summaryrefslogtreecommitdiffstats
path: root/ip6tables.c
diff options
context:
space:
mode:
Diffstat (limited to 'ip6tables.c')
-rw-r--r--ip6tables.c47
1 files changed, 28 insertions, 19 deletions
diff --git a/ip6tables.c b/ip6tables.c
index 3beeddf6..967a5f80 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -124,15 +124,11 @@ static struct option original_opts[] = {
{.name = "modprobe", .has_arg = 1, .val = 'M'},
{.name = "set-counters", .has_arg = 1, .val = 'c'},
{.name = "goto", .has_arg = 1, .val = 'g'},
+ {.name = "ipv4", .has_arg = 0, .val = '4'},
+ {.name = "ipv6", .has_arg = 0, .val = '6'},
{NULL},
};
-/* we need this for ip6tables-restore. ip6tables-restore.c sets line to the
- * current line of the input file, in order to give a more precise error
- * message. ip6tables itself doesn't need this, so it is initialized to the
- * magic number of -1 */
-int line = -1;
-
void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals ip6tables_globals = {
.option_offset = 0,
@@ -254,6 +250,8 @@ exit_printhelp(const struct xtables_rule_match *matches)
" Change chain name, (moving any references)\n"
"Options:\n"
+" --ipv4 -4 Error (line is ignored by ip6tables-restore)\n"
+" --ipv6 -6 Nothing (line is ignored by iptables-restore)\n"
"[!] --proto -p proto protocol: by number or name, eg. `tcp'\n"
"[!] --source -s address[/mask][,...]\n"
" source specification\n"
@@ -859,7 +857,7 @@ check_entry(const ip6t_chainlabel chain, struct ip6t_entry *fw,
}
int
-for_each_chain(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *),
+for_each_chain6(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *),
int verbose, int builtinstoo, struct ip6tc_handle *handle)
{
int ret = 1;
@@ -895,11 +893,11 @@ for_each_chain(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *),
}
int
-flush_entries(const ip6t_chainlabel chain, int verbose,
+flush_entries6(const ip6t_chainlabel chain, int verbose,
struct ip6tc_handle *handle)
{
if (!chain)
- return for_each_chain(flush_entries, verbose, 1, handle);
+ return for_each_chain6(flush_entries6, verbose, 1, handle);
if (verbose)
fprintf(stdout, "Flushing chain `%s'\n", chain);
@@ -911,7 +909,7 @@ zero_entries(const ip6t_chainlabel chain, int verbose,
struct ip6tc_handle *handle)
{
if (!chain)
- return for_each_chain(zero_entries, verbose, 1, handle);
+ return for_each_chain6(zero_entries, verbose, 1, handle);
if (verbose)
fprintf(stdout, "Zeroing chain `%s'\n", chain);
@@ -919,11 +917,11 @@ zero_entries(const ip6t_chainlabel chain, int verbose,
}
int
-delete_chain(const ip6t_chainlabel chain, int verbose,
+delete_chain6(const ip6t_chainlabel chain, int verbose,
struct ip6tc_handle *handle)
{
if (!chain)
- return for_each_chain(delete_chain, verbose, 0, handle);
+ return for_each_chain6(delete_chain6, verbose, 0, handle);
if (verbose)
fprintf(stdout, "Deleting chain `%s'\n", chain);
@@ -1083,7 +1081,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip,
/* We want this to be readable, so only print out neccessary fields.
* Because that's the kind of world I want to live in. */
-void print_rule(const struct ip6t_entry *e,
+void print_rule6(const struct ip6t_entry *e,
struct ip6tc_handle *h, const char *chain, int counters)
{
const struct ip6t_entry_target *t;
@@ -1215,7 +1213,7 @@ list_rules(const ip6t_chainlabel chain, int rulenum, int counters,
while(e) {
num++;
if (!rulenum || num == rulenum)
- print_rule(e, handle, this, counters);
+ print_rule6(e, handle, this, counters);
e = ip6tc_next_rule(e, handle);
}
found = 1;
@@ -1425,11 +1423,11 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
cs.jumpto = "";
cs.argv = argv;
- /* re-set optind to 0 in case do_command gets called
+ /* re-set optind to 0 in case do_command6 gets called
* a second time */
optind = 0;
- /* clear mflags in case do_command gets called a second time
+ /* clear mflags in case do_command6 gets called a second time
* (we clear the global list of all matches for security)*/
for (m = xtables_matches; m; m = m->next)
m->mflags = 0;
@@ -1445,7 +1443,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
opts = xt_params->orig_opts;
while ((cs.c = getopt_long(argc, argv,
- "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:g:",
+ "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:g:46",
opts, NULL)) != -1) {
switch (cs.c) {
/*
@@ -1762,6 +1760,17 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
cs.fw6.counters.bcnt = cnt;
break;
+ case '4':
+ /* This is not the IPv4 iptables */
+ if (line != -1)
+ return 1; /* success: line ignored */
+ fprintf(stderr, "This is the IPv6 version of ip6tables.\n");
+ exit_tryhelp(2);
+
+ case '6':
+ /* This is indeed the IPv6 ip6tables */
+ break;
+
case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') {
if (cs.invert)
@@ -1953,7 +1962,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
*handle);
break;
case CMD_FLUSH:
- ret = flush_entries(chain, cs.options&OPT_VERBOSE, *handle);
+ ret = flush_entries6(chain, cs.options&OPT_VERBOSE, *handle);
break;
case CMD_ZERO:
ret = zero_entries(chain, cs.options&OPT_VERBOSE, *handle);
@@ -1994,7 +2003,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
ret = ip6tc_create_chain(chain, *handle);
break;
case CMD_DELETE_CHAIN:
- ret = delete_chain(chain, cs.options&OPT_VERBOSE, *handle);
+ ret = delete_chain6(chain, cs.options&OPT_VERBOSE, *handle);
break;
case CMD_RENAME_CHAIN:
ret = ip6tc_rename_chain(chain, newname, *handle);