- xt_RAWNAT: ensure correct operation in the presence of IPv4 options
- xt_geoip: do not throw a warnings when country database is size 0
- xt_quota2: print "!" at the correct position during iptables-save
+Changes:
+- Make print (iptables -L) output the same as save (-S)
v2.2 (2013-03-31)
"may be specified");
}
-static void chaos_tg_print(const void *ip,
- const struct xt_entry_target *target, int numeric)
-{
- const struct xt_chaos_tginfo *info = (const void *)target->data;
-
- switch (info->variant) {
- case XTCHAOS_DELUDE:
- printf(" DELUDE ");
- break;
- case XTCHAOS_TARPIT:
- printf(" TARPIT ");
- break;
- }
-}
-
static void chaos_tg_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_chaos_tginfo *info = (const void *)target->data;
}
}
+static void chaos_tg_print(const void *ip,
+ const struct xt_entry_target *target, int numeric)
+{
+ printf(" -j CHAOS");
+ chaos_tg_save(ip, target);
+}
+
static struct xtables_target chaos_tg_reg = {
.version = XTABLES_VERSION,
.name = "CHAOS",
"--set-mac parameter required");
}
-static void dhcpmac_tg_print(const void *ip,
- const struct xt_entry_target *target, int numeric)
-{
- const struct dhcpmac_info *info = (void *)target->data;
-
- printf(" DHCPMAC %s" DH_MAC_FMT "/%u ",
- info->invert ? "!" : "", DH_MAC_HEX(info->addr), info->mask);
-}
-
static void dhcpmac_tg_save(const void *ip,
const struct xt_entry_target *target)
{
DH_MAC_HEX(info->addr), info->mask);
}
+static void dhcpmac_tg_print(const void *ip,
+ const struct xt_entry_target *target, int numeric)
+{
+ printf(" -j DHCPMAC");
+ dhcpmac_tg_save(ip, target);
+}
+
static struct xtables_target dhcpmac_tg_reg = {
.version = XTABLES_VERSION,
.name = "DHCPMAC",
printf("/%d", bits);
}
-static void DNETMAP_print(const void *ip, const struct xt_entry_target *target,
- int numeric)
-{
- struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data;
- const __u8 *flags = &tginfo->flags;
-
- printf(" prefix ");
- if (*flags & XT_DNETMAP_PREFIX)
- DNETMAP_print_addr(ip, target, numeric);
- else
- printf("any");
-
- if (*flags & XT_DNETMAP_REUSE)
- printf(" reuse");
-
- if (*flags & XT_DNETMAP_STATIC)
- printf(" static");
-
- if (*flags & XT_DNETMAP_PERSISTENT)
- printf(" persistent");
-
- if (*flags & XT_DNETMAP_TTL)
- printf(" ttl %i", tginfo->ttl);
- else
- printf(" ttl default");
-}
-
static void DNETMAP_save(const void *ip, const struct xt_entry_target *target)
{
struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data;
printf(" --ttl %i ", tginfo->ttl);
}
+static void DNETMAP_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ printf(" -j DNETMAP");
+ DNETMAP_save(ip, target);
+}
+
static struct xtables_target dnetmap_tg_reg = {
.name = MODULENAME,
.version = XTABLES_VERSION,
"IPMARK target: Parameter --addr is required");
}
-static void
-ipmark_tg_print(const void *entry, const struct xt_entry_target *target,
- int numeric)
-{
- const struct xt_ipmark_tginfo *info = (const void *)target->data;
-
- if (info->selector == XT_IPMARK_SRC)
- printf(" IPMARK src ip ");
- else
- printf(" IPMARK dst ip ");
-
- if (info->shift != 0)
- printf(" shift %u ", (unsigned int)info->shift);
- if (info->andmask != ~0U)
- printf(" and 0x%x ", (unsigned int)info->andmask);
- if (info->ormask != 0)
- printf(" or 0x%x ", (unsigned int)info->ormask);
-}
-
static void
ipmark_tg_save(const void *entry, const struct xt_entry_target *target)
{
printf(" --or-mask 0x%x ", (unsigned int)info->ormask);
}
+static void
+ipmark_tg_print(const void *entry, const struct xt_entry_target *target,
+ int numeric)
+{
+ printf(" -j IPMARK");
