Move a few functions from iptables.c/ip6tables.c to xtables.c
so they are available for combined (both AF_INET and AF_INET6)
libxt modules. Rename overlapping function names.
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
---
extensions/libipt_DNAT.c | 4 -
extensions/libipt_NETMAP.c | 4 -
extensions/libipt_SAME.c | 8 +-
extensions/libipt_SNAT.c | 4 -
extensions/libipt_policy.c | 8 +-
extensions/libxt_conntrack.c | 7 +-
include/iptables.h | 3
include/xtables.h | 8 ++
ip6tables.c | 91 ++------------------------
iptables.c | 84 +-----------------------
xtables.c | 148 +++++++++++++++++++++++++++++++++++++++++++
11 files changed, 190 insertions(+), 179 deletions(-)
Index: iptables-modules/extensions/libipt_DNAT.c
===================================================================
--- iptables-modules.orig/extensions/libipt_DNAT.c
+++ iptables-modules/extensions/libipt_DNAT.c
@@ -198,10 +198,10 @@ static void print_range(const struct ip_
struct in_addr a;
a.s_addr = r->min_ip;
- printf("%s", addr_to_dotted(&a));
+ printf("%s", ipaddr_to_numeric(&a));
if (r->max_ip != r->min_ip) {
a.s_addr = r->max_ip;
- printf("-%s", addr_to_dotted(&a));
+ printf("-%s", ipaddr_to_numeric(&a));
}
}
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
Index: iptables-modules/extensions/libipt_NETMAP.c
===================================================================
--- iptables-modules.orig/extensions/libipt_NETMAP.c
+++ iptables-modules/extensions/libipt_NETMAP.c
@@ -154,11 +154,11 @@ static void NETMAP_print(const void *ip,
int bits;
a.s_addr = r->min_ip;
- printf("%s", addr_to_dotted(&a));
+ printf("%s", ipaddr_to_numeric(&a));
a.s_addr = ~(r->min_ip ^ r->max_ip);
bits = netmask2bits(a.s_addr);
if (bits < 0)
- printf("/%s", addr_to_dotted(&a));
+ printf("/%s", ipaddr_to_numeric(&a));
else
printf("/%d", bits);
}
Index: iptables-modules/extensions/libipt_SAME.c
===================================================================
--- iptables-modules.orig/extensions/libipt_SAME.c
+++ iptables-modules/extensions/libipt_SAME.c
@@ -159,13 +159,13 @@ static void SAME_print(const void *ip, c
a.s_addr = r->min_ip;
- printf("%s", addr_to_dotted(&a));
+ printf("%s", ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
if (r->min_ip == r->max_ip)
printf(" ");
else
- printf("-%s ", addr_to_dotted(&a));
+ printf("-%s ", ipaddr_to_numeric(&a));
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
random = 1;
}
@@ -190,13 +190,13 @@ static void SAME_save(const void *ip, co
struct in_addr a;
a.s_addr = r->min_ip;
- printf("--to %s", addr_to_dotted(&a));
+ printf("--to %s", ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
if (r->min_ip == r->max_ip)
printf(" ");
else
- printf("-%s ", addr_to_dotted(&a));
+ printf("-%s ", ipaddr_to_numeric(&a));
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
random = 1;
}
Index: iptables-modules/extensions/libipt_SNAT.c
===================================================================
--- iptables-modules.orig/extensions/libipt_SNAT.c
+++ iptables-modules/extensions/libipt_SNAT.c
@@ -199,10 +199,10 @@ static void print_range(const struct ip_
struct in_addr a;
a.s_addr = r->min_ip;
- printf("%s", addr_to_dotted(&a));
+ printf("%s", ipaddr_to_numeric(&a));
if (r->max_ip != r->min_ip) {
a.s_addr = r->max_ip;
- printf("-%s", addr_to_dotted(&a));
+ printf("-%s", ipaddr_to_numeric(&a));
}
}
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
Index: iptables-modules/extensions/libipt_policy.c
