|
 |
3a00e5 |
From 1285f9a043e4ef9d99d8788315dc4398299bb8a8 Mon Sep 17 00:00:00 2001
|
|
|
3a00e5 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
3a00e5 |
Date: Tue, 27 Apr 2021 10:02:34 +0200
|
|
|
3a00e5 |
Subject: [PATCH] nft-arp: Make use of ipv4_addr_to_string()
|
|
|
3a00e5 |
|
|
|
3a00e5 |
This eliminates quite a bit of redundant code apart from also dropping
|
|
|
3a00e5 |
use of obsolete function gethostbyaddr().
|
|
|
3a00e5 |
|
|
|
3a00e5 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
3a00e5 |
(cherry picked from commit 1e984079817a3c804eae25dea937d63d18c57a6c)
|
|
|
3a00e5 |
---
|
|
|
3a00e5 |
iptables/nft-arp.c | 99 ++++------------------------------------------
|
|
|
3a00e5 |
iptables/xshared.c | 6 +--
|
|
|
3a00e5 |
iptables/xshared.h | 3 ++
|
|
|
3a00e5 |
3 files changed, 14 insertions(+), 94 deletions(-)
|
|
|
3a00e5 |
|
|
|
3a00e5 |
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
|
|
|
3a00e5 |
index c82ffdc95e300..2a9387a18dffe 100644
|
|
|
3a00e5 |
--- a/iptables/nft-arp.c
|
|
|
3a00e5 |
+++ b/iptables/nft-arp.c
|
|
|
3a00e5 |
@@ -42,78 +42,6 @@ char *arp_opcodes[] =
|
|
|
3a00e5 |
"ARP_NAK",
|
|
|
3a00e5 |
};
|
|
|
3a00e5 |
|
|
|
3a00e5 |
-static char *
|
|
|
3a00e5 |
-addr_to_dotted(const struct in_addr *addrp)
|
|
|
3a00e5 |
-{
|
|
|
3a00e5 |
- static char buf[20];
|
|
|
3a00e5 |
- const unsigned char *bytep;
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
- bytep = (const unsigned char *) &(addrp->s_addr);
|
|
|
3a00e5 |
- sprintf(buf, "%d.%d.%d.%d", bytep[0], bytep[1], bytep[2], bytep[3]);
|
|
|
3a00e5 |
- return buf;
|
|
|
3a00e5 |
-}
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
-static char *
|
|
|
3a00e5 |
-addr_to_host(const struct in_addr *addr)
|
|
|
3a00e5 |
-{
|
|
|
3a00e5 |
- struct hostent *host;
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
- if ((host = gethostbyaddr((char *) addr,
|
|
|
3a00e5 |
- sizeof(struct in_addr), AF_INET)) != NULL)
|
|
|
3a00e5 |
- return (char *) host->h_name;
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
- return (char *) NULL;
|
|
|
3a00e5 |
-}
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
-static char *
|
|
|
3a00e5 |
-addr_to_network(const struct in_addr *addr)
|
|
|
3a00e5 |
-{
|
|
|
3a00e5 |
- struct netent *net;
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
- if ((net = getnetbyaddr((long) ntohl(addr->s_addr), AF_INET)) != NULL)
|
|
|
3a00e5 |
- return (char *) net->n_name;
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
- return (char *) NULL;
|
|
|
3a00e5 |
-}
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
-static char *
|
|
|
3a00e5 |