+ ipmark_tg_save(entry, target);
+}
+
static struct xtables_target ipmark_tg_reg = {
.version = XTABLES_VERSION,
.name = "IPMARK",
return false;
}
-static void
-logmark_tg_print(const void *ip, const struct xt_entry_target *target,
- int numeric)
-{
- const struct xt_logmark_tginfo *info = (void *)target->data;
-
- printf(" LOGMARK level %u prefix \"%s\" ", info->level, info->prefix);
-}
-
static void
logmark_tg_save(const void *ip, const struct xt_entry_target *target)
{
printf(" --log-prefix \"%s\" ", info->prefix);
}
+static void
+logmark_tg_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ printf(" -j LOGMARK");
+ logmark_tg_save(ip, target);
+}
+
static struct xtables_target logmark_tg_reg = {
.version = XTABLES_VERSION,
.name = "LOGMARK",
}
static void
-rawdnat_tg4_print(const void *entry, const struct xt_entry_target *target,
- int numeric)
+rawdnat_tg4_save(const void *entry, const struct xt_entry_target *target)
{
const struct xt_rawnat_tginfo *info = (const void *)target->data;
- if (!numeric && info->mask == 32)
- printf(" to-destination %s ",
- xtables_ipaddr_to_anyname(&info->addr.in));
- else
- printf(" to-destination %s/%u ",
- xtables_ipaddr_to_numeric(&info->addr.in), info->mask);
+ printf(" --to-destination %s/%u ",
+ xtables_ipaddr_to_numeric(&info->addr.in),
+ info->mask);
}
static void
-rawdnat_tg6_print(const void *entry, const struct xt_entry_target *target,
+rawdnat_tg4_print(const void *entry, const struct xt_entry_target *target,
int numeric)
{
- const struct xt_rawnat_tginfo *info = (const void *)target->data;
-
- if (!numeric && info->mask == 128)
- printf(" to-destination %s ",
- xtables_ip6addr_to_anyname(&info->addr.in6));
- else
- printf(" to-destination %s/%u ",
- xtables_ip6addr_to_numeric(&info->addr.in6), info->mask);
+ printf(" -j RAWDNAT");
+ rawdnat_tg4_save(entry, target);
}
static void
-rawdnat_tg4_save(const void *entry, const struct xt_entry_target *target)
+rawdnat_tg6_save(const void *entry, const struct xt_entry_target *target)
{
const struct xt_rawnat_tginfo *info = (const void *)target->data;
printf(" --to-destination %s/%u ",
- xtables_ipaddr_to_numeric(&info->addr.in),
+ xtables_ip6addr_to_numeric(&info->addr.in6),
info->mask);
}
static void
-rawdnat_tg6_save(const void *entry, const struct xt_entry_target *target)
+rawdnat_tg6_print(const void *entry, const struct xt_entry_target *target,
+ int numeric)
{
- const struct xt_rawnat_tginfo *info = (const void *)target->data;
-
- printf(" --to-destination %s/%u ",
- xtables_ip6addr_to_numeric(&info->addr.in6),
- info->mask);
+ printf(" -j RAWDNAT");
+ rawdnat_tg6_save(entry, target);
}
static struct xtables_target rawdnat_tg_reg[] = {
"\"--to-source\" is required.");
}
-static void
-rawsnat_tg4_print(const void *entry, const struct xt_entry_target *target,
- int numeric)
-{
- const struct xt_rawnat_tginfo *info = (const void *)target->data;
-
- if (!numeric && info->mask == 32)
- printf(" to-source %s ",
- xtables_ipaddr_to_anyname(&info->addr.in));
- else
- printf(" to-source %s/%u ",
- xtables_ipaddr_to_numeric(&info->addr.in), info->mask);
-}
-
-static void
-rawsnat_tg6_print(const void *entry, const struct xt_entry_target *target,
- int numeric)
-{
- const struct xt_rawnat_tginfo *info = (const void *)target->data;
-
- if (!numeric && info->mask == 128)
- printf(" to-source %s ",
- xtables_ip6addr_to_anyname(&info->addr.in6));
- else
- printf(" to-source %s/%u ",
- xtables_ip6addr_to_numeric(&info->addr.in6), info->mask);
-}
-
static void
rawsnat_tg4_save(const void *entry, const struct xt_entry_target *target)
{
