Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 1 | /* Code to save the iptables state, in human readable-form. */ |
Harald Welte | 10a907f | 2002-08-07 09:07:41 +0000 | [diff] [blame] | 2 | /* (C) 1999 by Paul 'Rusty' Russell <rusty@rustcorp.com.au> and |
| 3 | * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> |
| 4 | * |
| 5 | * This code is distributed under the terms of GNU GPL v2 |
| 6 | * |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 7 | */ |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 8 | #include <getopt.h> |
| 9 | #include <sys/errno.h> |
| 10 | #include <stdio.h> |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 11 | #include <fcntl.h> |
| 12 | #include <stdlib.h> |
| 13 | #include <string.h> |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 14 | #include <time.h> |
Harald Welte | d8ac967 | 2004-04-15 10:10:19 +0000 | [diff] [blame] | 15 | #include <netdb.h> |
Rusty Russell | b1f69be | 2000-08-27 07:42:54 +0000 | [diff] [blame] | 16 | #include "libiptc/libiptc.h" |
| 17 | #include "iptables.h" |
Jan Engelhardt | 33690a1 | 2008-02-11 00:54:00 +0100 | [diff] [blame] | 18 | #include "iptables-multi.h" |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 19 | |
Mike Frysinger | 5a26b5f | 2007-12-19 14:51:17 +0000 | [diff] [blame] | 20 | #ifndef NO_SHARED_LIBS |
| 21 | #include <dlfcn.h> |
| 22 | #endif |
| 23 | |
Jan Engelhardt | dbb7754 | 2008-02-11 00:33:30 +0100 | [diff] [blame] | 24 | static int show_binary = 0, show_counters = 0; |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 25 | |
Gáspár Lajos | 7bc3cb7 | 2008-03-27 08:20:39 +0100 | [diff] [blame^] | 26 | static const struct option options[] = { |
| 27 | {.name = "binary", .has_arg = false, .val = 'b'}, |
| 28 | {.name = "counters", .has_arg = false, .val = 'c'}, |
| 29 | {.name = "dump", .has_arg = false, .val = 'd'}, |
| 30 | {.name = "table", .has_arg = true, .val = 't'}, |
| 31 | {NULL}, |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 32 | }; |
| 33 | |
| 34 | #define IP_PARTS_NATIVE(n) \ |
| 35 | (unsigned int)((n)>>24)&0xFF, \ |
| 36 | (unsigned int)((n)>>16)&0xFF, \ |
| 37 | (unsigned int)((n)>>8)&0xFF, \ |
| 38 | (unsigned int)((n)&0xFF) |
| 39 | |
| 40 | #define IP_PARTS(n) IP_PARTS_NATIVE(ntohl(n)) |
| 41 | |
| 42 | /* This assumes that mask is contiguous, and byte-bounded. */ |
| 43 | static void |
| 44 | print_iface(char letter, const char *iface, const unsigned char *mask, |
| 45 | int invert) |
| 46 | { |
| 47 | unsigned int i; |
| 48 | |
| 49 | if (mask[0] == 0) |
| 50 | return; |
Rusty Russell | 7e53bf9 | 2000-03-20 07:03:28 +0000 | [diff] [blame] | 51 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 52 | printf("-%c %s", letter, invert ? "! " : ""); |
| 53 | |
| 54 | for (i = 0; i < IFNAMSIZ; i++) { |
| 55 | if (mask[i] != 0) { |
| 56 | if (iface[i] != '\0') |
| 57 | printf("%c", iface[i]); |
| 58 | } else { |
Max Kellermann | 5b76f68 | 2008-01-29 13:42:48 +0000 | [diff] [blame] | 59 | /* we can access iface[i-1] here, because |
Harald Welte | 9535e68 | 2001-11-08 22:28:23 +0000 | [diff] [blame] | 60 | * a few lines above we make sure that mask[0] != 0 */ |
| 61 | if (iface[i-1] != '\0') |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 62 | printf("+"); |
| 63 | break; |
| 64 | } |
| 65 | } |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 66 | |
| 67 | printf(" "); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 68 | } |
| 69 | |
