#include <errno.h>
#include <time.h>
#include <assert.h>
+#include <arpa/inet.h>
#include <glib.h>
#include <glib-object.h>
#define TARGET_LOG "LOG"
#define RULE_CHAIN "chain"
-#define RULE_DIRECTION "type"
+#define RULE_DIRECTION "direction"
#define RULE_IFNAME "ifname"
#define RULE_CGROUP "cgroup"
#define RULE_NFACCT "nfacct"
#define RULE_PROTOCOL "protocol"
#define RULE_TARGET "target"
-/* IPv4 */
-#define RULE_SIPV4TYPE "s_ipv4_type"
-#define RULE_SIPV4 "s_ipv4"
-#define RULE_DIPV4TYPE "d_ipv4_type"
-#define RULE_DIPV4 "d_ipv4"
+
+#define RULE_SIPTYPE "s_ip_type"
+#define RULE_SIP1 "s_ip1"
+#define RULE_SIP2 "s_ip2"
+#define RULE_DIPTYPE "d_ip_type"
+#define RULE_DIP1 "d_ip1"
+#define RULE_DIP2 "d_ip2"
#define RULE_SPORTTYPE "s_port_type"
-#define RULE_SPORT "s_port"
+#define RULE_SPORT1 "s_port1"
+#define RULE_SPORT2 "s_port2"
#define RULE_DPORTTYPE "d_port_type"
-#define RULE_DPORT "d_port"
-/* IPv6 */
-#define RULE_SIPV6TYPE "s_ipv6_type"
-#define RULE_SIPV6 "s_ipv6"
-#define RULE_DIPV6TYPE "d_ipv6_type"
-#define RULE_DIPV6 "d_ipv6"
-#define RULE_SPORT6TYPE "s_port6_type"
-#define RULE_SPORT6 "s_port6"
-#define RULE_DPORT6TYPE "d_port6_type"
-#define RULE_DPORT6 "d_port6"
+#define RULE_DPORT1 "d_port1"
+#define RULE_DPORT2 "d_port2"
typedef enum {
IPTABLES_CHAIN_INPUT,
} ipt_chain_e;
typedef enum {
+ IPTABLES_DIRECTION_NONE,
IPTABLES_DIRECTION_IN,
IPTABLES_DIRECTION_OUT
} ipt_direction_e;
typedef enum {
+ IPTABLES_FAMILY_NONE,
+ IPTABLES_FAMILY_V4,
+ IPTABLES_FAMILY_V6
+} ipt_family_type_e;
+
+typedef enum {
IPTABLES_IP_NONE,
IPTABLES_IP_SINGLE,
IPTABLES_IP_MASK,
typedef struct {
char *chain;
ipt_direction_e direction;
- ipt_ip_type_e s_ipv4_type;
- ipt_ip_type_e d_ipv4_type;
+ ipt_ip_type_e s_ip_type;
+ ipt_ip_type_e d_ip_type;
ipt_port_type_e s_port_type;
ipt_port_type_e d_port_type;
- ipt_ip_type_e s_ipv6_type;
- ipt_ip_type_e d_ipv6_type;
- ipt_port_type_e s_port6_type;
- ipt_port_type_e d_port6_type;
ipt_protocol_type_e protocol;
- char *s_ipv4;
- char *d_ipv4;
- char *s_port;
- char *d_port;
- char *s_ipv6;
- char *d_ipv6;
- char *s_port6;
- char *d_port6;
+ ipt_family_type_e family;
+ char *s_ip1;
+ char *s_ip2;
+ char *d_ip1;
+ char *d_ip2;
+ int s_port1;
+ int s_port2;
+ int d_port1;
+ int d_port2;
char *ifname;
int classid;
char *nfacct_name;
static char g_rule_cgroup[MENU_DATA_SIZE] = "0";
static char g_rule_nfacct[MENU_DATA_SIZE] = "";
static char g_rule_protocol[MENU_DATA_SIZE] = "1";
+static char g_rule_family[MENU_DATA_SIZE] = "1";
static char g_rule_target[MENU_DATA_SIZE] = "0";
/* ipv4 */
static char g_rule_s_ip_type[MENU_DATA_SIZE] = "2";
