diff options
author | Phil Sutter <phil@nwl.cc> | 2020-11-17 02:49:32 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2021-11-23 15:01:23 +0100 |
commit | 24f30842d979da464c1c3ef106d2efa66a480735 (patch) | |
tree | 9223ffde1be3e9c53c3a9feced463706c9cb7b33 /iptables/iptables.c | |
parent | a323c28331a4807252b11a7a078dc68af82399ef (diff) |
xshared: Share print_header() with legacy iptables
Legacy iptables fetches the relevant data via libiptc before calling the
shared routine which merely prints data as requested.
Drop the 'basechain' parameter, instead make sure a policy name is
passed only with base chains. Since the function is not shared with
ebtables (which uses a very rudimental header instead), this is safe.
In order to support legacy iptables' checking of iptc_get_references()
return code (printing an error message instead of the reference count),
make refs parameter signed and print the error message if it's negative.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/iptables.c')
-rw-r--r-- | iptables/iptables.c | 64 |
1 files changed, 12 insertions, 52 deletions
diff --git a/iptables/iptables.c b/iptables/iptables.c index 12a5423e..ac51c612 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -224,56 +224,6 @@ iptables_exit_error(enum xtables_exittype status, const char *msg, ...) /* Christophe Burki wants `-p 6' to imply `-m tcp'. */ -static void -print_header(unsigned int format, const char *chain, struct xtc_handle *handle) -{ - struct xt_counters counters; - const char *pol = iptc_get_policy(chain, &counters, handle); - printf("Chain %s", chain); - if (pol) { - printf(" (policy %s", pol); - if (!(format & FMT_NOCOUNTS)) { - fputc(' ', stdout); - xtables_print_num(counters.pcnt, (format|FMT_NOTABLE)); - fputs("packets, ", stdout); - xtables_print_num(counters.bcnt, (format|FMT_NOTABLE)); - fputs("bytes", stdout); - } - printf(")\n"); - } else { - unsigned int refs; - if (!iptc_get_references(&refs, chain, handle)) - printf(" (ERROR obtaining refs)\n"); - else - printf(" (%u references)\n", refs); - } - - if (format & FMT_LINENUMBERS) - printf(FMT("%-4s ", "%s "), "num"); - if (!(format & FMT_NOCOUNTS)) { - if (format & FMT_KILOMEGAGIGA) { - printf(FMT("%5s ","%s "), "pkts"); - printf(FMT("%5s ","%s "), "bytes"); - } else { - printf(FMT("%8s ","%s "), "pkts"); - printf(FMT("%10s ","%s "), "bytes"); - } - } - if (!(format & FMT_NOTARGET)) - printf(FMT("%-9s ","%s "), "target"); - fputs(" prot ", stdout); - if (format & FMT_OPTIONS) - fputs("opt", stdout); - if (format & FMT_VIA) { - printf(FMT(" %-6s ","%s "), "in"); - printf(FMT("%-6s ","%s "), "out"); - } - printf(FMT(" %-19s ","%s "), "source"); - printf(FMT(" %-19s "," %s "), "destination"); - printf("\n"); -} - - static int print_match(const struct xt_entry_match *m, const struct ipt_ip *ip, @@ -652,8 +602,18 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric, if (found) printf("\n"); - if (!rulenum) - print_header(format, this, handle); + if (!rulenum) { + struct xt_counters counters; + unsigned int urefs; + const char *pol; + int refs = -1; + + pol = iptc_get_policy(this, &counters, handle); + if (!pol && iptc_get_references(&urefs, this, handle)) + refs = urefs; + + print_header(format, this, pol, &counters, refs, 0); + } i = iptc_first_rule(this, handle); num = 0; |