}
-static void
-ip4prefix2mask(int prefix, struct in_addr *mask)
-{
- if (prefix > 0)
- mask->s_addr = htonl(~((1 << (32 - prefix)) - 1));
- else
- mask->s_addr = 0;
-}
-
-#ifndef DISABLE_IPV6
-static void
-ip6prefix2mask(int prefix, struct in6_addr *mask)
-{
- char *p = (char *)mask;
-
- if (prefix > 0)
- {
- memset(p, 0xff, prefix / 8);
- memset(p + (prefix / 8) + 1, 0, (128 - prefix) / 8);
- p[prefix / 8] = 0xff << (8 - (prefix & 7));
- }
- else
- {
- memset(mask, 0, sizeof(*mask));
- }
-}
-#endif
-
void
fw3_ipt_rule_src_dest(struct fw3_ipt_rule *r,
struct fw3_address *src, struct fw3_address *dest)
if (src->range)
{
fw3_ipt_rule_addarg(r, src->invert, "--src-range",
- fw3_address_to_string(src, false));
+ fw3_address_to_string(src, false, false));
}
#ifndef DISABLE_IPV6
else if (r->h->family == FW3_FAMILY_V6)
{
r->e6.ipv6.src = src->address.v6;
- ip6prefix2mask(src->mask, &r->e6.ipv6.smsk);
+ r->e6.ipv6.smsk = src->mask.v6;
int i;
for (i = 0; i < 4; i++)
else
{
r->e.ip.src = src->address.v4;
- ip4prefix2mask(src->mask, &r->e.ip.smsk);
+ r->e.ip.smsk = src->mask.v4;
r->e.ip.src.s_addr &= r->e.ip.smsk.s_addr;
if (dest->range)
{
fw3_ipt_rule_addarg(r, dest->invert, "--dst-range",
- fw3_address_to_string(dest, false));
+ fw3_address_to_string(dest, false, false));
}
#ifndef DISABLE_IPV6
else if (r->h->family == FW3_FAMILY_V6)
{
r->e6.ipv6.dst = dest->address.v6;
- ip6prefix2mask(dest->mask, &r->e6.ipv6.dmsk);
+ r->e6.ipv6.dmsk = dest->mask.v6;
int i;
for (i = 0; i < 4; i++)
else
{
r->e.ip.dst = dest->address.v4;
- ip4prefix2mask(dest->mask, &r->e.ip.dmsk);
+ r->e.ip.dmsk = dest->mask.v4;
r->e.ip.dst.s_addr &= r->e.ip.dmsk.s_addr;
}
void
+fw3_ipt_rule_device(struct fw3_ipt_rule *r, const char *device, bool out)
+{
+ if (device) {
+ struct fw3_device dev = { .any = false };
+ strncpy(dev.name, device, sizeof(dev.name) - 1);
+ fw3_ipt_rule_in_out(r, (out) ? NULL : &dev, (out) ? &dev : NULL);
+ }
+}
+
+void
fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac)
{
char buf[sizeof("ff:ff:ff:ff:ff:ff\0")];
static void
rule_print6(struct ip6t_entry *e)
{
- char buf[INET6_ADDRSTRLEN];
+ char buf1[INET6_ADDRSTRLEN], buf2[INET6_ADDRSTRLEN];
char *pname;
if (e->ipv6.flags & IP6T_F_PROTO)
if (e->ipv6.flags & IP6T_INV_SRCIP)
printf(" !");
- printf(" -s %s/%u", inet_ntop(AF_INET6, &e->ipv6.src, buf, sizeof(buf)),
- xtables_ip6mask_to_cidr(&e->ipv6.smsk));
+ printf(" -s %s/%s",
+ inet_ntop(AF_INET6, &e->ipv6.src, buf1, sizeof(buf1)),
+ inet_ntop(AF_INET6, &e->ipv6.smsk, buf2, sizeof(buf2)));
}
if (memcmp(&e->ipv6.dst, &in6addr_any, sizeof(struct in6_addr)))
if (e->ipv6.flags & IP6T_INV_DSTIP)
printf(" !");
- printf(" -d %s/%u", inet_ntop(AF_INET6, &e->ipv6.dst, buf, sizeof(buf)),
- xtables_ip6mask_to_cidr(&e->ipv6.dmsk));
+ printf(" -d %s/%s",
+ inet_ntop(AF_INET6, &e->ipv6.dst, buf1, sizeof(buf1)),
+ inet_ntop(AF_INET6, &e->ipv6.dmsk, buf2, sizeof(buf2)));
}
}
#endif
rule_print4(struct ipt_entry *e)
{
struct in_addr in_zero = { 0 };
- char buf[sizeof("255.255.255.255\0")];
+ char buf1[sizeof("255.255.255.255\0")], buf2[sizeof("255.255.255.255\0")];
char *pname;
if (e->ip.proto)
if (e->ip.flags & IPT_INV_SRCIP)
printf(" !");
- printf(" -s %s/%u", inet_ntop(AF_INET, &e->ip.src, buf, sizeof(buf)),
- xtables_ipmask_to_cidr(&e->ip.smsk));
+ printf(" -s %s/%s",
+ inet_ntop(AF_INET, &e->ip.src, buf1, sizeof(buf1)),
+ inet_ntop(AF_INET, &e->ip.smsk, buf2, sizeof(buf2)));
}
if (memcmp(&e->ip.dst, &in_zero, sizeof(struct in_addr)))
if (e->ip.flags & IPT_INV_DSTIP)
printf(" !");
- printf(" -d %s/%u", inet_ntop(AF_INET, &e->ip.dst, buf, sizeof(buf)),
- xtables_ipmask_to_cidr(&e->ip.dmsk));
+ printf(" -d %s/%s",
+ inet_ntop(AF_INET, &e->ip.dst, buf1, sizeof(buf1)),
+ inet_ntop(AF_INET, &e->ip.dmsk, buf2, sizeof(buf2)));
}
}