-addr_to_anyname(const struct in_addr *addr)
|
|
|
3a00e5 |
-{
|
|
|
3a00e5 |
- char *name;
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
- if ((name = addr_to_host(addr)) != NULL ||
|
|
|
3a00e5 |
- (name = addr_to_network(addr)) != NULL)
|
|
|
3a00e5 |
- return name;
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
- return addr_to_dotted(addr);
|
|
|
3a00e5 |
-}
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
-static char *
|
|
|
3a00e5 |
-mask_to_dotted(const struct in_addr *mask)
|
|
|
3a00e5 |
-{
|
|
|
3a00e5 |
- int i;
|
|
|
3a00e5 |
- static char buf[22];
|
|
|
3a00e5 |
- u_int32_t maskaddr, bits;
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
- maskaddr = ntohl(mask->s_addr);
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
- if (maskaddr == 0xFFFFFFFFL)
|
|
|
3a00e5 |
- /* we don't want to see "/32" */
|
|
|
3a00e5 |
- return "";
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
- i = 32;
|
|
|
3a00e5 |
- bits = 0xFFFFFFFEL;
|
|
|
3a00e5 |
- while (--i >= 0 && maskaddr != bits)
|
|
|
3a00e5 |
- bits <<= 1;
|
|
|
3a00e5 |
- if (i >= 0)
|
|
|
3a00e5 |
- sprintf(buf, "/%d", i);
|
|
|
3a00e5 |
- else
|
|
|
3a00e5 |
- /* mask was not a decent combination of 1's and 0's */
|
|
|
3a00e5 |
- snprintf(buf, sizeof(buf), "/%s", addr_to_dotted(mask));
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
- return buf;
|
|
|
3a00e5 |
-}
|
|
|
3a00e5 |
-
|
|
|
3a00e5 |
static bool need_devaddr(struct arpt_devaddr_info *info)
|
|
|
3a00e5 |
{
|
|
|
3a00e5 |
int i;
|
|
|
3a00e5 |
@@ -403,7 +331,6 @@ static void nft_arp_print_rule_details(const struct iptables_command_state *cs,
|
|
|
3a00e5 |
unsigned int format)
|
|
|
3a00e5 |
{
|
|
|
3a00e5 |
const struct arpt_entry *fw = &cs->arp;
|
|
|
3a00e5 |
- char buf[BUFSIZ];
|
|
|
3a00e5 |
char iface[IFNAMSIZ+2];
|
|
|
3a00e5 |
const char *sep = "";
|
|
|
3a00e5 |
int print_iface = 0;
|
|
|
3a00e5 |
@@ -450,15 +377,10 @@ static void nft_arp_print_rule_details(const struct iptables_command_state *cs,
|
|
|
3a00e5 |
}
|
|
|
3a00e5 |
|
|
|
3a00e5 |
if (fw->arp.smsk.s_addr != 0L) {
|
|
|
3a00e5 |
- printf("%s%s", sep, fw->arp.invflags & IPT_INV_SRCIP
|
|
|
3a00e5 |
- ? "! " : "");
|
|
|
3a00e5 |
- if (format & FMT_NUMERIC)
|
|
|
3a00e5 |
- sprintf(buf, "%s", addr_to_dotted(&(fw->arp.src)));
|
|
|
3a00e5 |
- else
|
|
|
3a00e5 |
- sprintf(buf, "%s", addr_to_anyname(&(fw->arp.src)));
|
|
|
3a00e5 |
- strncat(buf, mask_to_dotted(&(fw->arp.smsk)),
|
|
|
3a00e5 |
- sizeof(buf) - strlen(buf) - 1);
|
|
|
3a00e5 |
- printf("-s %s", buf);
|
|
|
3a00e5 |
+ printf("%s%s-s %s", sep,
|
|
|
3a00e5 |
+ fw->arp.invflags & IPT_INV_SRCIP ? "! " : "",