| 70 | /* These are hardcoded backups in iptables.c, so they are safe */ |
| 71 | struct pprot { |
| 72 | char *name; |
| 73 | u_int8_t num; |
| 74 | }; |
| 75 | |
András Kis-Szabó | 764316a | 2001-02-26 17:31:20 +0000 | [diff] [blame] | 76 | /* FIXME: why don't we use /etc/protocols ? */ |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 77 | static const struct pprot chain_protos[] = { |
| 78 | { "tcp", IPPROTO_TCP }, |
| 79 | { "udp", IPPROTO_UDP }, |
| 80 | { "icmp", IPPROTO_ICMP }, |
András Kis-Szabó | 764316a | 2001-02-26 17:31:20 +0000 | [diff] [blame] | 81 | { "esp", IPPROTO_ESP }, |
| 82 | { "ah", IPPROTO_AH }, |
Harald Welte | 1291523 | 2004-02-21 09:20:34 +0000 | [diff] [blame] | 83 | { "sctp", IPPROTO_SCTP }, |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 84 | }; |
| 85 | |
| 86 | static void print_proto(u_int16_t proto, int invert) |
| 87 | { |
| 88 | if (proto) { |
| 89 | unsigned int i; |
| 90 | const char *invertstr = invert ? "! " : ""; |
| 91 | |
Pedro Lamarão | 0e3b337 | 2004-04-07 09:33:17 +0000 | [diff] [blame] | 92 | struct protoent *pent = getprotobynumber(proto); |
| 93 | if (pent) { |
| 94 | printf("-p %s%s ", invertstr, pent->p_name); |
| 95 | return; |
| 96 | } |
| 97 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 98 | for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++) |
| 99 | if (chain_protos[i].num == proto) { |
| 100 | printf("-p %s%s ", |
| 101 | invertstr, chain_protos[i].name); |
| 102 | return; |
| 103 | } |
| 104 | |
| 105 | printf("-p %s%u ", invertstr, proto); |
| 106 | } |
| 107 | } |
| 108 | |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 109 | #if 0 |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 110 | static int non_zero(const void *ptr, size_t size) |
| 111 | { |
| 112 | unsigned int i; |
| 113 | |
| 114 | for (i = 0; i < size; i++) |
| 115 | if (((char *)ptr)[i]) |
| 116 | return 0; |
| 117 | |
| 118 | return 1; |
| 119 | } |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 120 | #endif |
| 121 | |
Harald Welte | 32db524 | 2001-01-23 22:46:22 +0000 | [diff] [blame] | 122 | static int print_match(const struct ipt_entry_match *e, |
| 123 | const struct ipt_ip *ip) |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 124 | { |
| 125 | struct iptables_match *match |
Martin Josefsson | 78cafda | 2004-02-02 20:01:18 +0000 | [diff] [blame] | 126 | = find_match(e->u.user.name, TRY_LOAD, NULL); |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 127 | |
| 128 | if (match) { |
| 129 | printf("-m %s ", e->u.user.name); |
Harald Welte | e813779 | 2001-01-24 01:32:51 +0000 | [diff] [blame] | 130 | |
| 131 | /* some matches don't provide a save function */ |
| 132 | if (match->save) |
| 133 | match->save(ip, e); |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 134 | } else { |
| 135 | if (e->u.match_size) { |
| 136 | fprintf(stderr, |
| 137 | "Can't find library for match `%s'\n", |
| 138 | e->u.user.name); |
| 139 | exit(1); |
| 140 | } |
| 141 | } |
| 142 | return 0; |
| 143 | } |
| 144 | |
| 145 | /* print a given ip including mask if neccessary */ |
| 146 | static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert) |
| 147 | { |
Jan Engelhardt | db09b39 | 2007-11-25 15:27:56 +0000 | [diff] [blame] | 148 | u_int32_t bits, hmask = ntohl(mask); |
| 149 | int i; |
| 150 | |
Patrick McHardy | f9b7af8 | 2006-12-02 17:17:33 +0000 | [diff] [blame] | 151 | if (!mask && !ip && !invert) |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 152 | return; |
