|
 |
ec5e2e |
From 201fd565a1ce44b4af11ce9f245b2fa77c026fed Mon Sep 17 00:00:00 2001
|
|
|
ec5e2e |
From: Phil Sutter <phil@nwl.cc>
|
|
|
ec5e2e |
Date: Tue, 27 Apr 2021 10:02:34 +0200
|
|
|
ec5e2e |
Subject: [PATCH] nft-arp: Make use of ipv4_addr_to_string()
|
|
|
ec5e2e |
|
|
|
ec5e2e |
This eliminates quite a bit of redundant code apart from also dropping
|
|
|
ec5e2e |
use of obsolete function gethostbyaddr().
|
|
|
ec5e2e |
|
|
|
ec5e2e |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
ec5e2e |
(cherry picked from commit 1e984079817a3c804eae25dea937d63d18c57a6c)
|
|
|
ec5e2e |
---
|
|
|
ec5e2e |
iptables/nft-arp.c | 99 ++++------------------------------------------
|
|
|
ec5e2e |
iptables/xshared.c | 6 +--
|
|
|
ec5e2e |
iptables/xshared.h | 3 ++
|
|
|
ec5e2e |
3 files changed, 14 insertions(+), 94 deletions(-)
|
|
|
ec5e2e |
|
|
|
ec5e2e |
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
|
|
|
ec5e2e |
index ec8147dd58c0d..7c61c31a13c40 100644
|
|
|
ec5e2e |
--- a/iptables/nft-arp.c
|
|
|
ec5e2e |
+++ b/iptables/nft-arp.c
|
|
|
ec5e2e |
@@ -42,78 +42,6 @@ char *arp_opcodes[] =
|
|
|
ec5e2e |
"ARP_NAK",
|
|
|
ec5e2e |
};
|
|
|
ec5e2e |
|
|
|
ec5e2e |
-static char *
|
|
|
ec5e2e |
-addr_to_dotted(const struct in_addr *addrp)
|
|
|
ec5e2e |
-{
|
|
|
ec5e2e |
- static char buf[20];
|
|
|
ec5e2e |
- const unsigned char *bytep;
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
- bytep = (const unsigned char *) &(addrp->s_addr);
|
|
|
ec5e2e |
- sprintf(buf, "%d.%d.%d.%d", bytep[0], bytep[1], bytep[2], bytep[3]);
|
|
|
ec5e2e |
- return buf;
|
|
|
ec5e2e |
-}
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
-static char *
|
|
|
ec5e2e |
-addr_to_host(const struct in_addr *addr)
|
|
|
ec5e2e |
-{
|
|
|
ec5e2e |
- struct hostent *host;
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
- if ((host = gethostbyaddr((char *) addr,
|
|
|
ec5e2e |
- sizeof(struct in_addr), AF_INET)) != NULL)
|
|
|
ec5e2e |
- return (char *) host->h_name;
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
- return (char *) NULL;
|
|
|
ec5e2e |
-}
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
-static char *
|
|
|
ec5e2e |
-addr_to_network(const struct in_addr *addr)
|
|
|
ec5e2e |
-{
|
|
|
ec5e2e |
- struct netent *net;
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
- if ((net = getnetbyaddr((long) ntohl(addr->s_addr), AF_INET)) != NULL)
|
|
|
ec5e2e |
- return (char *) net->n_name;
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
- return (char *) NULL;
|
|
|
ec5e2e |
-}
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
-static char *
|
|
|
ec5e2e |
