1 /*
2 * Author: [email protected] and [email protected]
3 *
4 * Based on the ipchains code by Paul Russell and Michael Neuling
5 *
6 * (C) 2000-2002 by the netfilter coreteam <[email protected]>:
7 * Paul 'Rusty' Russell <[email protected]>
8 * Marc Boucher <[email protected]>
9 * James Morris <[email protected]>
10 * Harald Welte <[email protected]>
11 * Jozsef Kadlecsik <[email protected]>
12 *
13 * iptables -- IP firewall administration for kernels with
14 * firewall table (aimed for the 2.3 kernels)
15 *
16 * See the accompanying manual page iptables(8) for information
17 * about proper usage of this program.
18 *
19 * This program is free software; you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License as published by
21 * the Free Software Foundation; either version 2 of the License, or
22 * (at your option) any later version.
23 *
24 * This program is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
28 *
29 * You should have received a copy of the GNU General Public License
30 * along with this program; if not, write to the Free Software
31 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32 */
33
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <errno.h>
37 #include <string.h>
38 #include <iptables.h>
39 #include "xtables-multi.h"
40 #include "nft.h"
41
xtables_globals_lookup(int family)42 static struct xtables_globals *xtables_globals_lookup(int family)
43 {
44 switch (family) {
45 case AF_INET:
46 case AF_INET6:
47 return &xtables_globals;
48 case NFPROTO_ARP:
49 return &arptables_globals;
50 case NFPROTO_BRIDGE:
51 return &ebtables_globals;
52 default:
53 xtables_error(OTHER_PROBLEM, "Unknown family value %d", family);
54 }
55 }
56
57 static int
xtables_main(int family,const char * progname,int argc,char * argv[])58 xtables_main(int family, const char *progname, int argc, char *argv[])
59 {
60 char *table = "filter";
61 struct nft_handle h;
62 int ret;
63
64 ret = xtables_init_all(xtables_globals_lookup(family), family);
65 if (ret < 0) {
66 fprintf(stderr, "%s: Failed to initialize xtables\n", progname);
67 exit(1);
68 }
69 xt_params->program_name = progname;
70 init_extensions();
71 switch (family) {
72 case NFPROTO_IPV4:
73 init_extensions4();
74 break;
75 case NFPROTO_IPV6:
76 init_extensions6();
77 break;
78 case NFPROTO_ARP:
79 init_extensionsa();
80 break;
81 case NFPROTO_BRIDGE:
82 init_extensionsb();
83 break;
84 }
85
86 if (nft_init(&h, family) < 0) {
87 fprintf(stderr, "%s: Failed to initialize nft: %s\n",
88 xt_params->program_name, strerror(errno));
89 exit(EXIT_FAILURE);
90 }
91
92 ret = do_commandx(&h, argc, argv, &table, false);
93 if (ret)
94 ret = nft_commit(&h);
95
96 nft_fini(&h);
97 xtables_fini();
98
99 if (!ret) {
100 fprintf(stderr, "%s: %s.%s\n", progname, nft_strerror(errno),
101 (errno == EINVAL ?
102 " Run `dmesg' for more information." : ""));
103
104 if (errno == EAGAIN)
105 exit(RESOURCE_PROBLEM);
106 }
107
108 exit(!ret);
109 }
110
xtables_ip4_main(int argc,char * argv[])111 int xtables_ip4_main(int argc, char *argv[])
112 {
113 return xtables_main(NFPROTO_IPV4, "iptables", argc, argv);
114 }
115
xtables_ip6_main(int argc,char * argv[])116 int xtables_ip6_main(int argc, char *argv[])
117 {
118 return xtables_main(NFPROTO_IPV6, "ip6tables", argc, argv);
119 }
120
xtables_arp_main(int argc,char * argv[])121 int xtables_arp_main(int argc, char *argv[])
122 {
123 return xtables_main(NFPROTO_ARP, "arptables", argc, argv);
124 }
125