1 /* Code to take an ip6tables-style command line and do it. */
6  * (C) 2000-2002 by the netfilter coreteam <coreteam@netfilter.org>:
45 #include "ip6tables-multi.h"
57 	{.name = "list-rules",    .has_arg = 2, .val = 'S'},
60 	{.name = "new-chain",     .has_arg = 1, .val = 'N'},
61 	{.name = "delete-chain",  .has_arg = 2, .val = 'X'},
62 	{.name = "rename-chain",  .has_arg = 1, .val = 'E'},
69 	{.name = "in-interface",  .has_arg = 1, .val = 'i'},
74 	{.name = "out-interface", .has_arg = 1, .val = 'o'},
77 	{.name = "wait-interval", .has_arg = 2, .val = 'W'},
81 	{.name = "line-numbers",  .has_arg = 0, .val = '0'},
83 	{.name = "set-counters",  .has_arg = 1, .val = 'c'},
85 	{.name = "ipv4",          .has_arg = 0, .val = '4'},
111 	const char *name = m->u.user.name;  in print_match()
112 	const int revision = m->u.user.revision;  in print_match()
119 		if (mt && mt->print)  in print_match()
120 			mt->print(ip, m, numeric);  in print_match()
121 		else if (match->print)  in print_match()
122 			printf("%s%s ", match->name, unsupported_rev);  in print_match()
124 			printf("%s ", match->name);  in print_match()
126 		if (match->next == match)  in print_match()
144 	struct xtables_target *target, *tg;  in print_firewall()  local
148 		target = xtables_find_target(targname, XTF_TRY_LOAD);  in print_firewall()
150 		target = xtables_find_target(XT_STANDARD_TARGET,  in print_firewall()
155 	print_rule_details(num, &fw->counters, targname, fw->ipv6.proto,  in print_firewall()
156 			   fw->ipv6.flags, fw->ipv6.invflags, format);  in print_firewall()
158 	print_fragment(fw->ipv6.flags, fw->ipv6.invflags, format, true);  in print_firewall()
160 	print_ifaces(fw->ipv6.iniface, fw->ipv6.outiface,  in print_firewall()
161 		     fw->ipv6.invflags, format);  in print_firewall()
169 	if(fw->ipv6.flags & IP6T_F_GOTO)  in print_firewall()
173 	IP6T_MATCH_ITERATE(fw, print_match, &fw->ipv6, format & FMT_NUMERIC);  in print_firewall()
175 	if (target) {  in print_firewall()
176 		const int revision = t->u.user.revision;  in print_firewall()
179 						  target, revision);  in print_firewall()
180 		if (tg && tg->print)  in print_firewall()
181 			/* Print the target information. */  in print_firewall()
182 			tg->print(&fw->ipv6, t, format & FMT_NUMERIC);  in print_firewall()
183 		else if (target->print)  in print_firewall()
184 			printf(" %s%s", target->name, unsupported_rev);  in print_firewall()
186 		if (target->next == target)  in print_firewall()
187 			free(target);  in print_firewall()
188 	} else if (t->u.target_size != sizeof(*t))  in print_firewall()
189 		printf("[%u bytes of unknown target data] ",  in print_firewall()
190 		       (unsigned int)(t->u.target_size - sizeof(*t)));  in print_firewall()
203 	print_firewall(fw, t->u.user.name, 0, FMT_PRINT_RULE, h);  in print_firewall_line()
222 		fw->ipv6.src = saddrs[i];  in append_entry()
223 		fw->ipv6.smsk = smasks[i];  in append_entry()
225 			fw->ipv6.dst = daddrs[j];  in append_entry()
226 			fw->ipv6.dmsk = dmasks[j];  in append_entry()
245 	fw->ipv6.src = *saddr;  in replace_entry()
246 	fw->ipv6.dst = *daddr;  in replace_entry()
247 	fw->ipv6.smsk = *smask;  in replace_entry()
248 	fw->ipv6.dmsk = *dmask;  in replace_entry()
272 		fw->ipv6.src = saddrs[i];  in insert_entry()
273 		fw->ipv6.smsk = smasks[i];  in insert_entry()
275 			fw->ipv6.dst = daddrs[j];  in insert_entry()
276 			fw->ipv6.dmsk = dmasks[j];  in insert_entry()
298 	     const struct xtables_target *target)  in delete_entry()  argument
304 	mask = make_delete_mask(matches, target, sizeof(*fw));  in delete_entry()
306 		fw->ipv6.src = saddrs[i];  in delete_entry()
307 		fw->ipv6.smsk = smasks[i];  in delete_entry()
309 			fw->ipv6.dst = daddrs[j];  in delete_entry()
310 			fw->ipv6.dmsk = dmasks[j];  in delete_entry()
328 	    const struct xtables_target *target)  in check_entry()  argument
334 	mask = make_delete_mask(matches, target, sizeof(*fw));  in check_entry()
336 		fw->ipv6.src = saddrs[i];  in check_entry()
337 		fw->ipv6.smsk = smasks[i];  in check_entry()
339 			fw->ipv6.dst = daddrs[j];  in check_entry()
340 			fw->ipv6.dmsk = dmasks[j];  in check_entry()
461 			int refs = - 1;  in list_entries()
498 	/* print counters for iptables-save */  in print_rule6()
500 …printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);  in print_rule6()
503 	printf("-A %s", chain);  in print_rule6()
506 	save_ipv6_addr('s', &e->ipv6.src, &e->ipv6.smsk,  in print_rule6()
507 		       e->ipv6.invflags & IP6T_INV_SRCIP);  in print_rule6()
