summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlaforge <laforge>2001-02-26 17:31:20 +0000
committerlaforge <laforge>2001-02-26 17:31:20 +0000
commit9a429943c16c491ba867ef7db1d64078dea645e9 (patch)
tree828149f26538839f8338504058c76608235c3465
parentaa6cc13605cc317e1f5d5ff113e893f1676dc103 (diff)
ip6tables-save/-restore by Kis-Szabo Andras
-rw-r--r--Makefile4
-rw-r--r--extensions/libipt_string.c11
-rw-r--r--include/ip6tables.h5
-rw-r--r--ip6tables.c23
-rw-r--r--iptables-restore.c13
-rw-r--r--iptables-save.c4
-rw-r--r--iptables.c3
7 files changed, 50 insertions, 13 deletions
diff --git a/Makefile b/Makefile
index 06ed9df..43b5e47 100644
--- a/Makefile
+++ b/Makefile
@@ -32,8 +32,8 @@ EXTRAS+=iptables iptables.o
EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables $(DESTDIR)$(MANDIR)/man8/iptables.8
# Still experimental.
-EXTRAS_EXP+=iptables-save iptables-restore
-EXTRA_INSTALLS_EXP:=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8
+EXTRAS_EXP+=iptables-save iptables-restore ip6tables-save ip6tables-restore
+EXTRA_INSTALLS_EXP:=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
ifdef DO_IPV6
EXTRAS+=ip6tables ip6tables.o
diff --git a/extensions/libipt_string.c b/extensions/libipt_string.c
index 25dacdc..51e5828 100644
--- a/extensions/libipt_string.c
+++ b/extensions/libipt_string.c
@@ -1,6 +1,12 @@
/* Shared library add-on to iptables to add string matching support.
*
* Copyright (C) 2000 Emmanuel Roger <winfield@freegates.be>
+ *
+ * ChangeLog
+ * 27.01.2001: Gianni Tedesco <gianni@ecsc.co.uk>
+ * Changed --tos to --string in save(). Also
+ * updated to work with slightly modified
+ * ipt_string_info.
*/
#include <stdio.h>
#include <netdb.h>
@@ -38,7 +44,7 @@ init(struct ipt_entry_match *m, unsigned int *nfcache)
static void
parse_string(const unsigned char *s, struct ipt_string_info *info)
{
- if (strlen(s) <= 255) strcpy(info->string, s);
+ if (strlen(s) <= BM_MAX_LEN) strcpy(info->string, s);
else exit_error(PARAMETER_PROBLEM, "STRING too long `%s'", s);
}
@@ -59,6 +65,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
parse_string(argv[optind-1], stringinfo);
if (invert)
stringinfo->invert = 1;
+ stringinfo->len=strlen((char *)&stringinfo->string);
*flags = 1;
break;
@@ -101,7 +108,7 @@ print(const struct ipt_ip *ip,
static void
save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
{
- printf("--tos ");
+ printf("--string ");
print_string(((struct ipt_string_info *)match->data)->string,
((struct ipt_string_info *)match->data)->invert, 0);
}
diff --git a/include/ip6tables.h b/include/ip6tables.h
index 2cbf2a3..8e20ade 100644
--- a/include/ip6tables.h
+++ b/include/ip6tables.h
@@ -116,4 +116,9 @@ enum ip6t_tryload {
extern struct ip6tables_target *find_target6(const char *name, enum ip6t_tryload);
extern struct ip6tables_match *find_match6(const char *name, enum ip6t_tryload);
+
+extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle);
+extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
+extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
+
#endif /*_IP6TABLES_USER_H*/
diff --git a/ip6tables.c b/ip6tables.c
index 045b4ba..8eae6b4 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -190,6 +190,8 @@ static const struct pprot chain_protos[] = {
{ "tcp", IPPROTO_TCP },
{ "udp", IPPROTO_UDP },
{ "icmpv6", IPPROTO_ICMPV6 },
+ { "esp", IPPROTO_ESP },
+ { "ah", IPPROTO_AH },
{ "all", 0 },
};
@@ -452,6 +454,7 @@ addr_to_host(const struct in6_addr *addr)
{
struct hostent *host;
+ /* TODO: gets errno 96 (EPFNOSUPPORT) on Debian/Sid. Got only AF_INET! */
if ((host = gethostbyaddr((char *) addr,
sizeof(struct in_addr), AF_INET6)) != NULL)
return (char *) host->h_name;
@@ -462,7 +465,12 @@ addr_to_host(const struct in6_addr *addr)
static char *
addr_to_numeric(const struct in6_addr *addrp)
{
- static char buf[20];
+ // static char buf[20];
+ // ADDR tags + sep. + \0
+ // 0000:0000:0000:0000:0000:0000:0000:000.000.000.000
+ // (but inet_ntop() supports only
+ // 0000:0000:0000:0000:0000:0000:0000:0000 format now.)
