Lines Matching defs:*
0 /* Code to restore the iptables state, from file by ip6tables-save.
2 * Author: Andras Kis-Szabo <kisza@sch.bme.hu>
4 * based on iptables-restore
5 * Authors:
6 * Harald Welte <laforge@gnumonks.org>
7 * Rusty Russell <rusty@linuxcare.com.au>
8 * This code is distributed under the terms of GNU GPL v2
11 #include <getopt.h>
12 #include <sys/errno.h>
13 #include <stdbool.h>
14 #include <string.h>
15 #include <stdio.h>
16 #include <stdlib.h>
17 #include "ip6tables.h"
18 #include "xtables.h"
19 #include "libiptc/libip6tc.h"
20 #include "ip6tables-multi.h"
22 #ifdef DEBUG
23 #define DEBUGP(x, args...) fprintf(stderr, x, ## args)
24 #else
25 #define DEBUGP(x, args...)
26 #endif
28 static int binary = 0, counters = 0, verbose = 0, noflush = 0;
30 /* Keeping track of external matches and targets. */
31 static const struct option options[] = {
32 {.name = "binary", .has_arg = false, .val = 'b'},
33 {.name = "counters", .has_arg = false, .val = 'c'},
34 {.name = "verbose", .has_arg = false, .val = 'v'},
35 {.name = "test", .has_arg = false, .val = 't'},
36 {.name = "help", .has_arg = false, .val = 'h'},
37 {.name = "noflush", .has_arg = false, .val = 'n'},
38 {.name = "modprobe", .has_arg = true, .val = 'M'},
39 {NULL},
42 static void print_usage(const char *name, const char *version) __attribute__((noreturn));
44 static void print_usage(const char *name, const char *version)
46 fprintf(stderr, "Usage: %s [-b] [-c] [-v] [-t] [-h]\n"
47 " [ --binary ]\n"
48 " [ --counters ]\n"
49 " [ --verbose ]\n"
50 " [ --test ]\n"
51 " [ --help ]\n"
52 " [ --noflush ]\n"
53 " [ --modprobe=<command>]\n", name);
55 exit(1);
58 static struct ip6tc_handle *create_handle(const char *tablename)
60 struct ip6tc_handle *handle;
62 handle = ip6tc_init(tablename);
64 if (!handle) {
65 /* try to insmod the module if iptc_init failed */
66 xtables_load_ko(xtables_modprobe_program, false);
67 handle = ip6tc_init(tablename);
70 if (!handle) {
71 xtables_error(PARAMETER_PROBLEM, "%s: unable to initialize "
72 "table '%s'\n", ip6tables_globals.program_name,
73 tablename);
74 exit(1);
76 return handle;
79 static int parse_counters(char *string, struct ip6t_counters *ctr)
81 unsigned long long pcnt, bcnt;
82 int ret;
84 ret = sscanf(string, "[%llu:%llu]", &pcnt, &bcnt);
85 ctr->pcnt = pcnt;
86 ctr->bcnt = bcnt;
87 return ret == 2;
90 /* global new argv and argc */
91 static char *newargv[255];
92 static int newargc;
94 /* function adding one argument to newargv, updating newargc
95 * returns true if argument added, false otherwise */
96 static int add_argv(char *what) {
97 DEBUGP("add_argv: %s\n", what);
98 if (what && newargc + 1 < ARRAY_SIZE(newargv)) {
99 newargv[newargc] = strdup(what);
100 newargc++;
101 return 1;
102 } else {
103 xtables_error(PARAMETER_PROBLEM,
104 "Parser cannot handle more arguments\n");
105 return 0;
109 static void free_argv(void) {
110 int i;
112 for (i = 0; i < newargc; i++)
113 free(newargv[i]);
116 int ip6tables_restore_main(int argc, char *argv[])
118 struct ip6tc_handle *handle = NULL;
119 char buffer[10240];
120 int c;
121 char curtable[IP6T_TABLE_MAXNAMELEN + 1];
122 FILE *in;
123 int in_table = 0, testing = 0;
125 line = 0;
127 ip6tables_globals.program_name = "ip6tables-restore";
128 c = xtables_init_all(&ip6tables_globals, NFPROTO_IPV6);
129 if (c < 0) {
130 fprintf(stderr, "%s/%s Failed to initialize xtables\n",
131 ip6tables_globals.program_name,
132 ip6tables_globals.program_version);
133 exit(1);
135 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
