mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-06 20:55:13 +02:00
extensions: make print (iptables -L) output the same as save (-S)
This commit is contained in:
Jan Engelhardt
@@ -5,6 +5,8 @@ Fixes:
|
|||||||
- xt_RAWNAT: ensure correct operation in the presence of IPv4 options
|
- xt_RAWNAT: ensure correct operation in the presence of IPv4 options
|
||||||
- xt_geoip: do not throw a warnings when country database is size 0
|
- xt_geoip: do not throw a warnings when country database is size 0
|
||||||
- xt_quota2: print "!" at the correct position during iptables-save
|
- xt_quota2: print "!" at the correct position during iptables-save
|
||||||
|
Changes:
|
||||||
|
- Make print (iptables -L) output the same as save (-S)
|
||||||
|
|
||||||
|
|
||||||
v2.2 (2013-03-31)
|
v2.2 (2013-03-31)
|
||||||
|
|||||||
@@ -64,21 +64,6 @@ static void chaos_tg_check(unsigned int flags)
|
|||||||
"may be specified");
|
"may be specified");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void chaos_tg_print(const void *ip,
|
|
||||||
const struct xt_entry_target *target, int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_chaos_tginfo *info = (const void *)target->data;
|
|
||||||
|
|
||||||
switch (info->variant) {
|
|
||||||
case XTCHAOS_DELUDE:
|
|
||||||
printf(" DELUDE ");
|
|
||||||
break;
|
|
||||||
case XTCHAOS_TARPIT:
|
|
||||||
printf(" TARPIT ");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static void chaos_tg_save(const void *ip, const struct xt_entry_target *target)
|
static void chaos_tg_save(const void *ip, const struct xt_entry_target *target)
|
||||||
{
|
{
|
||||||
const struct xt_chaos_tginfo *info = (const void *)target->data;
|
const struct xt_chaos_tginfo *info = (const void *)target->data;
|
||||||
@@ -93,6 +78,13 @@ static void chaos_tg_save(const void *ip, const struct xt_entry_target *target)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void chaos_tg_print(const void *ip,
|
||||||
|
const struct xt_entry_target *target, int numeric)
|
||||||
|
{
|
||||||
|
printf(" -j CHAOS");
|
||||||
|
chaos_tg_save(ip, target);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_target chaos_tg_reg = {
|
static struct xtables_target chaos_tg_reg = {
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
.name = "CHAOS",
|
.name = "CHAOS",
|
||||||
|
|||||||
@@ -61,15 +61,6 @@ static void dhcpmac_tg_check(unsigned int flags)
|
|||||||
"--set-mac parameter required");
|
"--set-mac parameter required");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void dhcpmac_tg_print(const void *ip,
|
|
||||||
const struct xt_entry_target *target, int numeric)
|
|
||||||
{
|
|
||||||
const struct dhcpmac_info *info = (void *)target->data;
|
|
||||||
|
|
||||||
printf(" DHCPMAC %s" DH_MAC_FMT "/%u ",
|
|
||||||
info->invert ? "!" : "", DH_MAC_HEX(info->addr), info->mask);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void dhcpmac_tg_save(const void *ip,
|
static void dhcpmac_tg_save(const void *ip,
|
||||||
const struct xt_entry_target *target)
|
const struct xt_entry_target *target)
|
||||||
{
|
{
|
||||||
@@ -81,6 +72,13 @@ static void dhcpmac_tg_save(const void *ip,
|
|||||||
DH_MAC_HEX(info->addr), info->mask);
|
DH_MAC_HEX(info->addr), info->mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void dhcpmac_tg_print(const void *ip,
|
||||||
|
const struct xt_entry_target *target, int numeric)
|
||||||
|
{
|
||||||
|
printf(" -j DHCPMAC");
|
||||||
|
dhcpmac_tg_save(ip, target);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_target dhcpmac_tg_reg = {
|
static struct xtables_target dhcpmac_tg_reg = {
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
.name = "DHCPMAC",
|
.name = "DHCPMAC",
|
||||||
|
|||||||
@@ -195,33 +195,6 @@ static void DNETMAP_print_addr(const void *ip,
|
|||||||
printf("/%d", bits);
|
printf("/%d", bits);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void DNETMAP_print(const void *ip, const struct xt_entry_target *target,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data;
|
|
||||||
const __u8 *flags = &tginfo->flags;
|
|
||||||
|
|
||||||
printf(" prefix ");
|
|
||||||
if (*flags & XT_DNETMAP_PREFIX)
|
|
||||||
DNETMAP_print_addr(ip, target, numeric);
|
|