-addr_to_anyname(const struct in_addr *addr)
|
|
|
ec5e2e |
-{
|
|
|
ec5e2e |
- char *name;
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
- if ((name = addr_to_host(addr)) != NULL ||
|
|
|
ec5e2e |
- (name = addr_to_network(addr)) != NULL)
|
|
|
ec5e2e |
- return name;
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
- return addr_to_dotted(addr);
|
|
|
ec5e2e |
-}
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
-static char *
|
|
|
ec5e2e |
-mask_to_dotted(const struct in_addr *mask)
|
|
|
ec5e2e |
-{
|
|
|
ec5e2e |
- int i;
|
|
|
ec5e2e |
- static char buf[22];
|
|
|
ec5e2e |
- u_int32_t maskaddr, bits;
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
- maskaddr = ntohl(mask->s_addr);
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
- if (maskaddr == 0xFFFFFFFFL)
|
|
|
ec5e2e |
- /* we don't want to see "/32" */
|
|
|
ec5e2e |
- return "";
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
- i = 32;
|
|
|
ec5e2e |
- bits = 0xFFFFFFFEL;
|
|
|
ec5e2e |
- while (--i >= 0 && maskaddr != bits)
|
|
|
ec5e2e |
- bits <<= 1;
|
|
|
ec5e2e |
- if (i >= 0)
|
|
|
ec5e2e |
- sprintf(buf, "/%d", i);
|
|
|
ec5e2e |
- else
|
|
|
ec5e2e |
- /* mask was not a decent combination of 1's and 0's */
|
|
|
ec5e2e |
- snprintf(buf, sizeof(buf), "/%s", addr_to_dotted(mask));
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
- return buf;
|
|
|
ec5e2e |
-}
|
|
|
ec5e2e |
-
|
|
|
ec5e2e |
static bool need_devaddr(struct arpt_devaddr_info *info)
|
|
|
ec5e2e |
{
|
|
|
ec5e2e |
int i;
|
|
|
ec5e2e |
@@ -403,7 +331,6 @@ static void nft_arp_print_rule_details(const struct iptables_command_state *cs,
|
|
|
ec5e2e |
unsigned int format)
|
|
|
ec5e2e |
{
|
|
|
ec5e2e |
const struct arpt_entry *fw = &cs->arp;
|
|
|
ec5e2e |
- char buf[BUFSIZ];
|
|
|
ec5e2e |
char iface[IFNAMSIZ+2];
|
|
|
ec5e2e |
const char *sep = "";
|
|
|
ec5e2e |
int print_iface = 0;
|
|
|
ec5e2e |
@@ -450,15 +377,10 @@ static void nft_arp_print_rule_details(const struct iptables_command_state *cs,
|
|
|
ec5e2e |
}
|
|
|
ec5e2e |
|
|
|
ec5e2e |
if (fw->arp.smsk.s_addr != 0L) {
|
|
|
ec5e2e |
- printf("%s%s", sep, fw->arp.invflags & IPT_INV_SRCIP
|
|
|
ec5e2e |
- ? "! " : "");
|
|
|
ec5e2e |
- if (format & FMT_NUMERIC)
|
|
|
ec5e2e |
- sprintf(buf, "%s", addr_to_dotted(&(fw->arp.src)));
|
|
|
ec5e2e |
- else
|
|
|
ec5e2e |
- sprintf(buf, "%s", addr_to_anyname(&(fw->arp.src)));
|
|
|
ec5e2e |
- strncat(buf, mask_to_dotted(&(fw->arp.smsk)),
|
|
|
ec5e2e |
- sizeof(buf) - strlen(buf) - 1);
|
|
|
ec5e2e |
- printf("-s %s", buf);
|
|
|
ec5e2e |
+ printf("%s%s-s %s", sep,
|
|
|
ec5e2e |
+ fw->arp.invflags & IPT_INV_SRCIP ? "! " : "",
