static int do_output(const char *tablename)
{
struct xtc_handle *h;
const char *chain = NULL;
if (!tablename)
return for_each_table(&do_output);
h = iptc_init(tablename);
if (h == NULL) {
xtables_load_ko(xtables_modprobe_program, false);
h = iptc_init(tablename);
}
if (!h)
xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
iptc_strerror(errno));
time_t now = time(NULL);
printf("# Generated by iptables-save v%s on %s",
IPTABLES_VERSION, ctime(&now));
printf("*%s\n", tablename);
/* Dump out chain names first,
* thereby preventing dependency conflicts */
for (chain = iptc_first_chain(h);
chain;
chain = iptc_next_chain(h)) {
printf(":%s ", chain);
if (iptc_builtin(chain, h)) {
struct xt_counters count;
printf("%s ",
iptc_get_policy(chain, &count, h));
printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
} else {
printf("- [0:0]\n");
}
}
for (chain = iptc_first_chain(h);
chain;
chain = iptc_next_chain(h)) {
const struct ipt_entry *e;
/* Dump out rules */
e = iptc_first_rule(chain, h);
while(e) {
print_rule4(e, h, chain, show_counters);
e = iptc_next_rule(e, h);
}
}
now = time(NULL);
printf("COMMIT\n");
printf("# Completed on %s", ctime(&now));
iptc_free(h);
return 1;
}
static int do_output(const char *tablename)
{
iptc_handle_t h;
const char *chain = NULL;
if (!tablename)
return for_each_table(&do_output);
h = iptc_init(tablename);
if (!h)
exit_error(OTHER_PROBLEM, "Can't initialize: %s\n",
iptc_strerror(errno));
if (!binary) {
time_t now = time(NULL);
printf("# Generated by iptables-save v%s on %s",
IPTABLES_VERSION, ctime(&now));
printf("*%s\n", tablename);
/* Dump out chain names first,
* thereby preventing dependency conflicts */
for (chain = iptc_first_chain(&h);
chain;
chain = iptc_next_chain(&h)) {
printf(":%s ", chain);
if (iptc_builtin(chain, h)) {
struct ipt_counters count;
printf("%s ",
iptc_get_policy(chain, &count, &h));
printf("[%llu:%llu]\n", count.pcnt, count.bcnt);
} else {
printf("- [0:0]\n");
}
}
for (chain = iptc_first_chain(&h);
chain;
chain = iptc_next_chain(&h)) {
const struct ipt_entry *e;
/* Dump out rules */
e = iptc_first_rule(chain, &h);
while(e) {
print_rule(e, &h, chain, counters);
e = iptc_next_rule(e, &h);
}
}
now = time(NULL);
printf("COMMIT\n");
printf("# Completed on %s", ctime(&now));
} else {
/* Binary, huh? OK. */
exit_error(OTHER_PROBLEM, "Binary NYI\n");
}
return 1;
}
void genIPTablesRules(const std::string &filter, QueryData &results) {
Row r;
r["filter_name"] = filter;
// Initialize the access to iptc
auto handle = (struct iptc_handle *)iptc_init(filter.c_str());
if (handle == nullptr) {
return;
}
// Iterate through chains
for (auto chain = iptc_first_chain(handle); chain != nullptr;
chain = iptc_next_chain(handle)) {
r["chain"] = TEXT(chain);
struct ipt_counters counters;
auto policy = iptc_get_policy(chain, &counters, handle);
if (policy != nullptr) {
r["policy"] = TEXT(policy);
r["packets"] = INTEGER(counters.pcnt);
r["bytes"] = INTEGER(counters.bcnt);
} else {
r["policy"] = "";
r["packets"] = "0";
r["bytes"] = "0";
}
const struct ipt_entry *prev_rule = nullptr;
// Iterating through all the rules per chain
for (const struct ipt_entry *chain_rule = iptc_first_rule(chain, handle);
chain_rule;
chain_rule = iptc_next_rule(prev_rule, handle)) {
prev_rule = chain_rule;
auto target = iptc_get_target(chain_rule, handle);
if (target != nullptr) {
r["target"] = TEXT(target);
} else {
r["target"] = "";
}
if (chain_rule->target_offset) {
r["match"] = "yes";
// fill protocol port details
parseEntryMatch(chain_rule, r);
} else {
r["match"] = "no";
r["src_port"] = "";
r["dst_port"] = "";
}
const struct ipt_ip *ip = &chain_rule->ip;
parseIpEntry(ip, r);
results.push_back(r);
} // Rule iteration
results.push_back(r);
} // Chain iteration
iptc_free(handle);
}