||||||
else
|
|
||||||
printf("any");
|
|
||||||
|
|
||||||
if (*flags & XT_DNETMAP_REUSE)
|
|
||||||
printf(" reuse");
|
|
||||||
|
|
||||||
if (*flags & XT_DNETMAP_STATIC)
|
|
||||||
printf(" static");
|
|
||||||
|
|
||||||
if (*flags & XT_DNETMAP_PERSISTENT)
|
|
||||||
printf(" persistent");
|
|
||||||
|
|
||||||
if (*flags & XT_DNETMAP_TTL)
|
|
||||||
printf(" ttl %i", tginfo->ttl);
|
|
||||||
else
|
|
||||||
printf(" ttl default");
|
|
||||||
}
|
|
||||||
|
|
||||||
static void DNETMAP_save(const void *ip, const struct xt_entry_target *target)
|
static void DNETMAP_save(const void *ip, const struct xt_entry_target *target)
|
||||||
{
|
{
|
||||||
struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data;
|
struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data;
|
||||||
@@ -246,6 +219,13 @@ static void DNETMAP_save(const void *ip, const struct xt_entry_target *target)
|
|||||||
printf(" --ttl %i ", tginfo->ttl);
|
printf(" --ttl %i ", tginfo->ttl);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void DNETMAP_print(const void *ip, const struct xt_entry_target *target,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -j DNETMAP");
|
||||||
|
DNETMAP_save(ip, target);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_target dnetmap_tg_reg = {
|
static struct xtables_target dnetmap_tg_reg = {
|
||||||
.name = MODULENAME,
|
.name = MODULENAME,
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
|
|||||||
@@ -112,25 +112,6 @@ static void ipmark_tg_check(unsigned int flags)
|
|||||||
"IPMARK target: Parameter --addr is required");
|
"IPMARK target: Parameter --addr is required");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
|
||||||
ipmark_tg_print(const void *entry, const struct xt_entry_target *target,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_ipmark_tginfo *info = (const void *)target->data;
|
|
||||||
|
|
||||||
if (info->selector == XT_IPMARK_SRC)
|
|
||||||
printf(" IPMARK src ip ");
|
|
||||||
else
|
|
||||||
printf(" IPMARK dst ip ");
|
|
||||||
|
|
||||||
if (info->shift != 0)
|
|
||||||
printf(" shift %u ", (unsigned int)info->shift);
|
|
||||||
if (info->andmask != ~0U)
|
|
||||||
printf(" and 0x%x ", (unsigned int)info->andmask);
|
|
||||||
if (info->ormask != 0)
|
|
||||||
printf(" or 0x%x ", (unsigned int)info->ormask);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
ipmark_tg_save(const void *entry, const struct xt_entry_target *target)
|
ipmark_tg_save(const void *entry, const struct xt_entry_target *target)
|
||||||
{
|
{
|
||||||
@@ -149,6 +130,14 @@ ipmark_tg_save(const void *entry, const struct xt_entry_target *target)
|
|||||||
printf(" --or-mask 0x%x ", (unsigned int)info->ormask);
|
printf(" --or-mask 0x%x ", (unsigned int)info->ormask);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
ipmark_tg_print(const void *entry, const struct xt_entry_target *target,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -j IPMARK");
|
||||||
|
ipmark_tg_save(entry, target);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_target ipmark_tg_reg = {
|
static struct xtables_target ipmark_tg_reg = {
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
.name = "IPMARK",
|
.name = "IPMARK",
|
||||||
|
|||||||
@@ -77,15 +77,6 @@ logmark_tg_parse(int c, char **argv, int invert, unsigned int *flags,
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
|
||||||
logmark_tg_print(const void *ip, const struct xt_entry_target *target,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_logmark_tginfo *info = (void *)target->data;
|
|
||||||
|
|
||||||
printf(" LOGMARK level %u prefix \"%s\" ", info->level, info->prefix);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
logmark_tg_save(const void *ip, const struct xt_entry_target *target)
|
logmark_tg_save(const void *ip, const struct xt_entry_target *target)
|
||||||
{
|
{
|
||||||
@@ -97,6 +88,14 @@ logmark_tg_save(const void *ip, const struct xt_entry_target *target)
|
|||||||
printf(" --log-prefix \"%s\" ", info->prefix);
|
printf(" --log-prefix \"%s\" ", info->prefix);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
logmark_tg_print(const void *ip, const struct xt_entry_target *target,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -j LOGMARK");
