|
|
43df5c |
From 7c53ed370c79027455b4e342436da507be701e23 Mon Sep 17 00:00:00 2001
|
|
|
43df5c |
From: Phil Sutter <psutter@redhat.com>
|
|
|
43df5c |
Date: Fri, 15 Mar 2019 17:51:28 +0100
|
|
|
43df5c |
Subject: [PATCH] Share print_ipv{4,6}_addr() from xtables
|
|
|
43df5c |
|
|
|
43df5c |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980
|
|
|
43df5c |
Upstream Status: iptables commit 8da04ffdca193
|
|
|
43df5c |
Conflicts:
|
|
|
43df5c |
* Dropped changes to non-existing nft-ipv4.c and nft-ipv6.c.
|
|
|
43df5c |
* Context change in xshared.{c,h}.
|
|
|
43df5c |
|
|
|
43df5c |
commit 8da04ffdca1931402a6bc22c43c1a2fa1c6f1e14
|
|
|
43df5c |
Author: Phil Sutter <phil@nwl.cc>
|
|
|
43df5c |
Date: Wed Sep 19 15:16:59 2018 +0200
|
|
|
43df5c |
|
|
|
43df5c |
Share print_ipv{4,6}_addr() from xtables
|
|
|
43df5c |
|
|
|
43df5c |
These functions contain code which occurs in legacy's print_firewall()
|
|
|
43df5c |
functions, so use them there.
|
|
|
43df5c |
|
|
|
43df5c |
Rename them to at least make clear they print more than a single
|
|
|
43df5c |
address.
|
|
|
43df5c |
|
|
|
43df5c |
Also introduce ipv{4,6}_addr_to_string() which take care of converting
|
|
|
43df5c |
an address/netmask pair into string representation in a way which
|
|
|
43df5c |
doesn't upset covscan (since that didn't detect that 'buf' may not be
|
|
|
43df5c |
exceeded by the strings written into it.
|
|
|
43df5c |
|
|
|
43df5c |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
43df5c |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
43df5c |
|
|
|
43df5c |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
43df5c |
---
|
|
|
43df5c |
iptables/ip6tables.c | 27 +-----------------
|
|
|
43df5c |
iptables/iptables.c | 25 +----------------
|
|
|
43df5c |
iptables/xshared.c | 66 ++++++++++++++++++++++++++++++++++++++++++++
|
|
|
43df5c |
iptables/xshared.h | 3 ++
|
|
|
43df5c |
4 files changed, 71 insertions(+), 50 deletions(-)
|
|
|
43df5c |
|
|
|
43df5c |
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
|
|
|
43df5c |
index 76e36d44f6b25..fc2fd37cfe919 100644
|
|
|
43df5c |
--- a/iptables/ip6tables.c
|
|
|
43df5c |
+++ b/iptables/ip6tables.c
|
|
|
43df5c |
@@ -541,7 +541,6 @@ print_firewall(const struct ip6t_entry *fw,
|
|
|
43df5c |
{
|
|
|
43df5c |
const struct xtables_target *target = NULL;
|
|
|
43df5c |
const struct xt_entry_target *t;
|
|
|
43df5c |
- char buf[BUFSIZ];
|
|
|
43df5c |
|
|
|
43df5c |
if (!ip6tc_is_chain(targname, handle))
|
|
|
43df5c |
target = xtables_find_target(targname, XTF_TRY_LOAD);
