libxt_socket.c revision 73866357e4a7a0fdc1b293bf8863fee2bd56da9e
1/* 2 * Shared library add-on to iptables to add early socket matching support. 3 * 4 * Copyright (C) 2007 BalaBit IT Ltd. 5 */ 6#include <getopt.h> 7#include <stdbool.h> 8#include <stdio.h> 9#include <xtables.h> 10#include <linux/netfilter/xt_socket.h> 11 12static const struct option socket_mt_opts[] = { 13 {.name = "transparent", .has_arg = false, .val = 't'}, 14 XT_GETOPT_TABLEEND, 15}; 16 17static void socket_mt_help(void) 18{ 19 printf( 20 "socket match options:\n" 21 " --transparent Ignore non-transparent sockets\n\n"); 22} 23 24static int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags, 25 const void *entry, struct xt_entry_match **match) 26{ 27 struct xt_socket_mtinfo1 *info = (void *)(*match)->data; 28 29 switch (c) { 30 case 't': 31 info->flags |= XT_SOCKET_TRANSPARENT; 32 return true; 33 } 34 return false; 35} 36 37static void 38socket_mt_save(const void *ip, const struct xt_entry_match *match) 39{ 40 const struct xt_socket_mtinfo1 *info = (const void *)match->data; 41 42 if (info->flags & XT_SOCKET_TRANSPARENT) 43 printf(" --transparent"); 44} 45 46static void 47socket_mt_print(const void *ip, const struct xt_entry_match *match, 48 int numeric) 49{ 50 printf(" socket"); 51 socket_mt_save(ip, match); 52} 53 54static struct xtables_match socket_mt_reg[] = { 55 { 56 .name = "socket", 57 .revision = 0, 58 .family = NFPROTO_IPV4, 59 .version = XTABLES_VERSION, 60 .size = XT_ALIGN(0), 61 .userspacesize = XT_ALIGN(0), 62 }, 63 { 64 .name = "socket", 65 .revision = 1, 66 .family = NFPROTO_UNSPEC, 67 .version = XTABLES_VERSION, 68 .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), 69 .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), 70 .help = socket_mt_help, 71 .parse = socket_mt_parse, 72 .print = socket_mt_print, 73 .save = socket_mt_save, 74 .extra_opts = socket_mt_opts, 75 }, 76}; 77 78void _init(void) 79{ 80 xtables_register_matches(socket_mt_reg, ARRAY_SIZE(socket_mt_reg)); 81} 82