| 153 | |
| 154 | printf("%s %s%u.%u.%u.%u", |
| 155 | prefix, |
| 156 | invert ? "! " : "", |
| 157 | IP_PARTS(ip)); |
| 158 | |
Jan Engelhardt | db09b39 | 2007-11-25 15:27:56 +0000 | [diff] [blame] | 159 | if (mask == 0xFFFFFFFFU) { |
| 160 | printf("/32 "); |
| 161 | return; |
| 162 | } |
| 163 | |
| 164 | i = 32; |
| 165 | bits = 0xFFFFFFFEU; |
| 166 | while (--i >= 0 && hmask != bits) |
| 167 | bits <<= 1; |
| 168 | if (i >= 0) |
| 169 | printf("/%u ", i); |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 170 | else |
Jan Engelhardt | db09b39 | 2007-11-25 15:27:56 +0000 | [diff] [blame] | 171 | printf("/%u.%u.%u.%u ", IP_PARTS(mask)); |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 172 | } |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 173 | |
| 174 | /* We want this to be readable, so only print out neccessary fields. |
| 175 | * Because that's the kind of world I want to live in. */ |
Max Kellermann | 5b76f68 | 2008-01-29 13:42:48 +0000 | [diff] [blame] | 176 | static void print_rule(const struct ipt_entry *e, |
Harald Welte | 9f7fa49 | 2001-03-15 15:12:02 +0000 | [diff] [blame] | 177 | iptc_handle_t *h, const char *chain, int counters) |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 178 | { |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 179 | struct ipt_entry_target *t; |
Harald Welte | ace8a01 | 2001-07-05 06:29:10 +0000 | [diff] [blame] | 180 | const char *target_name; |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 181 | |
| 182 | /* print counters */ |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 183 | if (counters) |
Martin Josefsson | a28d495 | 2004-05-26 16:04:48 +0000 | [diff] [blame] | 184 | printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 185 | |
Harald Welte | 9f7fa49 | 2001-03-15 15:12:02 +0000 | [diff] [blame] | 186 | /* print chain name */ |
| 187 | printf("-A %s ", chain); |
| 188 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 189 | /* Print IP part. */ |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 190 | print_ip("-s", e->ip.src.s_addr,e->ip.smsk.s_addr, |
Max Kellermann | 5b76f68 | 2008-01-29 13:42:48 +0000 | [diff] [blame] | 191 | e->ip.invflags & IPT_INV_SRCIP); |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 192 | |
| 193 | print_ip("-d", e->ip.dst.s_addr, e->ip.dmsk.s_addr, |
Harald Welte | fa7625a | 2001-01-26 03:28:18 +0000 | [diff] [blame] | 194 | e->ip.invflags & IPT_INV_DSTIP); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 195 | |
| 196 | print_iface('i', e->ip.iniface, e->ip.iniface_mask, |
| 197 | e->ip.invflags & IPT_INV_VIA_IN); |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 198 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 199 | print_iface('o', e->ip.outiface, e->ip.outiface_mask, |
| 200 | e->ip.invflags & IPT_INV_VIA_OUT); |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 201 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 202 | print_proto(e->ip.proto, e->ip.invflags & IPT_INV_PROTO); |
| 203 | |
| 204 | if (e->ip.flags & IPT_F_FRAG) |
| 205 | printf("%s-f ", |
| 206 | e->ip.invflags & IPT_INV_FRAG ? "! " : ""); |
| 207 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 208 | /* Print matchinfo part */ |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 209 | if (e->target_offset) { |
Harald Welte | 32db524 | 2001-01-23 22:46:22 +0000 | [diff] [blame] | 210 | IPT_MATCH_ITERATE(e, print_match, &e->ip); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 211 | } |
