From 8da04ffdca1931402a6bc22c43c1a2fa1c6f1e14 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 19 Sep 2018 15:16:59 +0200 Subject: Share print_ipv{4,6}_addr() from xtables These functions contain code which occurs in legacy's print_firewall() functions, so use them there. Rename them to at least make clear they print more than a single address. Also introduce ipv{4,6}_addr_to_string() which take care of converting an address/netmask pair into string representation in a way which doesn't upset covscan (since that didn't detect that 'buf' may not be exceeded by the strings written into it. Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal --- iptables/xshared.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) (limited to 'iptables/xshared.c') diff --git a/iptables/xshared.c b/iptables/xshared.c index 492e0087..d30e7232 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -502,3 +502,69 @@ void add_param_to_argv(char *parsestart, int line) param_len = 0; } } + +static const char *ipv4_addr_to_string(const struct in_addr *addr, + const struct in_addr *mask, + unsigned int format) +{ + static char buf[BUFSIZ]; + + if (!mask->s_addr && !(format & FMT_NUMERIC)) + return "anywhere"; + + if (format & FMT_NUMERIC) + strncpy(buf, xtables_ipaddr_to_numeric(addr), BUFSIZ - 1); + else + strncpy(buf, xtables_ipaddr_to_anyname(addr), BUFSIZ - 1); + buf[BUFSIZ - 1] = '\0'; + + strncat(buf, xtables_ipmask_to_numeric(mask), + BUFSIZ - strlen(buf) - 1); + + return buf; +} + +void print_ipv4_addresses(const struct ipt_entry *fw, unsigned int format) +{ + fputc(fw->ip.invflags & IPT_INV_SRCIP ? '!' : ' ', stdout); + printf(FMT("%-19s ", "%s "), + ipv4_addr_to_string(&fw->ip.src, &fw->ip.smsk, format)); + + fputc(fw->ip.invflags & IPT_INV_DSTIP ? '!' : ' ', stdout); + printf(FMT("%-19s ", "-> %s"), + ipv4_addr_to_string(&fw->ip.dst, &fw->ip.dmsk, format)); +} + +static const char *ipv6_addr_to_string(const struct in6_addr *addr, + const struct in6_addr *mask, + unsigned int format) +{ + static char buf[BUFSIZ]; + + if (IN6_IS_ADDR_UNSPECIFIED(addr) && !(format & FMT_NUMERIC)) + return "anywhere"; + + if (format & FMT_NUMERIC) + strncpy(buf, xtables_ip6addr_to_numeric(addr), BUFSIZ - 1); + else + strncpy(buf, xtables_ip6addr_to_anyname(addr), BUFSIZ - 1); + buf[BUFSIZ - 1] = '\0'; + + strncat(buf, xtables_ip6mask_to_numeric(mask), + BUFSIZ - strlen(buf) - 1); + + return buf; +} + +void print_ipv6_addresses(const struct ip6t_entry *fw6, unsigned int format) +{ + fputc(fw6->ipv6.invflags & IP6T_INV_SRCIP ? '!' : ' ', stdout); + printf(FMT("%-19s ", "%s "), + ipv6_addr_to_string(&fw6->ipv6.src, + &fw6->ipv6.smsk, format)); + + fputc(fw6->ipv6.invflags & IP6T_INV_DSTIP ? '!' : ' ', stdout); + printf(FMT("%-19s ", "-> %s"), + ipv6_addr_to_string(&fw6->ipv6.dst, + &fw6->ipv6.dmsk, format)); +} -- cgit v1.2.3