if (rule->direction == IPTABLES_DIRECTION_IN)
msg("Direction : [IN]");
else if (rule->direction == IPTABLES_DIRECTION_OUT)
- msg("Dir : [OUT]");
-
- /* IPv4 */
- if (rule->s_ipv4_type > IPTABLES_IP_NONE &&
- rule->s_ipv4_type <= IPTABLES_IP_RANGE)
- msg("S-IPv4 : [%s]", rule->s_ipv4);
+ msg("Direction : [OUT]");
- if (rule->d_ipv4_type > IPTABLES_IP_NONE &&
- rule->d_ipv4_type <= IPTABLES_IP_RANGE)
- msg("D-IPv4 : [%s]", rule->d_ipv4);
+ if (rule->family == IPTABLES_FAMILY_V4)
+ msg("Family : [V4]");
+ else if (rule->family == IPTABLES_FAMILY_V6)
+ msg("Family : [V6]");
- if (rule->s_port_type > IPTABLES_PORT_NONE &&
- rule->s_port_type <= IPTABLES_PORT_RANGE)
- msg("S-Port : [%s]", rule->s_port);
-
- if (rule->d_port_type > IPTABLES_PORT_NONE &&
- rule->d_port_type <= IPTABLES_PORT_RANGE)
- msg("D-Port : [%s]", rule->d_port);
-
- /* IPv4 */
- if (rule->s_ipv6_type > IPTABLES_IP_NONE &&
- rule->s_ipv6_type <= IPTABLES_IP_RANGE)
- msg("S-IPv6 : [%s]", rule->s_ipv6);
+ if (rule->s_ip_type != IPTABLES_IP_NONE) {
+ msg("S-IPType : [%d]", rule->s_ip_type);
+ msg("S-IP1 : [%s]", rule->s_ip1);
+ msg("S-IP2 : [%s]", rule->s_ip2);
+ }
- if (rule->d_ipv4_type > IPTABLES_IP_NONE &&
- rule->d_ipv4_type <= IPTABLES_IP_RANGE)
- msg("D-IPv6 : [%s]", rule->d_ipv6);
+ if (rule->d_ip_type != IPTABLES_IP_NONE) {
+ msg("D-IPType : [%d]", rule->d_ip_type);
+ msg("D-IP1 : [%s]", rule->d_ip1);
+ msg("D-IP2 : [%s]", rule->d_ip2);
+ }
- if (rule->s_port6_type > IPTABLES_PORT_NONE &&
- rule->s_port6_type <= IPTABLES_PORT_RANGE)
- msg("S-Port6 : [%s]", rule->s_port6);
+ if (rule->s_port_type != IPTABLES_PORT_NONE) {
+ msg("S-PortType: [%d]", rule->s_port_type);
+ msg("S-Port1 : [%d]", rule->s_port1);
+ msg("S-Port2 : [%d]", rule->s_port2);
+ }
- if (rule->d_port6_type > IPTABLES_PORT_NONE &&
- rule->d_port6_type <= IPTABLES_PORT_RANGE)
- msg("D-Port6 : [%s]", rule->d_port6);
+ if (rule->d_port_type != IPTABLES_PORT_NONE) {
+ msg("D-PortType: [%d]", rule->d_port_type);
+ msg("D-Port1 : [%d]", rule->d_port1);
+ msg("D-Port2 : [%d]", rule->d_port2);
+ }
if (rule->ifname)
msg("Ifname : [%s]", rule->ifname);
static void __test_rule_free(ipt_rule_s *rule)
{
FREE(rule->chain);
+ FREE(rule->s_ip1);
+ FREE(rule->s_ip2);
+ FREE(rule->d_ip1);
+ FREE(rule->d_ip2);
FREE(rule->ifname);
FREE(rule->nfacct_name);
FREE(rule->target);
static int __test_set_rule(void)
{
int direction = (int)strtol(g_rule_direction, NULL, 10);
+ int family = (int)strtol(g_rule_family, NULL, 10);
int siptype = (int)strtol(g_rule_s_ip_type, NULL, 10);
int diptype = (int)strtol(g_rule_d_ip_type, NULL, 10);
int sporttype = (int)strtol(g_rule_s_port_type, NULL, 10);