|
||||||
|
logmark_tg_save(ip, target);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_target logmark_tg_reg = {
|
static struct xtables_target logmark_tg_reg = {
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
.name = "LOGMARK",
|
.name = "LOGMARK",
|
||||||
|
|||||||
@@ -103,34 +103,6 @@ static void rawdnat_tg_check(unsigned int flags)
|
|||||||
"\"--to-destination\" is required.");
|
"\"--to-destination\" is required.");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
|
||||||
rawdnat_tg4_print(const void *entry, const struct xt_entry_target *target,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_rawnat_tginfo *info = (const void *)target->data;
|
|
||||||
|
|
||||||
if (!numeric && info->mask == 32)
|
|
||||||
printf(" to-destination %s ",
|
|
||||||
xtables_ipaddr_to_anyname(&info->addr.in));
|
|
||||||
else
|
|
||||||
printf(" to-destination %s/%u ",
|
|
||||||
xtables_ipaddr_to_numeric(&info->addr.in), info->mask);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
|
||||||
rawdnat_tg6_print(const void *entry, const struct xt_entry_target *target,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_rawnat_tginfo *info = (const void *)target->data;
|
|
||||||
|
|
||||||
if (!numeric && info->mask == 128)
|
|
||||||
printf(" to-destination %s ",
|
|
||||||
xtables_ip6addr_to_anyname(&info->addr.in6));
|
|
||||||
else
|
|
||||||
printf(" to-destination %s/%u ",
|
|
||||||
xtables_ip6addr_to_numeric(&info->addr.in6), info->mask);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
rawdnat_tg4_save(const void *entry, const struct xt_entry_target *target)
|
rawdnat_tg4_save(const void *entry, const struct xt_entry_target *target)
|
||||||
{
|
{
|
||||||
@@ -141,6 +113,14 @@ rawdnat_tg4_save(const void *entry, const struct xt_entry_target *target)
|
|||||||
info->mask);
|
info->mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
rawdnat_tg4_print(const void *entry, const struct xt_entry_target *target,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -j RAWDNAT");
|
||||||
|
rawdnat_tg4_save(entry, target);
|
||||||
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
rawdnat_tg6_save(const void *entry, const struct xt_entry_target *target)
|
rawdnat_tg6_save(const void *entry, const struct xt_entry_target *target)
|
||||||
{
|
{
|
||||||
@@ -151,6 +131,14 @@ rawdnat_tg6_save(const void *entry, const struct xt_entry_target *target)
|
|||||||
info->mask);
|
info->mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
rawdnat_tg6_print(const void *entry, const struct xt_entry_target *target,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -j RAWDNAT");
|
||||||
|
rawdnat_tg6_save(entry, target);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_target rawdnat_tg_reg[] = {
|
static struct xtables_target rawdnat_tg_reg[] = {
|
||||||
{
|
{
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
|
|||||||
@@ -103,34 +103,6 @@ static void rawsnat_tg_check(unsigned int flags)
|
|||||||
"\"--to-source\" is required.");
|
"\"--to-source\" is required.");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
|
||||||
rawsnat_tg4_print(const void *entry, const struct xt_entry_target *target,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_rawnat_tginfo *info = (const void *)target->data;
|
|
||||||
|
|
||||||
if (!numeric && info->mask == 32)
|
|
||||||
printf(" to-source %s ",
|
|
||||||
xtables_ipaddr_to_anyname(&info->addr.in));
|
|
||||||
else
|
|
||||||
printf(" to-source %s/%u ",
|
|
||||||
xtables_ipaddr_to_numeric(&info->addr.in), info->mask);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
|
||||||
rawsnat_tg6_print(const void *entry, const struct xt_entry_target *target,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_rawnat_tginfo *info = (const void *)target->data;
|
|
||||||
|
|
||||||
if (!numeric && info->mask == 128)
|
|
||||||
printf(" to-source %s ",
|
|
||||||
xtables_ip6addr_to_anyname(&info->addr.in6));
|
|
||||||
else
|
|
||||||
printf(" to-source %s/%u ",
|
|
||||||
xtables_ip6addr_to_numeric(&info->addr.in6), info->mask);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
rawsnat_tg4_save(const void *entry, const struct xt_entry_target *target)
