From 13db8d78c9892b090eaa1586f550c9b05fed4190 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 30 May 2013 17:16:56 +0200 Subject: [PATCH] extensions: make print (iptables -L) output the same as save (-S) --- doc/changelog.txt | 2 ++ extensions/libxt_CHAOS.c | 22 ++++++----------- extensions/libxt_DHCPMAC.c | 16 ++++++------- extensions/libxt_DNETMAP.c | 34 ++++++-------------------- extensions/libxt_IPMARK.c | 27 +++++++-------------- extensions/libxt_LOGMARK.c | 17 +++++++------ extensions/libxt_RAWDNAT.c | 44 +++++++++++++--------------------- extensions/libxt_RAWSNAT.c | 44 +++++++++++++--------------------- extensions/libxt_TARPIT.c | 25 ++++++------------- extensions/libxt_condition.c | 16 ++++++------- extensions/libxt_dhcpmac.c | 16 ++++++------- extensions/libxt_fuzzy.c | 16 ++++++------- extensions/libxt_geoip.c | 32 ++++++------------------- extensions/libxt_gradm.c | 18 ++++++-------- extensions/libxt_iface.c | 34 ++++++-------------------- extensions/libxt_ipp2p.c | 2 +- extensions/libxt_ipv4options.c | 18 ++++++-------- extensions/libxt_length2.c | 30 ++++++----------------- extensions/libxt_lscan.c | 31 ++++++------------------ extensions/libxt_psd.c | 18 +++++--------- extensions/libxt_quota2.c | 19 ++------------- 21 files changed, 150 insertions(+), 331 deletions(-) diff --git a/doc/changelog.txt b/doc/changelog.txt index 46aba4f..cbec097 100644 --- a/doc/changelog.txt +++ b/doc/changelog.txt @@ -5,6 +5,8 @@ Fixes: - xt_RAWNAT: ensure correct operation in the presence of IPv4 options - xt_geoip: do not throw a warnings when country database is size 0 - xt_quota2: print "!" at the correct position during iptables-save +Changes: +- Make print (iptables -L) output the same as save (-S) v2.2 (2013-03-31) diff --git a/extensions/libxt_CHAOS.c b/extensions/libxt_CHAOS.c index 17fb22c..1ed2c4f 100644 --- a/extensions/libxt_CHAOS.c +++ b/extensions/libxt_CHAOS.c @@ -64,21 +64,6 @@ static void chaos_tg_check(unsigned int flags) "may be specified"); } -static void chaos_tg_print(const void *ip, - const struct xt_entry_target *target, int numeric) -{ - const struct xt_chaos_tginfo *info = (const void *)target->data; - - switch (info->variant) { - case XTCHAOS_DELUDE: - printf(" DELUDE "); - break; - case XTCHAOS_TARPIT: - printf(" TARPIT "); - break; - } -} - static void chaos_tg_save(const void *ip, const struct xt_entry_target *target) { const struct xt_chaos_tginfo *info = (const void *)target->data; @@ -93,6 +78,13 @@ static void chaos_tg_save(const void *ip, const struct xt_entry_target *target) } } +static void chaos_tg_print(const void *ip, + const struct xt_entry_target *target, int numeric) +{ + printf(" -j CHAOS"); + chaos_tg_save(ip, target); +} + static struct xtables_target chaos_tg_reg = { .version = XTABLES_VERSION, .name = "CHAOS", diff --git a/extensions/libxt_DHCPMAC.c b/extensions/libxt_DHCPMAC.c index c81961d..e19fb3d 100644 --- a/extensions/libxt_DHCPMAC.c +++ b/extensions/libxt_DHCPMAC.c @@ -61,15 +61,6 @@ static void dhcpmac_tg_check(unsigned int flags) "--set-mac parameter required"); } -static void dhcpmac_tg_print(const void *ip, - const struct xt_entry_target *target, int numeric) -{ - const struct dhcpmac_info *info = (void *)target->data; - - printf(" DHCPMAC %s" DH_MAC_FMT "/%u ", - info->invert ? "!" : "", DH_MAC_HEX(info->addr), info->mask); -} - static void dhcpmac_tg_save(const void *ip, const struct xt_entry_target *target) { @@ -81,6 +72,13 @@ static void dhcpmac_tg_save(const void *ip, DH_MAC_HEX(info->addr), info->mask); } +static void dhcpmac_tg_print(const void *ip, + const struct xt_entry_target *target, int numeric) +{ + printf(" -j DHCPMAC"); + dhcpmac_tg_save(ip, target); +} + static struct xtables_target dhcpmac_tg_reg = { .version = XTABLES_VERSION, .name = "DHCPMAC", diff --git a/extensions/libxt_DNETMAP.c b/extensions/libxt_DNETMAP.c index 92c679b..24a101c 100644 --- a/extensions/libxt_DNETMAP.c +++ b/extensions/libxt_DNETMAP.c @@ -195,33 +195,6 @@ static void DNETMAP_print_addr(const void *ip, printf("/%d", bits); } -static void DNETMAP_print(const void *ip, const struct xt_entry_target *target, - int numeric) -{ - struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data; - const __u8 *flags = &tginfo->flags; - - printf(" prefix "); - if (*flags & XT_DNETMAP_PREFIX) - DNETMAP_print_addr(ip, target, numeric); - else - printf("any"); - - if (*flags & XT_DNETMAP_REUSE) - printf(" reuse"); - - if (*flags & XT_DNETMAP_STATIC) - printf(" static"); - - if (*flags & XT_DNETMAP_PERSISTENT) - printf(" persistent"); - - if (*flags & XT_DNETMAP_TTL) - printf(" ttl %i", tginfo->ttl); - else - printf(" ttl default"); -} - static void DNETMAP_save(const void *ip, const struct xt_entry_target *target) { struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data; @@ -246,6 +219,13 @@ static void DNETMAP_save(const void *ip, const struct xt_entry_target *target) printf(" --ttl %i ", tginfo->ttl); } +static void DNETMAP_print(const void *ip, const struct xt_entry_target *target, + int numeric) +{ + printf(" -j DNETMAP"); + DNETMAP_save(ip, target); +} + static struct xtables_target dnetmap_tg_reg = { .name = MODULENAME, .version = XTABLES_VERSION, diff --git a/extensions/libxt_IPMARK.c b/extensions/libxt_IPMARK.c index 2432e0d..f5d491f 100644 --- a/extensions/libxt_IPMARK.c +++ b/extensions/libxt_IPMARK.c @@ -112,25 +112,6 @@ static void ipmark_tg_check(unsigned int flags) "IPMARK target: Parameter --addr is required"); } -static void -ipmark_tg_print(const void *entry, const struct xt_entry_target *target, - int numeric) -{ - const struct xt_ipmark_tginfo *info = (const void *)target->data; - - if (info->selector == XT_IPMARK_SRC) - printf(" IPMARK src ip "); - else - printf(" IPMARK dst ip "); - - if (info->shift != 0) - printf(" shift %u ", (unsigned int)info->shift); - if (info->andmask != ~0U) - printf(" and 0x%x ", (unsigned int)info->andmask); - if (info->ormask != 0) - printf(" or 0x%x ", (unsigned int)info->ormask); -} - static void ipmark_tg_save(const void *entry, const struct xt_entry_target *target) { @@ -149,6 +130,14 @@ ipmark_tg_save(const void *entry, const struct xt_entry_target *target) printf(" --or-mask 0x%x ", (unsigned int)info->ormask); } +static void +ipmark_tg_print(const void *entry, const struct xt_entry_target *target, + int numeric) +{ + printf(" -j IPMARK"); + ipmark_tg_save(entry, target); +} + static struct xtables_target ipmark_tg_reg = { .version = XTABLES_VERSION, .name = "IPMARK", diff --git a/extensions/libxt_LOGMARK.c b/extensions/libxt_LOGMARK.c index 955e1d8..1d8b6b3 100644 --- a/extensions/libxt_LOGMARK.c +++ b/extensions/libxt_LOGMARK.c @@ -77,15 +77,6 @@ logmark_tg_parse(int c, char **argv, int invert, unsigned int *flags, return false; } -static void -logmark_tg_print(const void *ip, const struct xt_entry_target *target, - int numeric) -{ - const struct xt_logmark_tginfo *info = (void *)target->data; - - printf(" LOGMARK level %u prefix \"%s\" ", info->level, info->prefix); -} - static void logmark_tg_save(const void *ip, const struct xt_entry_target *target) { @@ -97,6 +88,14 @@ logmark_tg_save(const void *ip, const struct xt_entry_target *target) printf(" --log-prefix \"%s\" ", info->prefix); } +static void +logmark_tg_print(const void *ip, const