summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--iptables/ip6tables.c23
-rw-r--r--iptables/iptables.c28
-rw-r--r--iptables/nft-ipv4.c13
-rw-r--r--iptables/nft-ipv6.c6
-rw-r--r--iptables/nft-shared.c29
-rw-r--r--iptables/nft-shared.h6
-rw-r--r--iptables/xshared.c32
-rw-r--r--iptables/xshared.h4
8 files changed, 50 insertions, 91 deletions
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 1c9b0761..eacbf704 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -707,19 +707,6 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
return found;
}
-static void print_proto(uint16_t proto, int invert)
-{
- if (proto) {
- const char *pname = proto_to_name(proto, 0);
- const char *invertstr = invert ? " !" : "";
-
- if (pname)
- printf("%s -p %s", invertstr, pname);
- else
- printf("%s -p %u", invertstr, proto);
- }
-}
-
static int print_match_save(const struct xt_entry_match *e,
const struct ip6t_ip6 *ip)
{
@@ -795,13 +782,9 @@ void print_rule6(const struct ip6t_entry *e,
print_ip("-d", &(e->ipv6.dst), &(e->ipv6.dmsk),
e->ipv6.invflags & IP6T_INV_DSTIP);
- save_iface('i', e->ipv6.iniface, e->ipv6.iniface_mask,
- e->ipv6.invflags & IP6T_INV_VIA_IN);
-
- save_iface('o', e->ipv6.outiface, e->ipv6.outiface_mask,
- e->ipv6.invflags & IP6T_INV_VIA_OUT);
-
- print_proto(e->ipv6.proto, e->ipv6.invflags & XT_INV_PROTO);
+ save_rule_details(e->ipv6.iniface, e->ipv6.iniface_mask,
+ e->ipv6.outiface, e->ipv6.outiface_mask,
+ e->ipv6.proto, 0, e->ipv6.invflags);
#if 0
/* not definied in ipv6
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 7802bd6d..85fb7bdc 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -699,19 +699,6 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
return found;
}
-static void print_proto(uint16_t proto, int invert)
-{
- if (proto) {
- const char *pname = proto_to_name(proto, 0);
- const char *invertstr = invert ? " !" : "";
-
- if (pname)
- printf("%s -p %s", invertstr, pname);
- else
- printf("%s -p %u", invertstr, proto);
- }
-}
-
#define IP_PARTS_NATIVE(n) \
(unsigned int)((n)>>24)&0xFF, \
(unsigned int)((n)>>16)&0xFF, \
@@ -804,17 +791,10 @@ void print_rule4(const struct ipt_entry *e,
print_ip("-d", e->ip.dst.s_addr, e->ip.dmsk.s_addr,
e->ip.invflags & IPT_INV_DSTIP);
- save_iface('i', e->ip.iniface, e->ip.iniface_mask,
- e->ip.invflags & IPT_INV_VIA_IN);
-
- save_iface('o', e->ip.outiface, e->ip.outiface_mask,
- e->ip.invflags & IPT_INV_VIA_OUT);
-
- print_proto(e->ip.proto, e->ip.invflags & XT_INV_PROTO);
-
- if (e->ip.flags & IPT_F_FRAG)
- printf("%s -f",
- e->ip.invflags & IPT_INV_FRAG ? " !" : "");
+ save_rule_details(e->ip.iniface, e->ip.iniface_mask,
+ e->ip.outiface, e->ip.outiface_mask,
+ e->ip.proto, e->ip.flags & IPT_F_FRAG,
+ e->ip.invflags);
/* Print matchinfo part */
if (e->target_offset)
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 287112d0..39d6e612 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -317,15 +317,10 @@ static void nft_ipv4_save_rule(const void *data, unsigned int format)
save_ipv4_addr('d', &cs->fw.ip.dst, cs->fw.ip.dmsk.s_addr,
cs->fw.ip.invflags & IPT_INV_DSTIP);
- save_rule_details(cs, cs->fw.ip.invflags, cs->fw.ip.proto,
- cs->fw.ip.iniface, cs->fw.ip.iniface_mask,
- cs->fw.ip.outiface, cs->fw.ip.outiface_mask);
-
- if (cs->fw.ip.flags & IPT_F_FRAG) {
- if (cs->fw.ip.invflags & IPT_INV_FRAG)
- printf(" !");
- printf(" -f");
- }
+ save_rule_details(cs->fw.ip.iniface, cs->fw.ip.iniface_mask,
+ cs->fw.ip.outiface, cs->fw.ip.outiface_mask,
+ cs->fw.ip.proto, cs->fw.ip.flags & IPT_F_FRAG,
+ cs->fw.ip.invflags);
save_matches_and_target(cs, cs->fw.ip.flags & IPT_F_GOTO,
&cs->fw, format);