| 212 | |
Max Kellermann | 5b76f68 | 2008-01-29 13:42:48 +0000 | [diff] [blame] | 213 | /* Print target name */ |
Harald Welte | 6f83cf0 | 2001-05-24 23:22:28 +0000 | [diff] [blame] | 214 | target_name = iptc_get_target(e, h); |
| 215 | if (target_name && (*target_name != '\0')) |
Harald Welte | 72bd87e | 2005-11-24 17:04:05 +0000 | [diff] [blame] | 216 | #ifdef IPT_F_GOTO |
Henrik Nordstrom | 17fc163 | 2005-11-05 09:26:40 +0000 | [diff] [blame] | 217 | printf("-%c %s ", e->ip.flags & IPT_F_GOTO ? 'g' : 'j', target_name); |
Harald Welte | 72bd87e | 2005-11-24 17:04:05 +0000 | [diff] [blame] | 218 | #else |
| 219 | printf("-j %s ", target_name); |
| 220 | #endif |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 221 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 222 | /* Print targinfo part */ |
Rusty Russell | 082ba02 | 2001-01-07 06:54:51 +0000 | [diff] [blame] | 223 | t = ipt_get_target((struct ipt_entry *)e); |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 224 | if (t->u.user.name[0]) { |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 225 | struct iptables_target *target |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 226 | = find_target(t->u.user.name, TRY_LOAD); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 227 | |
Harald Welte | 31098ad | 2001-10-16 09:40:13 +0000 | [diff] [blame] | 228 | if (!target) { |
| 229 | fprintf(stderr, "Can't find library for target `%s'\n", |
| 230 | t->u.user.name); |
| 231 | exit(1); |
| 232 | } |
| 233 | |
| 234 | if (target->save) |
Harald Welte | 32db524 | 2001-01-23 22:46:22 +0000 | [diff] [blame] | 235 | target->save(&e->ip, t); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 236 | else { |
Harald Welte | 31098ad | 2001-10-16 09:40:13 +0000 | [diff] [blame] | 237 | /* If the target size is greater than ipt_entry_target |
| 238 | * there is something to be saved, we just don't know |
| 239 | * how to print it */ |
Max Kellermann | 5b76f68 | 2008-01-29 13:42:48 +0000 | [diff] [blame] | 240 | if (t->u.target_size != |
Harald Welte | 31098ad | 2001-10-16 09:40:13 +0000 | [diff] [blame] | 241 | sizeof(struct ipt_entry_target)) { |
| 242 | fprintf(stderr, "Target `%s' is missing " |
| 243 | "save function\n", |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 244 | t->u.user.name); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 245 | exit(1); |
| 246 | } |
| 247 | } |
| 248 | } |
| 249 | printf("\n"); |
| 250 | } |
| 251 | |
| 252 | /* Debugging prototype. */ |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 253 | static int for_each_table(int (*func)(const char *tablename)) |
| 254 | { |
Max Kellermann | 5b76f68 | 2008-01-29 13:42:48 +0000 | [diff] [blame] | 255 | int ret = 1; |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 256 | FILE *procfile = NULL; |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 257 | char tablename[IPT_TABLE_MAXNAMELEN+1]; |
| 258 | |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 259 | procfile = fopen("/proc/net/ip_tables_names", "r"); |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 260 | if (!procfile) |
Victor Stinner | 65334ad | 2007-10-18 14:27:03 +0000 | [diff] [blame] | 261 | exit_error(OTHER_PROBLEM, |
| 262 | "Unable to open /proc/net/ip_tables_names: %s\n", |
| 263 | strerror(errno)); |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 264 | |
| 265 | while (fgets(tablename, sizeof(tablename), procfile)) { |