int dip6type = (int)strtol(g_rule_d_ip6_type, NULL, 10);
int sport6type = (int)strtol(g_rule_s_port6_type, NULL, 10);
int dport6type = (int)strtol(g_rule_d_port6_type, NULL, 10);
+ int sport1 = (int)strtol(g_rule_s_port1, NULL, 10);
+ int sport2 = (int)strtol(g_rule_s_port2, NULL, 10);
+ int dport1 = (int)strtol(g_rule_d_port1, NULL, 10);
+ int dport2 = (int)strtol(g_rule_d_port2, NULL, 10);
+ int sport61 = (int)strtol(g_rule_s_port61, NULL, 10);
+ int sport62 = (int)strtol(g_rule_s_port62, NULL, 10);
+ int dport61 = (int)strtol(g_rule_d_port61, NULL, 10);
+ int dport62 = (int)strtol(g_rule_d_port62, NULL, 10);
int classid = (int)strtol(g_rule_cgroup, NULL, 10);
int protocol = (int)strtol(g_rule_protocol, NULL, 10);
int target = (int)strtol(g_rule_target, NULL, 10);
if (g_rule_chain[0] == '\0' ||
- direction < IPTABLES_DIRECTION_IN || direction > IPTABLES_DIRECTION_OUT ||
+ direction < IPTABLES_DIRECTION_NONE || direction > IPTABLES_DIRECTION_OUT ||
siptype < IPTABLES_IP_NONE || siptype > IPTABLES_IP_RANGE ||
diptype < IPTABLES_IP_NONE || diptype > IPTABLES_IP_RANGE ||
sporttype < IPTABLES_PORT_NONE || sporttype > IPTABLES_PORT_RANGE ||
memset(g_rule, 0, sizeof(ipt_rule_s));
g_rule->chain = g_strdup(g_rule_chain);
g_rule->direction = direction;
- g_rule->s_ipv4_type = siptype;
- g_rule->d_ipv4_type = diptype;
- g_rule->s_port_type = sporttype;
- g_rule->d_port_type = dporttype;
- g_rule->s_ipv6_type = sip6type;
- g_rule->d_ipv6_type = dip6type;
- g_rule->s_port6_type = sport6type;
- g_rule->d_port6_type = dport6type;
+ g_rule->family = family;
g_rule->protocol = protocol;
- switch (g_rule->s_ipv4_type) {
- case IPTABLES_IP_SINGLE:
- g_rule->s_ipv4 = g_strdup_printf("%s,", g_rule_s_ip1);
+ switch (g_rule->family) {
+ case IPTABLES_FAMILY_V4:
+ g_rule->s_ip_type = siptype;
+ switch (g_rule->s_ip_type) {
+ case IPTABLES_IP_SINGLE:
+ g_rule->s_ip1 = g_strdup(g_rule_s_ip1);
+ break;
+ case IPTABLES_IP_MASK:
+ case IPTABLES_IP_RANGE:
+ g_rule->s_ip1 = g_strdup(g_rule_s_ip1);
+ g_rule->s_ip2 = g_strdup(g_rule_s_ip2);
+ break;
+ default:
+ break;
+ }
+
+ g_rule->d_ip_type = diptype;
+ switch (g_rule->d_ip_type) {
+ case IPTABLES_IP_SINGLE:
+ g_rule->d_ip1 = g_strdup(g_rule_d_ip1);
+ break;
+ case IPTABLES_IP_MASK:
+ case IPTABLES_IP_RANGE:
+ g_rule->d_ip1 = g_strdup(g_rule_d_ip1);
+ g_rule->d_ip2 = g_strdup(g_rule_d_ip2);
+ break;
+ default:
+ break;
+ }
+
+ g_rule->s_port_type = sporttype;
+ switch (g_rule->s_port_type) {
+ case IPTABLES_PORT_SINGLE:
+ g_rule->s_port1 = sport1;
+ break;
+ case IPTABLES_PORT_RANGE:
+ g_rule->s_port1 = sport1;
+ g_rule->s_port2 = sport2;
+ break;
+ default:
+ break;