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 845937b1..0c73cedd 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -253,9 +253,9 @@ static void nft_ipv6_save_rule(const void *data, unsigned int format)
save_ipv6_addr('d', &cs->fw6.ipv6.dst, &cs->fw6.ipv6.dmsk,
cs->fw6.ipv6.invflags & IP6T_INV_DSTIP);
- save_rule_details(cs, cs->fw6.ipv6.invflags, cs->fw6.ipv6.proto,
- cs->fw6.ipv6.iniface, cs->fw6.ipv6.iniface_mask,
- cs->fw6.ipv6.outiface, cs->fw6.ipv6.outiface_mask);
+ save_rule_details(cs->fw6.ipv6.iniface, cs->fw6.ipv6.iniface_mask,
+ cs->fw6.ipv6.outiface, cs->fw6.ipv6.outiface_mask,
+ cs->fw6.ipv6.proto, 0, cs->fw6.ipv6.invflags);
save_matches_and_target(cs, cs->fw6.ipv6.flags & IP6T_F_GOTO,
&cs->fw6, format);
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index b86cc086..168c2246 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -785,35 +785,6 @@ void print_rule_details(const struct iptables_command_state *cs,
}
}
-void save_rule_details(const struct iptables_command_state *cs,
- uint8_t invflags, uint16_t proto,
- const char *iniface,
- unsigned const char *iniface_mask,
- const char *outiface,
- unsigned const char *outiface_mask)
-{
- if (iniface != NULL) {
- save_iface('i', iniface, iniface_mask,
- invflags & IPT_INV_VIA_IN);
- }
- if (outiface != NULL) {
- save_iface('o', outiface, outiface_mask,
- invflags & IPT_INV_VIA_OUT);
- }
-
- if (proto > 0) {
- const char *pname = proto_to_name(proto, 0);
-
- if (invflags & XT_INV_PROTO)
- printf(" !");
-
- if (pname)
- printf(" -p %s", pname);
- else
- printf(" -p %u", proto);
- }
-}
-
void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy)
{
const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 339c46e7..cac5757f 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -173,12 +173,6 @@ void print_rule_details(const struct iptables_command_state *cs,
unsigned int num, unsigned int format);
void print_matches_and_target(struct iptables_command_state *cs,
unsigned int format);
-void save_rule_details(const struct iptables_command_state *cs,
- uint8_t invflags, uint16_t proto,
- const char *iniface,
- unsigned const char *iniface_mask,
- const char *outiface,
- unsigned const char *outiface_mask);
void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy);
void save_matches_and_target(const struct iptables_command_state *cs,
bool goto_flag, const void *fw,
diff --git a/iptables/xshared.c b/iptables/xshared.c
index db03aaaa..db701ead 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -941,3 +941,35 @@ void parse_chain(const char *chainname)
xtables_error(PARAMETER_PROBLEM,
"Invalid chain name `%s'", chainname);
}
+
+void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
+ const char *outiface, unsigned const char *outiface_mask,
+ uint16_t proto, int frag, uint8_t invflags)
+{
+ if (iniface != NULL) {
+ save_iface('i', iniface, iniface_mask,
+ invflags & IPT_INV_VIA_IN);
+ }
+ if (outiface != NULL) {
+ save_iface('o', outiface, outiface_mask,
+ invflags & IPT_INV_VIA_OUT);
+ }
+
+ if (proto > 0) {
+ const char *pname = proto_to_name(proto, 0);
+
+ if (invflags & XT_INV_PROTO)
+ printf(" !");
+
+ if (pname)
+ printf(" -p %s", pname);
+ else
+ printf(" -p %u", proto);
+ }
+
+ if (frag) {
+ if (invflags & IPT_INV_FRAG)
+ printf(" !");
+ printf(" -f");
+ }
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 3281ce58..484ade12 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -242,4 +242,8 @@ void parse_chain(const char *chainname);
void generic_opt_check(int command, int options);
char opt2char(int option);
+void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
+ const char *outiface, unsigned const char *outiface_mask,
+ uint16_t proto, int frag, uint8_t invflags);
+
#endif /* IPTABLES_XSHARED_H */