info->mask);
}
+static void
+rawsnat_tg4_print(const void *entry, const struct xt_entry_target *target,
+ int numeric)
+{
+ printf(" -j RAWSNAT");
+ rawsnat_tg4_save(entry, target);
+}
+
+static void
+rawsnat_tg6_print(const void *entry, const struct xt_entry_target *target,
+ int numeric)
+{
+ printf(" -j RAWSNAT");
+ rawsnat_tg6_save(entry, target);
+}
+
static struct xtables_target rawsnat_tg_reg[] = {
{
.version = XTABLES_VERSION,
"TARPIT: only one action can be used at a time");
}
-static void tarpit_tg_print(const void *ip,
- const struct xt_entry_target *target, int numeric)
-{
- const struct xt_tarpit_tginfo *info = (void *)target->data;
-
- switch (info->variant) {
- case XTTARPIT_HONEYPOT:
- printf(" honeypot mode ");
- break;
- case XTTARPIT_RESET:
- printf(" reset mode ");
- break;
- default:
- printf(" tarpit mode ");
- break;
- }
-}
-
static void tarpit_tg_save(const void *ip,
const struct xt_entry_target *target)
{
}
}
+static void tarpit_tg_print(const void *ip,
+ const struct xt_entry_target *target, int numeric)
+{
+ printf(" -j TARPIT");
+ tarpit_tg_save(ip, target);
+}
+
static struct xtables_target tarpit_tg_reg = {
.version = XTABLES_VERSION,
.name = "TARPIT",
"Condition match: must specify --condition");
}
-static void condition_print(const void *ip, const struct xt_entry_match *match,
- int numeric)
+static void condition_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_condition_mtinfo *info = (const void *)match->data;
- printf(" condition %s%s ", (info->invert) ? "!" : "", info->name);
+ printf("%s --condition \"%s\" ", info->invert ? " !" : "", info->name);
}
-
-static void condition_save(const void *ip, const struct xt_entry_match *match)
+static void condition_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
{
- const struct xt_condition_mtinfo *info = (const void *)match->data;
-
- printf("%s --condition \"%s\" ", info->invert ? " !" : "", info->name);
+ printf(" -m condition");
+ condition_save(ip, match);
}
static struct xtables_match condition_mt_reg = {
"--mac parameter required");
}
-static void dhcpmac_mt_print(const void *ip,
- const struct xt_entry_match *match, int numeric)
-{
- const struct dhcpmac_info *info = (void *)match->data;
-
- printf(" dhcpmac %s" DH_MAC_FMT "/%u ",
- info->invert ? "!" : "", DH_MAC_HEX(info->addr), info->mask);
-}
-
static void dhcpmac_mt_save(const void *ip,
const struct xt_entry_match *match)
{
DH_MAC_HEX(info->addr), info->mask);
}
+static void dhcpmac_mt_print(const void *ip,
+ const struct xt_entry_match *match, int numeric)
+{
+ printf(" -m dhcpmac");
+ dhcpmac_mt_save(ip, match);
+}
+
static struct xtables_match dhcpmac_mt_reg = {
.version = XTABLES_VERSION,
.name = "dhcpmac",
{
}
-static void fuzzy_mt_print(const void *ip, const struct xt_entry_match *match,
- int numeric)
-{
- const struct xt_fuzzy_mtinfo *info = (const void *)match->data;
-
- printf(" fuzzy: lower limit = %u pps - upper limit = %u pps ",
- info->minimum_rate, info->maximum_rate);
-}
-
static void fuzzy_mt_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_fuzzy_mtinfo *info = (const void *)match->data;
printf(" --upper-limit %u ", info->maximum_rate);
}
+static void fuzzy_mt_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ printf(" -m fuzzy");
+ fuzzy_mt_save(ip, match);
+}
+
static struct xtables_match fuzzy_mt_reg = {
.name = "fuzzy",
.revision = 1,
"geoip: missing arguments");
}
-static void
-geoip_print(const void *ip, const struct xt_entry_match *match, int numeric)
-{
- const struct xt_geoip_match_info *info = (void*)match->data;
-
- u_int8_t i;
-
