diff options
author | Phil Sutter <phil@nwl.cc> | 2018-09-19 15:16:59 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-09-24 11:24:14 +0200 |
commit | 8da04ffdca1931402a6bc22c43c1a2fa1c6f1e14 (patch) | |
tree | 0da5d47d5f8d071c79ba0817c2a2be5dcf4f4bb2 /iptables/xshared.c | |
parent | b686594b976ddbfb1809ecfe016784bb53bbe9ac (diff) |
Share print_ipv{4,6}_addr() from xtables
These functions contain code which occurs in legacy's print_firewall()
functions, so use them there.
Rename them to at least make clear they print more than a single
address.
Also introduce ipv{4,6}_addr_to_string() which take care of converting
an address/netmask pair into string representation in a way which
doesn't upset covscan (since that didn't detect that 'buf' may not be
exceeded by the strings written into it.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/xshared.c')
-rw-r--r-- | iptables/xshared.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/iptables/xshared.c b/iptables/xshared.c index 492e0087..d30e7232 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -502,3 +502,69 @@ void add_param_to_argv(char *parsestart, int line) param_len = 0; } } + +static const char *ipv4_addr_to_string(const struct in_addr *addr, + const struct in_addr *mask, + unsigned int format) +{ + static char buf[BUFSIZ]; + + if (!mask->s_addr && !(format & FMT_NUMERIC)) + return "anywhere"; + + if (format & FMT_NUMERIC) + strncpy(buf, xtables_ipaddr_to_numeric(addr), BUFSIZ - 1); + else + strncpy(buf, xtables_ipaddr_to_anyname(addr), BUFSIZ - 1); + buf[BUFSIZ - 1] = '\0'; + + strncat(buf, xtables_ipmask_to_numeric(mask), + BUFSIZ - strlen(buf) - 1); + + return buf; +} + +void print_ipv4_addresses(const struct ipt_entry *fw, unsigned int format) +{ + fputc(fw->ip.invflags & IPT_INV_SRCIP ? '!' : ' ', stdout); + printf(FMT("%-19s ", "%s "), + ipv4_addr_to_string(&fw->ip.src, &fw->ip.smsk, format)); + + fputc(fw->ip.invflags & IPT_INV_DSTIP ? '!' : ' ', stdout); + printf(FMT("%-19s ", "-> %s"), + ipv4_addr_to_string(&fw->ip.dst, &fw->ip.dmsk, format)); +} + +static const char *ipv6_addr_to_string(const struct in6_addr *addr, + const struct in6_addr *mask, + unsigned int format) +{ + static char buf[BUFSIZ]; + + if (IN6_IS_ADDR_UNSPECIFIED(addr) && !(format & FMT_NUMERIC)) + return "anywhere"; + + if (format & FMT_NUMERIC) + strncpy(buf, xtables_ip6addr_to_numeric(addr), BUFSIZ - 1); + else + strncpy(buf, xtables_ip6addr_to_anyname(addr), BUFSIZ - 1); + buf[BUFSIZ - 1] = '\0'; + + strncat(buf, xtables_ip6mask_to_numeric(mask), + BUFSIZ - strlen(buf) - 1); + + return buf; +} + +void print_ipv6_addresses(const struct ip6t_entry *fw6, unsigned int format) +{ + fputc(fw6->ipv6.invflags & IP6T_INV_SRCIP ? '!' : ' ', stdout); + printf(FMT("%-19s ", "%s "), + ipv6_addr_to_string(&fw6->ipv6.src, + &fw6->ipv6.smsk, format)); + + fputc(fw6->ipv6.invflags & IP6T_INV_DSTIP ? '!' : ' ', stdout); + printf(FMT("%-19s ", "-> %s"), + ipv6_addr_to_string(&fw6->ipv6.dst, + &fw6->ipv6.dmsk, format)); +} |