===================================================================
--- iptables-modules.orig/extensions/libipt_policy.c
+++ iptables-modules/extensions/libipt_policy.c
@@ -353,14 +353,14 @@ static void print_entry(char *prefix, co
if (e->match.daddr) {
PRINT_INVERT(e->invert.daddr);
printf("%stunnel-dst %s%s ", prefix,
- addr_to_dotted((struct in_addr *)&e->daddr),
- mask_to_dotted((struct in_addr *)&e->dmask));
+ ipaddr_to_numeric((const void *)&e->daddr),
+ ipmask_to_numeric((const void *)&e->dmask));
}
if (e->match.saddr) {
PRINT_INVERT(e->invert.saddr);
printf("%stunnel-src %s%s ", prefix,
- addr_to_dotted((struct in_addr *)&e->saddr),
- mask_to_dotted((struct in_addr *)&e->smask));
+ ipaddr_to_numeric((const void *)&e->saddr),
+ ipmask_to_numeric((const void *)&e->smask));
}
}
Index: iptables-modules/extensions/libxt_conntrack.c
===================================================================
--- iptables-modules.orig/extensions/libxt_conntrack.c
+++ iptables-modules/extensions/libxt_conntrack.c
@@ -9,6 +9,7 @@
#include <stdlib.h>
#include <string.h>
#include <iptables.h>
+#include <xtables.h>
#include <linux/netfilter.h>
#include <linux/netfilter/xt_conntrack.h>
#include <linux/netfilter/nf_conntrack_common.h>
@@ -391,10 +392,10 @@ print_addr(struct in_addr *addr, struct
printf("%s ", "anywhere");
else {
if (numeric)
- sprintf(buf, "%s", addr_to_dotted(addr));
+ sprintf(buf, "%s", ipaddr_to_numeric(addr));
else
- sprintf(buf, "%s", addr_to_anyname(addr));
- strcat(buf, mask_to_dotted(mask));
+ sprintf(buf, "%s", ipaddr_to_anyname(addr));
+ strcat(buf, ipmask_to_numeric(mask));
printf("%s ", buf);
}
}
Index: iptables-modules/include/iptables.h
===================================================================
--- iptables-modules.orig/include/iptables.h
+++ iptables-modules/include/iptables.h
@@ -26,9 +26,6 @@ extern void register_target(struct iptab
extern struct in_addr *dotted_to_addr(const char *dotted);
extern struct in_addr *dotted_to_mask(const char *dotted);
-extern char *addr_to_dotted(const struct in_addr *addrp);
-extern char *addr_to_anyname(const struct in_addr *addr);
-extern char *mask_to_dotted(const struct in_addr *mask);
extern void parse_hostnetworkmask(const char *name, struct in_addr **addrpp,
struct in_addr *maskp, unsigned int *naddrs);
Index: iptables-modules/include/xtables.h
===================================================================
--- iptables-modules.orig/include/xtables.h
+++ iptables-modules/include/xtables.h
@@ -236,6 +236,14 @@ void exit_error(enum exittype, const cha
extern void param_act(unsigned int, const char *, ...);
extern const char *program_name, *program_version;
+extern const char *ipaddr_to_numeric(const struct in_addr *);
+extern const char *ipaddr_to_anyname(const struct in_addr *);
+extern const char *ipmask_to_numeric(const struct in_addr *);
+
+extern const char *ip6addr_to_numeric(const struct in6_addr *);
+extern const char *ip6addr_to_anyname(const struct in6_addr *);
+extern const char *ip6mask_to_numeric(const struct in6_addr *);
+
#define _init __attribute__((constructor)) my_init
#ifdef NO_SHARED_LIBS
# ifdef _INIT
Index: iptables-modules/ip6tables.c
===================================================================
--- iptables-modules.orig/ip6tables.c
+++ iptables-modules/ip6tables.c
@@ -250,13 +250,6 @@ proto_to_name(u_int8_t proto, int nolook
return NULL;
}
-static void
-in6addrcpy(struct in6_addr *dst, struct in6_addr *src)