|
|
|
43df5c |
@@ -609,31 +608,7 @@ print_firewall(const struct ip6t_entry *fw,
|
|
|
43df5c |
printf(FMT("%-6s ","out %s "), iface);
|
|
|
43df5c |
}
|
|
|
43df5c |
|
|
|
43df5c |
- fputc(fw->ipv6.invflags & IP6T_INV_SRCIP ? '!' : ' ', stdout);
|
|
|
43df5c |
- if (!memcmp(&fw->ipv6.smsk, &in6addr_any, sizeof in6addr_any)
|
|
|
43df5c |
- && !(format & FMT_NUMERIC))
|
|
|
43df5c |
- printf(FMT("%-19s ","%s "), "anywhere");
|
|
|
43df5c |
- else {
|
|
|
43df5c |
- if (format & FMT_NUMERIC)
|
|
|
43df5c |
- strcpy(buf, xtables_ip6addr_to_numeric(&fw->ipv6.src));
|
|
|
43df5c |
- else
|
|
|
43df5c |
- strcpy(buf, xtables_ip6addr_to_anyname(&fw->ipv6.src));
|
|
|
43df5c |
- strcat(buf, xtables_ip6mask_to_numeric(&fw->ipv6.smsk));
|
|
|
43df5c |
- printf(FMT("%-19s ","%s "), buf);
|
|
|
43df5c |
- }
|
|
|
43df5c |
-
|
|
|
43df5c |
- fputc(fw->ipv6.invflags & IP6T_INV_DSTIP ? '!' : ' ', stdout);
|
|
|
43df5c |
- if (!memcmp(&fw->ipv6.dmsk, &in6addr_any, sizeof in6addr_any)
|
|
|
43df5c |
- && !(format & FMT_NUMERIC))
|
|
|
43df5c |
- printf(FMT("%-19s ","-> %s"), "anywhere");
|
|
|
43df5c |
- else {
|
|
|
43df5c |
- if (format & FMT_NUMERIC)
|
|
|
43df5c |
- strcpy(buf, xtables_ip6addr_to_numeric(&fw->ipv6.dst));
|
|
|
43df5c |
- else
|
|
|
43df5c |
- strcpy(buf, xtables_ip6addr_to_anyname(&fw->ipv6.dst));
|
|
|
43df5c |
- strcat(buf, xtables_ip6mask_to_numeric(&fw->ipv6.dmsk));
|
|
|
43df5c |
- printf(FMT("%-19s ","-> %s"), buf);
|
|
|
43df5c |
- }
|
|
|
43df5c |
+ print_ipv6_addresses(fw, format);
|
|
|
43df5c |
|
|
|
43df5c |
if (format & FMT_NOTABLE)
|
|
|
43df5c |
fputs(" ", stdout);
|
|
|
43df5c |
diff --git a/iptables/iptables.c b/iptables/iptables.c
|
|
|
43df5c |
index bac9fe0905e9f..dc70cc6e9b0ec 100644
|
|
|
43df5c |
--- a/iptables/iptables.c
|
|
|
43df5c |
+++ b/iptables/iptables.c
|
|
|
43df5c |
@@ -526,7 +526,6 @@ print_firewall(const struct ipt_entry *fw,
|
|
|
43df5c |
const struct xtables_target *target = NULL;
|
|
|
43df5c |
const struct xt_entry_target *t;
|
|
|
43df5c |
uint8_t flags;
|
|
|
43df5c |
- char buf[BUFSIZ];
|
|
|
43df5c |
|
|
|
43df5c |
if (!iptc_is_chain(targname, handle))
|
|
|
43df5c |
target = xtables_find_target(targname, XTF_TRY_LOAD);
|
|
|
43df5c |
@@ -595,29 +594,7 @@ print_firewall(const struct ipt_entry *fw,
|
|
|
43df5c |
printf(FMT("%-6s ","out %s "), iface);
|
|
|
43df5c |
}
|
|
|
43df5c |
|
|
|
43df5c |
- fputc(fw->ip.invflags & IPT_INV_SRCIP ? '!' : ' ', stdout);
|
|
|
43df5c |
- if (fw->ip.smsk.s_addr == 0L && !(format & FMT_NUMERIC))
|
|
|
43df5c |