136 init_extensions();
137 init_extensions6();
138 #endif
140 while ((c = getopt_long(argc, argv, "bcvthnM:", options, NULL)) != -1) {
141 switch (c) {
142 case 'b':
143 binary = 1;
144 break;
145 case 'c':
146 counters = 1;
147 break;
148 case 'v':
149 verbose = 1;
150 break;
151 case 't':
152 testing = 1;
153 break;
154 case 'h':
155 print_usage("ip6tables-restore",
156 IPTABLES_VERSION);
157 break;
158 case 'n':
159 noflush = 1;
160 break;
161 case 'M':
162 xtables_modprobe_program = optarg;
163 break;
167 if (optind == argc - 1) {
168 in = fopen(argv[optind], "re");
169 if (!in) {
170 fprintf(stderr, "Can't open %s: %s\n", argv[optind],
171 strerror(errno));
172 exit(1);
175 else if (optind < argc) {
176 fprintf(stderr, "Unknown arguments found on commandline\n");
177 exit(1);
179 else in = stdin;
181 /* Grab standard input. */
182 while (fgets(buffer, sizeof(buffer), in)) {
183 int ret = 0;
185 line++;
186 if (buffer[0] == '\n')
187 continue;
188 else if (buffer[0] == '#') {
189 if (verbose)
190 fputs(buffer, stdout);
191 continue;
192 } else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) {
193 if (!testing) {
194 DEBUGP("Calling commit\n");
195 ret = ip6tc_commit(handle);
196 ip6tc_free(handle);
197 handle = NULL;
198 } else {
199 DEBUGP("Not calling commit, testing\n");
200 ret = 1;
202 in_table = 0;
203 } else if ((buffer[0] == '*') && (!in_table)) {
204 /* New table */
205 char *table;
207 table = strtok(buffer+1, " \t\n");
208 DEBUGP("line %u, table '%s'\n", line, table);
209 if (!table) {
210 xtables_error(PARAMETER_PROBLEM,
211 "%s: line %u table name invalid\n",
212 ip6tables_globals.program_name,
213 line);
214 exit(1);
216 strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
217 curtable[IP6T_TABLE_MAXNAMELEN] = '\0';
219 if (handle)
220 ip6tc_free(handle);
222 handle = create_handle(table);
223 if (noflush == 0) {
224 DEBUGP("Cleaning all chains of table '%s'\n",
225 table);
226 for_each_chain6(flush_entries6, verbose, 1,
227 handle);
229 DEBUGP("Deleting all user-defined chains "
230 "of table '%s'\n", table);
231 for_each_chain6(delete_chain6, verbose, 0,
232 handle);
235 ret = 1;
236 in_table = 1;
238 } else if ((buffer[0] == ':') && (in_table)) {
239 /* New chain. */
240 char *policy, *chain;
242 chain = strtok(buffer+1, " \t\n");
243 DEBUGP("line %u, chain '%s'\n", line, chain);
244 if (!chain) {
245 xtables_error(PARAMETER_PROBLEM,
246 "%s: line %u chain name invalid\n",
247 ip6tables_globals.program_name,
248 line);
249 exit(1);
252 if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
253 xtables_error(PARAMETER_PROBLEM,
254 "Invalid chain name `%s' "
255 "(%u chars max)",
256 chain, XT_EXTENSION_MAXNAMELEN - 1);
258 if (ip6tc_builtin(chain, handle) <= 0) {
259 if (noflush && ip6tc_is_chain(chain, handle)) {
260 DEBUGP("Flushing existing user defined chain '%s'\n", chain);
261 if (!ip6tc_flush_entries(chain, handle))
262 xtables_error(PARAMETER_PROBLEM,
263 "error flushing chain "
264 "'%s':%s\n", chain,
265 strerror(errno));
266 } else {
267 DEBUGP("Creating new chain '%s'\n", chain);
268 if (!ip6tc_create_chain(chain, handle))
269 xtables_error(PARAMETER_PROBLEM,
270 "error creating chain "
271 "'%s':%s\n", chain,
272 strerror(errno));
276 policy = strtok(NULL, " \t\n");
277 DEBUGP("line %u, policy '%s'\n", line, policy);
278 if (!policy) {
279 xtables_error(PARAMETER_PROBLEM,
280 "%s: line %u policy invalid\n",
281 ip6tables_globals.program_name,
282 line);
283 exit(1);
286 if (strcmp(policy, "-") != 0) {
287 struct ip6t_counters count;