- if (info->flags & XT_GEOIP_SRC)
- printf(" Source ");
- else
- printf(" Destination ");
-
- if (info->count > 1)
- printf("countries: ");
- else
- printf("country: ");
-
- if (info->flags & XT_GEOIP_INV)
- printf("! ");
-
- for (i = 0; i < info->count; i++)
- printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i]));
- printf(" ");
-}
-
static void
geoip_save(const void *ip, const struct xt_entry_match *match)
{
printf(" ");
}
+static void
+geoip_print(const void *ip, const struct xt_entry_match *match, int numeric)
+{
+ printf(" -m geoip");
+ geoip_save(ip, match);
+}
+
static struct xtables_match geoip_match[] = {
{
.family = NFPROTO_IPV6,
{
}
-static void gradm_mt_print(const void *ip, const struct xt_entry_match *match,
- int numeric)
-{
- const struct xt_gradm_mtinfo *info = (const void *)match->data;
-
- if (info->invflags)
- printf("gradm: disabled");
- else
- printf("gradm: enabled");
-}
-
static void gradm_mt_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_gradm_mtinfo *info = (const void *)match->data;
printf(" --enabled ");
}
+static void gradm_mt_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ printf(" -m gradm");
+ gradm_mt_save(ip, match);
+}
+
static struct xtables_match gradm_mt_reg = {
.family = NFPROTO_UNSPEC,
.name = "gradm",
"iface: You must specify at least one option");
}
-static void iface_mt_print(const void *ip, const struct xt_entry_match *match,
- int numeric)
-{
- const struct xt_iface_mtinfo *info = (const void *)match->data;
-
- printf(" iface: ");
- if (info->flags & XT_IFACE_DEV_IN)
- printf("(in)");
- else if (info->flags & XT_IFACE_DEV_OUT)
- printf("(out)");
- else
- printf("%s", info->ifname);
- printf(" [state:");
- iface_print_opt(info, XT_IFACE_UP, "up");
- iface_print_opt(info, XT_IFACE_BROADCAST, "broadcast");
- iface_print_opt(info, XT_IFACE_LOOPBACK, "loopback");
- iface_print_opt(info, XT_IFACE_POINTOPOINT, "pointopoint");
- iface_print_opt(info, XT_IFACE_RUNNING, "running");
- iface_print_opt(info, XT_IFACE_NOARP, "noarp");
- iface_print_opt(info, XT_IFACE_PROMISC, "promisc");
- iface_print_opt(info, XT_IFACE_MULTICAST, "multicast");
- iface_print_opt(info, XT_IFACE_DYNAMIC, "dynamic");
- iface_print_opt(info, XT_IFACE_LOWER_UP, "lower_up");
- iface_print_opt(info, XT_IFACE_DORMANT, "dormant");
- printf("] ");
-}
-
static void iface_mt_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_iface_mtinfo *info = (const void *)match->data;
printf(" ");
}
+static void iface_mt_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ printf(" -m iface");
+ iface_mt_save(ip, match);
+}
+
static struct xtables_match iface_mt_reg = {
.version = XTABLES_VERSION,
.name = "iface",
static void ipp2p_mt_print(const void *entry,
const struct xt_entry_match *match, int numeric)
{
- printf(" ipp2p ");
+ printf(" -m ipp2p ");
ipp2p_mt_print1(entry, match, true);
}
}
}
-static void ipv4options_mt_print(const void *ip,
- const struct xt_entry_match *match, int numeric)
-{
- const struct xt_ipv4options_mtinfo1 *info = (void *)match->data;
-
- printf(" ipv4options %s ",
- (info->flags & XT_V4OPTS_ANY) ? "any-of" : "all-of");
- ipv4options_print_flags(info, numeric);
- printf(" ");
-}
-
static void ipv4options_mt_save(const void *ip,
const struct xt_entry_match *match)
{
printf(" ");
}
+static void ipv4options_mt_print(const void *ip,
+ const struct xt_entry_match *match, int numeric)
+{
+ printf(" -m ipv4options");
+ ipv4options_mt_save(ip, match);
+}
+
static struct xtables_match ipv4options_mt_reg = {
.version = XTABLES_VERSION,
.name = "ipv4options",
