create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
{
bool first = true;
- char s[INET6_ADDRSTRLEN];
struct fw3_ipset_datatype *type;
- struct fw3_address *a;
const char *methods[] = {
"(bug)",
if (ipset->iprange.set)
{
- a = &ipset->iprange;
-
- if (!a->range)
- {
- inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &a->address.v6, s, sizeof(s));
-
- fw3_pr(" range %s/%u", s, a->mask);
- }
- else
- {
- inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &a->address.v6, s, sizeof(s));
-
- fw3_pr(" range %s", s);
-
- inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &a->address2.v6, s, sizeof(s));
-
- fw3_pr("-%s", s);
- }
+ fw3_pr(" range %s", fw3_address_to_string(&ipset->iprange, false));
}
else if (ipset->portrange.set)
{
fw3_pr(" %s-o %s", out->invert ? "! " : "", out->name);
}
-void
-fw3_format_src_dest(struct fw3_address *src, struct fw3_address *dest)
+const char *
+fw3_address_to_string(struct fw3_address *address, bool allow_invert)
{
- char s[INET6_ADDRSTRLEN];
+ char *p, ip[INET6_ADDRSTRLEN];
+ static char buf[INET6_ADDRSTRLEN * 2 + 2];
- if ((src && src->range) || (dest && dest->range))
- fw3_pr(" -m iprange");
+ p = buf;
- if (src && src->set)
- {
- if (src->range)
- {
- inet_ntop(src->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &src->address.v4, s, sizeof(s));
+ if (address->invert && allow_invert)
+ p += sprintf(p, "!");
- fw3_pr(" %s--src-range %s", src->invert ? "! " : "", s);
+ inet_ntop(address->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
+ &address->address.v4, ip, sizeof(ip));
- inet_ntop(src->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &src->address2.v4, s, sizeof(s));
+ p += sprintf(p, "%s", ip);
- fw3_pr("-%s", s);
- }
- else
- {
- inet_ntop(src->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &src->address.v4, s, sizeof(s));
+ if (address->range)
+ {
+ inet_ntop(address->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
+ &address->address2.v4, ip, sizeof(ip));
- fw3_pr(" %s-s %s/%u", src->invert ? "! " : "", s, src->mask);
- }
+ p += sprintf(p, "-%s", ip);
}
-
- if (dest && dest->set)
+ else
{
- if (dest->range)
- {
- inet_ntop(dest->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &dest->address.v4, s, sizeof(s));
+ p += sprintf(p, "/%u", address->mask);
+ }
- fw3_pr(" %s--dst-range %s", dest->invert ? "! " : "", s);
+ return buf;
+}
- inet_ntop(dest->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &dest->address2.v4, s, sizeof(s));
+void
+fw3_format_src_dest(struct fw3_address *src, struct fw3_address *dest)
+{
+ if ((src && src->range) || (dest && dest->range))
+ fw3_pr(" -m iprange");
- fw3_pr("-%s", s);
- }
- else
- {
- inet_ntop(dest->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &dest->address.v4, s, sizeof(s));
+ if (src && src->set)
+ {
+ fw3_pr(" %s%s %s", src->invert ? "! " : "",
+ src->range ? "--src-range" : "-s",
+ fw3_address_to_string(src, false));
+ }
- fw3_pr(" %s-d %s/%u", dest->invert ? "! " : "", s, dest->mask);
- }
+ if (dest && dest->set)
+ {
+ fw3_pr(" %s%s %s", dest->invert ? "! " : "",
+ dest->range ? "--dst-range" : "-d",
+ fw3_address_to_string(dest, false));
}
}
struct fw3_address *sub;
enum fw3_family fam = FW3_FAMILY_ANY;
- char addr[INET6_ADDRSTRLEN];
- char buf[INET6_ADDRSTRLEN * 2 + 2];
- char *p;
+ char *p, buf[34];
struct uci_ptr ptr = { .p = dest };
if (!sub)
continue;
- p = buf;
-
- if (sub->invert)
- p += sprintf(p, "!");
-
- inet_ntop(sub->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &sub->address.v4, addr, sizeof(addr));
-
- p += sprintf(p, "%s", addr);
-
- if (sub->range)
- {
- inet_ntop(sub->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &sub->address2.v4, addr, sizeof(addr));
-
- p += sprintf(p, "-%s", addr);
- }
- else
- {
- p += sprintf(p, "/%u", sub->mask);
- }
-
- ptr.value = buf;
+ ptr.value = fw3_address_to_string(sub, true);
uci_add_list(ctx, &ptr);
}
projects / oweals / firewall3.git / commitdiff