|
rawsnat_tg4_save(const void *entry, const struct xt_entry_target *target)
|
||||||
{
|
{
|
||||||
@@ -151,6 +123,22 @@ rawsnat_tg6_save(const void *entry, const struct xt_entry_target *target)
|
|||||||
info->mask);
|
info->mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
rawsnat_tg4_print(const void *entry, const struct xt_entry_target *target,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -j RAWSNAT");
|
||||||
|
rawsnat_tg4_save(entry, target);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
rawsnat_tg6_print(const void *entry, const struct xt_entry_target *target,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -j RAWSNAT");
|
||||||
|
rawsnat_tg6_save(entry, target);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_target rawsnat_tg_reg[] = {
|
static struct xtables_target rawsnat_tg_reg[] = {
|
||||||
{
|
{
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
|
|||||||
@@ -67,24 +67,6 @@ static void tarpit_tg_check(unsigned int flags)
|
|||||||
"TARPIT: only one action can be used at a time");
|
"TARPIT: only one action can be used at a time");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void tarpit_tg_print(const void *ip,
|
|
||||||
const struct xt_entry_target *target, int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_tarpit_tginfo *info = (void *)target->data;
|
|
||||||
|
|
||||||
switch (info->variant) {
|
|
||||||
case XTTARPIT_HONEYPOT:
|
|
||||||
printf(" honeypot mode ");
|
|
||||||
break;
|
|
||||||
case XTTARPIT_RESET:
|
|
||||||
printf(" reset mode ");
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
printf(" tarpit mode ");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static void tarpit_tg_save(const void *ip,
|
static void tarpit_tg_save(const void *ip,
|
||||||
const struct xt_entry_target *target)
|
const struct xt_entry_target *target)
|
||||||
{
|
{
|
||||||
@@ -103,6 +85,13 @@ static void tarpit_tg_save(const void *ip,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void tarpit_tg_print(const void *ip,
|
||||||
|
const struct xt_entry_target *target, int numeric)
|
||||||
|
{
|
||||||
|
printf(" -j TARPIT");
|
||||||
|
tarpit_tg_save(ip, target);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_target tarpit_tg_reg = {
|
static struct xtables_target tarpit_tg_reg = {
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
.name = "TARPIT",
|
.name = "TARPIT",
|
||||||
|
|||||||
@@ -62,15 +62,6 @@ static void condition_check(unsigned int flags)
|
|||||||
"Condition match: must specify --condition");
|
"Condition match: must specify --condition");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void condition_print(const void *ip, const struct xt_entry_match *match,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_condition_mtinfo *info = (const void *)match->data;
|
|
||||||
|
|
||||||
printf(" condition %s%s ", (info->invert) ? "!" : "", info->name);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static void condition_save(const void *ip, const struct xt_entry_match *match)
|
static void condition_save(const void *ip, const struct xt_entry_match *match)
|
||||||
{
|
{
|
||||||
const struct xt_condition_mtinfo *info = (const void *)match->data;
|
const struct xt_condition_mtinfo *info = (const void *)match->data;
|
||||||
@@ -78,6 +69,13 @@ static void condition_save(const void *ip, const struct xt_entry_match *match)
|
|||||||
printf("%s --condition \"%s\" ", info->invert ? " !" : "", info->name);
|
printf("%s --condition \"%s\" ", info->invert ? " !" : "", info->name);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void condition_print(const void *ip, const struct xt_entry_match *match,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -m condition");
|
||||||
|
condition_save(ip, match);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_match condition_mt_reg = {
|
static struct xtables_match condition_mt_reg = {
|
||||||
.name = "condition",
|
.name = "condition",
|
||||||
.revision = 1,
|
.revision = 1,
|
||||||
|
|||||||
@@ -62,15 +62,6 @@ static void dhcpmac_mt_check(unsigned int flags)
|
|||||||
"--mac parameter required");
|
"--mac parameter required");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void dhcpmac_mt_print(const void *ip,
