1 /* Code to save the ip6tables state, in human readable-form. */
2 /* Author: Andras Kis-Szabo <kisza@sch.bme.hu>
3 * Original code: iptables-save
4 * Authors: Paul 'Rusty' Russel <rusty@linuxcare.com.au> and
5 * Harald Welte <laforge@gnumonks.org>
6 * This code is distributed under the terms of GNU GPL v2
16 #include <arpa/inet.h>
17 #include "libiptc/libip6tc.h"
18 #include "ip6tables.h"
19 #include "ip6tables-multi.h"
21 #ifndef NO_SHARED_LIBS
25 static int show_binary
= 0, show_counters
= 0;
27 static const struct option options
[] = {
28 {.name
= "binary", .has_arg
= false, .val
= 'b'},
29 {.name
= "counters", .has_arg
= false, .val
= 'c'},
30 {.name
= "dump", .has_arg
= false, .val
= 'd'},
31 {.name
= "table", .has_arg
= true, .val
= 't'},
36 /* Debugging prototype. */
37 static int for_each_table(int (*func
)(const char *tablename
))
40 FILE *procfile
= NULL
;
41 char tablename
[IP6T_TABLE_MAXNAMELEN
+1];
43 procfile
= fopen("/proc/net/ip6_tables_names", "r");
45 exit_error(OTHER_PROBLEM
,
46 "Unable to open /proc/net/ip6_tables_names: %s\n",
49 while (fgets(tablename
, sizeof(tablename
), procfile
)) {
50 if (tablename
[strlen(tablename
) - 1] != '\n')
51 exit_error(OTHER_PROBLEM
,
52 "Badly formed tablename `%s'\n",
54 tablename
[strlen(tablename
) - 1] = '\0';
55 ret
&= func(tablename
);
62 static int do_output(const char *tablename
)
64 struct ip6tc_handle
*h
;
65 const char *chain
= NULL
;
68 return for_each_table(&do_output
);
70 h
= ip6tc_init(tablename
);
72 exit_error(OTHER_PROBLEM
, "Can't initialize: %s\n",
73 ip6tc_strerror(errno
));
76 time_t now
= time(NULL
);
78 printf("# Generated by ip6tables-save v%s on %s",
79 XTABLES_VERSION
, ctime(&now
));
80 printf("*%s\n", tablename
);
82 /* Dump out chain names first,
83 * thereby preventing dependency conflicts */
84 for (chain
= ip6tc_first_chain(h
);
86 chain
= ip6tc_next_chain(h
)) {
88 printf(":%s ", chain
);
89 if (ip6tc_builtin(chain
, h
)) {
90 struct ip6t_counters count
;
92 ip6tc_get_policy(chain
, &count
, h
));
93 printf("[%llu:%llu]\n", (unsigned long long)count
.pcnt
, (unsigned long long)count
.bcnt
);
100 for (chain
= ip6tc_first_chain(h
);
102 chain
= ip6tc_next_chain(h
)) {
103 const struct ip6t_entry
*e
;
106 e
= ip6tc_first_rule(chain
, h
);
108 print_rule(e
, h
, chain
, show_counters
);
109 e
= ip6tc_next_rule(e
, h
);
115 printf("# Completed on %s", ctime(&now
));
117 /* Binary, huh? OK. */
118 exit_error(OTHER_PROBLEM
, "Binary NYI\n");
127 * :Chain name POLICY packets bytes
130 #ifdef IPTABLES_MULTI
131 int ip6tables_save_main(int argc
, char *argv
[])
133 int main(int argc
, char *argv
[])
136 const char *tablename
= NULL
;
139 program_name
= "ip6tables-save";
140 program_version
= XTABLES_VERSION
;
142 lib_dir
= getenv("XTABLES_LIBDIR");
143 if (lib_dir
== NULL
) {
144 lib_dir
= getenv("IP6TABLES_LIB_DIR");
146 fprintf(stderr
, "IP6TABLES_LIB_DIR is deprecated\n");
149 lib_dir
= XTABLES_LIBDIR
;
151 #ifdef NO_SHARED_LIBS
155 while ((c
= getopt_long(argc
, argv
, "bcdt:", options
, NULL
)) != -1) {
166 /* Select specific table. */
170 do_output(tablename
);
176 fprintf(stderr
, "Unknown arguments found on commandline\n");
180 return !do_output(tablename
);