-{
- memcpy(dst, src, sizeof(struct in6_addr));
- /* dst->s6_addr = src->s6_addr; */
-}
-
static void free_opts(int reset_offset)
{
if (opts != original_opts) {
@@ -466,15 +459,6 @@ check_inverse(const char option[], int *
return FALSE;
}
-static char *
-addr_to_numeric(const struct in6_addr *addrp)
-{
- /* 0000:0000:0000:0000:0000:000.000.000.000
- * 0000:0000:0000:0000:0000:0000:0000:0000 */
- static char buf[50+1];
- return (char *)inet_ntop(AF_INET6, addrp, buf, sizeof(buf));
-}
-
static struct in6_addr *
numeric_to_addr(const char *num)
{
@@ -521,8 +505,8 @@ host_to_addr(const char *name, unsigned
#endif
/* Get the first element of the address-chain */
addr = fw_calloc(1, sizeof(struct in6_addr));
- in6addrcpy(addr, (struct in6_addr *)
- &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr);
+ memcpy(addr, &((const struct sockaddr_in6 *)res->ai_addr)->sin6_addr,
+ sizeof(struct in6_addr));
freeaddrinfo(res);
*naddr = 1;
return addr;
@@ -531,50 +515,6 @@ host_to_addr(const char *name, unsigned
return (struct in6_addr *) NULL;
}
-static char *
-addr_to_host(const struct in6_addr *addr)
-{
- struct sockaddr_in6 saddr;
- int err;
- static char hostname[NI_MAXHOST];
-
- memset(&saddr, 0, sizeof(struct sockaddr_in6));
- in6addrcpy(&(saddr.sin6_addr),(struct in6_addr *)addr);
- saddr.sin6_family = AF_INET6;
-
- if ( (err=getnameinfo((struct sockaddr *)&saddr,
- sizeof(struct sockaddr_in6),
- hostname, sizeof(hostname)-1,
- NULL, 0, 0)) != 0 ){
-#ifdef DEBUG
- fprintf(stderr,"IP2Name: %s\n",gai_strerror(err));
-#endif
- return (char *) NULL;
- } else {
-#ifdef DEBUG
- fprintf (stderr, "\naddr2host: %s\n", hostname);
-#endif
-
- return hostname;
- }
-
- return (char *) NULL;
-}
-
-static char *
-mask_to_numeric(const struct in6_addr *addrp)
-{
- static char buf[50+2];
- int l = ipv6_prefix_length(addrp);
- if (l == -1) {
- strcpy(buf, "/");
- strcat(buf, addr_to_numeric(addrp));
- return buf;
- }
- sprintf(buf, "/%d", l);
- return buf;
-}
-
static struct in6_addr *
network_to_addr(const char *name)
{
@@ -584,17 +524,6 @@ network_to_addr(const char *name)
return (struct in6_addr *)NULL;
}
-static char *
-addr_to_anyname(const struct in6_addr *addr)
-{
- char *name;
-
- if ((name = addr_to_host(addr)) != NULL)
- return name;
-
- return addr_to_numeric(addr);
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
@@ -612,7 +541,7 @@ parse_hostnetwork(const char *name, unsi
if ((addrptmp = numeric_to_addr(name)) != NULL ||
(addrptmp = network_to_addr(name)) != NULL) {
addrp = fw_malloc(sizeof(struct in6_addr));
- in6addrcpy(addrp, addrptmp);
+ memcpy(addrp, addrptmp, sizeof(*addrp));
*naddrs = 1;
return addrp;
}
@@ -667,7 +596,7 @@ parse_hostnetworkmask(const char *name,
addrp = parse_mask(p + 1);
} else
addrp = parse_mask(NULL);
- in6addrcpy(maskp, addrp);
+ memcpy(maskp, addrp, sizeof(*maskp));
/* if a null mask is given, the name is ignored, like in "any/0" */
if (!memcmp(maskp, &in6addr_any, sizeof(in6addr_any)))
@@ -1029,10 +958,10 @@ print_firewall(const struct ip6t_entry *
printf(FMT("%-19s ","%s "), "anywhere");
else {
if (format & FMT_NUMERIC)
- sprintf(buf, "%s", addr_to_numeric(&(fw->ipv6.src)));
+ sprintf(buf, "%s", ip6addr_to_numeric(&fw->ipv6.src));
else
- sprintf(buf, "%s", addr_to_anyname(&(fw->ipv6.src)));
- strcat(buf, mask_to_numeric(&(fw->ipv6.smsk)));
+ sprintf(buf, "%s", ip6addr_to_anyname(&fw->ipv6.src));
+ strcat(buf, ip6mask_to_numeric(&fw->ipv6.smsk));
printf(FMT("%-19s ","%s "), buf);
}