struct xt_entry_target *target, + int numeric) +{ + printf(" -j LOGMARK"); + logmark_tg_save(ip, target); +} + static struct xtables_target logmark_tg_reg = { .version = XTABLES_VERSION, .name = "LOGMARK", diff --git a/extensions/libxt_RAWDNAT.c b/extensions/libxt_RAWDNAT.c index 243eef3..4285bae 100644 --- a/extensions/libxt_RAWDNAT.c +++ b/extensions/libxt_RAWDNAT.c @@ -103,34 +103,6 @@ static void rawdnat_tg_check(unsigned int flags) "\"--to-destination\" is required."); } -static void -rawdnat_tg4_print(const void *entry, const struct xt_entry_target *target, - int numeric) -{ - const struct xt_rawnat_tginfo *info = (const void *)target->data; - - if (!numeric && info->mask == 32) - printf(" to-destination %s ", - xtables_ipaddr_to_anyname(&info->addr.in)); - else - printf(" to-destination %s/%u ", - xtables_ipaddr_to_numeric(&info->addr.in), info->mask); -} - -static void -rawdnat_tg6_print(const void *entry, const struct xt_entry_target *target, - int numeric) -{ - const struct xt_rawnat_tginfo *info = (const void *)target->data; - - if (!numeric && info->mask == 128) - printf(" to-destination %s ", - xtables_ip6addr_to_anyname(&info->addr.in6)); - else - printf(" to-destination %s/%u ", - xtables_ip6addr_to_numeric(&info->addr.in6), info->mask); -} - static void rawdnat_tg4_save(const void *entry, const struct xt_entry_target *target) { @@ -141,6 +113,14 @@ rawdnat_tg4_save(const void *entry, const struct xt_entry_target *target) info->mask); } +static void +rawdnat_tg4_print(const void *entry, const struct xt_entry_target *target, + int numeric) +{ + printf(" -j RAWDNAT"); + rawdnat_tg4_save(entry, target); +} + static void rawdnat_tg6_save(const void *entry, const struct xt_entry_target *target) { @@ -151,6 +131,14 @@ rawdnat_tg6_save(const void *entry, const struct xt_entry_target *target) info->mask); } +static void +rawdnat_tg6_print(const void *entry, const struct xt_entry_target *target, + int numeric) +{ + printf(" -j RAWDNAT"); + rawdnat_tg6_save(entry, target); +} + static struct xtables_target rawdnat_tg_reg[] = { { .version = XTABLES_VERSION, diff --git a/extensions/libxt_RAWSNAT.c b/extensions/libxt_RAWSNAT.c index efcd9f0..1a64a97 100644 --- a/extensions/libxt_RAWSNAT.c +++ b/extensions/libxt_RAWSNAT.c @@ -103,34 +103,6 @@ static void rawsnat_tg_check(unsigned int flags) "\"--to-source\" is required."); } -static void -rawsnat_tg4_print(const void *entry, const struct xt_entry_target *target, - int numeric) -{ - const struct xt_rawnat_tginfo *info = (const void *)target->data; - - if (!numeric && info->mask == 32) - printf(" to-source %s ", - xtables_ipaddr_to_anyname(&info->addr.in)); - else - printf(" to-source %s/%u ", - xtables_ipaddr_to_numeric(&info->addr.in), info->mask); -} - -static void -rawsnat_tg6_print(const void *entry, const struct xt_entry_target *target, - int numeric) -{ - const struct xt_rawnat_tginfo *info = (const void *)target->data; - - if (!numeric && info->mask == 128) - printf(" to-source %s ", - xtables_ip6addr_to_anyname(&info->addr.in6)); - else - printf(" to-source %s/%u ", - xtables_ip6addr_to_numeric(&info->addr.in6), info->mask); -} - static void rawsnat_tg4_save(const void *entry, const struct xt_entry_target *target) { @@ -151,6 +123,22 @@ rawsnat_tg6_save(const void *entry, const struct xt_entry_target *target) info->mask); } +static void +rawsnat_tg4_print(const void *entry, const struct xt_entry_target *target, + int numeric) +{ + printf(" -j RAWSNAT"); + rawsnat_tg4_save(entry, target); +} + +static void +rawsnat_tg6_print(const void *entry, const struct xt_entry_target *target, + int numeric) +{ + printf(" -j