|
|
|
ec5e2e |
+ ipv4_addr_to_string(&fw->arp.src,
|
|
|
ec5e2e |
+ &fw->arp.smsk, format));
|
|
|
ec5e2e |
sep = " ";
|
|
|
ec5e2e |
}
|
|
|
ec5e2e |
|
|
|
ec5e2e |
@@ -476,15 +398,10 @@ static void nft_arp_print_rule_details(const struct iptables_command_state *cs,
|
|
|
ec5e2e |
after_devsrc:
|
|
|
ec5e2e |
|
|
|
ec5e2e |
if (fw->arp.tmsk.s_addr != 0L) {
|
|
|
ec5e2e |
- printf("%s%s", sep, fw->arp.invflags & IPT_INV_DSTIP
|
|
|
ec5e2e |
- ? "! " : "");
|
|
|
ec5e2e |
- if (format & FMT_NUMERIC)
|
|
|
ec5e2e |
- sprintf(buf, "%s", addr_to_dotted(&(fw->arp.tgt)));
|
|
|
ec5e2e |
- else
|
|
|
ec5e2e |
- sprintf(buf, "%s", addr_to_anyname(&(fw->arp.tgt)));
|
|
|
ec5e2e |
- strncat(buf, mask_to_dotted(&(fw->arp.tmsk)),
|
|
|
ec5e2e |
- sizeof(buf) - strlen(buf) - 1);
|
|
|
ec5e2e |
- printf("-d %s", buf);
|
|
|
ec5e2e |
+ printf("%s%s-d %s", sep,
|
|
|
ec5e2e |
+ fw->arp.invflags & IPT_INV_DSTIP ? "! " : "",
|
|
|
ec5e2e |
+ ipv4_addr_to_string(&fw->arp.tgt,
|
|
|
ec5e2e |
+ &fw->arp.tmsk, format));
|
|
|
ec5e2e |
sep = " ";
|
|
|
ec5e2e |
}
|
|
|
ec5e2e |
|
|
|
ec5e2e |
diff --git a/iptables/xshared.c b/iptables/xshared.c
|
|
|
ec5e2e |
index 16c58914e59a5..e3c8072b5ca96 100644
|
|
|
ec5e2e |
--- a/iptables/xshared.c
|
|
|
ec5e2e |
+++ b/iptables/xshared.c
|
|
|
ec5e2e |
@@ -546,9 +546,9 @@ void debug_print_argv(struct argv_store *store)
|
|
|
ec5e2e |
}
|
|
|
ec5e2e |
#endif
|
|
|
ec5e2e |
|
|
|
ec5e2e |
-static const char *ipv4_addr_to_string(const struct in_addr *addr,
|
|
|
ec5e2e |
- const struct in_addr *mask,
|
|
|
ec5e2e |
- unsigned int format)
|
|
|
ec5e2e |
+const char *ipv4_addr_to_string(const struct in_addr *addr,
|
|
|
ec5e2e |
+ const struct in_addr *mask,
|
|
|
ec5e2e |
+ unsigned int format)
|
|
|
ec5e2e |
{
|
|
|
ec5e2e |
static char buf[BUFSIZ];
|
|
|
ec5e2e |
|
|
|
ec5e2e |
diff --git a/iptables/xshared.h b/iptables/xshared.h
|
|
|
ec5e2e |
index 490b19ade5106..e4015c00e2a35 100644
|
|
|
ec5e2e |
--- a/iptables/xshared.h
|
|
|
ec5e2e |
+++ b/iptables/xshared.h
|
|
|
ec5e2e |
@@ -200,6 +200,9 @@ void debug_print_argv(struct argv_store *store);
|
|
|
ec5e2e |
# define debug_print_argv(...) /* nothing */
|
|
|
ec5e2e |
#endif
|
|
|
ec5e2e |
|
|
|
ec5e2e |
+const char *ipv4_addr_to_string(const struct in_addr *addr,
|
|
|
ec5e2e |
+ const struct in_addr *mask,
|
|
|
ec5e2e |
+ unsigned int format);
|
|
|
ec5e2e |
void print_ipv4_addresses(const struct ipt_entry *fw, unsigned int format);
|
|
|
ec5e2e |
void print_ipv6_addresses(const struct ip6t_entry *fw6, unsigned int format);
|
|
|
ec5e2e |
|
|
|
ec5e2e |
--
|
|
|
ec5e2e |
2.31.1
|
|
|
ec5e2e |
|