@@ -1042,10 +971,10 @@ print_firewall(const struct ip6t_entry *
printf(FMT("%-19s","-> %s"), "anywhere");
else {
if (format & FMT_NUMERIC)
- sprintf(buf, "%s", addr_to_numeric(&(fw->ipv6.dst)));
+ sprintf(buf, "%s", ip6addr_to_numeric(&fw->ipv6.dst));
else
- sprintf(buf, "%s", addr_to_anyname(&(fw->ipv6.dst)));
- strcat(buf, mask_to_numeric(&(fw->ipv6.dmsk)));
+ sprintf(buf, "%s", ip6addr_to_anyname(&fw->ipv6.dst));
+ strcat(buf, ip6mask_to_numeric(&fw->ipv6.dmsk));
printf(FMT("%-19s","-> %s"), buf);
}
Index: iptables-modules/iptables.c
===================================================================
--- iptables-modules.orig/iptables.c
+++ iptables-modules/iptables.c
@@ -575,18 +575,6 @@ host_to_addr(const char *name, unsigned
return (struct in_addr *) NULL;
}
-static char *
-addr_to_host(const struct in_addr *addr)
-{
- struct hostent *host;
-
- if ((host = gethostbyaddr((char *) addr,
- sizeof(struct in_addr), AF_INET)) != NULL)
- return (char *) host->h_name;
-
- return (char *) NULL;
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
@@ -765,66 +753,6 @@ parse_target(const char *targetname)
return targetname;
}
-static char *
-addr_to_network(const struct in_addr *addr)
-{
- struct netent *net;
-
- if ((net = getnetbyaddr((long) ntohl(addr->s_addr), AF_INET)) != NULL)
- return (char *) net->n_name;
-
- return (char *) NULL;
-}
-
-char *
-addr_to_dotted(const struct in_addr *addrp)
-{
- static char buf[20];
- const unsigned char *bytep;
-
- bytep = (const unsigned char *) &(addrp->s_addr);
- sprintf(buf, "%d.%d.%d.%d", bytep[0], bytep[1], bytep[2], bytep[3]);
- return buf;
-}
-
-char *
-addr_to_anyname(const struct in_addr *addr)
-{
- char *name;
-
- if ((name = addr_to_host(addr)) != NULL ||
- (name = addr_to_network(addr)) != NULL)
- return name;
-
- return addr_to_dotted(addr);
-}
-
-char *
-mask_to_dotted(const struct in_addr *mask)
-{
- int i;
- static char buf[20];
- u_int32_t maskaddr, bits;
-
- maskaddr = ntohl(mask->s_addr);
-
- if (maskaddr == 0xFFFFFFFFL)
- /* we don't want to see "/32" */
- return "";
-
- i = 32;
- bits = 0xFFFFFFFEL;
- while (--i >= 0 && maskaddr != bits)
- bits <<= 1;
- if (i >= 0)
- sprintf(buf, "/%d", i);
- else
- /* mask was not a decent combination of 1's and 0's */
- sprintf(buf, "/%s", addr_to_dotted(mask));
-
- return buf;
-}
-
static void
set_option(unsigned int *options, unsigned int option, u_int8_t *invflg,
int invert)
@@ -1066,10 +994,10 @@ print_firewall(const struct ipt_entry *f
printf(FMT("%-19s ","%s "), "anywhere");
else {
if (format & FMT_NUMERIC)
- sprintf(buf, "%s", addr_to_dotted(&(fw->ip.src)));
+ sprintf(buf, "%s", ipaddr_to_numeric(&fw->ip.src));
else
- sprintf(buf, "%s", addr_to_anyname(&(fw->ip.src)));
- strcat(buf, mask_to_dotted(&(fw->ip.smsk)));
+ sprintf(buf, "%s", ipaddr_to_anyname(&fw->ip.src));
+ strcat(buf, ipmask_to_numeric(&fw->ip.smsk));
printf(FMT("%-19s ","%s "), buf);
}
@@ -1078,10 +1006,10 @@ print_firewall(const struct ipt_entry *f
printf(FMT("%-19s ","-> %s"), "anywhere");
else {
if (format & FMT_NUMERIC)
- sprintf(buf, "%s", addr_to_dotted(&(fw->ip.dst)));
+ sprintf(buf, "%s", ipaddr_to_numeric(&fw->ip.dst));
else
- sprintf(buf, "%s", addr_to_anyname(&(fw->ip.dst)));
- strcat(buf, mask_to_dotted(&(fw->ip.dmsk)));
+ sprintf(buf, "%s", ipaddr_to_anyname(&fw->ip.dst));
+ strcat(buf, ipmask_to_numeric(&fw->ip.dmsk));
printf(FMT("%-19s ","-> %s"), buf);
}
Index: iptables-modules/xtables.c
===================================================================