RAWSNAT"); + rawsnat_tg6_save(entry, target); +} + static struct xtables_target rawsnat_tg_reg[] = { { .version = XTABLES_VERSION, diff --git a/extensions/libxt_TARPIT.c b/extensions/libxt_TARPIT.c index 6b65b09..bd85369 100644 --- a/extensions/libxt_TARPIT.c +++ b/extensions/libxt_TARPIT.c @@ -67,24 +67,6 @@ static void tarpit_tg_check(unsigned int flags) "TARPIT: only one action can be used at a time"); } -static void tarpit_tg_print(const void *ip, - const struct xt_entry_target *target, int numeric) -{ - const struct xt_tarpit_tginfo *info = (void *)target->data; - - switch (info->variant) { - case XTTARPIT_HONEYPOT: - printf(" honeypot mode "); - break; - case XTTARPIT_RESET: - printf(" reset mode "); - break; - default: - printf(" tarpit mode "); - break; - } -} - static void tarpit_tg_save(const void *ip, const struct xt_entry_target *target) { @@ -103,6 +85,13 @@ static void tarpit_tg_save(const void *ip, } } +static void tarpit_tg_print(const void *ip, + const struct xt_entry_target *target, int numeric) +{ + printf(" -j TARPIT"); + tarpit_tg_save(ip, target); +} + static struct xtables_target tarpit_tg_reg = { .version = XTABLES_VERSION, .name = "TARPIT", diff --git a/extensions/libxt_condition.c b/extensions/libxt_condition.c index 58dcc3d..6e9ad29 100644 --- a/extensions/libxt_condition.c +++ b/extensions/libxt_condition.c @@ -62,15 +62,6 @@ static void condition_check(unsigned int flags) "Condition match: must specify --condition"); } -static void condition_print(const void *ip, const struct xt_entry_match *match, - int numeric) -{ - const struct xt_condition_mtinfo *info = (const void *)match->data; - - printf(" condition %s%s ", (info->invert) ? "!" : "", info->name); -} - - static void condition_save(const void *ip, const struct xt_entry_match *match) { const struct xt_condition_mtinfo *info = (const void *)match->data; @@ -78,6 +69,13 @@ static void condition_save(const void *ip, const struct xt_entry_match *match) printf("%s --condition \"%s\" ", info->invert ? " !" : "", info->name); } +static void condition_print(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + printf(" -m condition"); + condition_save(ip, match); +} + static struct xtables_match condition_mt_reg = { .name = "condition", .revision = 1, diff --git a/extensions/libxt_dhcpmac.c b/extensions/libxt_dhcpmac.c index 6f35627..10138d6 100644 --- a/extensions/libxt_dhcpmac.c +++ b/extensions/libxt_dhcpmac.c @@ -62,15 +62,6 @@ static void dhcpmac_mt_check(unsigned int flags) "--mac parameter required"); } -static void dhcpmac_mt_print(const void *ip, - const struct xt_entry_match *match, int numeric) -{ - const struct dhcpmac_info *info = (void *)match->data; - - printf(" dhcpmac %s" DH_MAC_FMT "/%u ", - info->invert ? "!" : "", DH_MAC_HEX(info->addr), info->mask); -} - static void dhcpmac_mt_save(const void *ip, const struct xt_entry_match *match) { @@ -82,6 +73,13 @@ static void dhcpmac_mt_save(const void *ip, DH_MAC_HEX(info->addr), info->mask); } +static void dhcpmac_mt_print(const void *ip, + const struct xt_entry_match *match, int numeric) +{ + printf(" -m dhcpmac"); + dhcpmac_mt_save(ip, match); +} + static struct xtables_match dhcpmac_mt_reg = { .version = XTABLES_VERSION, .name = "dhcpmac", diff --git a/extensions/libxt_fuzzy.c b/extensions/libxt_fuzzy.c index 0a0dfcc..35a6e92 100644 --- a/extensions/libxt_fuzzy.c +++ b/extensions/libxt_fuzzy.c @@ -83,15 +83,6 @@ static void fuzzy_mt_check(unsigned int flags) { } -static void fuzzy_mt_print(const void *ip, const struct xt_entry_match *match, - int numeric) -{ - const struct xt_fuzzy_mtinfo *info = (const void *)match->data; - - printf(" fuzzy: lower limit = %u pps - upper limit = %u pps ", - info->minimum_rate, info->maximum_rate); -} - static void fuzzy_mt_save(const void *ip, const struct xt_entry_match *match) { const struct xt_fuzzy_mtinfo *info = (const void *)match->data; @@ -100,6 +91,13 @@ static void fuzzy_mt_save(const void *ip, const struct xt_entry_match *match) printf(" --upper-limit %u ", info->maximum_rate); } +static void fuzzy_mt_print(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + printf(" -m fuzzy"); + fuzzy_mt_save(ip, match); +} + static struct xtables_match fuzzy_mt_reg = { .name = "fuzzy", .revision = 1, diff --git a/extensions/libxt_geoip.c b/extensions/libxt_geoip.c index a254181..ecc7801 100644 --- a/extensions/libxt_geoip.c +++ b/extensions/libxt_geoip.c @@ -251,31 +251,6 @@ geoip_final_check(unsigned int flags) "geoip: missing arguments"); } -static void -geoip_print(const void *ip, const struct xt_entry_match *match, int numeric) -{ - const struct xt_geoip_match_info *info = (void*)match->data; - - u_int8_t i; - - if (info->flags & XT_GEOIP_SRC) - printf(" Source "); - else - printf(" Destination "); - - if (info->count > 1) - printf("countries: "); - else - printf("country: "); - - if (info->flags & XT_GEOIP_INV) - printf("! "); - - for (i = 0; i < info->count; i++) - printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i])); - printf(" "); -} - static void geoip_save(const void *ip, const struct xt_entry_match *match) { @@ -295,6 +270,13 @@ geoip_save(const void *ip, const struct xt_entry_match *match) printf(" "); } +static void +geoip_print(const void *ip, const struct xt_entry_match *match, int numeric) +{ + printf(" -m geoip"); + geoip_save(ip, match); +} + static struct xtables_match geoip_match[] = { { .family = NFPROTO_IPV6, diff --git a/extensions/libxt_gradm.c b/extensions/libxt_gradm.c index 5d1113d..85f24b8 100644 --- a/extensions/libxt_gradm.c +++ b/extensions/libxt_gradm.c @@ -57,17 +57,6 @@ static void gradm_mt_check(unsigned int flags) { } -static void gradm_mt_print(const void *ip, const struct xt_entry_match *match, - int numeric) -{ - const struct xt_gradm_mtinfo *info = (const void *)match->data; - - if (info->invflags) - printf("gradm: disabled"); - else - printf("gradm: enabled"); -} - static void gradm_mt_save(const void *ip, const struct xt_entry_match *match) { const struct xt_gradm_mtinfo *info = (const void *)match->data; @@ -78,6 +67,13 @@ static void gradm_mt_save(const void *ip, const struct xt_entry_match *match) printf(" --enabled "); } +static void gradm_mt_print(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + printf(" -m gradm"); + gradm_mt_save(ip, match); +} + static struct xtables_match gradm_mt_reg = { .family = NFPROTO_UNSPEC, .name = "gradm", diff --git a/extensions/libxt_iface.c b/extensions/libxt_iface.c index b6e57a7..c85df0c 100644 --- a/extensions/libxt_iface.c +++ b/extensions/libxt_iface.c @@ -175,33 +175,6 @@ static void iface_mt_check(unsigned int flags) "iface: You must specify at least one option"); } -static void iface_mt_print(const void *ip, const struct xt_entry_match *match, - int numeric) -{ - const struct xt_iface_mtinfo *info = (const void *)match->data; - - printf(" iface: "); - if (info->flags & XT_IFACE_DEV_IN) - printf("(in)"); - else if (info->flags & XT_IFACE_DEV_OUT) - printf("(out)"); - else - printf("%s", info->ifname); - printf(" [state:"); - iface_print_opt(info, XT_IFACE_UP, "up"); - iface_print_opt(info, XT_IFACE_BROADCAST, "broadcast"); - iface_print_opt(info, XT_IFACE_LOOPBACK, "loopback"); - iface_print_opt(info, XT_IFACE_POINTOPOINT, "pointopoint"); - iface_print_opt(info, XT_IFACE_RUNNING, "running"); - iface_print_opt(info, XT_IFACE_NOARP, "noarp"); - iface_print_opt(info, XT_IFACE_PROMISC, "promisc"); - iface_print_opt(info, XT_IFACE_MULTICAST, "multicast"); - iface_print_opt(info, XT_IFACE_DYNAMIC, "dynamic"); - iface_print_opt(info, XT_IFACE_LOWER_UP, "lower_up"); - iface_print_opt(info, XT_IFACE_DORMANT, "dormant"); - printf("] "); -} - static void iface_mt_save(const void *ip, const struct xt_entry_match *match) { const struct xt_iface_mtinfo *info = (const void *)match->data; @@ -226,6 +199,13 @@ static void iface_mt_save(const void *ip, const struct xt_entry_match *match) printf(" "); } +static void iface_mt_print(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + printf(" -m iface"); + iface_mt_save(ip, match); +} + static struct xtables_match iface_mt_reg = { .version = XTABLES_VERSION, .name = "iface", diff --git a/extensions/libxt_ipp2p.c b/extensions/libxt_ipp2p.c index 1d6835c..74be4be 100644 --- a/extensions/libxt_ipp2p.c +++ b/extensions/libxt_ipp2p.c @@ -217,7 +217,7 @@ ipp2p_mt_print1(const void *entry, const struct xt_entry_match *match, static void ipp2p_mt_print(const void *entry, const struct xt_entry_match *match, int numeric) { - printf(" ipp2p "); + printf(" -m ipp2p "); ipp2p_mt_print1(entry, match, true); } diff --git a/extensions/libxt_ipv4options.c b/extensions/libxt_ipv4options.c index 33d3592..696911d 100644 --- a/extensions/libxt_ipv4options.c +++ b/extensions/libxt_ipv4options.c @@ -133,17 +133,6 @@ static void ipv4options_print_flags(const struct xt_ipv4options_mtinfo1 *info, } } -static void ipv4options_mt_print(const void *ip, - const struct xt_entry_match *match, int numeric) -{ - const struct xt_ipv4options_mtinfo1 *info = (void *)match->data; - - printf(" ipv4options %s ", - (info->flags & XT_V4OPTS_ANY) ? "any-of" : "all-of"); - ipv4options_print_flags(info, numeric); - printf(" "); -} - static void ipv4options_mt_save(const void *ip, const struct xt_entry_match *match) { @@ -158,6 +147,13 @@ static void ipv4options_mt_save(const void *ip, printf(" "); } +static void ipv4options_mt_print(const void *ip, + const struct xt_entry_match *match, int numeric) +{ + printf(" -m ipv4options"); + ipv4options_mt_save(ip, match); +} + static struct xtables_match ipv4options_mt_reg = { .version = XTABLES_VERSION, .name = "ipv4options", diff --git a/extensions/libxt_length2.c b/extensions/libxt_length2.c index 5fbfe30..37fe5df 100644 --- a/extensions/libxt_length2.c +++ b/extensions/libxt_length2.c @@ -107,29 +107,6 @@ static void length_mt_check(unsigned int flags) "--layer3. Consider specifying it explicitly.\n"); } -static void length_mt_print(const void *ip, const struct xt_entry_match *match, - int numeric) -{ - const struct xt_length_mtinfo2 *info = (const void *)match->data; - - if (info->flags & XT_LENGTH_LAYER3) - printf(" layer3 "); - else if (info->flags & XT_LENGTH_LAYER4) - printf(" layer4 "); - else if (info->flags & XT_LENGTH_LAYER5) - printf(" layer5 "); - else if (info->flags & XT_LENGTH_LAYER7) - printf(" layer7 "); - printf(" length "); - if (info->flags & XT_LENGTH_INVERT) - printf("! "); - if (info->min == info->max) - printf("%u ", (unsigned int)info->min); - else - printf("%u-%u ", (unsigned int)info->min, - (unsigned int)info->max); -} - static void length_mt_save(const void *ip, const struct xt_entry_match *match) { const struct xt_length_mtinfo2 *info = (const void *)match->data; @@ -152,6 +129,13 @@ static void length_mt_save(const void *ip, const struct xt_entry_match *match) (unsigned int)info->max); } +static void length_mt_print(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + printf(" -m length2"); + length_mt_save(ip, match); +} + static struct xtables_match length2_mt_reg = { .version = XTABLES_VERSION, .name = "length2", diff --git a/extensions/libxt_lscan.c b/extensions/libxt_lscan.c index efb196a..4d269f9 100644 --- a/extensions/libxt_lscan.c +++ b/extensions/libxt_lscan.c @@ -64,30 +64,6 @@ static void lscan_mt_check(unsigned int flags) { } -static void lscan_mt_print(const void *ip, - const struct xt_entry_match *match, int numeric) -{ - const struct xt_lscan_mtinfo *info = (const void *)(match->data); - const char *s = ""; - - printf(" lscan "); - if (info->match_stealth) { - printf("STEALTH"); - s = ","; - } - if (info->match_syn) { - printf("%sSYNSCAN", s); - s = ","; - } - if (info->match_cn) { - printf("%sCNSCAN", s); - s = ","; - } - if (info->match_gr) - printf("%sGRSCAN", s); - printf(" "); -} - static void lscan_mt_save(const void *ip, const struct xt_entry_match *match) { const struct xt_lscan_mtinfo *info = (const void *)(match->data); @@ -102,6 +78,13 @@ static void lscan_mt_save(const void *ip, const struct xt_entry_match *match) printf(" --grscan "); } +static void lscan_mt_print(const void *ip, + const struct xt_entry_match *match, int numeric) +{ + printf(" -m lscan"); + lscan_mt_save(ip, match); +} + static struct xtables_match lscan_mt_reg = { .version = XTABLES_VERSION, .name = "lscan", diff --git a/extensions/libxt_psd.c b/extensions/libxt_psd.c index 3f88ac4..05940e7 100644 --- a/extensions/libxt_psd.c +++ b/extensions/libxt_psd.c @@ -117,18 +117,6 @@ static int psd_mt_parse(int c, char **argv, int invert, unsigned int *flags, /* Final check; nothing. */ static void psd_mt_final_check(unsigned int flags) {} -/* Prints out the targinfo. */ -static void psd_mt_print(const void *ip, const struct xt_entry_match *match, int numeric) -{ - const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data; - printf(" psd "); - printf("weight-threshold: %u ", psdinfo->weight_threshold); - printf("delay-threshold: %u ", psdinfo->delay_threshold); - printf("lo-ports-weight: %u ", psdinfo->lo_ports_weight); - printf("hi-ports-weight: %u ", psdinfo->hi_ports_weight); -} - -/* Saves the union ipt_targinfo in parsable form to stdout. */ static void psd_mt_save(const void *ip, const struct xt_entry_match *match) { const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data; @@ -138,6 +126,12 @@ static void psd_mt_save(const void *ip, const struct xt_entry_match *match) printf("--psd-hi-ports-weight %u ", psdinfo->hi_ports_weight); } +static void psd_mt_print(const void *ip, const struct xt_entry_match *match, int numeric) +{ + printf(" -m psd"); + psd_mt_save(ip, match); +} + static struct xtables_match psd_mt_reg = { .name = "psd", .version = XTABLES_VERSION, diff --git a/extensions/libxt_quota2.c b/extensions/libxt_quota2.c index 20c9581..f0cf3d4 100644 --- a/extensions/libxt_quota2.c +++ b/extensions/libxt_quota2.c @@ -114,23 +114,8 @@ quota_mt2_save(const void *ip, const struct xt_entry_match *match) static void quota_mt2_print(const void *ip, const struct xt_entry_match *match, int numeric) { - const struct xt_quota_mtinfo2 *q = (const void *)match->data; - - if (q->flags & XT_QUOTA_INVERT) - printf(" !"); - if (q->flags & XT_QUOTA_GROW) - printf(" counter"); - else - printf(" quota"); - if (*q->name != '\0') - printf(" %s:", q->name); - printf(" %llu ", (unsigned long long)q->quota); - if (q->flags & XT_QUOTA_PACKET) - printf("packets "); - else - printf("bytes "); - if (q->flags & XT_QUOTA_NO_CHANGE) - printf("(no-change mode) "); + printf(" -m quota"); + quota_mt2_save(ip, match); } static struct xtables_match quota_mt2_reg = {