+ }
+
+ g_rule->d_port_type = dporttype;
+ switch (g_rule->d_port_type) {
+ case IPTABLES_PORT_SINGLE:
+ g_rule->d_port1 = dport1;
+ break;
+ case IPTABLES_PORT_RANGE:
+ g_rule->d_port1 = dport1;
+ g_rule->d_port2 = dport2;
+ break;
+ default:
+ break;
+ }
break;
- case IPTABLES_IP_MASK:
- case IPTABLES_IP_RANGE:
- g_rule->s_ipv4 = g_strdup_printf("%s,%s", g_rule_s_ip1, g_rule_s_ip2);
- break;
- default:
- break;
- }
-
- switch (g_rule->d_ipv4_type) {
- case IPTABLES_IP_SINGLE:
- g_rule->d_ipv4 = g_strdup_printf("%s,", g_rule_d_ip1);
- break;
- case IPTABLES_IP_MASK:
- case IPTABLES_IP_RANGE:
- g_rule->d_ipv4 = g_strdup_printf("%s,%s", g_rule_d_ip1, g_rule_d_ip2);
- break;
- default:
- break;
- }
-
- switch (g_rule->s_port_type) {
- case IPTABLES_PORT_SINGLE:
- g_rule->s_port = g_strdup_printf("%s,", g_rule_s_port1);
- break;
- case IPTABLES_PORT_RANGE:
- g_rule->s_port = g_strdup_printf("%s,%s", g_rule_s_port1, g_rule_s_port2);
- break;
- default:
- break;
- }
-
- switch (g_rule->d_port_type) {
- case IPTABLES_PORT_SINGLE:
- g_rule->d_port = g_strdup_printf("%s,", g_rule_d_port1);
- break;
- case IPTABLES_PORT_RANGE:
- g_rule->d_port = g_strdup_printf("%s,%s", g_rule_d_port1, g_rule_d_port2);
- break;
- default:
- break;
- }
-
- switch (g_rule->s_ipv6_type) {
- case IPTABLES_IP_SINGLE:
- g_rule->s_ipv6 = g_strdup_printf("%s,", g_rule_s_ip61);
- break;
- case IPTABLES_IP_MASK:
- case IPTABLES_IP_RANGE:
- g_rule->s_ipv6 = g_strdup_printf("%s,%s", g_rule_s_ip61, g_rule_s_ip62);
- break;
- default:
- break;
- }
-
- switch (g_rule->d_ipv6_type) {
- case IPTABLES_IP_SINGLE:
- g_rule->d_ipv6 = g_strdup_printf("%s,", g_rule_d_ip61);
- break;
- case IPTABLES_IP_MASK:
- case IPTABLES_IP_RANGE:
- g_rule->d_ipv6 = g_strdup_printf("%s,%s", g_rule_d_ip61, g_rule_d_ip62);
- break;
- default:
- break;
- }
-
- switch (g_rule->s_port6_type) {
- case IPTABLES_PORT_SINGLE:
- g_rule->s_port6 = g_strdup_printf("%s,", g_rule_s_port61);
- break;
- case IPTABLES_PORT_RANGE:
- g_rule->s_port6 = g_strdup_printf("%s,%s", g_rule_s_port61, g_rule_s_port62);
- break;
- default:
- break;
- }
-
- switch (g_rule->d_port6_type) {
- case IPTABLES_PORT_SINGLE:
- g_rule->d_port6 = g_strdup_printf("%s,", g_rule_d_port61);
- break;
- case IPTABLES_PORT_RANGE:
- g_rule->d_port6 = g_strdup_printf("%s,%s", g_rule_d_port61, g_rule_d_port62);
+ case IPTABLES_FAMILY_V6:
+ g_rule->s_ip_type = sip6type;
+ switch (g_rule->s_ip_type) {
+ case IPTABLES_IP_SINGLE:
+ g_rule->s_ip1 = g_strdup(g_rule_s_ip61);
+ break;
+ case IPTABLES_IP_MASK:
+ case IPTABLES_IP_RANGE:
+ g_rule->s_ip1 = g_strdup(g_rule_s_ip61);
+ g_rule->s_ip2 = g_strdup(g_rule_s_ip62);
