static int do_output(const char *tablename)
{
	struct xtc_handle *h;
	const char *chain = NULL;

	if (!tablename)
		return for_each_table(&do_output);

	h = ip6tc_init(tablename);
	if (h == NULL) {
		xtables_load_ko(xtables_modprobe_program, false);
		h = ip6tc_init(tablename);
	}
	if (!h)
		xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
			   ip6tc_strerror(errno));

	time_t now = time(NULL);

	printf("# Generated by ip6tables-save v%s on %s",
	       IPTABLES_VERSION, ctime(&now));
	printf("*%s\n", tablename);

	/* Dump out chain names first,
	 * thereby preventing dependency conflicts */
	for (chain = ip6tc_first_chain(h);
	     chain;
	     chain = ip6tc_next_chain(h)) {

		printf(":%s ", chain);
		if (ip6tc_builtin(chain, h)) {
			struct xt_counters count;
			printf("%s ",
			       ip6tc_get_policy(chain, &count, h));
			printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
		} else {
			printf("- [0:0]\n");
		}
	}

	for (chain = ip6tc_first_chain(h);
	     chain;
	     chain = ip6tc_next_chain(h)) {
		const struct ip6t_entry *e;

		/* Dump out rules */
		e = ip6tc_first_rule(chain, h);
		while(e) {
			print_rule6(e, h, chain, show_counters);
			e = ip6tc_next_rule(e, h);
		}
	}

	now = time(NULL);
	printf("COMMIT\n");
	printf("# Completed on %s", ctime(&now));
	ip6tc_free(h);

	return 1;
}
Exemple #2
0
static int
ip6tc_init_verify_append(const char * table,
                         const char * chain,
                         struct ip6t_entry * e)
{
	IP6TC_HANDLE h;

	h = ip6tc_init(table);
	if(!h) {
		syslog(LOG_ERR, "ip6tc_init error : %s", ip6tc_strerror(errno));
		return -1;
	}
	if(!ip6tc_is_chain(chain, h)) {
		syslog(LOG_ERR, "chain %s not found", chain);
		goto error;
	}
	if(!ip6tc_append_entry(chain, e, h)) {
		syslog(LOG_ERR, "ip6tc_append_entry() error : %s", ip6tc_strerror(errno));
		goto error;
	}
	if(!ip6tc_commit(h)) {
		syslog(LOG_ERR, "ip6tc_commit() error : %s", ip6tc_strerror(errno));
		goto error;
	}
	return 0;	/* ok */
error:
	ip6tc_free(h);
	return -1;
}
Exemple #3
0
int
get_pinhole_info(unsigned short uid,
                 char * rem_host, int rem_hostlen, unsigned short * rem_port,
                 char * int_client, int int_clientlen, unsigned short * int_port,
                 int * proto, unsigned int * timestamp,
                 u_int64_t * packets, u_int64_t * bytes)
{
	struct pinhole_t * p;

	p = get_pinhole(uid);
	if(!p)
		return -2;	/* Not found */
	if(rem_host) {
		if(inet_ntop(AF_INET6, &p->saddr, rem_host, rem_hostlen) == NULL)
			return -1;
	}
	if(rem_port)
		*rem_port = p->sport;
	if(int_client) {
		if(inet_ntop(AF_INET6, &p->daddr, int_client, int_clientlen) == NULL)
			return -1;
	}
	if(int_port)
		*int_port = p->dport;
	if(proto)
		*proto = p->proto;
	if(timestamp)
		*timestamp = p->timestamp;
	if(packets || bytes) {
		/* theses informations need to be read from netfilter */
		IP6TC_HANDLE h;
		const struct ip6t_entry * e;
		const struct ip6t_entry_match * match;
		h = ip6tc_init("filter");
		if(!h) {
			syslog(LOG_ERR, "ip6tc_init error : %s", ip6tc_strerror(errno));
			return -1;
		}
		for(e = ip6tc_first_rule(miniupnpd_v6_filter_chain, h);
		    e;
		    e = ip6tc_next_rule(e, h)) {
			if((e->ipv6.proto == p->proto) &&
			   (0 == memcmp(&e->ipv6.src, &p->saddr, sizeof(e->ipv6.src))) &&
			   (0 == memcmp(&e->ipv6.dst, &p->daddr, sizeof(e->ipv6.dst)))) {
				const struct ip6t_tcp * info;
				match = (const struct ip6t_entry_match *)&e->elems;
				info = (const struct ip6t_tcp *)&match->data;
				if((info->spts[0] == p->sport) && (info->dpts[0] == p->dport)) {
					if(packets)
						*packets = e->counters.pcnt;
					if(bytes)
						*bytes = e->counters.bcnt;
					break;
				}
			}
		}
		ip6tc_free(h);
	}
	return 0;
}
Exemple #4
0
int
delete_pinhole(unsigned short uid)
{
	struct pinhole_t * p;
	IP6TC_HANDLE h;
	const struct ip6t_entry * e;
	const struct ip6t_entry_match *match = NULL;
	/*const struct ip6t_entry_target *target = NULL;*/
	unsigned int index;

