1 /* Code to save the ip6tables state, in human readable-form. */
2 /* Author: Andras Kis-Szabo <kisza@sch.bme.hu>
3 * Original code: iptables-save
4 * Authors: Paul 'Rusty' Russel <rusty@linuxcare.com.au> and
5 * Harald Welte <laforge@gnumonks.org>
6 * This code is distributed under the terms of GNU GPL v2
16 #include <arpa/inet.h>
17 #include "libiptc/libip6tc.h"
18 #include "ip6tables.h"
19 #include "ip6tables-multi.h"
21 #ifndef NO_SHARED_LIBS
25 static int show_binary = 0, show_counters = 0;
27 static const struct option options[] = {
28 {.name = "binary", .has_arg = false, .val = 'b'},
29 {.name = "counters", .has_arg = false, .val = 'c'},
30 {.name = "dump", .has_arg = false, .val = 'd'},
31 {.name = "table", .has_arg = true, .val = 't'},
32 {.name = "modprobe", .has_arg = true, .val = 'M'},
37 /* Debugging prototype. */
38 static int for_each_table(int (*func)(const char *tablename))
41 FILE *procfile = NULL;
42 char tablename[IP6T_TABLE_MAXNAMELEN+1];
44 procfile = fopen("/proc/net/ip6_tables_names", "r");
48 while (fgets(tablename, sizeof(tablename), procfile)) {
49 if (tablename[strlen(tablename) - 1] != '\n')
50 xtables_error(OTHER_PROBLEM,
51 "Badly formed tablename `%s'\n",
53 tablename[strlen(tablename) - 1] = '\0';
54 ret &= func(tablename);
62 static int do_output(const char *tablename)
64 struct ip6tc_handle *h;
65 const char *chain = NULL;
68 return for_each_table(&do_output);
70 h = ip6tc_init(tablename);
72 xtables_load_ko(xtables_modprobe_program, false);
73 h = ip6tc_init(tablename);
76 xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
77 ip6tc_strerror(errno));
80 time_t now = time(NULL);
82 printf("# Generated by ip6tables-save v%s on %s",
83 IPTABLES_VERSION, ctime(&now));
84 printf("*%s\n", tablename);
86 /* Dump out chain names first,
87 * thereby preventing dependency conflicts */
88 for (chain = ip6tc_first_chain(h);
90 chain = ip6tc_next_chain(h)) {
92 printf(":%s ", chain);
93 if (ip6tc_builtin(chain, h)) {
94 struct ip6t_counters count;
96 ip6tc_get_policy(chain, &count, h));
97 printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
104 for (chain = ip6tc_first_chain(h);
106 chain = ip6tc_next_chain(h)) {
107 const struct ip6t_entry *e;
110 e = ip6tc_first_rule(chain, h);
112 print_rule(e, h, chain, show_counters);
113 e = ip6tc_next_rule(e, h);
119 printf("# Completed on %s", ctime(&now));
121 /* Binary, huh? OK. */
122 xtables_error(OTHER_PROBLEM, "Binary NYI\n");
131 * :Chain name POLICY packets bytes
134 #ifdef IPTABLES_MULTI
135 int ip6tables_save_main(int argc, char *argv[])
137 int main(int argc, char *argv[])
140 const char *tablename = NULL;
143 ip6tables_globals.program_name = "ip6tables-save";
144 c = xtables_init_all(&ip6tables_globals, NFPROTO_IPV6);
146 fprintf(stderr, "%s/%s Failed to initialize xtables\n",
147 ip6tables_globals.program_name,
148 ip6tables_globals.program_version);
151 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
155 while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
166 /* Select specific table. */
170 xtables_modprobe_program = optarg;
173 do_output(tablename);
179 fprintf(stderr, "Unknown arguments found on commandline\n");
183 return !do_output(tablename);