| 266 | if (tablename[strlen(tablename) - 1] != '\n') |
| 267 | exit_error(OTHER_PROBLEM, |
| 268 | "Badly formed tablename `%s'\n", |
| 269 | tablename); |
| 270 | tablename[strlen(tablename) - 1] = '\0'; |
| 271 | ret &= func(tablename); |
| 272 | } |
| 273 | |
| 274 | return ret; |
| 275 | } |
Max Kellermann | 5b76f68 | 2008-01-29 13:42:48 +0000 | [diff] [blame] | 276 | |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 277 | |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 278 | static int do_output(const char *tablename) |
| 279 | { |
| 280 | iptc_handle_t h; |
| 281 | const char *chain = NULL; |
| 282 | |
| 283 | if (!tablename) |
| 284 | return for_each_table(&do_output); |
| 285 | |
| 286 | h = iptc_init(tablename); |
| 287 | if (!h) |
Max Kellermann | 5b76f68 | 2008-01-29 13:42:48 +0000 | [diff] [blame] | 288 | exit_error(OTHER_PROBLEM, "Can't initialize: %s\n", |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 289 | iptc_strerror(errno)); |
| 290 | |
Jan Engelhardt | dbb7754 | 2008-02-11 00:33:30 +0100 | [diff] [blame] | 291 | if (!show_binary) { |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 292 | time_t now = time(NULL); |
| 293 | |
| 294 | printf("# Generated by iptables-save v%s on %s", |
Harald Welte | 80fe35d | 2002-05-29 13:08:15 +0000 | [diff] [blame] | 295 | IPTABLES_VERSION, ctime(&now)); |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 296 | printf("*%s\n", tablename); |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 297 | |
Max Kellermann | 5b76f68 | 2008-01-29 13:42:48 +0000 | [diff] [blame] | 298 | /* Dump out chain names first, |
Harald Welte | 9f7fa49 | 2001-03-15 15:12:02 +0000 | [diff] [blame] | 299 | * thereby preventing dependency conflicts */ |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 300 | for (chain = iptc_first_chain(&h); |
| 301 | chain; |
| 302 | chain = iptc_next_chain(&h)) { |
Max Kellermann | 5b76f68 | 2008-01-29 13:42:48 +0000 | [diff] [blame] | 303 | |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 304 | printf(":%s ", chain); |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 305 | if (iptc_builtin(chain, h)) { |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 306 | struct ipt_counters count; |
| 307 | printf("%s ", |
| 308 | iptc_get_policy(chain, &count, &h)); |
Martin Josefsson | a28d495 | 2004-05-26 16:04:48 +0000 | [diff] [blame] | 309 | printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt); |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 310 | } else { |
Harald Welte | d8e6563 | 2001-01-05 15:20:07 +0000 | [diff] [blame] | 311 | printf("- [0:0]\n"); |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 312 | } |
Harald Welte | 9f7fa49 | 2001-03-15 15:12:02 +0000 | [diff] [blame] | 313 | } |
Max Kellermann | 5b76f68 | 2008-01-29 13:42:48 +0000 | [diff] [blame] | 314 | |
Harald Welte | 9f7fa49 | 2001-03-15 15:12:02 +0000 | [diff] [blame] | 315 | |
| 316 | for (chain = iptc_first_chain(&h); |
| 317 | chain; |
| 318 | chain = iptc_next_chain(&h)) { |
| 319 | const struct ipt_entry *e; |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 320 | |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 321 | /* Dump out rules */ |
| 322 | e = iptc_first_rule(chain, &h); |
| 323 | while(e) { |
Jan Engelhardt | dbb7754 | 2008-02-11 00:33:30 +0100 | [diff] [blame] | 324 | print_rule(e, &h, chain, show_counters); |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 325 | e = iptc_next_rule(e, &h); |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 326 | } |