	p = get_pinhole(uid);
	if(!p)
		return -2;	/* not found */

	h = ip6tc_init("filter");
	if(!h) {
		syslog(LOG_ERR, "ip6tc_init error : %s", ip6tc_strerror(errno));
		return -1;
	}
	if(!ip6tc_is_chain(miniupnpd_v6_filter_chain, h)) {
		syslog(LOG_ERR, "chain %s not found", miniupnpd_v6_filter_chain);
		goto error;
	}
	index = 0;
	for(e = ip6tc_first_rule(miniupnpd_v6_filter_chain, h);
	    e;
	    e = ip6tc_next_rule(e, h)) {
		if((e->ipv6.proto == p->proto) &&
		   (0 == memcmp(&e->ipv6.src, &p->saddr, sizeof(e->ipv6.src))) &&
		   (0 == memcmp(&e->ipv6.dst, &p->daddr, sizeof(e->ipv6.dst)))) {
			const struct ip6t_tcp * info;
			match = (const struct ip6t_entry_match *)&e->elems;
			info = (const struct ip6t_tcp *)&match->data;
			if((info->spts[0] == p->sport) && (info->dpts[0] == p->dport)) {
				if(!ip6tc_delete_num_entry(miniupnpd_v6_filter_chain, index, h)) {
					syslog(LOG_ERR, "ip6tc_delete_num_entry(%s,%u,...): %s",
					       miniupnpd_v6_filter_chain, index, ip6tc_strerror(errno));
					goto error;
				}
				if(!ip6tc_commit(h)) {
					syslog(LOG_ERR, "ip6tc_commit(): %s",
					       ip6tc_strerror(errno));
					goto error;
				}
				ip6tc_free(h);
				LIST_REMOVE(p, entries);
				return 0;	/* ok */
			}
		}
		index++;
	}
	ip6tc_free(h);
	syslog(LOG_WARNING, "delete_pinhole() rule with PID=%hu not found", uid);
	LIST_REMOVE(p, entries);
	return -2;	/* not found */
error:
	ip6tc_free(h);
	return -1;
}
Exemple #5
0
/* Initializes a new iptables instance and returns an iptables resource associated with the new iptables table */
struct ip6tc_handle* ip6tables_open ( const char* tablename )
{
	struct ip6tc_handle *h ;

	if ( !( h = ip6tc_init ( tablename ) ) )
		return NULL ;

	return h ;
}
Exemple #6
0
ip6tc_handle_t create_handle(const char *tablename, const char* modprobe)
{
	ip6tc_handle_t handle;

	handle = ip6tc_init(tablename);

	if (!handle) {
		/* try to insmod the module if iptc_init failed */
		ip6tables_insmod("ip6_tables", modprobe);
		handle = ip6tc_init(tablename);
	}

	if (!handle) {
		exit_error(PARAMETER_PROBLEM, "%s: unable to initialize"
			"table '%s'\n", program_name, tablename);
		exit(1);
	}
	return handle;
}
static struct ip6tc_handle *create_handle(const char *tablename)
{
	struct ip6tc_handle *handle;

	handle = ip6tc_init(tablename);

	if (!handle) {
		/* try to insmod the module if iptc_init failed */
		xtables_load_ko(xtables_modprobe_program, false);
		handle = ip6tc_init(tablename);
	}

	if (!handle) {
		xtables_error(PARAMETER_PROBLEM, "%s: unable to initialize "
			"table '%s'\n", ip6tables_globals.program_name,
			tablename);
		exit(1);
	}
	return handle;
}
Exemple #8
0
static int do_output(const char *tablename)
{
	ip6tc_handle_t h;
	const char *chain = NULL;

	if (!tablename)
		return for_each_table(&do_output);

	h = ip6tc_init(tablename);
	if (!h)
 		exit_error(OTHER_PROBLEM, "Can't initialize: %s\n",
			   ip6tc_strerror(errno));

	if (!binary) {
		time_t now = time(NULL);

		printf("# Generated by ip6tables-save v%s on %s",
		       IPTABLES_VERSION, ctime(&now));
		printf("*%s\n", tablename);

		/* Dump out chain names first, 
		 * thereby preventing dependency conflicts */
		for (chain = ip6tc_first_chain(&h);
		     chain;
		     chain = ip6tc_next_chain(&h)) {

			printf(":%s ", chain);
			if (ip6tc_builtin(chain, h)) {
				struct ip6t_counters count;
				printf("%s ",
				       ip6tc_get_policy(chain, &count, &h));
				printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
			} else {
				printf("- [0:0]\n");
			}
		}


		for (chain = ip6tc_first_chain(&h);
		     chain;
		     chain = ip6tc_next_chain(&h)) {
			const struct ip6t_entry *e;

			/* Dump out rules */
			e = ip6tc_first_rule(chain, &h);
			while(e) {
				print_rule(e, &h, chain, counters);
				e = ip6tc_next_rule(e, &h);
			}
		}

		now = time(NULL);
		printf("COMMIT\n");
		printf("# Completed on %s", ctime(&now));
	} else {
		/* Binary, huh?  OK. */
		exit_error(OTHER_PROBLEM, "Binary NYI\n");
	}

	ip6tc_free(&h);

	return 1;
}