|
|
|
3a00e5 |
+ ipv4_addr_to_string(&fw->arp.src,
|
|
|
3a00e5 |
+ &fw->arp.smsk, format));
|
|
|
3a00e5 |
sep = " ";
|
|
|
3a00e5 |
}
|
|
|
3a00e5 |
|
|
|
3a00e5 |
@@ -476,15 +398,10 @@ static void nft_arp_print_rule_details(const struct iptables_command_state *cs,
|
|
|
3a00e5 |
after_devsrc:
|
|
|
3a00e5 |
|
|
|
3a00e5 |
if (fw->arp.tmsk.s_addr != 0L) {
|
|
|
3a00e5 |
- printf("%s%s", sep, fw->arp.invflags & IPT_INV_DSTIP
|
|
|
3a00e5 |
- ? "! " : "");
|
|
|
3a00e5 |
- if (format & FMT_NUMERIC)
|
|
|
3a00e5 |
- sprintf(buf, "%s", addr_to_dotted(&(fw->arp.tgt)));
|
|
|
3a00e5 |
- else
|
|
|
3a00e5 |
- sprintf(buf, "%s", addr_to_anyname(&(fw->arp.tgt)));
|
|
|
3a00e5 |
- strncat(buf, mask_to_dotted(&(fw->arp.tmsk)),
|
|
|
3a00e5 |
- sizeof(buf) - strlen(buf) - 1);
|
|
|
3a00e5 |
- printf("-d %s", buf);
|
|
|
3a00e5 |
+ printf("%s%s-d %s", sep,
|
|
|
3a00e5 |
+ fw->arp.invflags & IPT_INV_DSTIP ? "! " : "",
|
|
|
3a00e5 |
+ ipv4_addr_to_string(&fw->arp.tgt,
|
|
|
3a00e5 |
+ &fw->arp.tmsk, format));
|
|
|
3a00e5 |
sep = " ";
|
|
|
3a00e5 |
}
|
|
|
3a00e5 |
|
|
|
3a00e5 |
diff --git a/iptables/xshared.c b/iptables/xshared.c
|
|
|
3a00e5 |
index 71f689901e1d4..9a1f465a5a6d3 100644
|
|
|
3a00e5 |
--- a/iptables/xshared.c
|
|
|
3a00e5 |
+++ b/iptables/xshared.c
|
|
|
3a00e5 |
@@ -550,9 +550,9 @@ void debug_print_argv(struct argv_store *store)
|
|
|
3a00e5 |
}
|
|
|
3a00e5 |
#endif
|
|
|
3a00e5 |
|
|
|
3a00e5 |
-static const char *ipv4_addr_to_string(const struct in_addr *addr,
|
|
|
3a00e5 |
- const struct in_addr *mask,
|
|
|
3a00e5 |
- unsigned int format)
|
|
|
3a00e5 |
+const char *ipv4_addr_to_string(const struct in_addr *addr,
|
|
|
3a00e5 |
+ const struct in_addr *mask,
|
|
|
3a00e5 |
+ unsigned int format)
|
|
|
3a00e5 |
{
|
|
|
3a00e5 |
static char buf[BUFSIZ];
|
|
|
3a00e5 |
|
|
|
3a00e5 |
diff --git a/iptables/xshared.h b/iptables/xshared.h
|
|
|
3a00e5 |
index 9159b2b1f3768..1e86aba8b2375 100644
|
|
|
3a00e5 |
--- a/iptables/xshared.h
|
|
|
3a00e5 |
+++ b/iptables/xshared.h
|
|
|
3a00e5 |
@@ -206,6 +206,9 @@ void debug_print_argv(struct argv_store *store);
|
|
|
3a00e5 |
# define debug_print_argv(...) /* nothing */
|
|
|
3a00e5 |
#endif
|
|
|
3a00e5 |
|
|
|
3a00e5 |
+const char *ipv4_addr_to_string(const struct in_addr *addr,
|
|
|
3a00e5 |
+ const struct in_addr *mask,
|
|
|
3a00e5 |
+ unsigned int format);
|
|
|
3a00e5 |
void print_ipv4_addresses(const struct ipt_entry *fw, unsigned int format);
|
|
|
3a00e5 |
void print_ipv6_addresses(const struct ip6t_entry *fw6, unsigned int format);
|
|
|
3a00e5 |
|
|
|
3a00e5 |
--
|
|
|
3a00e5 |
2.31.1
|
|
|
3a00e5 |
|