- printf(FMT("%-19s ","%s "), "anywhere");
|
|
|
43df5c |
- else {
|
|
|
43df5c |
- if (format & FMT_NUMERIC)
|
|
|
43df5c |
- strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.src));
|
|
|
43df5c |
- else
|
|
|
43df5c |
- strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.src));
|
|
|
43df5c |
- strcat(buf, xtables_ipmask_to_numeric(&fw->ip.smsk));
|
|
|
43df5c |
- printf(FMT("%-19s ","%s "), buf);
|
|
|
43df5c |
- }
|
|
|
43df5c |
-
|
|
|
43df5c |
- fputc(fw->ip.invflags & IPT_INV_DSTIP ? '!' : ' ', stdout);
|
|
|
43df5c |
- if (fw->ip.dmsk.s_addr == 0L && !(format & FMT_NUMERIC))
|
|
|
43df5c |
- printf(FMT("%-19s ","-> %s"), "anywhere");
|
|
|
43df5c |
- else {
|
|
|
43df5c |
- if (format & FMT_NUMERIC)
|
|
|
43df5c |
- strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.dst));
|
|
|
43df5c |
- else
|
|
|
43df5c |
- strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.dst));
|
|
|
43df5c |
- strcat(buf, xtables_ipmask_to_numeric(&fw->ip.dmsk));
|
|
|
43df5c |
- printf(FMT("%-19s ","-> %s"), buf);
|
|
|
43df5c |
- }
|
|
|
43df5c |
+ print_ipv4_addresses(fw, format);
|
|
|
43df5c |
|
|
|
43df5c |
if (format & FMT_NOTABLE)
|
|
|
43df5c |
fputs(" ", stdout);
|
|
|
43df5c |
diff --git a/iptables/xshared.c b/iptables/xshared.c
|
|
|
43df5c |
index b8a81fd968361..742502154aa55 100644
|
|
|
43df5c |
--- a/iptables/xshared.c
|
|
|
43df5c |
+++ b/iptables/xshared.c
|
|
|
43df5c |
@@ -340,3 +340,69 @@ inline bool xs_has_arg(int argc, char *argv[])
|
|
|
43df5c |
argv[optind][0] != '-' &&
|
|
|
43df5c |
argv[optind][0] != '!';
|
|
|
43df5c |
}
|
|
|
43df5c |
+
|
|
|
43df5c |
+static const char *ipv4_addr_to_string(const struct in_addr *addr,
|
|
|
43df5c |
+ const struct in_addr *mask,
|
|
|
43df5c |
+ unsigned int format)
|
|
|
43df5c |
+{
|
|
|
43df5c |
+ static char buf[BUFSIZ];
|
|
|
43df5c |
+
|
|
|
43df5c |
+ if (!mask->s_addr && !(format & FMT_NUMERIC))
|
|
|
43df5c |
+ return "anywhere";
|
|
|
43df5c |
+
|
|
|
43df5c |
+ if (format & FMT_NUMERIC)
|
|
|
43df5c |
+ strncpy(buf, xtables_ipaddr_to_numeric(addr), BUFSIZ - 1);
|
|
|
43df5c |
+ else
|
|
|
43df5c |
+ strncpy(buf, xtables_ipaddr_to_anyname(addr), BUFSIZ - 1);
|
|
|
43df5c |
+ buf[BUFSIZ - 1] = '\0';
|
|
|
43df5c |
+
|
|
|
43df5c |
+ strncat(buf, xtables_ipmask_to_numeric(mask),
|
|
|
43df5c |
+ BUFSIZ - strlen(buf) - 1);
|
|
|
43df5c |
+
|
|
|
43df5c |
+ return buf;
|
|
|
43df5c |
+}
|
|
|
43df5c |
+
|
|
|
43df5c |
+void print_ipv4_addresses(const struct ipt_entry *fw, unsigned int format)
|
|
|
43df5c |
+{
|
|
|
43df5c |