+ break;
+ default:
+ break;
+ }
+
+ g_rule->d_ip_type = dip6type;
+ switch (g_rule->d_ip_type) {
+ case IPTABLES_IP_SINGLE:
+ g_rule->d_ip1 = g_strdup(g_rule_d_ip61);
+ break;
+ case IPTABLES_IP_MASK:
+ case IPTABLES_IP_RANGE:
+ g_rule->d_ip1 = g_strdup(g_rule_d_ip61);
+ g_rule->d_ip2 = g_strdup(g_rule_d_ip62);
+ break;
+ default:
+ break;
+ }
+
+ g_rule->s_port_type = sport6type;
+ switch (g_rule->s_port_type) {
+ case IPTABLES_PORT_SINGLE:
+ g_rule->s_port1 = sport61;
+ break;
+ case IPTABLES_PORT_RANGE:
+ g_rule->s_port1 = sport61;
+ g_rule->s_port2 = sport62;
+ break;
+ default:
+ break;
+ }
+
+ g_rule->d_port_type = dport6type;
+ switch (g_rule->d_port_type) {
+ case IPTABLES_PORT_SINGLE:
+ g_rule->d_port1 = dport61;
+ break;
+ case IPTABLES_PORT_RANGE:
+ g_rule->d_port1 = dport61;
+ g_rule->d_port2 = dport62;
+ break;
+ default:
+ break;
+ }
break;
default:
break;
g_variant_builder_add(builder, "{sv}", RULE_CHAIN,
g_variant_new_string(rule->chain));
- if (rule->direction == IPTABLES_DIRECTION_IN ||
- rule->direction == IPTABLES_DIRECTION_OUT)
+ if (rule->direction != IPTABLES_DIRECTION_NONE)
g_variant_builder_add(builder, "{sv}", RULE_DIRECTION,
- g_variant_new_uint32(rule->direction));
+ g_variant_new_uint16(rule->direction));
- if (rule->s_ipv4_type > IPTABLES_IP_NONE &&
- rule->s_ipv4_type <= IPTABLES_IP_RANGE) {
- g_variant_builder_add(builder, "{sv}", RULE_SIPV4TYPE,
- g_variant_new_uint32(rule->s_ipv4_type));
-
- if (rule->s_ipv4)
- g_variant_builder_add(builder, "{sv}", RULE_SIPV4,
- g_variant_new_string(rule->s_ipv4));
- }
+ if (rule->s_ip_type != IPTABLES_IP_NONE)
+ g_variant_builder_add(builder, "{sv}", RULE_SIPTYPE,
+ g_variant_new_uint16(rule->s_ip_type));
- if (rule->d_ipv4_type > IPTABLES_IP_NONE &&
- rule->d_ipv4_type <= IPTABLES_IP_RANGE) {
- g_variant_builder_add(builder, "{sv}", RULE_DIPV4TYPE,
- g_variant_new_uint32(rule->d_ipv4_type));
+ if (rule->d_ip_type != IPTABLES_IP_NONE)
+ g_variant_builder_add(builder, "{sv}", RULE_DIPTYPE,
+ g_variant_new_uint16(rule->d_ip_type));
- if (rule->d_ipv4)
- g_variant_builder_add(builder, "{sv}", RULE_DIPV4,
- g_variant_new_string(rule->d_ipv4));
- }
-
- if (rule->s_port_type > IPTABLES_PORT_NONE &&
- rule->s_port_type <= IPTABLES_PORT_RANGE) {
+ if (rule->s_port_type != IPTABLES_PORT_NONE)
g_variant_builder_add(builder, "{sv}", RULE_SPORTTYPE,
- g_variant_new_uint32(rule->s_port_type));
-
- if (rule->s_port)
- g_variant_builder_add(builder, "{sv}", RULE_SPORT,
- g_variant_new_string(rule->s_port));
- }
+ g_variant_new_uint16(rule->s_port_type));
- if (rule->d_port_type > IPTABLES_PORT_NONE &&
