Blame SOURCES/Share-print_ipv-4-6-_addr-from-xtables.patch

43df5c
From 7c53ed370c79027455b4e342436da507be701e23 Mon Sep 17 00:00:00 2001
43df5c
From: Phil Sutter <psutter@redhat.com>
43df5c
Date: Fri, 15 Mar 2019 17:51:28 +0100
43df5c
Subject: [PATCH] Share print_ipv{4,6}_addr() from xtables
43df5c
43df5c
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980
43df5c
Upstream Status: iptables commit 8da04ffdca193
43df5c
Conflicts:
43df5c
* Dropped changes to non-existing nft-ipv4.c and nft-ipv6.c.
43df5c
* Context change in xshared.{c,h}.
43df5c
43df5c
commit 8da04ffdca1931402a6bc22c43c1a2fa1c6f1e14
43df5c
Author: Phil Sutter <phil@nwl.cc>
43df5c
Date:   Wed Sep 19 15:16:59 2018 +0200
43df5c
43df5c
    Share print_ipv{4,6}_addr() from xtables
43df5c
43df5c
    These functions contain code which occurs in legacy's print_firewall()
43df5c
    functions, so use them there.
43df5c
43df5c
    Rename them to at least make clear they print more than a single
43df5c
    address.
43df5c
43df5c
    Also introduce ipv{4,6}_addr_to_string() which take care of converting
43df5c
    an address/netmask pair into string representation in a way which
43df5c
    doesn't upset covscan (since that didn't detect that 'buf' may not be
43df5c
    exceeded by the strings written into it.
43df5c
43df5c
    Signed-off-by: Phil Sutter <phil@nwl.cc>
43df5c
    Signed-off-by: Florian Westphal <fw@strlen.de>
43df5c
43df5c
Signed-off-by: Phil Sutter <psutter@redhat.com>
43df5c
---
43df5c
 iptables/ip6tables.c | 27 +-----------------
43df5c
 iptables/iptables.c  | 25 +----------------
43df5c
 iptables/xshared.c   | 66 ++++++++++++++++++++++++++++++++++++++++++++
43df5c
 iptables/xshared.h   |  3 ++
43df5c
 4 files changed, 71 insertions(+), 50 deletions(-)
43df5c
43df5c
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
43df5c
index 76e36d44f6b25..fc2fd37cfe919 100644
43df5c
--- a/iptables/ip6tables.c
43df5c
+++ b/iptables/ip6tables.c
43df5c
@@ -541,7 +541,6 @@ print_firewall(const struct ip6t_entry *fw,
43df5c
 {
43df5c
 	const struct xtables_target *target = NULL;
43df5c
 	const struct xt_entry_target *t;
43df5c
-	char buf[BUFSIZ];
43df5c
 
43df5c
 	if (!ip6tc_is_chain(targname, handle))
43df5c
 		target = xtables_find_target(targname, XTF_TRY_LOAD);
43df5c
@@ -609,31 +608,7 @@ print_firewall(const struct ip6t_entry *fw,
43df5c
 		printf(FMT("%-6s ","out %s "), iface);
43df5c
 	}
43df5c
 
43df5c
-	fputc(fw->ipv6.invflags & IP6T_INV_SRCIP ? '!' : ' ', stdout);
43df5c
-	if (!memcmp(&fw->ipv6.smsk, &in6addr_any, sizeof in6addr_any)
43df5c
-	    && !(format & FMT_NUMERIC))
43df5c
-		printf(FMT("%-19s ","%s "), "anywhere");
43df5c
-	else {
43df5c
-		if (format & FMT_NUMERIC)
43df5c
-			strcpy(buf, xtables_ip6addr_to_numeric(&fw->ipv6.src));
43df5c
-		else
43df5c
-			strcpy(buf, xtables_ip6addr_to_anyname(&fw->ipv6.src));
43df5c
-		strcat(buf, xtables_ip6mask_to_numeric(&fw->ipv6.smsk));
43df5c
-		printf(FMT("%-19s ","%s "), buf);
43df5c
-	}
43df5c
-
43df5c
-	fputc(fw->ipv6.invflags & IP6T_INV_DSTIP ? '!' : ' ', stdout);
43df5c
-	if (!memcmp(&fw->ipv6.dmsk, &in6addr_any, sizeof in6addr_any)
43df5c
-	    && !(format & FMT_NUMERIC))
43df5c
-		printf(FMT("%-19s ","-> %s"), "anywhere");
43df5c
-	else {
43df5c
-		if (format & FMT_NUMERIC)
43df5c
-			strcpy(buf, xtables_ip6addr_to_numeric(&fw->ipv6.dst));
43df5c
-		else
43df5c
-			strcpy(buf, xtables_ip6addr_to_anyname(&fw->ipv6.dst));
43df5c
-		strcat(buf, xtables_ip6mask_to_numeric(&fw->ipv6.dmsk));
43df5c
-		printf(FMT("%-19s ","-> %s"), buf);
43df5c
-	}
43df5c
+	print_ipv6_addresses(fw, format);
43df5c
 