+ static char buf[50+1];
return (char *)inet_ntop(AF_INET6, addrp, buf, sizeof buf);
}
@@ -1277,7 +1285,8 @@ check_packet(const ip6t_chainlabel chain,
return ret;
}
-static int
+//static int
+int
for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *),
int verbose, int builtinstoo, ip6tc_handle_t *handle)
{
@@ -1313,7 +1322,8 @@ for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *),
return ret;
}
-static int
+//static int
+int
flush_entries(const ip6t_chainlabel chain, int verbose,
ip6tc_handle_t *handle)
{
@@ -1337,7 +1347,8 @@ zero_entries(const ip6t_chainlabel chain, int verbose,
return ip6tc_zero_entries(chain, handle);
}
-static int
+//static int
+int
delete_chain(const ip6t_chainlabel chain, int verbose,
ip6tc_handle_t *handle)
{
@@ -1805,9 +1816,9 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND |
CMD_CHECK)) {
if (!(options & OPT_DESTINATION))
- dhostnetworkmask = "0.0.0.0/0";
+ dhostnetworkmask = "::0/0";
if (!(options & OPT_SOURCE))
- shostnetworkmask = "0.0.0.0/0";
+ shostnetworkmask = "::0/0";
}
if (shostnetworkmask)
diff --git a/iptables-restore.c b/iptables-restore.c
index 475f345..b4a8135 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -4,7 +4,7 @@
*
* This coude is distributed under the terms of GNU GPL
*
- * $Id$
+ * $Id: iptables-restore.c,v 1.8 2001/01/23 22:54:34 laforge Exp $
*/
#include <getopt.h>
@@ -252,6 +252,15 @@ int main(int argc, char *argv[])
argvsize = 8;
}
+ // strtok initcialize!
+ if ( buffer[0]!='[' )
+ {
+ if (!(newargv[argvsize] = strtok(buffer, " \t\n")))
+ goto ImLaMeR;
+ //break;
+ argvsize++;
+ }
+
/* strtok: a function only a coder could love */
for (i = argvsize; i < sizeof(newargv)/sizeof(char *);
i++) {
@@ -259,7 +268,7 @@ int main(int argc, char *argv[])
break;
ptr = NULL;
}
- if (i == sizeof(newargv)/sizeof(char *)) {
+ImLaMeR: if (i == sizeof(newargv)/sizeof(char *)) {
fprintf(stderr,
"%s: line %u too many arguments\n",
program_name, line);
diff --git a/iptables-save.c b/iptables-save.c
index c66554d..f648efa 100644
--- a/iptables-save.c
+++ b/iptables-save.c
@@ -63,11 +63,13 @@ struct pprot {
u_int8_t num;
};
-/* FIXME: why don't we use /etc/services ? */
+/* FIXME: why don't we use /etc/protocols ? */
static const struct pprot chain_protos[] = {
{ "tcp", IPPROTO_TCP },
{ "udp", IPPROTO_UDP },
{ "icmp", IPPROTO_ICMP },
+ { "esp", IPPROTO_ESP },
+ { "ah", IPPROTO_AH },
};
static void print_proto(u_int16_t proto, int invert)
diff --git a/iptables.c b/iptables.c
index 86f1aa1..c11186c 100644
--- a/iptables.c
+++ b/iptables.c
@@ -207,12 +207,15 @@ struct pprot {
};
/* Primitive headers... */
+/* defined in netinet/in.h */
+#if 0
#ifndef IPPROTO_ESP
#define IPPROTO_ESP 50
#endif
#ifndef IPPROTO_AH
#define IPPROTO_AH 51
#endif
+#endif
static const struct pprot chain_protos[] = {
{ "tcp", IPPROTO_TCP },