libxt_comment.c revision 8b7c64d6ba156a99008fcd810cba874c73294333
1/* Shared library add-on to iptables to add comment match support. 2 * 3 * ChangeLog 4 * 2003-05-13: Brad Fisher <brad@info-link.net> 5 * Initial comment match 6 * 2004-05-12: Brad Fisher <brad@info-link.net> 7 * Port to patch-o-matic-ng 8 */ 9#include <stdio.h> 10#include <string.h> 11#include <stdlib.h> 12#include <getopt.h> 13 14#include <xtables.h> 15#include <linux/netfilter/xt_comment.h> 16 17/* Function which prints out usage message. */ 18static void comment_help(void) 19{ 20 printf( 21 "comment match options:\n" 22 "--comment COMMENT Attach a comment to a rule\n"); 23} 24 25static const struct option comment_opts[] = { 26 { "comment", 1, NULL, '1' }, 27 { .name = NULL } 28}; 29 30static void 31parse_comment(const char *s, struct xt_comment_info *info) 32{ 33 int slen = strlen(s); 34 35 if (slen >= XT_MAX_COMMENT_LEN) { 36 exit_error(PARAMETER_PROBLEM, 37 "COMMENT must be shorter than %i characters", XT_MAX_COMMENT_LEN); 38 } 39 strcpy((char *)info->comment, s); 40} 41 42/* Function which parses command options; returns true if it 43 ate an option */ 44static int 45comment_parse(int c, char **argv, int invert, unsigned int *flags, 46 const void *entry, struct xt_entry_match **match) 47{ 48 struct xt_comment_info *commentinfo = (struct xt_comment_info *)(*match)->data; 49 50 switch (c) { 51 case '1': 52 check_inverse(argv[optind-1], &invert, &optind, 0); 53 if (invert) { 54 exit_error(PARAMETER_PROBLEM, 55 "Sorry, you can't have an inverted comment"); 56 } 57 parse_comment(argv[optind-1], commentinfo); 58 *flags = 1; 59 break; 60 61 default: 62 return 0; 63 } 64 return 1; 65} 66 67/* Final check; must have specified --comment. */ 68static void comment_check(unsigned int flags) 69{ 70 if (!flags) 71 exit_error(PARAMETER_PROBLEM, 72 "COMMENT match: You must specify `--comment'"); 73} 74 75/* Prints out the matchinfo. */ 76static void 77comment_print(const void *ip, const struct xt_entry_match *match, int numeric) 78{ 79 struct xt_comment_info *commentinfo = (struct xt_comment_info *)match->data; 80 81 commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0'; 82 printf("/* %s */ ", commentinfo->comment); 83} 84 85/* Saves the union ipt_matchinfo in parsable form to stdout. */ 86static void 87comment_save(const void *ip, const struct xt_entry_match *match) 88{ 89 struct xt_comment_info *commentinfo = (struct xt_comment_info *)match->data; 90 91 commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0'; 92 printf("--comment \"%s\" ", commentinfo->comment); 93} 94 95static struct xtables_match comment_match = { 96 .family = AF_INET, 97 .name = "comment", 98 .version = XTABLES_VERSION, 99 .size = XT_ALIGN(sizeof(struct xt_comment_info)), 100 .userspacesize = XT_ALIGN(sizeof(struct xt_comment_info)), 101 .help = comment_help, 102 .parse = comment_parse, 103 .final_check = comment_check, 104 .print = comment_print, 105 .save = comment_save, 106 .extra_opts = comment_opts, 107}; 108 109static struct xtables_match comment_match6 = { 110 .family = AF_INET6, 111 .name = "comment", 112 .version = XTABLES_VERSION, 113 .size = XT_ALIGN(sizeof(struct xt_comment_info)), 114 .userspacesize = XT_ALIGN(sizeof(struct xt_comment_info)), 115 .help = comment_help, 116 .parse = comment_parse, 117 .final_check = comment_check, 118 .print = comment_print, 119 .save = comment_save, 120 .extra_opts = comment_opts, 121}; 122 123void _init(void) 124{ 125 xtables_register_match(&comment_match); 126 xtables_register_match(&comment_match6); 127} 128