/* Helper function for list_rules() */
static void list_em(struct ebt_u_entries *entries)
{
int i;
struct ebt_u_entry *hlp;
struct ebt_u_match_list *m_l;
struct ebt_u_match *m;
struct ebt_u_target *t;
hlp = entries->entries->next;
printf("\nBridge chain: %s, entries: %d, policy: %s\n",
entries->name, entries->nentries,
ebt_standard_targets[-entries->policy - 1]);
for (i = 0; i < entries->nentries; i++) {
/* The standard target's print() uses this to find out
* the name of a udc */
hlp->replace = replace;
/* Don't print anything about the protocol if no protocol was
* specified, obviously this means any protocol will do. */
if (!(hlp->bitmask & EBT_NOPROTO)) {
printf("-p ");
if (hlp->invflags & EBT_IPROTO)
printf("! ");
if (hlp->bitmask & EBT_802_3)
printf("Length ");
else {
const struct ethertypeent *ent;
ent = getethertypebynumber(ntohs(hlp->ethproto));
if (!ent)
printf("0x%x ", ntohs(hlp->ethproto));
else
printf("%s ", ent->e_name);
}
}
if (hlp->bitmask & EBT_SOURCEMAC) {
printf("-s ");
if (hlp->invflags & EBT_ISOURCE)
printf("! ");
ebt_print_mac_and_mask(hlp->sourcemac, hlp->sourcemsk);
printf(" ");
}
if (hlp->bitmask & EBT_DESTMAC) {
printf("-d ");
if (hlp->invflags & EBT_IDEST)
printf("! ");
ebt_print_mac_and_mask(hlp->destmac, hlp->destmsk);
printf(" ");
}
if (hlp->in[0] != '\0') {
printf("-i ");
if (hlp->invflags & EBT_IIN)
printf("! ");
print_iface(hlp->in);
}
if (hlp->logical_in[0] != '\0') {
printf("--logical-in ");
if (hlp->invflags & EBT_ILOGICALIN)
printf("! ");
print_iface(hlp->logical_in);
}
if (hlp->logical_out[0] != '\0') {
printf("--logical-out ");
if (hlp->invflags & EBT_ILOGICALOUT)
printf("! ");
print_iface(hlp->logical_out);
}
if (hlp->out[0] != '\0') {
printf("-o ");
if (hlp->invflags & EBT_IOUT)
printf("! ");
print_iface(hlp->out);
}
m_l = hlp->m_list;
while (m_l) {
m = ebt_find_match(m_l->m->u.name);
if (!m)
ebt_print_bug("Match not found");
m->print(hlp, m_l->m);
m_l = m_l->next;
}
printf("-j ");
if (strcmp(hlp->t->u.name, EBT_STANDARD_TARGET))
printf("%s ", hlp->t->u.name);
t = ebt_find_target(hlp->t->u.name);
if (!t)
ebt_print_bug("Target '%s' not found", hlp->t->u.name);
t->print(hlp, hlp->t);
printf("\n");
hlp = hlp->next;
}
}
static void print(const struct ebt_u_entry *entry,
const struct ebt_entry_match *match)
{
struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data;
int i;
if (arpinfo->bitmask & EBT_ARP_OPCODE) {
int opcode = ntohs(arpinfo->opcode);
printf("--arp-op ");
if (arpinfo->invflags & EBT_ARP_OPCODE)
printf("! ");
if (opcode > 0 && opcode <= NUMOPCODES)
printf("%s ", opcodes[opcode - 1]);
else
printf("%d ", opcode);
}
if (arpinfo->bitmask & EBT_ARP_HTYPE) {
printf("--arp-htype ");
if (arpinfo->invflags & EBT_ARP_HTYPE)
printf("! ");
printf("%d ", ntohs(arpinfo->htype));
}
if (arpinfo->bitmask & EBT_ARP_PTYPE) {
struct ethertypeent *ent;
printf("--arp-ptype ");
if (arpinfo->invflags & EBT_ARP_PTYPE)
printf("! ");
ent = getethertypebynumber(ntohs(arpinfo->ptype));
if (!ent)
printf("0x%x ", ntohs(arpinfo->ptype));
else
printf("%s ", ent->e_name);
}
if (arpinfo->bitmask & EBT_ARP_SRC_IP) {
printf("--arp-ip-src ");
if (arpinfo->invflags & EBT_ARP_SRC_IP)
printf("! ");
for (i = 0; i < 4; i++)
printf("%d%s", ((unsigned char *)&arpinfo->saddr)[i],
(i == 3) ? "" : ".");
printf("%s ", ebt_mask_to_dotted(arpinfo->smsk));
}
if (arpinfo->bitmask & EBT_ARP_DST_IP) {
printf("--arp-ip-dst ");
if (arpinfo->invflags & EBT_ARP_DST_IP)
printf("! ");
for (i = 0; i < 4; i++)
printf("%d%s", ((unsigned char *)&arpinfo->daddr)[i],
(i == 3) ? "" : ".");
printf("%s ", ebt_mask_to_dotted(arpinfo->dmsk));
}
if (arpinfo->bitmask & EBT_ARP_SRC_MAC) {
printf("--arp-mac-src ");
if (arpinfo->invflags & EBT_ARP_SRC_MAC)
printf("! ");