|
|
||||||
const struct xt_entry_match *match, int numeric)
|
|
||||||
{
|
|
||||||
const struct dhcpmac_info *info = (void *)match->data;
|
|
||||||
|
|
||||||
printf(" dhcpmac %s" DH_MAC_FMT "/%u ",
|
|
||||||
info->invert ? "!" : "", DH_MAC_HEX(info->addr), info->mask);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void dhcpmac_mt_save(const void *ip,
|
static void dhcpmac_mt_save(const void *ip,
|
||||||
const struct xt_entry_match *match)
|
const struct xt_entry_match *match)
|
||||||
{
|
{
|
||||||
@@ -82,6 +73,13 @@ static void dhcpmac_mt_save(const void *ip,
|
|||||||
DH_MAC_HEX(info->addr), info->mask);
|
DH_MAC_HEX(info->addr), info->mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void dhcpmac_mt_print(const void *ip,
|
||||||
|
const struct xt_entry_match *match, int numeric)
|
||||||
|
{
|
||||||
|
printf(" -m dhcpmac");
|
||||||
|
dhcpmac_mt_save(ip, match);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_match dhcpmac_mt_reg = {
|
static struct xtables_match dhcpmac_mt_reg = {
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
.name = "dhcpmac",
|
.name = "dhcpmac",
|
||||||
|
|||||||
@@ -83,15 +83,6 @@ static void fuzzy_mt_check(unsigned int flags)
|
|||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
static void fuzzy_mt_print(const void *ip, const struct xt_entry_match *match,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_fuzzy_mtinfo *info = (const void *)match->data;
|
|
||||||
|
|
||||||
printf(" fuzzy: lower limit = %u pps - upper limit = %u pps ",
|
|
||||||
info->minimum_rate, info->maximum_rate);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void fuzzy_mt_save(const void *ip, const struct xt_entry_match *match)
|
static void fuzzy_mt_save(const void *ip, const struct xt_entry_match *match)
|
||||||
{
|
{
|
||||||
const struct xt_fuzzy_mtinfo *info = (const void *)match->data;
|
const struct xt_fuzzy_mtinfo *info = (const void *)match->data;
|
||||||
@@ -100,6 +91,13 @@ static void fuzzy_mt_save(const void *ip, const struct xt_entry_match *match)
|
|||||||
printf(" --upper-limit %u ", info->maximum_rate);
|
printf(" --upper-limit %u ", info->maximum_rate);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void fuzzy_mt_print(const void *ip, const struct xt_entry_match *match,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -m fuzzy");
|
||||||
|
fuzzy_mt_save(ip, match);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_match fuzzy_mt_reg = {
|
static struct xtables_match fuzzy_mt_reg = {
|
||||||
.name = "fuzzy",
|
.name = "fuzzy",
|
||||||
.revision = 1,
|
.revision = 1,
|
||||||
|
|||||||
@@ -251,31 +251,6 @@ geoip_final_check(unsigned int flags)
|
|||||||
"geoip: missing arguments");
|
"geoip: missing arguments");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
|
||||||
geoip_print(const void *ip, const struct xt_entry_match *match, int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_geoip_match_info *info = (void*)match->data;
|
|
||||||
|
|
||||||
u_int8_t i;
|
|
||||||
|
|
||||||
if (info->flags & XT_GEOIP_SRC)
|
|
||||||
printf(" Source ");
|
|
||||||
else
|
|
||||||
printf(" Destination ");
|
|
||||||
|
|
||||||
if (info->count > 1)
|
|
||||||
printf("countries: ");
|
|
||||||
else
|
|
||||||
printf("country: ");
|
|
||||||
|
|
||||||
if (info->flags & XT_GEOIP_INV)
|
|
||||||
printf("! ");
|
|
||||||
|
|
||||||
for (i = 0; i < info->count; i++)
|
|
||||||
printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i]));
|
|
||||||
printf(" ");
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
geoip_save(const void *ip, const struct xt_entry_match *match)
|
geoip_save(const void *ip, const struct xt_entry_match *match)
|
||||||
{
|
{
|
||||||
@@ -295,6 +270,13 @@ geoip_save(const void *ip, const struct xt_entry_match *match)
|
|||||||
printf(" ");
|
printf(" ");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
geoip_print(const void *ip, const struct xt_entry_match *match, int numeric)
|
||||||
|
{
|
||||||
|
printf(" -m geoip");
|
||||||
|
geoip_save(ip, match);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_match geoip_match[] = {
|
static struct xtables_match geoip_match[] = {
|
