diff options
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | extensions/libipt_string.c | 11 | ||||
-rw-r--r-- | include/ip6tables.h | 5 | ||||
-rw-r--r-- | ip6tables.c | 23 | ||||
-rw-r--r-- | iptables-restore.c | 13 | ||||
-rw-r--r-- | iptables-save.c | 4 | ||||
-rw-r--r-- | iptables.c | 3 |
7 files changed, 50 insertions, 13 deletions
@@ -32,8 +32,8 @@ EXTRAS+=iptables iptables.o EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables $(DESTDIR)$(MANDIR)/man8/iptables.8 # Still experimental. -EXTRAS_EXP+=iptables-save iptables-restore -EXTRA_INSTALLS_EXP:=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 +EXTRAS_EXP+=iptables-save iptables-restore ip6tables-save ip6tables-restore +EXTRA_INSTALLS_EXP:=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8 ifdef DO_IPV6 EXTRAS+=ip6tables ip6tables.o diff --git a/extensions/libipt_string.c b/extensions/libipt_string.c index 25dacdc..51e5828 100644 --- a/extensions/libipt_string.c +++ b/extensions/libipt_string.c @@ -1,6 +1,12 @@ /* Shared library add-on to iptables to add string matching support. * * Copyright (C) 2000 Emmanuel Roger <winfield@freegates.be> + * + * ChangeLog + * 27.01.2001: Gianni Tedesco <gianni@ecsc.co.uk> + * Changed --tos to --string in save(). Also + * updated to work with slightly modified + * ipt_string_info. */ #include <stdio.h> #include <netdb.h> @@ -38,7 +44,7 @@ init(struct ipt_entry_match *m, unsigned int *nfcache) static void parse_string(const unsigned char *s, struct ipt_string_info *info) { - if (strlen(s) <= 255) strcpy(info->string, s); + if (strlen(s) <= BM_MAX_LEN) strcpy(info->string, s); else exit_error(PARAMETER_PROBLEM, "STRING too long `%s'", s); } @@ -59,6 +65,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, parse_string(argv[optind-1], stringinfo); if (invert) stringinfo->invert = 1; + stringinfo->len=strlen((char *)&stringinfo->string); *flags = 1; break; @@ -101,7 +108,7 @@ print(const struct ipt_ip *ip, static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) { - printf("--tos "); + printf("--string "); print_string(((struct ipt_string_info *)match->data)->string, ((struct ipt_string_info *)match->data)->invert, 0); } diff --git a/include/ip6tables.h b/include/ip6tables.h index 2cbf2a3..8e20ade 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -116,4 +116,9 @@ enum ip6t_tryload { extern struct ip6tables_target *find_target6(const char *name, enum ip6t_tryload); extern struct ip6tables_match *find_match6(const char *name, enum ip6t_tryload); + +extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle); +extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); +extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); + #endif /*_IP6TABLES_USER_H*/ diff --git a/ip6tables.c b/ip6tables.c index 045b4ba..8eae6b4 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -190,6 +190,8 @@ static const struct pprot chain_protos[] = { { "tcp", IPPROTO_TCP }, { "udp", IPPROTO_UDP }, { "icmpv6", IPPROTO_ICMPV6 }, + { "esp", IPPROTO_ESP }, + { "ah", IPPROTO_AH }, { "all", 0 }, }; @@ -452,6 +454,7 @@ addr_to_host(const struct in6_addr *addr) { struct hostent *host; + /* TODO: gets errno 96 (EPFNOSUPPORT) on Debian/Sid. Got only AF_INET! */ if ((host = gethostbyaddr((char *) addr, sizeof(struct in_addr), AF_INET6)) != NULL) return (char *) host->h_name; @@ -462,7 +465,12 @@ addr_to_host(const struct in6_addr *addr) static char * addr_to_numeric(const struct in6_addr *addrp) { - static char buf[20]; + // static char buf[20]; + // ADDR tags + sep. + \0 + // 0000:0000:0000:0000:0000:0000:0000:000.000.000.000 + // (but inet_ntop() supports only + // 0000:0000:0000:0000:0000:0000:0000:0000 format now.) + static char buf[50+1]; return (char *)inet_ntop(AF_INET6, addrp, buf, sizeof buf); } @@ -1277,7 +1285,8 @@ check_packet(const ip6t_chainlabel chain, return ret; } -static int +//static int +int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle) { @@ -1313,7 +1322,8 @@ for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), return ret; } -static int +//static int +int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle) { @@ -1337,7 +1347,8 @@ zero_entries(const ip6t_chainlabel chain, int verbose, return ip6tc_zero_entries(chain, handle); } -static int +//static int +int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle) { @@ -1805,9 +1816,9 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND | CMD_CHECK)) { if (!(options & OPT_DESTINATION)) - dhostnetworkmask = "0.0.0.0/0"; + dhostnetworkmask = "::0/0"; if (!(options & OPT_SOURCE)) - shostnetworkmask = "0.0.0.0/0"; + shostnetworkmask = "::0/0"; } if (shostnetworkmask) diff --git a/iptables-restore.c b/iptables-restore.c index 475f345..b4a8135 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -4,7 +4,7 @@ * * This coude is distributed under the terms of GNU GPL * - * $Id$ + * $Id: iptables-restore.c,v 1.8 2001/01/23 22:54:34 laforge Exp $ */ #include <getopt.h> @@ -252,6 +252,15 @@ int main(int argc, char *argv[]) argvsize = 8; } + // strtok initcialize! + if ( buffer[0]!='[' ) + { + if (!(newargv[argvsize] = strtok(buffer, " \t\n"))) + goto ImLaMeR; + //break; + argvsize++; + } + /* strtok: a function only a coder could love */ for (i = argvsize; i < sizeof(newargv)/sizeof(char *); i++) { @@ -259,7 +268,7 @@ int main(int argc, char *argv[]) break; ptr = NULL; } - if (i == sizeof(newargv)/sizeof(char *)) { +ImLaMeR: if (i == sizeof(newargv)/sizeof(char *)) { fprintf(stderr, "%s: line %u too many arguments\n", program_name, line); diff --git a/iptables-save.c b/iptables-save.c index c66554d..f648efa 100644 --- a/iptables-save.c +++ b/iptables-save.c @@ -63,11 +63,13 @@ struct pprot { u_int8_t num; }; -/* FIXME: why don't we use /etc/services ? */ +/* FIXME: why don't we use /etc/protocols ? */ static const struct pprot chain_protos[] = { { "tcp", IPPROTO_TCP }, { "udp", IPPROTO_UDP }, { "icmp", IPPROTO_ICMP }, + { "esp", IPPROTO_ESP }, + { "ah", IPPROTO_AH }, }; static void print_proto(u_int16_t proto, int invert) @@ -207,12 +207,15 @@ struct pprot { }; /* Primitive headers... */ +/* defined in netinet/in.h */ +#if 0 #ifndef IPPROTO_ESP #define IPPROTO_ESP 50 #endif #ifndef IPPROTO_AH #define IPPROTO_AH 51 #endif +#endif static const struct pprot chain_protos[] = { { "tcp", IPPROTO_TCP }, |