- rule->d_port_type <= IPTABLES_PORT_RANGE) {
+ if (rule->d_port_type != IPTABLES_PORT_NONE)
g_variant_builder_add(builder, "{sv}", RULE_DPORTTYPE,
- g_variant_new_uint32(rule->d_port_type));
-
- if (rule->d_port)
- g_variant_builder_add(builder, "{sv}", RULE_DPORT,
- g_variant_new_string(rule->d_port));
- }
-
- if (rule->ifname)
- g_variant_builder_add(builder, "{sv}", RULE_IFNAME,
- g_variant_new_string(rule->ifname));
-
- if (rule->classid > 0)
- g_variant_builder_add(builder, "{sv}", RULE_CGROUP,
- g_variant_new_uint32(rule->classid));
-
- if (rule->nfacct_name)
- g_variant_builder_add(builder, "{sv}", RULE_NFACCT,
- g_variant_new_string(rule->nfacct_name));
-
- if (rule->protocol > IPTABLES_PROTOCOL_NONE &&
- rule->protocol <= IPTABLES_PROTOCOL_ALL)
- g_variant_builder_add(builder, "{sv}", RULE_PROTOCOL,
- g_variant_new_uint32(rule->protocol));
-
- if (rule->target)
- g_variant_builder_add(builder, "{sv}", RULE_TARGET,
- g_variant_new_string(rule->target));
-
-}
-
-static void __test_add_6rule_info_to_builder(GVariantBuilder *builder,
- ipt_rule_s *rule)
-{
- g_variant_builder_add(builder, "{sv}", RULE_CHAIN,
- g_variant_new_string(rule->chain));
-
- g_variant_builder_add(builder, "{sv}", RULE_DIRECTION,
- g_variant_new_uint32(rule->direction));
-
- if (rule->s_ipv6_type > IPTABLES_IP_NONE &&
- rule->s_ipv6_type <= IPTABLES_IP_RANGE) {
- g_variant_builder_add(builder, "{sv}", RULE_SIPV6TYPE,
- g_variant_new_uint32(rule->s_ipv6_type));
-
- if (rule->s_ipv6)
- g_variant_builder_add(builder, "{sv}", RULE_SIPV6,
- g_variant_new_string(rule->s_ipv6));
- }
-
- if (rule->d_ipv6_type > IPTABLES_IP_NONE &&
- rule->d_ipv6_type <= IPTABLES_IP_RANGE) {
- g_variant_builder_add(builder, "{sv}", RULE_DIPV6TYPE,
- g_variant_new_uint32(rule->d_ipv6_type));
-
- if (rule->d_ipv6)
- g_variant_builder_add(builder, "{sv}", RULE_DIPV6,
- g_variant_new_string(rule->d_ipv6));
+ g_variant_new_uint16(rule->d_port_type));
+
+ switch (rule->family) {
+ case IPTABLES_FAMILY_V4:
+ {
+ struct in_addr ipv4;
+ if (rule->s_ip1) {
+ inet_pton(AF_INET, rule->s_ip1, &ipv4);
+ g_variant_builder_add(builder, "{sv}", RULE_SIP1,
+ g_variant_new_uint32(ipv4.s_addr));
+ }
+
+ if (rule->s_ip2) {
+ inet_pton(AF_INET, rule->s_ip2, &ipv4);
+ g_variant_builder_add(builder, "{sv}", RULE_SIP2,
+ g_variant_new_uint32(ipv4.s_addr));
+ }
+
+ if (rule->d_ip1) {
+ inet_pton(AF_INET, rule->d_ip1, &ipv4);
+ g_variant_builder_add(builder, "{sv}", RULE_DIP1,
+ g_variant_new_uint32(ipv4.s_addr));
+ }
+
+ if (rule->d_ip2) {
+ inet_pton(AF_INET, rule->d_ip2, &ipv4);
+ g_variant_builder_add(builder, "{sv}", RULE_DIP2,
+ g_variant_new_uint32(ipv4.s_addr));