||||||
{
|
{
|
||||||
.family = NFPROTO_IPV6,
|
.family = NFPROTO_IPV6,
|
||||||
|
|||||||
@@ -57,17 +57,6 @@ static void gradm_mt_check(unsigned int flags)
|
|||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
static void gradm_mt_print(const void *ip, const struct xt_entry_match *match,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_gradm_mtinfo *info = (const void *)match->data;
|
|
||||||
|
|
||||||
if (info->invflags)
|
|
||||||
printf("gradm: disabled");
|
|
||||||
else
|
|
||||||
printf("gradm: enabled");
|
|
||||||
}
|
|
||||||
|
|
||||||
static void gradm_mt_save(const void *ip, const struct xt_entry_match *match)
|
static void gradm_mt_save(const void *ip, const struct xt_entry_match *match)
|
||||||
{
|
{
|
||||||
const struct xt_gradm_mtinfo *info = (const void *)match->data;
|
const struct xt_gradm_mtinfo *info = (const void *)match->data;
|
||||||
@@ -78,6 +67,13 @@ static void gradm_mt_save(const void *ip, const struct xt_entry_match *match)
|
|||||||
printf(" --enabled ");
|
printf(" --enabled ");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void gradm_mt_print(const void *ip, const struct xt_entry_match *match,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -m gradm");
|
||||||
|
gradm_mt_save(ip, match);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_match gradm_mt_reg = {
|
static struct xtables_match gradm_mt_reg = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.name = "gradm",
|
.name = "gradm",
|
||||||
|
|||||||
@@ -175,33 +175,6 @@ static void iface_mt_check(unsigned int flags)
|
|||||||
"iface: You must specify at least one option");
|
"iface: You must specify at least one option");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void iface_mt_print(const void *ip, const struct xt_entry_match *match,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_iface_mtinfo *info = (const void *)match->data;
|
|
||||||
|
|
||||||
printf(" iface: ");
|
|
||||||
if (info->flags & XT_IFACE_DEV_IN)
|
|
||||||
printf("(in)");
|
|
||||||
else if (info->flags & XT_IFACE_DEV_OUT)
|
|
||||||
printf("(out)");
|
|
||||||
else
|
|
||||||
printf("%s", info->ifname);
|
|
||||||
printf(" [state:");
|
|
||||||
iface_print_opt(info, XT_IFACE_UP, "up");
|
|
||||||
iface_print_opt(info, XT_IFACE_BROADCAST, "broadcast");
|
|
||||||
iface_print_opt(info, XT_IFACE_LOOPBACK, "loopback");
|
|
||||||
iface_print_opt(info, XT_IFACE_POINTOPOINT, "pointopoint");
|
|
||||||
iface_print_opt(info, XT_IFACE_RUNNING, "running");
|
|
||||||
iface_print_opt(info, XT_IFACE_NOARP, "noarp");
|
|
||||||
iface_print_opt(info, XT_IFACE_PROMISC, "promisc");
|
|
||||||
iface_print_opt(info, XT_IFACE_MULTICAST, "multicast");
|
|
||||||
iface_print_opt(info, XT_IFACE_DYNAMIC, "dynamic");
|
|
||||||
iface_print_opt(info, XT_IFACE_LOWER_UP, "lower_up");
|
|
||||||
iface_print_opt(info, XT_IFACE_DORMANT, "dormant");
|
|
||||||
printf("] ");
|
|
||||||
}
|
|
||||||
|
|
||||||
static void iface_mt_save(const void *ip, const struct xt_entry_match *match)
|
static void iface_mt_save(const void *ip, const struct xt_entry_match *match)
|
||||||
{
|
{
|
||||||
const struct xt_iface_mtinfo *info = (const void *)match->data;
|
const struct xt_iface_mtinfo *info = (const void *)match->data;
|
||||||
@@ -226,6 +199,13 @@ static void iface_mt_save(const void *ip, const struct xt_entry_match *match)
|
|||||||
printf(" ");
|
printf(" ");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void iface_mt_print(const void *ip, const struct xt_entry_match *match,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -m iface");
|
||||||
|
iface_mt_save(ip, match);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_match iface_mt_reg = {
|
static struct xtables_match iface_mt_reg = {
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
.name = "iface",
|
.name = "iface",
|
||||||
|
|||||||
@@ -217,7 +217,7 @@ ipp2p_mt_print1(const void *entry, const struct xt_entry_match *match,
|
|||||||
static void ipp2p_mt_print(const void *entry,
|
static void ipp2p_mt_print(const void *entry,
|
||||||
const struct xt_entry_match *match, int numeric)
|
const struct xt_entry_match *match, int numeric)
|
||||||
{
|
{
|
||||||
printf(" ipp2p ");
|
