1 /* Code to save the ip6tables state, in human readable-form. */
2 /* Author: Andras Kis-Szabo <kisza@sch.bme.hu>
3 * Original code: iptables-save
4 * Authors: Paul 'Rusty' Russel <rusty@linuxcare.com.au> and
5 * Harald Welte <laforge@gnumonks.org>
6 * This code is distributed under the terms of GNU GPL v2
16 #include <arpa/inet.h>
17 #include "libiptc/libip6tc.h"
18 #include "ip6tables.h"
19 #include "ip6tables-multi.h"
21 #ifndef NO_SHARED_LIBS
25 static int show_binary = 0, show_counters = 0;
27 static const struct option options[] = {
28 {.name = "binary", .has_arg = false, .val = 'b'},
29 {.name = "counters", .has_arg = false, .val = 'c'},
30 {.name = "dump", .has_arg = false, .val = 'd'},
31 {.name = "table", .has_arg = true, .val = 't'},
32 {.name = "modprobe", .has_arg = true, .val = 'M'},
37 /* Debugging prototype. */
38 static int for_each_table(int (*func)(const char *tablename))
41 FILE *procfile = NULL;
42 char tablename[IP6T_TABLE_MAXNAMELEN+1];
44 procfile = fopen("/proc/net/ip6_tables_names", "r");
48 while (fgets(tablename, sizeof(tablename), procfile)) {
49 if (tablename[strlen(tablename) - 1] != '\n')
50 xtables_error(OTHER_PROBLEM,
51 "Badly formed tablename `%s'\n",
53 tablename[strlen(tablename) - 1] = '\0';
54 ret &= func(tablename);
61 static int do_output(const char *tablename)
63 struct ip6tc_handle *h;
64 const char *chain = NULL;
67 return for_each_table(&do_output);
69 h = ip6tc_init(tablename);
71 xtables_load_ko(xtables_modprobe_program, false);
72 h = ip6tc_init(tablename);
75 xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
76 ip6tc_strerror(errno));
79 time_t now = time(NULL);
81 printf("# Generated by ip6tables-save v%s on %s",
82 IPTABLES_VERSION, ctime(&now));
83 printf("*%s\n", tablename);
85 /* Dump out chain names first,
86 * thereby preventing dependency conflicts */
87 for (chain = ip6tc_first_chain(h);
89 chain = ip6tc_next_chain(h)) {
91 printf(":%s ", chain);
92 if (ip6tc_builtin(chain, h)) {
93 struct ip6t_counters count;
95 ip6tc_get_policy(chain, &count, h));
96 printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
103 for (chain = ip6tc_first_chain(h);
105 chain = ip6tc_next_chain(h)) {
106 const struct ip6t_entry *e;
109 e = ip6tc_first_rule(chain, h);
111 print_rule(e, h, chain, show_counters);
112 e = ip6tc_next_rule(e, h);
118 printf("# Completed on %s", ctime(&now));
120 /* Binary, huh? OK. */
121 xtables_error(OTHER_PROBLEM, "Binary NYI\n");
130 * :Chain name POLICY packets bytes
133 #ifdef IPTABLES_MULTI
134 int ip6tables_save_main(int argc, char *argv[])
136 int main(int argc, char *argv[])
139 const char *tablename = NULL;
142 ip6tables_globals.program_name = "ip6tables-save";
143 c = xtables_init_all(&ip6tables_globals, NFPROTO_IPV6);
145 fprintf(stderr, "%s/%s Failed to initialize xtables\n",
146 ip6tables_globals.program_name,
147 ip6tables_globals.program_version);
150 #ifdef NO_SHARED_LIBS
154 while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
165 /* Select specific table. */
169 xtables_modprobe_program = optarg;
172 do_output(tablename);
178 fprintf(stderr, "Unknown arguments found on commandline\n");
182 return !do_output(tablename);