) ++*naddr; #ifdef DEBUG fprintf(stderr, "resolved: len=%d %s ", res->ai_addrlen, xtables_ip6addr_to_numeric(&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr)); #endif /* Copy each element of the address chain */ addr = xtables_calloc(*naddr, sizeof(struct in6_addr)); for (i = 0, p = res; p != NULL; p = p->ai_next) memcpy(&addr[i++], &((const struct sockaddr_in6 *)p->ai_addr)->sin6_addr, sizeof(struct in6_addr)); freeaddrinfo(res); return addr; } return NULL; }