printf(" -m ipp2p ");
|
||||||
ipp2p_mt_print1(entry, match, true);
|
ipp2p_mt_print1(entry, match, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -133,17 +133,6 @@ static void ipv4options_print_flags(const struct xt_ipv4options_mtinfo1 *info,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void ipv4options_mt_print(const void *ip,
|
|
||||||
const struct xt_entry_match *match, int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_ipv4options_mtinfo1 *info = (void *)match->data;
|
|
||||||
|
|
||||||
printf(" ipv4options %s ",
|
|
||||||
(info->flags & XT_V4OPTS_ANY) ? "any-of" : "all-of");
|
|
||||||
ipv4options_print_flags(info, numeric);
|
|
||||||
printf(" ");
|
|
||||||
}
|
|
||||||
|
|
||||||
static void ipv4options_mt_save(const void *ip,
|
static void ipv4options_mt_save(const void *ip,
|
||||||
const struct xt_entry_match *match)
|
const struct xt_entry_match *match)
|
||||||
{
|
{
|
||||||
@@ -158,6 +147,13 @@ static void ipv4options_mt_save(const void *ip,
|
|||||||
printf(" ");
|
printf(" ");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void ipv4options_mt_print(const void *ip,
|
||||||
|
const struct xt_entry_match *match, int numeric)
|
||||||
|
{
|
||||||
|
printf(" -m ipv4options");
|
||||||
|
ipv4options_mt_save(ip, match);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_match ipv4options_mt_reg = {
|
static struct xtables_match ipv4options_mt_reg = {
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
.name = "ipv4options",
|
.name = "ipv4options",
|
||||||
|
|||||||
@@ -107,29 +107,6 @@ static void length_mt_check(unsigned int flags)
|
|||||||
"--layer3. Consider specifying it explicitly.\n");
|
"--layer3. Consider specifying it explicitly.\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void length_mt_print(const void *ip, const struct xt_entry_match *match,
|
|
||||||
int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_length_mtinfo2 *info = (const void *)match->data;
|
|
||||||
|
|
||||||
if (info->flags & XT_LENGTH_LAYER3)
|
|
||||||
printf(" layer3 ");
|
|
||||||
else if (info->flags & XT_LENGTH_LAYER4)
|
|
||||||
printf(" layer4 ");
|
|
||||||
else if (info->flags & XT_LENGTH_LAYER5)
|
|
||||||
printf(" layer5 ");
|
|
||||||
else if (info->flags & XT_LENGTH_LAYER7)
|
|
||||||
printf(" layer7 ");
|
|
||||||
printf(" length ");
|
|
||||||
if (info->flags & XT_LENGTH_INVERT)
|
|
||||||
printf("! ");
|
|
||||||
if (info->min == info->max)
|
|
||||||
printf("%u ", (unsigned int)info->min);
|
|
||||||
else
|
|
||||||
printf("%u-%u ", (unsigned int)info->min,
|
|
||||||
(unsigned int)info->max);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void length_mt_save(const void *ip, const struct xt_entry_match *match)
|
static void length_mt_save(const void *ip, const struct xt_entry_match *match)
|
||||||
{
|
{
|
||||||
const struct xt_length_mtinfo2 *info = (const void *)match->data;
|
const struct xt_length_mtinfo2 *info = (const void *)match->data;
|
||||||
@@ -152,6 +129,13 @@ static void length_mt_save(const void *ip, const struct xt_entry_match *match)
|
|||||||
(unsigned int)info->max);
|
(unsigned int)info->max);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void length_mt_print(const void *ip, const struct xt_entry_match *match,
|
||||||
|
int numeric)
|
||||||
|
{
|
||||||
|
printf(" -m length2");
|
||||||
|
length_mt_save(ip, match);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_match length2_mt_reg = {
|
static struct xtables_match length2_mt_reg = {
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
.name = "length2",
|
.name = "length2",
|
||||||
|
|||||||
@@ -64,30 +64,6 @@ static void lscan_mt_check(unsigned int flags)
|
|||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
static void lscan_mt_print(const void *ip,
|
|
||||||
const struct xt_entry_match *match, int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_lscan_mtinfo *info = (const void *)(match->data);
|
|
||||||
const char *s = "";
|
|
||||||
|
|
||||||
printf(" lscan ");
|
|
||||||
if (info->match_stealth) {
|
|
||||||
printf("STEALTH");
|
|
||||||
s = ",";
|
|
||||||
}
|
|
||||||
if (info->match_syn) {
|
|
||||||
printf("%sSYNSCAN", s);
|
|
||||||
s = ",";
|
|
||||||
}
|
|
||||||