"--layer3. Consider specifying it explicitly.\n");
}
-static void length_mt_print(const void *ip, const struct xt_entry_match *match,
- int numeric)
-{
- const struct xt_length_mtinfo2 *info = (const void *)match->data;
-
- if (info->flags & XT_LENGTH_LAYER3)
- printf(" layer3 ");
- else if (info->flags & XT_LENGTH_LAYER4)
- printf(" layer4 ");
- else if (info->flags & XT_LENGTH_LAYER5)
- printf(" layer5 ");
- else if (info->flags & XT_LENGTH_LAYER7)
- printf(" layer7 ");
- printf(" length ");
- if (info->flags & XT_LENGTH_INVERT)
- printf("! ");
- if (info->min == info->max)
- printf("%u ", (unsigned int)info->min);
- else
- printf("%u-%u ", (unsigned int)info->min,
- (unsigned int)info->max);
-}
-
static void length_mt_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_length_mtinfo2 *info = (const void *)match->data;
(unsigned int)info->max);
}
+static void length_mt_print(const void *ip, const struct xt_entry_match *match,
+ int numeric)
+{
+ printf(" -m length2");
+ length_mt_save(ip, match);
+}
+
static struct xtables_match length2_mt_reg = {
.version = XTABLES_VERSION,
.name = "length2",
{
}
-static void lscan_mt_print(const void *ip,
- const struct xt_entry_match *match, int numeric)
-{
- const struct xt_lscan_mtinfo *info = (const void *)(match->data);
- const char *s = "";
-
- printf(" lscan ");
- if (info->match_stealth) {
- printf("STEALTH");
- s = ",";
- }
- if (info->match_syn) {
- printf("%sSYNSCAN", s);
- s = ",";
- }
- if (info->match_cn) {
- printf("%sCNSCAN", s);
- s = ",";
- }
- if (info->match_gr)
- printf("%sGRSCAN", s);
- printf(" ");
-}
-
static void lscan_mt_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_lscan_mtinfo *info = (const void *)(match->data);
printf(" --grscan ");
}
+static void lscan_mt_print(const void *ip,
+ const struct xt_entry_match *match, int numeric)
+{
+ printf(" -m lscan");
+ lscan_mt_save(ip, match);
+}
+
static struct xtables_match lscan_mt_reg = {
.version = XTABLES_VERSION,
.name = "lscan",
/* Final check; nothing. */
static void psd_mt_final_check(unsigned int flags) {}
-/* Prints out the targinfo. */
-static void psd_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
-{
- const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data;
- printf(" psd ");
- printf("weight-threshold: %u ", psdinfo->weight_threshold);
- printf("delay-threshold: %u ", psdinfo->delay_threshold);
- printf("lo-ports-weight: %u ", psdinfo->lo_ports_weight);
- printf("hi-ports-weight: %u ", psdinfo->hi_ports_weight);
-}
-
-/* Saves the union ipt_targinfo in parsable form to stdout. */
static void psd_mt_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data;
printf("--psd-hi-ports-weight %u ", psdinfo->hi_ports_weight);
}
+static void psd_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
+{
+ printf(" -m psd");
+ psd_mt_save(ip, match);
+}
+
static struct xtables_match psd_mt_reg = {
.name = "psd",
.version = XTABLES_VERSION,
static void quota_mt2_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
- const struct xt_quota_mtinfo2 *q = (const void *)match->data;
-
- if (q->flags & XT_QUOTA_INVERT)
- printf(" !");
- if (q->flags & XT_QUOTA_GROW)
- printf(" counter");
- else
- printf(" quota");
- if (*q->name != '\0')
- printf(" %s:", q->name);
- printf(" %llu ", (unsigned long long)q->quota);
- if (q->flags & XT_QUOTA_PACKET)
- printf("packets ");
- else
- printf("bytes ");
- if (q->flags & XT_QUOTA_NO_CHANGE)
- printf("(no-change mode) ");
+ printf(" -m quota");
+ quota_mt2_save(ip, match);
}
static struct xtables_match quota_mt2_reg = {
projects / thirdparty / xtables-addons.git / commitdiff