509 	save_ipv6_addr('d', &e->ipv6.dst, &e->ipv6.dmsk,  in print_rule6()
510 		       e->ipv6.invflags & IP6T_INV_DSTIP);  in print_rule6()
512 	save_rule_details(e->ipv6.iniface, e->ipv6.outiface,  in print_rule6()
513 			  e->ipv6.proto, 0, e->ipv6.invflags);  in print_rule6()
518 	if (e->ipv6.flags & IPT_F_FRAG)  in print_rule6()
519 		printf("%s -f",  in print_rule6()
520 		       e->ipv6.invflags & IP6T_INV_FRAG ? " !" : "");  in print_rule6()
523 	if (e->ipv6.flags & IP6T_F_TOS)  in print_rule6()
524 		printf("%s -? %d",  in print_rule6()
525 		       e->ipv6.invflags & IP6T_INV_TOS ? " !" : "",  in print_rule6()
526 		       e->ipv6.tos);  in print_rule6()
529 	if (e->target_offset) {  in print_rule6()
530 		IP6T_MATCH_ITERATE(e, print_match_save, &e->ipv6);  in print_rule6()
533 	/* print counters for iptables -R */  in print_rule6()
535 …printf(" -c %llu %llu", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt…  in print_rule6()
537 	/* Print target name and targinfo part */  in print_rule6()
540 	if (t->u.user.name[0]) {  in print_rule6()
541 		const char *name = t->u.user.name;  in print_rule6()
542 		const int revision = t->u.user.revision;  in print_rule6()
543 		struct xtables_target *target, *tg, *tg2;  in print_rule6()  local
545 		target = xtables_find_target(name, XTF_TRY_LOAD);  in print_rule6()
546 		if (!target) {  in print_rule6()
547 			fprintf(stderr, "Can't find library for target `%s'\n",  in print_rule6()
553 							target, revision);  in print_rule6()
555 			tg2 = target;  in print_rule6()
556 		printf(" -j %s", tg2->alias ? tg2->alias(t) : target_name);  in print_rule6()
558 		if (tg && tg->save)  in print_rule6()
559 			tg->save(&e->ipv6, t);  in print_rule6()
560 		else if (target->save)  in print_rule6()
563 			/* If the target size is greater than xt_entry_target  in print_rule6()
566 			if (t->u.target_size !=  in print_rule6()
568 				fprintf(stderr, "Target `%s' is missing "  in print_rule6()
576 		printf(" -%c %s", e->ipv6.flags & IP6T_F_GOTO ? 'g' : 'j', target_name);  in print_rule6()
578 		printf(" -j %s", target_name);  in print_rule6()
592 	    counters = -1;		/* iptables -c format */  in list_rules()
604 			printf("-P %s %s", this, ip6tc_get_policy(this, &count, handle));  in list_rules()
606 			    printf(" -c %llu %llu", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);  in list_rules()
609 			printf("-N %s\n", this);  in list_rules()
640 	       struct xt_entry_target *target)  in generate_entry()  argument
647 	for (matchp = matches; matchp; matchp = matchp->next)  in generate_entry()
648 		size += matchp->match->m->u.match_size;  in generate_entry()
650 	e = xtables_malloc(size + target->u.target_size);  in generate_entry()
652 	e->target_offset = size;  in generate_entry()
653 	e->next_offset = size + target->u.target_size;  in generate_entry()
656 	for (matchp = matches; matchp; matchp = matchp->next) {  in generate_entry()
657 		memcpy(e->elems + size, matchp->match->m, matchp->match->m->u.match_size);  in generate_entry()
658 		size += matchp->match->m->u.match_size;  in generate_entry()
660 	memcpy(e->elems + size, target, target->u.target_size);  in generate_entry()
730 	if (!*handle && xtables_load_ko(xtables_modprobe_program, false) != -1)  in do_command6()
743 		if (cs.target && ip6tc_is_chain(cs.jumpto, *handle)) {  in do_command6()
748 			if (cs.target->t)  in do_command6()
749 				free(cs.target->t);  in do_command6()
751 			cs.target = NULL;  in do_command6()
754 		/* If they didn't specify a target, or it's a chain  in do_command6()
756 		if (!cs.target  in do_command6()
761 			cs.target = xtables_find_target(XT_STANDARD_TARGET,  in do_command6()
765 				+ cs.target->size;  in do_command6()
766 			cs.target->t = xtables_calloc(1, size);  in do_command6()
767 			cs.target->t->u.target_size = size;  in do_command6()
768 			strcpy(cs.target->t->u.user.name, cs.jumpto);  in do_command6()
769 			xs_init_target(cs.target);  in do_command6()
772 		if (!cs.target) {  in do_command6()
786 			e = generate_entry(&cs.fw6, cs.matches, cs.target->t);  in do_command6()
803 				   *handle, cs.matches, cs.target);  in do_command6()
806 		ret = ip6tc_delete_num_entry(chain, rulenum - 1, *handle);  in do_command6()
813 				   *handle, cs.matches, cs.target);  in do_command6()
816 		ret = replace_entry(chain, e, rulenum - 1,  in do_command6()
821 		ret = insert_entry(chain, e, rulenum - 1,  in do_command6()
878 		/* do_parse ignored the line (eg: -4 with ip6tables-restore) */  in do_command6()