+ }
+ }
+ break;
+ case IPTABLES_FAMILY_V6:
+ {
+ struct in6_addr ipv6;
+ char buf[RULE_SIZE];
+ if (rule->s_ip1) {
+ inet_pton(AF_INET6, rule->s_ip1, &ipv6);
+ memset(buf, 0, sizeof(buf));
+ snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
+ ipv6.s6_addr32[0], ipv6.s6_addr32[1],
+ ipv6.s6_addr32[2], ipv6.s6_addr32[3]);
+ g_variant_builder_add(builder, "{sv}", RULE_SIP1,
+ g_variant_new_string(buf));
+ }
+
+ if (rule->s_ip2) {
+ inet_pton(AF_INET6, rule->s_ip2, &ipv6);
+ memset(buf, 0, sizeof(buf));
+ snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
+ ipv6.s6_addr32[0], ipv6.s6_addr32[1],
+ ipv6.s6_addr32[2], ipv6.s6_addr32[3]);
+ g_variant_builder_add(builder, "{sv}", RULE_SIP2,
+ g_variant_new_string(buf));
+ }
+
+ if (rule->d_ip1) {
+ inet_pton(AF_INET6, rule->d_ip1, &ipv6);
+ memset(buf, 0, sizeof(buf));
+ snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
+ ipv6.s6_addr32[0], ipv6.s6_addr32[1],
+ ipv6.s6_addr32[2], ipv6.s6_addr32[3]);
+ g_variant_builder_add(builder, "{sv}", RULE_DIP1,
+ g_variant_new_string(buf));
+ }
+
+ if (rule->d_ip2) {
+ inet_pton(AF_INET6, rule->d_ip2, &ipv6);
+ memset(buf, 0, sizeof(buf));
+ snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
+ ipv6.s6_addr32[0], ipv6.s6_addr32[1],
+ ipv6.s6_addr32[2], ipv6.s6_addr32[3]);
+ g_variant_builder_add(builder, "{sv}", RULE_DIP2,
+ g_variant_new_string(buf));
+ }
+ }
+ break;
+ default:
+ break;
}
- if (rule->s_port6_type > IPTABLES_PORT_NONE &&
- rule->s_port6_type <= IPTABLES_PORT_RANGE) {
- g_variant_builder_add(builder, "{sv}", RULE_SPORT6TYPE,
- g_variant_new_uint32(rule->s_port6_type));
+ if (rule->s_port1)
+ g_variant_builder_add(builder, "{sv}", RULE_SPORT1,
+ g_variant_new_uint32(rule->s_port1));
- if (rule->s_port6)
- g_variant_builder_add(builder, "{sv}", RULE_SPORT6,
- g_variant_new_string(rule->s_port6));
- }
+ if (rule->s_port2)
+ g_variant_builder_add(builder, "{sv}", RULE_SPORT2,
+ g_variant_new_uint32(rule->s_port2));
- if (rule->d_port6_type > IPTABLES_PORT_NONE &&
- rule->d_port6_type <= IPTABLES_PORT_RANGE) {
- g_variant_builder_add(builder, "{sv}", RULE_DPORT6TYPE,
- g_variant_new_uint32(rule->d_port6_type));
+ if (rule->d_port1)
+ g_variant_builder_add(builder, "{sv}", RULE_DPORT1,
+ g_variant_new_uint32(rule->d_port1));
- if (rule->d_port6)
- g_variant_builder_add(builder, "{sv}", RULE_DPORT6,
- g_variant_new_string(rule->d_port6));
- }
+ if (rule->d_port2)
+ g_variant_builder_add(builder, "{sv}", RULE_DPORT2,
+ g_variant_new_uint32(rule->d_port2));
if (rule->ifname)
g_variant_builder_add(builder, "{sv}", RULE_IFNAME,
g_variant_builder_add(builder, "{sv}", RULE_NFACCT,