if (info->match_cn) {
|
|
||||||
printf("%sCNSCAN", s);
|
|
||||||
s = ",";
|
|
||||||
}
|
|
||||||
if (info->match_gr)
|
|
||||||
printf("%sGRSCAN", s);
|
|
||||||
printf(" ");
|
|
||||||
}
|
|
||||||
|
|
||||||
static void lscan_mt_save(const void *ip, const struct xt_entry_match *match)
|
static void lscan_mt_save(const void *ip, const struct xt_entry_match *match)
|
||||||
{
|
{
|
||||||
const struct xt_lscan_mtinfo *info = (const void *)(match->data);
|
const struct xt_lscan_mtinfo *info = (const void *)(match->data);
|
||||||
@@ -102,6 +78,13 @@ static void lscan_mt_save(const void *ip, const struct xt_entry_match *match)
|
|||||||
printf(" --grscan ");
|
printf(" --grscan ");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void lscan_mt_print(const void *ip,
|
||||||
|
const struct xt_entry_match *match, int numeric)
|
||||||
|
{
|
||||||
|
printf(" -m lscan");
|
||||||
|
lscan_mt_save(ip, match);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_match lscan_mt_reg = {
|
static struct xtables_match lscan_mt_reg = {
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
.name = "lscan",
|
.name = "lscan",
|
||||||
|
|||||||
@@ -117,18 +117,6 @@ static int psd_mt_parse(int c, char **argv, int invert, unsigned int *flags,
|
|||||||
/* Final check; nothing. */
|
/* Final check; nothing. */
|
||||||
static void psd_mt_final_check(unsigned int flags) {}
|
static void psd_mt_final_check(unsigned int flags) {}
|
||||||
|
|
||||||
/* Prints out the targinfo. */
|
|
||||||
static void psd_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
|
|
||||||
{
|
|
||||||
const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data;
|
|
||||||
printf(" psd ");
|
|
||||||
printf("weight-threshold: %u ", psdinfo->weight_threshold);
|
|
||||||
printf("delay-threshold: %u ", psdinfo->delay_threshold);
|
|
||||||
printf("lo-ports-weight: %u ", psdinfo->lo_ports_weight);
|
|
||||||
printf("hi-ports-weight: %u ", psdinfo->hi_ports_weight);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Saves the union ipt_targinfo in parsable form to stdout. */
|
|
||||||
static void psd_mt_save(const void *ip, const struct xt_entry_match *match)
|
static void psd_mt_save(const void *ip, const struct xt_entry_match *match)
|
||||||
{
|
{
|
||||||
const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data;
|
const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data;
|
||||||
@@ -138,6 +126,12 @@ static void psd_mt_save(const void *ip, const struct xt_entry_match *match)
|
|||||||
printf("--psd-hi-ports-weight %u ", psdinfo->hi_ports_weight);
|
printf("--psd-hi-ports-weight %u ", psdinfo->hi_ports_weight);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void psd_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
|
||||||
|
{
|
||||||
|
printf(" -m psd");
|
||||||
|
psd_mt_save(ip, match);
|
||||||
|
}
|
||||||
|
|
||||||
static struct xtables_match psd_mt_reg = {
|
static struct xtables_match psd_mt_reg = {
|
||||||
.name = "psd",
|
.name = "psd",
|
||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
|
|||||||
@@ -114,23 +114,8 @@ quota_mt2_save(const void *ip, const struct xt_entry_match *match)
|
|||||||
static void quota_mt2_print(const void *ip, const struct xt_entry_match *match,
|
static void quota_mt2_print(const void *ip, const struct xt_entry_match *match,
|
||||||
int numeric)
|
int numeric)
|
||||||
{
|
{
|
||||||
const struct xt_quota_mtinfo2 *q = (const void *)match->data;
|
printf(" -m quota");
|
||||||
|
quota_mt2_save(ip, match);
|
||||||
if (q->flags & XT_QUOTA_INVERT)
|
|
||||||
printf(" !");
|
|
||||||
if (q->flags & XT_QUOTA_GROW)
|
|
||||||
printf(" counter");
|
|
||||||
else
|
|
||||||
printf(" quota");
|
|
||||||
if (*q->name != '\0')
|
|
||||||
printf(" %s:", q->name);
|
|
||||||
printf(" %llu ", (unsigned long long)q->quota);
|
|
||||||
if (q->flags & XT_QUOTA_PACKET)
|
|
||||||
printf("packets ");
|
|
||||||
else
|
|
||||||
printf("bytes ");
|
|
||||||
if (q->flags & XT_QUOTA_NO_CHANGE)
|
|
||||||
printf("(no-change mode) ");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xtables_match quota_mt2_reg = {
|
static struct xtables_match quota_mt2_reg = {
|
||||||
|
|||||||
Reference in New Issue
Block a user