EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables $(DESTDIR)$(MANDIR)/man8/iptables.8
# Still experimental.
-EXTRAS_EXP+=iptables-save iptables-restore
-EXTRA_INSTALLS_EXP:=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8
+EXTRAS_EXP+=iptables-save iptables-restore ip6tables-save ip6tables-restore
+EXTRA_INSTALLS_EXP:=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
ifdef DO_IPV6
EXTRAS+=ip6tables ip6tables.o
/* Shared library add-on to iptables to add string matching support.
*
* Copyright (C) 2000 Emmanuel Roger <winfield@freegates.be>
+ *
+ * ChangeLog
+ * 27.01.2001: Gianni Tedesco <gianni@ecsc.co.uk>
+ * Changed --tos to --string in save(). Also
+ * updated to work with slightly modified
+ * ipt_string_info.
*/
#include <stdio.h>
#include <netdb.h>
static void
parse_string(const unsigned char *s, struct ipt_string_info *info)
{
- if (strlen(s) <= 255) strcpy(info->string, s);
+ if (strlen(s) <= BM_MAX_LEN) strcpy(info->string, s);
else exit_error(PARAMETER_PROBLEM, "STRING too long `%s'", s);
}
parse_string(argv[optind-1], stringinfo);
if (invert)
stringinfo->invert = 1;
+ stringinfo->len=strlen((char *)&stringinfo->string);
*flags = 1;
break;
static void
save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
{
- printf("--tos ");
+ printf("--string ");
print_string(((struct ipt_string_info *)match->data)->string,
((struct ipt_string_info *)match->data)->invert, 0);
}
extern struct ip6tables_target *find_target6(const char *name, enum ip6t_tryload);
extern struct ip6tables_match *find_match6(const char *name, enum ip6t_tryload);
+
+extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle);
+extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
+extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
+
#endif /*_IP6TABLES_USER_H*/
{ "tcp", IPPROTO_TCP },
{ "udp", IPPROTO_UDP },
{ "icmpv6", IPPROTO_ICMPV6 },
+ { "esp", IPPROTO_ESP },
+ { "ah", IPPROTO_AH },
{ "all", 0 },
};
{
struct hostent *host;
+ /* TODO: gets errno 96 (EPFNOSUPPORT) on Debian/Sid. Got only AF_INET! */
if ((host = gethostbyaddr((char *) addr,
sizeof(struct in_addr), AF_INET6)) != NULL)
return (char *) host->h_name;
static char *
addr_to_numeric(const struct in6_addr *addrp)
{
- static char buf[20];
+ // static char buf[20];
+ // ADDR tags + sep. + \0
+ // 0000:0000:0000:0000:0000:0000:0000:000.000.000.000
+ // (but inet_ntop() supports only
+ // 0000:0000:0000:0000:0000:0000:0000:0000 format now.)
+ static char buf[50+1];
return (char *)inet_ntop(AF_INET6, addrp, buf, sizeof buf);
}
return ret;
}
-static int
+//static int
+int
for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *),
int verbose, int builtinstoo, ip6tc_handle_t *handle)
{
return ret;
}
-static int
+//static int
+int
flush_entries(const ip6t_chainlabel chain, int verbose,
ip6tc_handle_t *handle)
{
return ip6tc_zero_entries(chain, handle);
}
-static int
+//static int
+int
delete_chain(const ip6t_chainlabel chain, int verbose,
ip6tc_handle_t *handle)
{
if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND |
CMD_CHECK)) {
if (!(options & OPT_DESTINATION))
- dhostnetworkmask = "0.0.0.0/0";
+ dhostnetworkmask = "::0/0";
if (!(options & OPT_SOURCE))
- shostnetworkmask = "0.0.0.0/0";
+ shostnetworkmask = "::0/0";
}
if (shostnetworkmask)
*
* This coude is distributed under the terms of GNU GPL
*
- * $Id$
+ * $Id: iptables-restore.c,v 1.8 2001/01/23 22:54:34 laforge Exp $
*/
#include <getopt.h>
argvsize = 8;
}
+ // strtok initcialize!
+ if ( buffer[0]!='[' )
+ {
+ if (!(newargv[argvsize] = strtok(buffer, " \t\n")))
+ goto ImLaMeR;
+ //break;
+ argvsize++;
+ }
+
/* strtok: a function only a coder could love */
for (i = argvsize; i < sizeof(newargv)/sizeof(char *);
i++) {
break;
ptr = NULL;
}
- if (i == sizeof(newargv)/sizeof(char *)) {
+ImLaMeR: if (i == sizeof(newargv)/sizeof(char *)) {
fprintf(stderr,
"%s: line %u too many arguments\n",
program_name, line);
u_int8_t num;
};
-/* FIXME: why don't we use /etc/services ? */
+/* FIXME: why don't we use /etc/protocols ? */
static const struct pprot chain_protos[] = {
{ "tcp", IPPROTO_TCP },
{ "udp", IPPROTO_UDP },
{ "icmp", IPPROTO_ICMP },
+ { "esp", IPPROTO_ESP },
+ { "ah", IPPROTO_AH },
};
static void print_proto(u_int16_t proto, int invert)
};
/* Primitive headers... */
+/* defined in netinet/in.h */
+#if 0
#ifndef IPPROTO_ESP
#define IPPROTO_ESP 50
#endif
#ifndef IPPROTO_AH
#define IPPROTO_AH 51
#endif
+#endif
static const struct pprot chain_protos[] = {
{ "tcp", IPPROTO_TCP },
projects / thirdparty / iptables.git / commitdiff