289 if (counters) {
290 char *ctrs;
291 ctrs = strtok(NULL, " \t\n");
293 if (!ctrs || !parse_counters(ctrs, &count))
294 xtables_error(PARAMETER_PROBLEM,
295 "invalid policy counters "
296 "for chain '%s'\n", chain);
298 } else {
299 memset(&count, 0,
300 sizeof(struct ip6t_counters));
303 DEBUGP("Setting policy of chain %s to %s\n",
304 chain, policy);
306 if (!ip6tc_set_policy(chain, policy, &count,
307 handle))
308 xtables_error(OTHER_PROBLEM,
309 "Can't set policy `%s'"
310 " on `%s' line %u: %s\n",
311 policy, chain, line,
312 ip6tc_strerror(errno));
315 ret = 1;
317 } else if (in_table) {
318 int a;
319 char *ptr = buffer;
320 char *pcnt = NULL;
321 char *bcnt = NULL;
322 char *parsestart;
324 /* the parser */
325 char *curchar;
326 int quote_open, escaped;
327 size_t param_len;
329 /* reset the newargv */
330 newargc = 0;
332 if (buffer[0] == '[') {
333 /* we have counters in our input */
334 ptr = strchr(buffer, ']');
335 if (!ptr)
336 xtables_error(PARAMETER_PROBLEM,
337 "Bad line %u: need ]\n",
338 line);
340 pcnt = strtok(buffer+1, ":");
341 if (!pcnt)
342 xtables_error(PARAMETER_PROBLEM,
343 "Bad line %u: need :\n",
344 line);
346 bcnt = strtok(NULL, "]");
347 if (!bcnt)
348 xtables_error(PARAMETER_PROBLEM,
349 "Bad line %u: need ]\n",
350 line);
352 /* start command parsing after counter */
353 parsestart = ptr + 1;
354 } else {
355 /* start command parsing at start of line */
356 parsestart = buffer;
359 add_argv(argv[0]);
360 add_argv("-t");
361 add_argv(curtable);
363 if (counters && pcnt && bcnt) {
364 add_argv("--set-counters");
365 add_argv((char *) pcnt);
366 add_argv((char *) bcnt);
369 /* After fighting with strtok enough, here's now
370 * a 'real' parser. According to Rusty I'm now no
371 * longer a real hacker, but I can live with that */
373 quote_open = 0;
374 escaped = 0;
375 param_len = 0;
377 for (curchar = parsestart; *curchar; curchar++) {
378 char param_buffer[1024];
380 if (quote_open) {
381 if (escaped) {
382 param_buffer[param_len++] = *curchar;
383 escaped = 0;
384 continue;
385 } else if (*curchar == '\\') {
386 escaped = 1;
387 continue;
388 } else if (*curchar == '"') {
389 quote_open = 0;
390 *curchar = ' ';
391 } else {
392 param_buffer[param_len++] = *curchar;
393 continue;
395 } else {
396 if (*curchar == '"') {
397 quote_open = 1;
398 continue;
402 if (*curchar == ' '
403 || *curchar == '\t'
404 || * curchar == '\n') {
405 if (!param_len) {
406 /* two spaces? */
407 continue;
410 param_buffer[param_len] = '\0';
412 /* check if table name specified */
413 if (!strncmp(param_buffer, "-t", 2)
414 || !strncmp(param_buffer, "--table", 8)) {
415 xtables_error(PARAMETER_PROBLEM,
416 "Line %u seems to have a "
417 "-t table option.\n", line);
418 exit(1);
421 add_argv(param_buffer);
422 param_len = 0;
423 } else {
424 /* regular character, copy to buffer */
425 param_buffer[param_len++] = *curchar;
427 if (param_len >= sizeof(param_buffer))
428 xtables_error(PARAMETER_PROBLEM,
429 "Parameter too long!");
433 DEBUGP("calling do_command6(%u, argv, &%s, handle):\n",
434 newargc, curtable);
436 for (a = 0; a < newargc; a++)
437 DEBUGP("argv[%u]: %s\n", a, newargv[a]);
439 ret = do_command6(newargc, newargv,
440 &newargv[2], &handle);
442 free_argv();
443 fflush(stdout);
445 if (!ret) {
446 fprintf(stderr, "%s: line %u failed\n",
447 ip6tables_globals.program_name,
448 line);
449 exit(1);
452 if (in_table) {
453 fprintf(stderr, "%s: COMMIT expected at line %u\n",
454 ip6tables_globals.program_name,
455 line + 1);
456 exit(1);
459 fclose(in);
460 return 0;