43df5c
 	if (format & FMT_NOTABLE)
43df5c
 		fputs("  ", stdout);
43df5c
diff --git a/iptables/iptables.c b/iptables/iptables.c
43df5c
index bac9fe0905e9f..dc70cc6e9b0ec 100644
43df5c
--- a/iptables/iptables.c
43df5c
+++ b/iptables/iptables.c
43df5c
@@ -526,7 +526,6 @@ print_firewall(const struct ipt_entry *fw,
43df5c
 	const struct xtables_target *target = NULL;
43df5c
 	const struct xt_entry_target *t;
43df5c
 	uint8_t flags;
43df5c
-	char buf[BUFSIZ];
43df5c
 
43df5c
 	if (!iptc_is_chain(targname, handle))
43df5c
 		target = xtables_find_target(targname, XTF_TRY_LOAD);
43df5c
@@ -595,29 +594,7 @@ print_firewall(const struct ipt_entry *fw,
43df5c
 		printf(FMT("%-6s ","out %s "), iface);
43df5c
 	}
43df5c
 
43df5c
-	fputc(fw->ip.invflags & IPT_INV_SRCIP ? '!' : ' ', stdout);
43df5c
-	if (fw->ip.smsk.s_addr == 0L && !(format & FMT_NUMERIC))
43df5c
-		printf(FMT("%-19s ","%s "), "anywhere");
43df5c
-	else {
43df5c
-		if (format & FMT_NUMERIC)
43df5c
-			strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.src));
43df5c
-		else
43df5c
-			strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.src));
43df5c
-		strcat(buf, xtables_ipmask_to_numeric(&fw->ip.smsk));
43df5c
-		printf(FMT("%-19s ","%s "), buf);
43df5c
-	}
43df5c
-
43df5c
-	fputc(fw->ip.invflags & IPT_INV_DSTIP ? '!' : ' ', stdout);
43df5c
-	if (fw->ip.dmsk.s_addr == 0L && !(format & FMT_NUMERIC))
43df5c
-		printf(FMT("%-19s ","-> %s"), "anywhere");
43df5c
-	else {
43df5c
-		if (format & FMT_NUMERIC)
43df5c
-			strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.dst));
43df5c
-		else
43df5c
-			strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.dst));
43df5c
-		strcat(buf, xtables_ipmask_to_numeric(&fw->ip.dmsk));
43df5c
-		printf(FMT("%-19s ","-> %s"), buf);
43df5c
-	}
43df5c
+	print_ipv4_addresses(fw, format);
43df5c
 