ebt_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
printf(" ");
}
if (arpinfo->bitmask & EBT_ARP_DST_MAC) {
printf("--arp-mac-dst ");
if (arpinfo->invflags & EBT_ARP_DST_MAC)
printf("! ");
ebt_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
printf(" ");
}
if (arpinfo->bitmask & EBT_ARP_GRAT) {
if (arpinfo->invflags & EBT_ARP_GRAT)
printf("! ");
printf("--arp-gratuitous ");
}
}
/* Helper function for list_rules() */
static void list_em(struct ebt_u_entries *entries)
{
int i, j, space = 0, digits;
struct ebt_u_entry *hlp;
struct ebt_u_match_list *m_l;
struct ebt_u_watcher_list *w_l;
struct ebt_u_match *m;
struct ebt_u_watcher *w;
struct ebt_u_target *t;
if (replace->flags & LIST_MAC2)
ebt_printstyle_mac = 2;
else
ebt_printstyle_mac = 0;
hlp = entries->entries->next;
if (replace->flags & LIST_X && entries->policy != EBT_ACCEPT) {
printf("ebtables -t %s -P %s %s\n", replace->name,
entries->name, ebt_standard_targets[-entries->policy - 1]);
} else if (!(replace->flags & LIST_X)) {
printf("\nBridge chain: %s, entries: %d, policy: %s\n",
entries->name, entries->nentries,
ebt_standard_targets[-entries->policy - 1]);
}
if (replace->flags & LIST_N) {
i = entries->nentries;
while (i > 9) {
space++;
i /= 10;
}
}
for (i = 0; i < entries->nentries; i++) {
if (replace->flags & LIST_N) {
digits = 0;
/* A little work to get nice rule numbers. */
j = i + 1;
while (j > 9) {
digits++;
j /= 10;
}
for (j = 0; j < space - digits; j++)
printf(" ");
printf("%d. ", i + 1);
}
if (replace->flags & LIST_X)
printf("ebtables -t %s -A %s ",
replace->name, entries->name);
/* The standard target's print() uses this to find out
* the name of a udc */
hlp->replace = replace;
/* Don't print anything about the protocol if no protocol was
* specified, obviously this means any protocol will do. */
if (!(hlp->bitmask & EBT_NOPROTO)) {
printf("-p ");
if (hlp->invflags & EBT_IPROTO)
printf("! ");
if (hlp->bitmask & EBT_802_3)
printf("Length ");
else {
struct ethertypeent *ent;
ent = getethertypebynumber(ntohs(hlp->ethproto));
if (!ent)
printf("0x%x ", ntohs(hlp->ethproto));
else
printf("%s ", ent->e_name);
}
}
if (hlp->bitmask & EBT_SOURCEMAC) {
printf("-s ");
if (hlp->invflags & EBT_ISOURCE)
printf("! ");
ebt_print_mac_and_mask(hlp->sourcemac, hlp->sourcemsk);
printf(" ");
}
if (hlp->bitmask & EBT_DESTMAC) {
printf("-d ");
if (hlp->invflags & EBT_IDEST)
printf("! ");
ebt_print_mac_and_mask(hlp->destmac, hlp->destmsk);
printf(" ");
}
if (hlp->in[0] != '\0') {
printf("-i ");
if (hlp->invflags & EBT_IIN)
printf("! ");
print_iface(hlp->in);
}
if (hlp->logical_in[0] != '\0') {
printf("--logical-in ");
if (hlp->invflags & EBT_ILOGICALIN)
printf("! ");
print_iface(hlp->logical_in);
}
if (hlp->logical_out[0] != '\0') {
printf("--logical-out ");
if (hlp->invflags & EBT_ILOGICALOUT)
printf("! ");
print_iface(hlp->logical_out);
}
if (hlp->out[0] != '\0') {
printf("-o ");
if (hlp->invflags & EBT_IOUT)
printf("! ");
print_iface(hlp->out);
}
m_l = hlp->m_list;
while (m_l) {
m = ebt_find_match(m_l->m->u.name);
if (!m)
ebt_print_bug("Match not found");
m->print(hlp, m_l->m);
m_l = m_l->next;
}
w_l = hlp->w_list;
while (w_l) {
w = ebt_find_watcher(w_l->w->u.name);
if (!w)
ebt_print_bug("Watcher not found");
w->print(hlp, w_l->w);
w_l = w_l->next;
}
printf("-j ");
if (strcmp(hlp->t->u.name, EBT_STANDARD_TARGET))
printf("%s ", hlp->t->u.name);
t = ebt_find_target(hlp->t->u.name);
if (!t)
ebt_print_bug("Target '%s' not found", hlp->t->u.name);
t->print(hlp, hlp->t);
if (replace->flags & LIST_C) {
uint64_t pcnt = hlp->cnt.pcnt;
uint64_t bcnt = hlp->cnt.bcnt;
if (replace->flags & LIST_X)
printf("-c %"PRIu64" %"PRIu64, pcnt, bcnt);
else
printf(", pcnt = %"PRIu64" -- bcnt = %"PRIu64, pcnt, bcnt);
}
printf("\n");
hlp = hlp->next;
}
}