g_variant_new_string(rule->nfacct_name));
- g_variant_builder_add(builder, "{sv}", RULE_PROTOCOL,
- g_variant_new_uint32(rule->protocol));
+ if (rule->protocol != IPTABLES_PROTOCOL_NONE)
+ g_variant_builder_add(builder, "{sv}", RULE_PROTOCOL,
+ g_variant_new_uint16(rule->protocol));
if (rule->target)
g_variant_builder_add(builder, "{sv}", RULE_TARGET,
GVariant *message = NULL;
builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}"));
- __test_add_6rule_info_to_builder(builder, g_rule);
+ __test_add_rule_info_to_builder(builder, g_rule);
params = g_variant_new("(a{sv})", builder);
g_variant_builder_unref(builder);
GVariant *message = NULL;
builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}"));
- __test_add_6rule_info_to_builder(builder, g_rule);
+ __test_add_rule_info_to_builder(builder, g_rule);
params = g_variant_new("(a{sv})", builder);
g_variant_builder_unref(builder);
{
int err = STC_ERROR_NONE;
- err = __stc_ipt_add_rule();
- if (err != STC_ERROR_NONE)
- msg(LOG_RED "Failed to add rule" LOG_END);
-
- err = __stc_ip6t_add_rule();
- if (err != STC_ERROR_NONE)
- msg(LOG_RED "Failed to add 6 rule" LOG_END);
+ switch (g_rule->family) {
+ case IPTABLES_FAMILY_V4:
+ err = __stc_ipt_add_rule();
+ if (err != STC_ERROR_NONE)
+ msg(LOG_RED "Failed to add rule" LOG_END);
+ break;
+ case IPTABLES_FAMILY_V6:
+ err = __stc_ip6t_add_rule();
+ if (err != STC_ERROR_NONE)
+ msg(LOG_RED "Failed to add 6 rule" LOG_END);
+ break;
+ default:
+ break;
+ }
return err;
}
{
int err = STC_ERROR_NONE;
- err = __stc_ipt_remove_rule();
- if (err != STC_ERROR_NONE)
- msg(LOG_RED "Failed to remove rule" LOG_END);
-
- err = __stc_ip6t_remove_rule();
- if (err != STC_ERROR_NONE)
- msg(LOG_RED "Failed to remove 6 rule" LOG_END);
+ switch (g_rule->family) {
+ case IPTABLES_FAMILY_V4:
+ err = __stc_ipt_remove_rule();
+ if (err != STC_ERROR_NONE)
+ msg(LOG_RED "Failed to remove rule" LOG_END);
+ break;
+ case IPTABLES_FAMILY_V6:
+ err = __stc_ip6t_remove_rule();
+ if (err != STC_ERROR_NONE)
+ msg(LOG_RED "Failed to remove 6 rule" LOG_END);
+ break;
+ default:
+ break;
+ }
return err;
}
{ "1", "chain name", NULL, NULL, g_rule_chain},
{ "2", "direction (0.IN/1.OUT)", NULL, NULL, g_rule_direction},
{ "3", "interface name", NULL, NULL, g_rule_ifname},
- { "4", "[IPv4]", menu_set_ipv4, NULL, NULL},
+ { "4", "family", NULL, NULL, g_rule_family},
+ { "5", "[IPv4]", menu_set_ipv4, NULL, NULL},
{ "6", "[IPv6]", menu_set_ipv6, NULL, NULL},
{ "7", "cgroup classid", NULL, NULL, g_rule_cgroup},
{ "8", "nfacct name", NULL, NULL, g_rule_nfacct},
projects / platform / core / connectivity / stc-iptables.git / commitdiff