43df5c
 	if (format & FMT_NOTABLE)
43df5c
 		fputs("  ", stdout);
43df5c
diff --git a/iptables/xshared.c b/iptables/xshared.c
43df5c
index b8a81fd968361..742502154aa55 100644
43df5c
--- a/iptables/xshared.c
43df5c
+++ b/iptables/xshared.c
43df5c
@@ -340,3 +340,69 @@ inline bool xs_has_arg(int argc, char *argv[])
43df5c
 	       argv[optind][0] != '-' &&
43df5c
 	       argv[optind][0] != '!';
43df5c
 }
43df5c
+
43df5c
+static const char *ipv4_addr_to_string(const struct in_addr *addr,
43df5c
+				       const struct in_addr *mask,
43df5c
+				       unsigned int format)
43df5c
+{
43df5c
+	static char buf[BUFSIZ];
43df5c
+
43df5c
+	if (!mask->s_addr && !(format & FMT_NUMERIC))
43df5c
+		return "anywhere";
43df5c
+
43df5c
+	if (format & FMT_NUMERIC)
43df5c
+		strncpy(buf, xtables_ipaddr_to_numeric(addr), BUFSIZ - 1);
43df5c
+	else
43df5c
+		strncpy(buf, xtables_ipaddr_to_anyname(addr), BUFSIZ - 1);
43df5c
+	buf[BUFSIZ - 1] = '\0';
43df5c
+
43df5c
+	strncat(buf, xtables_ipmask_to_numeric(mask),
43df5c
+		BUFSIZ - strlen(buf) - 1);
43df5c
+
43df5c
+	return buf;
43df5c
+}
43df5c
+
43df5c
+void print_ipv4_addresses(const struct ipt_entry *fw, unsigned int format)
43df5c
+{
43df5c
+	fputc(fw->ip.invflags & IPT_INV_SRCIP ? '!' : ' ', stdout);
43df5c
+	printf(FMT("%-19s ", "%s "),
43df5c
+	       ipv4_addr_to_string(&fw->ip.src, &fw->ip.smsk, format));
43df5c
+
43df5c
+	fputc(fw->ip.invflags & IPT_INV_DSTIP ? '!' : ' ', stdout);
43df5c
+	printf(FMT("%-19s ", "-> %s"),
43df5c
+	       ipv4_addr_to_string(&fw->ip.dst, &fw->ip.dmsk, format));
43df5c
+}
43df5c
+
43df5c
+static const char *ipv6_addr_to_string(const struct in6_addr *addr,
43df5c
+				       const struct in6_addr *mask,
43df5c
+				       unsigned int format)
43df5c
+{
43df5c
+	static char buf[BUFSIZ];
43df5c
+
43df5c
+	if (IN6_IS_ADDR_UNSPECIFIED(addr) && !(format & FMT_NUMERIC))
43df5c
+		return "anywhere";
43df5c
+
43df5c
+	if (format & FMT_NUMERIC)
43df5c
+		strncpy(buf, xtables_ip6addr_to_numeric(addr), BUFSIZ - 1);
43df5c
+	else
43df5c
+		strncpy(buf, xtables_ip6addr_to_anyname(addr), BUFSIZ - 1);
43df5c
+	buf[BUFSIZ - 1] = '\0';
43df5c
+
43df5c
+	strncat(buf, xtables_ip6mask_to_numeric(mask),
43df5c
+		BUFSIZ - strlen(buf) - 1);
43df5c
+
43df5c
+	return buf;
43df5c
+}
43df5c
+
43df5c
+void print_ipv6_addresses(const struct ip6t_entry *fw6, unsigned int format)
43df5c
+{
43df5c
+	fputc(fw6->ipv6.invflags & IP6T_INV_SRCIP ? '!' : ' ', stdout);
43df5c
+	printf(FMT("%-19s ", "%s "),
43df5c
+	       ipv6_addr_to_string(&fw6->ipv6.src,
43df5c
+				   &fw6->ipv6.smsk, format));
43df5c
+
43df5c
+	fputc(fw6->ipv6.invflags & IP6T_INV_DSTIP ? '!' : ' ', stdout);
43df5c
+	printf(FMT("%-19s ", "-> %s"),
43df5c
+	       ipv6_addr_to_string(&fw6->ipv6.dst,
43df5c
+				   &fw6->ipv6.dmsk, format));
43df5c
+}
43df5c
diff --git a/iptables/xshared.h b/iptables/xshared.h
43df5c
index c35dfee47577d..20dbbd12118ad 100644
43df5c
--- a/iptables/xshared.h
43df5c
+++ b/iptables/xshared.h
43df5c
@@ -113,4 +113,7 @@ bool xs_has_arg(int argc, char *argv[]);
43df5c
 
43df5c
 extern const struct xtables_afinfo *afinfo;
43df5c
 
43df5c
+void print_ipv4_addresses(const struct ipt_entry *fw, unsigned int format);
43df5c
+void print_ipv6_addresses(const struct ip6t_entry *fw6, unsigned int format);
43df5c
+
43df5c
 #endif /* IPTABLES_XSHARED_H */
43df5c
-- 
43df5c
2.21.0
43df5c