1 /* Code to restore the iptables state, from file by iptables-save.
2 * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
3 * based on previous code from Rusty Russell <rusty@linuxcare.com.au>
5 * This code is distributed under the terms of GNU GPL v2
7 * $Id: iptables-restore.c,v 1.26 2003/05/02 15:30:11 laforge Exp $
11 #include <sys/errno.h>
16 #include "libiptc/libiptc.h"
19 #define DEBUGP(x, args...) fprintf(stderr, x, ## args)
21 #define DEBUGP(x, args...)
24 static int binary = 0, counters = 0, verbose = 0, noflush = 0;
26 /* Keeping track of external matches and targets. */
27 static struct option options[] = {
28 { "binary", 0, 0, 'b' },
29 { "counters", 0, 0, 'c' },
30 { "verbose", 1, 0, 'v' },
31 { "help", 0, 0, 'h' },
32 { "noflush", 0, 0, 'n'},
33 { "modprobe", 1, 0, 'M'},
37 static void print_usage(const char *name, const char *version) __attribute__((noreturn));
39 static void print_usage(const char *name, const char *version)
41 fprintf(stderr, "Usage: %s [-b] [-c] [-v] [-h]\n"
47 " [ --modprobe=<command>]\n", name);
52 iptc_handle_t create_handle(const char *tablename, const char* modprobe )
56 handle = iptc_init(tablename);
59 /* try to insmod the module if iptc_init failed */
60 iptables_insmod("ip_tables", modprobe);
61 handle = iptc_init(tablename);
65 exit_error(PARAMETER_PROBLEM, "%s: unable to initialize"
66 "table '%s'\n", program_name, tablename);
72 int parse_counters(char *string, struct ipt_counters *ctr)
75 return (sscanf(string, "[%llu:%llu]", &ctr->pcnt, &ctr->bcnt)
81 /* global new argv and argc */
82 static char *newargv[255];
85 /* function adding one argument to newargv, updating newargc
86 * returns true if argument added, false otherwise */
87 static int add_argv(char *what) {
88 DEBUGP("add_argv: %s\n", what);
89 if (what && ((newargc + 1) < sizeof(newargv)/sizeof(char *))) {
90 newargv[newargc] = strdup(what);
97 static void free_argv(void) {
100 for (i = 0; i < newargc; i++)
104 int main(int argc, char *argv[])
106 iptc_handle_t handle = NULL;
109 char curtable[IPT_TABLE_MAXNAMELEN + 1];
111 const char *modprobe = 0;
114 program_name = "iptables-restore";
115 program_version = IPTABLES_VERSION;
118 #ifdef NO_SHARED_LIBS
122 while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) {
134 print_usage("iptables-restore",
146 if (optind == argc - 1) {
147 in = fopen(argv[optind], "r");
149 fprintf(stderr, "Can't open %s: %s", argv[optind],
154 else if (optind < argc) {
155 fprintf(stderr, "Unknown arguments found on commandline");
160 /* Grab standard input. */
161 while (fgets(buffer, sizeof(buffer), in)) {
165 if (buffer[0] == '\n') continue;
166 else if (buffer[0] == '#') {
167 if (verbose) fputs(buffer, stdout);
169 } else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) {
170 DEBUGP("Calling commit\n");
171 ret = iptc_commit(&handle);
173 } else if ((buffer[0] == '*') && (!in_table)) {
177 table = strtok(buffer+1, " \t\n");
178 DEBUGP("line %u, table '%s'\n", line, table);
180 exit_error(PARAMETER_PROBLEM,
181 "%s: line %u table name invalid\n",
185 strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
190 handle = create_handle(table, modprobe);
192 DEBUGP("Cleaning all chains of table '%s'\n",
194 for_each_chain(flush_entries, verbose, 1,
197 DEBUGP("Deleting all user-defined chains "
198 "of table '%s'\n", table);
199 for_each_chain(delete_chain, verbose, 0,
206 } else if ((buffer[0] == ':') && (in_table)) {
208 char *policy, *chain;
210 chain = strtok(buffer+1, " \t\n");
211 DEBUGP("line %u, chain '%s'\n", line, chain);
213 exit_error(PARAMETER_PROBLEM,
214 "%s: line %u chain name invalid\n",
219 if (!iptc_builtin(chain, handle)) {
220 DEBUGP("Creating new chain '%s'\n", chain);
221 if (!iptc_create_chain(chain, &handle))
222 exit_error(PARAMETER_PROBLEM,
223 "error creating chain "
228 policy = strtok(NULL, " \t\n");
229 DEBUGP("line %u, policy '%s'\n", line, policy);
231 exit_error(PARAMETER_PROBLEM,
232 "%s: line %u policy invalid\n",
237 if (strcmp(policy, "-") != 0) {
238 struct ipt_counters count;
242 ctrs = strtok(NULL, " \t\n");
244 parse_counters(ctrs, &count);
248 sizeof(struct ipt_counters));
251 DEBUGP("Setting policy of chain %s to %s\n",
254 if (!iptc_set_policy(chain, policy, &count,
256 exit_error(OTHER_PROBLEM,
257 "Can't set policy `%s'"
258 " on `%s' line %u: %s\n",
260 iptc_strerror(errno));
265 } else if (in_table) {
273 char *param_start, *curchar;
276 /* reset the newargv */
279 if (buffer[0] == '[') {
280 /* we have counters in our input */
281 ptr = strchr(buffer, ']');
283 exit_error(PARAMETER_PROBLEM,
284 "Bad line %u: need ]\n",
287 pcnt = strtok(buffer+1, ":");
289 exit_error(PARAMETER_PROBLEM,
290 "Bad line %u: need :\n",
293 bcnt = strtok(NULL, "]");
295 exit_error(PARAMETER_PROBLEM,
296 "Bad line %u: need ]\n",
299 /* start command parsing after counter */
300 parsestart = ptr + 1;
302 /* start command parsing at start of line */
308 add_argv((char *) &curtable);
310 if (counters && pcnt && bcnt) {
311 add_argv("--set-counters");
312 add_argv((char *) pcnt);
313 add_argv((char *) bcnt);
316 /* After fighting with strtok enough, here's now
317 * a 'real' parser. According to Rusty I'm now no
318 * longer a real hacker, but I can live with that */
321 param_start = parsestart;
323 for (curchar = parsestart; *curchar; curchar++) {
324 if (*curchar == '"') {
335 || * curchar == '\n') {
336 char param_buffer[1024];
337 int param_len = curchar-param_start;
348 /* end of one parameter */
349 strncpy(param_buffer, param_start,
351 *(param_buffer+param_len) = '\0';
353 /* check if table name specified */
354 if (!strncmp(param_buffer, "-t", 3)
355 || !strncmp(param_buffer, "--table", 8)) {
356 exit_error(PARAMETER_PROBLEM,
357 "Line %u seems to have a "
358 "-t table option.\n", line);
362 add_argv(param_buffer);
363 param_start += param_len + 1;
365 /* regular character, skip */
369 DEBUGP("calling do_command(%u, argv, &%s, handle):\n",
372 for (a = 0; a < newargc; a++)
373 DEBUGP("argv[%u]: %s\n", a, newargv[a]);
375 ret = do_command(newargc, newargv,
376 &newargv[2], &handle);
381 fprintf(stderr, "%s: line %u failed\n",
git://git.onelab.eu / iptables.git / blob