--- iptables-modules.orig/xtables.c
+++ iptables-modules/xtables.c
@@ -29,6 +29,7 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <arpa/inet.h>
#include <xtables.h>
@@ -698,3 +699,150 @@ void param_act(unsigned int status, cons
va_end(args);
}
+
+const char *ipaddr_to_numeric(const struct in_addr *addrp)
+{
+ static char buf[20];
+ const unsigned char *bytep = (const void *)&addrp->s_addr;
+
+ sprintf(buf, "%u.%u.%u.%u", bytep[0], bytep[1], bytep[2], bytep[3]);
+ return buf;
+}
+
+static const char *ipaddr_to_host(const struct in_addr *addr)
+{
+ struct hostent *host;
+
+ host = gethostbyaddr(addr, sizeof(struct in_addr), AF_INET);
+ if (host == NULL)
+ return NULL;
+
+ return host->h_name;
+}
+
+static const char *ipaddr_to_network(const struct in_addr *addr)
+{
+ struct netent *net;
+
+ if ((net = getnetbyaddr(ntohl(addr->s_addr), AF_INET)) != NULL)
+ return net->n_name;
+
+ return NULL;
+}
+
+const char *ipaddr_to_anyname(const struct in_addr *addr)
+{
+ const char *name;
+
+ if ((name = ipaddr_to_host(addr)) != NULL ||
+ (name = ipaddr_to_network(addr)) != NULL)
+ return name;
+
+ return ipaddr_to_numeric(addr);
+}
+
+const char *ipmask_to_numeric(const struct in_addr *mask)
+{
+ static char buf[20];
+ uint32_t maskaddr, bits;
+ int i;
+
+ maskaddr = ntohl(mask->s_addr);
+
+ if (maskaddr == 0xFFFFFFFFL)
+ /* we don't want to see "/32" */
+ return "";
+
+ i = 32;
+ bits = 0xFFFFFFFEL;
+ while (--i >= 0 && maskaddr != bits)
+ bits <<= 1;
+ if (i >= 0)
+ sprintf(buf, "/%d", i);
+ else
+ /* mask was not a decent combination of 1's and 0's */
+ sprintf(buf, "/%s", ipaddr_to_numeric(mask));
+
+ return buf;
+}
+
+const char *ip6addr_to_numeric(const struct in6_addr *addrp)
+{
+ /* 0000:0000:0000:0000:0000:000.000.000.000
+ * 0000:0000:0000:0000:0000:0000:0000:0000 */
+ static char buf[50+1];
+ return inet_ntop(AF_INET6, addrp, buf, sizeof(buf));
+}
+
+static const char *ip6addr_to_host(const struct in6_addr *addr)
+{
+ static char hostname[NI_MAXHOST];
+ struct sockaddr_in6 saddr;
+ int err;
+
+ memset(&saddr, 0, sizeof(struct sockaddr_in6));
+ memcpy(&saddr.sin6_addr, addr, sizeof(*addr));
+ saddr.sin6_family = AF_INET6;
+
+ err = getnameinfo((const void *)&saddr, sizeof(struct sockaddr_in6),
+ hostname, sizeof(hostname) - 1, NULL, 0, 0);
+ if (err != 0) {
+#ifdef DEBUG
+ fprintf(stderr,"IP2Name: %s\n",gai_strerror(err));
+#endif
+ return NULL;
+ }
+
+#ifdef DEBUG
+ fprintf (stderr, "\naddr2host: %s\n", hostname);
+#endif
+ return hostname;
+}
+
+const char *ip6addr_to_anyname(const struct in6_addr *addr)
+{
+ const char *name;
+
+ if ((name = ip6addr_to_host(addr)) != NULL)
+ return name;
+
+ return ip6addr_to_numeric(addr);
+}
+
+static int ip6addr_prefix_length(const struct in6_addr *k)
+{
+ unsigned int bits = 0;
+ uint32_t a, b, c, d;
+
+ a = k->s6_addr32[0];
+ b = k->s6_addr32[1];
+ c = k->s6_addr32[2];
+ d = k->s6_addr32[3];
+ while (a & 0x80000000U) {
+ ++bits;
+ a <<= 1;
+ a |= (b >> 31) & 1;
+ b <<= 1;
+ b |= (c >> 31) & 1;
+ c <<= 1;
+ c |= (d >> 31) & 1;
+ d <<= 1;
+ }
+ if (a != 0 || b != 0 || c != 0 || d != 0)
+ return -1;
+ return bits;
+}
+
+const char *ip6mask_to_numeric(const struct in6_addr *addrp)
+{
+ static char buf[50+2];
+ int l = ip6addr_prefix_length(addrp);
+
+ if (l == -1) {
+ strcpy(buf, "/");
+ strcat(buf, ip6addr_to_numeric(addrp));
+ return buf;
+ }
+ sprintf(buf, "/%d", l);
+ return buf;
+}
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