| 327 | } |
| 328 | |
| 329 | now = time(NULL); |
| 330 | printf("COMMIT\n"); |
| 331 | printf("# Completed on %s", ctime(&now)); |
| 332 | } else { |
| 333 | /* Binary, huh? OK. */ |
| 334 | exit_error(OTHER_PROBLEM, "Binary NYI\n"); |
| 335 | } |
| 336 | |
Martin Josefsson | 841e4ae | 2003-05-02 15:30:11 +0000 | [diff] [blame] | 337 | iptc_free(&h); |
| 338 | |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 339 | return 1; |
| 340 | } |
| 341 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 342 | /* Format: |
| 343 | * :Chain name POLICY packets bytes |
| 344 | * rule |
| 345 | */ |
Bastiaan Bakker | 4e3771f | 2004-06-25 11:18:57 +0000 | [diff] [blame] | 346 | #ifdef IPTABLES_MULTI |
| 347 | int |
| 348 | iptables_save_main(int argc, char *argv[]) |
| 349 | #else |
| 350 | int |
| 351 | main(int argc, char *argv[]) |
| 352 | #endif |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 353 | { |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 354 | const char *tablename = NULL; |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 355 | int c; |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 356 | |
| 357 | program_name = "iptables-save"; |
Harald Welte | 80fe35d | 2002-05-29 13:08:15 +0000 | [diff] [blame] | 358 | program_version = IPTABLES_VERSION; |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 359 | |
Jan Engelhardt | 21b41ee | 2008-02-11 01:02:00 +0100 | [diff] [blame] | 360 | lib_dir = getenv("XTABLES_LIBDIR"); |
| 361 | if (lib_dir == NULL) { |
| 362 | lib_dir = getenv("IPTABLES_LIB_DIR"); |
| 363 | if (lib_dir != NULL) |
| 364 | fprintf(stderr, "IPTABLES_LIB_DIR is deprecated\n"); |
| 365 | } |
| 366 | if (lib_dir == NULL) |
| 367 | lib_dir = XTABLES_LIBDIR; |
Martin Josefsson | 357d59d | 2004-12-27 19:49:28 +0000 | [diff] [blame] | 368 | |
Harald Welte | 3efb6ea | 2001-08-06 18:50:21 +0000 | [diff] [blame] | 369 | #ifdef NO_SHARED_LIBS |
| 370 | init_extensions(); |
| 371 | #endif |
| 372 | |
Marc Boucher | 163ad78 | 2001-12-06 15:05:48 +0000 | [diff] [blame] | 373 | while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) { |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 374 | switch (c) { |
| 375 | case 'b': |
Jan Engelhardt | dbb7754 | 2008-02-11 00:33:30 +0100 | [diff] [blame] | 376 | show_binary = 1; |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 377 | break; |
| 378 | |
| 379 | case 'c': |
Jan Engelhardt | dbb7754 | 2008-02-11 00:33:30 +0100 | [diff] [blame] | 380 | show_counters = 1; |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 381 | break; |
| 382 | |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 383 | case 't': |
| 384 | /* Select specific table. */ |
| 385 | tablename = optarg; |
| 386 | break; |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 387 | case 'd': |
Harald Welte | ae1ff9f | 2000-12-01 14:26:20 +0000 | [diff] [blame] | 388 | do_output(tablename); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 389 | exit(0); |
| 390 | } |
| 391 | } |
| 392 | |
| 393 | if (optind < argc) { |
Pavel Rusnak | 972af09 | 2007-05-10 15:00:39 +0000 | [diff] [blame] | 394 | fprintf(stderr, "Unknown arguments found on commandline\n"); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 395 | exit(1); |
| 396 | } |
| 397 | |
Rusty Russell | a8f033e | 2000-07-30 01:43:01 +0000 | [diff] [blame] | 398 | return !do_output(tablename); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 399 | } |