iptables 源码分析
2007-03-07 12:42:27 来源:WEB开发网核心提示: 函数list_entries用于显示表下边的链:/*显示某table下的chain*/static intlist_entries(const ipt_chainlabel chain, int verbose, int numeric,int expanded, int linenumb
函数list_entries用于显示表下边的链:
/*显示某table下的chain*/
static int
list_entries(const ipt_chainlabel chain, int verbose, int numeric,
int expanded, int linenumbers, iptc_handle_t *handle)
{
int found = 0;
unsigned int format;
const char *this;
format = FMT_OPTIONS; /*设置输出格式*/
if (!verbose) /*详细输出模式,,对应-v ,显示匹配的包的数目,包的大小等*/
format |= FMT_NOCOUNTS;
else
format |= FMT_VIA;
if (numeric) /*对应-n,以数字的形式输出地址和端口*/
format |= FMT_NUMERIC;
if (!expanded) /*对应-x,expand numbers (display exact values)*/
format |= FMT_KILOMEGAGIGA;
if (linenumbers) /*输出行的编号*/
format |= FMT_LINENUMBERS;
for (this = iptc_first_chain(handle); /*遍历当前table的所有chain*/
this;
this = iptc_next_chain(handle))
{
const struct ipt_entry *i;
unsigned int num;
if (chain && strcmp(chain, this) != 0) /*匹配指定chain名,这里用chain &&,即若不指定chain,输出所有chain*/
continue;
if (found) printf("
");
print_header(format, this, handle); /*输出标头*/
i = iptc_first_rule(this, handle); /*移至当前chain的第一条规则*/
num = 0;
while (i) {
print_firewall(i, /*输出当前规则*/
iptc_get_target(i, handle),
num++,
format,
*handle);
i = iptc_next_rule(i, handle); /*移至下一条规则*/
}
found = 1;
}
errno = ENOENT;
return found;
}
更多精彩
赞助商链接