+ fputc(fw->ip.invflags & IPT_INV_SRCIP ? '!' : ' ', stdout);
|
|
|
43df5c |
+ printf(FMT("%-19s ", "%s "),
|
|
|
43df5c |
+ ipv4_addr_to_string(&fw->ip.src, &fw->ip.smsk, format));
|
|
|
43df5c |
+
|
|
|
43df5c |
+ fputc(fw->ip.invflags & IPT_INV_DSTIP ? '!' : ' ', stdout);
|
|
|
43df5c |
+ printf(FMT("%-19s ", "-> %s"),
|
|
|
43df5c |
+ ipv4_addr_to_string(&fw->ip.dst, &fw->ip.dmsk, format));
|
|
|
43df5c |
+}
|
|
|
43df5c |
+
|
|
|
43df5c |
+static const char *ipv6_addr_to_string(const struct in6_addr *addr,
|
|
|
43df5c |
+ const struct in6_addr *mask,
|
|
|
43df5c |
+ unsigned int format)
|
|
|
43df5c |
+{
|
|
|
43df5c |
+ static char buf[BUFSIZ];
|
|
|
43df5c |
+
|
|
|
43df5c |
+ if (IN6_IS_ADDR_UNSPECIFIED(addr) && !(format & FMT_NUMERIC))
|
|
|
43df5c |
+ return "anywhere";
|
|
|
43df5c |
+
|
|
|
43df5c |
+ if (format & FMT_NUMERIC)
|
|
|
43df5c |
+ strncpy(buf, xtables_ip6addr_to_numeric(addr), BUFSIZ - 1);
|
|
|
43df5c |
+ else
|
|
|
43df5c |
+ strncpy(buf, xtables_ip6addr_to_anyname(addr), BUFSIZ - 1);
|
|
|
43df5c |
+ buf[BUFSIZ - 1] = '\0';
|
|
|
43df5c |
+
|
|
|
43df5c |
+ strncat(buf, xtables_ip6mask_to_numeric(mask),
|
|
|
43df5c |
+ BUFSIZ - strlen(buf) - 1);
|
|
|
43df5c |
+
|
|
|
43df5c |
+ return buf;
|
|
|
43df5c |
+}
|
|
|
43df5c |
+
|
|
|
43df5c |
+void print_ipv6_addresses(const struct ip6t_entry *fw6, unsigned int format)
|
|
|
43df5c |
+{
|
|
|
43df5c |
+ fputc(fw6->ipv6.invflags & IP6T_INV_SRCIP ? '!' : ' ', stdout);
|
|
|
43df5c |
+ printf(FMT("%-19s ", "%s "),
|
|
|
43df5c |
+ ipv6_addr_to_string(&fw6->ipv6.src,
|
|
|
43df5c |
+ &fw6->ipv6.smsk, format));
|
|
|
43df5c |
+
|
|
|
43df5c |
+ fputc(fw6->ipv6.invflags & IP6T_INV_DSTIP ? '!' : ' ', stdout);
|
|
|
43df5c |
+ printf(FMT("%-19s ", "-> %s"),
|
|
|
43df5c |
+ ipv6_addr_to_string(&fw6->ipv6.dst,
|
|
|
43df5c |
+ &fw6->ipv6.dmsk, format));
|
|
|
43df5c |
+}
|
|
|
43df5c |
diff --git a/iptables/xshared.h b/iptables/xshared.h
|
|
|
43df5c |
index c35dfee47577d..20dbbd12118ad 100644
|
|
|
43df5c |
--- a/iptables/xshared.h
|
|
|
43df5c |
+++ b/iptables/xshared.h
|
|
|
43df5c |
@@ -113,4 +113,7 @@ bool xs_has_arg(int argc, char *argv[]);
|
|
|
43df5c |
|
|
|
43df5c |
extern const struct xtables_afinfo *afinfo;
|
|
|
43df5c |
|
|
|
43df5c |
+void print_ipv4_addresses(const struct ipt_entry *fw, unsigned int format);
|
|
|
43df5c |
+void print_ipv6_addresses(const struct ip6t_entry *fw6, unsigned int format);
|
|
|
43df5c |
+
|
|
|
43df5c |
#endif /* IPTABLES_XSHARED_H */
|
|
|
43df5c |
--
|
|
|
43df5c |
2.21.0
|
|
|
43df5c |
|