From 8da04ffdca1931402a6bc22c43c1a2fa1c6f1e14 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 19 Sep 2018 15:16:59 +0200 Subject: Share print_ipv{4,6}_addr() from xtables These functions contain code which occurs in legacy's print_firewall() functions, so use them there. Rename them to at least make clear they print more than a single address. Also introduce ipv{4,6}_addr_to_string() which take care of converting an address/netmask pair into string representation in a way which doesn't upset covscan (since that didn't detect that 'buf' may not be exceeded by the strings written into it. Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal --- iptables/nft-ipv6.c | 39 +-------------------------------------- 1 file changed, 1 insertion(+), 38 deletions(-) (limited to 'iptables/nft-ipv6.c') diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index b1b20ba1..1952164e 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -191,43 +191,6 @@ static void nft_ipv6_parse_immediate(const char *jumpto, bool nft_goto, cs->fw6.ipv6.flags |= IP6T_F_GOTO; } -static void print_ipv6_addr(const struct iptables_command_state *cs, - unsigned int format) -{ - char buf[BUFSIZ]; - - fputc(cs->fw6.ipv6.invflags & IP6T_INV_SRCIP ? '!' : ' ', stdout); - if (IN6_IS_ADDR_UNSPECIFIED(&cs->fw6.ipv6.src) - && !(format & FMT_NUMERIC)) - printf(FMT("%-19s ","%s "), "anywhere"); - else { - if (format & FMT_NUMERIC) - strcpy(buf, - xtables_ip6addr_to_numeric(&cs->fw6.ipv6.src)); - else - strcpy(buf, - xtables_ip6addr_to_anyname(&cs->fw6.ipv6.src)); - strcat(buf, xtables_ip6mask_to_numeric(&cs->fw6.ipv6.smsk)); - printf(FMT("%-19s ","%s "), buf); - } - - - fputc(cs->fw6.ipv6.invflags & IP6T_INV_DSTIP ? '!' : ' ', stdout); - if (IN6_IS_ADDR_UNSPECIFIED(&cs->fw6.ipv6.dst) - && !(format & FMT_NUMERIC)) - printf(FMT("%-19s ","-> %s"), "anywhere"); - else { - if (format & FMT_NUMERIC) - strcpy(buf, - xtables_ip6addr_to_numeric(&cs->fw6.ipv6.dst)); - else - strcpy(buf, - xtables_ip6addr_to_anyname(&cs->fw6.ipv6.dst)); - strcat(buf, xtables_ip6mask_to_numeric(&cs->fw6.ipv6.dmsk)); - printf(FMT("%-19s ","-> %s"), buf); - } -} - static void nft_ipv6_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format) { @@ -245,7 +208,7 @@ static void nft_ipv6_print_rule(struct nftnl_rule *r, unsigned int num, } print_ifaces(cs.fw6.ipv6.iniface, cs.fw6.ipv6.outiface, cs.fw6.ipv6.invflags, format); - print_ipv6_addr(&cs, format); + print_ipv6_addresses(&cs.fw6, format); if (format & FMT_NOTABLE) fputs(" ", stdout); -- cgit v1.2.3