diff options
Diffstat (limited to 'ip6tables.c')
-rw-r--r-- | ip6tables.c | 47 |
1 files changed, 28 insertions, 19 deletions
diff --git a/ip6tables.c b/ip6tables.c index 3beeddf6..967a5f80 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -124,15 +124,11 @@ static struct option original_opts[] = { {.name = "modprobe", .has_arg = 1, .val = 'M'}, {.name = "set-counters", .has_arg = 1, .val = 'c'}, {.name = "goto", .has_arg = 1, .val = 'g'}, + {.name = "ipv4", .has_arg = 0, .val = '4'}, + {.name = "ipv6", .has_arg = 0, .val = '6'}, {NULL}, }; -/* we need this for ip6tables-restore. ip6tables-restore.c sets line to the - * current line of the input file, in order to give a more precise error - * message. ip6tables itself doesn't need this, so it is initialized to the - * magic number of -1 */ -int line = -1; - void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3))); struct xtables_globals ip6tables_globals = { .option_offset = 0, @@ -254,6 +250,8 @@ exit_printhelp(const struct xtables_rule_match *matches) " Change chain name, (moving any references)\n" "Options:\n" +" --ipv4 -4 Error (line is ignored by ip6tables-restore)\n" +" --ipv6 -6 Nothing (line is ignored by iptables-restore)\n" "[!] --proto -p proto protocol: by number or name, eg. `tcp'\n" "[!] --source -s address[/mask][,...]\n" " source specification\n" @@ -859,7 +857,7 @@ check_entry(const ip6t_chainlabel chain, struct ip6t_entry *fw, } int -for_each_chain(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *), +for_each_chain6(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *), int verbose, int builtinstoo, struct ip6tc_handle *handle) { int ret = 1; @@ -895,11 +893,11 @@ for_each_chain(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *), } int -flush_entries(const ip6t_chainlabel chain, int verbose, +flush_entries6(const ip6t_chainlabel chain, int verbose, struct ip6tc_handle *handle) { if (!chain) - return for_each_chain(flush_entries, verbose, 1, handle); + return for_each_chain6(flush_entries6, verbose, 1, handle); if (verbose) fprintf(stdout, "Flushing chain `%s'\n", chain); @@ -911,7 +909,7 @@ zero_entries(const ip6t_chainlabel chain, int verbose, struct ip6tc_handle *handle) { if (!chain) - return for_each_chain(zero_entries, verbose, 1, handle); + return for_each_chain6(zero_entries, verbose, 1, handle); if (verbose) fprintf(stdout, "Zeroing chain `%s'\n", chain); @@ -919,11 +917,11 @@ zero_entries(const ip6t_chainlabel chain, int verbose, } int -delete_chain(const ip6t_chainlabel chain, int verbose, +delete_chain6(const ip6t_chainlabel chain, int verbose, struct ip6tc_handle *handle) { if (!chain) - return for_each_chain(delete_chain, verbose, 0, handle); + return for_each_chain6(delete_chain6, verbose, 0, handle); if (verbose) fprintf(stdout, "Deleting chain `%s'\n", chain); @@ -1083,7 +1081,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip, /* We want this to be readable, so only print out neccessary fields. * Because that's the kind of world I want to live in. */ -void print_rule(const struct ip6t_entry *e, +void print_rule6(const struct ip6t_entry *e, struct ip6tc_handle *h, const char *chain, int counters) { const struct ip6t_entry_target *t; @@ -1215,7 +1213,7 @@ list_rules(const ip6t_chainlabel chain, int rulenum, int counters, while(e) { num++; if (!rulenum || num == rulenum) - print_rule(e, handle, this, counters); + print_rule6(e, handle, this, counters); e = ip6tc_next_rule(e, handle); } found = 1; @@ -1425,11 +1423,11 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand cs.jumpto = ""; cs.argv = argv; - /* re-set optind to 0 in case do_command gets called + /* re-set optind to 0 in case do_command6 gets called * a second time */ optind = 0; - /* clear mflags in case do_command gets called a second time + /* clear mflags in case do_command6 gets called a second time * (we clear the global list of all matches for security)*/ for (m = xtables_matches; m; m = m->next) m->mflags = 0; @@ -1445,7 +1443,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand opts = xt_params->orig_opts; while ((cs.c = getopt_long(argc, argv, - "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:g:", + "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:g:46", opts, NULL)) != -1) { switch (cs.c) { /* @@ -1762,6 +1760,17 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand cs.fw6.counters.bcnt = cnt; break; + case '4': + /* This is not the IPv4 iptables */ + if (line != -1) + return 1; /* success: line ignored */ + fprintf(stderr, "This is the IPv6 version of ip6tables.\n"); + exit_tryhelp(2); + + case '6': + /* This is indeed the IPv6 ip6tables */ + break; + case 1: /* non option */ if (optarg[0] == '!' && optarg[1] == '\0') { if (cs.invert) @@ -1953,7 +1962,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand *handle); break; case CMD_FLUSH: - ret = flush_entries(chain, cs.options&OPT_VERBOSE, *handle); + ret = flush_entries6(chain, cs.options&OPT_VERBOSE, *handle); break; case CMD_ZERO: ret = zero_entries(chain, cs.options&OPT_VERBOSE, *handle); @@ -1994,7 +2003,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand ret = ip6tc_create_chain(chain, *handle); break; case CMD_DELETE_CHAIN: - ret = delete_chain(chain, cs.options&OPT_VERBOSE, *handle); + ret = delete_chain6(chain, cs.options&OPT_VERBOSE, *handle); break; case CMD_RENAME_CHAIN: ret = ip6tc_rename_chain(chain, newname, *handle); |