static void print_entry(char *prefix, const struct ipt_policy_elem *e,
int numeric)
{
if (e->match.reqid) {
PRINT_INVERT(e->invert.reqid);
printf("%sreqid %u ", prefix, e->reqid);
}
if (e->match.spi) {
PRINT_INVERT(e->invert.spi);
printf("%sspi 0x%x ", prefix, e->spi);
}
if (e->match.proto) {
PRINT_INVERT(e->invert.proto);
print_proto(prefix, e->proto, numeric);
}
if (e->match.mode) {
PRINT_INVERT(e->invert.mode);
print_mode(prefix, e->mode, numeric);
}
if (e->match.daddr) {
PRINT_INVERT(e->invert.daddr);
printf("%stunnel-dst %s%s ", prefix,
addr_to_dotted((struct in_addr *)&e->daddr),
mask_to_dotted((struct in_addr *)&e->dmask));
}
if (e->match.saddr) {
PRINT_INVERT(e->invert.saddr);
printf("%stunnel-src %s%s ", prefix,
addr_to_dotted((struct in_addr *)&e->saddr),
mask_to_dotted((struct in_addr *)&e->smask));
}
}
static void print_entry(const char *prefix, const struct xt_policy_elem *e,
bool numeric, uint8_t family)
{
if (e->match.reqid) {
PRINT_INVERT(e->invert.reqid);
printf("%sreqid %u ", prefix, e->reqid);
}
if (e->match.spi) {
PRINT_INVERT(e->invert.spi);
printf("%sspi 0x%x ", prefix, e->spi);
}
if (e->match.proto) {
PRINT_INVERT(e->invert.proto);
print_proto(prefix, e->proto, numeric);
}
if (e->match.mode) {
PRINT_INVERT(e->invert.mode);
print_mode(prefix, e->mode, numeric);
}
if (e->match.daddr) {
PRINT_INVERT(e->invert.daddr);
if (family == NFPROTO_IPV6)
printf("%stunnel-dst %s%s ", prefix,
xtables_ip6addr_to_numeric(&e->daddr.a6),
xtables_ip6mask_to_numeric(&e->dmask.a6));
else
printf("%stunnel-dst %s%s ", prefix,
xtables_ipaddr_to_numeric(&e->daddr.a4),
xtables_ipmask_to_numeric(&e->dmask.a4));
}
if (e->match.saddr) {
PRINT_INVERT(e->invert.saddr);
if (family == NFPROTO_IPV6)
printf("%stunnel-src %s%s ", prefix,
xtables_ip6addr_to_numeric(&e->saddr.a6),
xtables_ip6mask_to_numeric(&e->smask.a6));
else
printf("%stunnel-src %s%s ", prefix,
xtables_ipaddr_to_numeric(&e->saddr.a4),
xtables_ipmask_to_numeric(&e->smask.a4));
}
}
