libxt_mark.c revision 661f112072bc13a1625c4eb5983695e122ea97da
1/* Shared library add-on to iptables to add NFMARK matching support. */ 2#include <stdio.h> 3#include <netdb.h> 4#include <string.h> 5#include <stdlib.h> 6#include <getopt.h> 7 8#include <xtables.h> 9/* For 64bit kernel / 32bit userspace */ 10#include "../include/linux/netfilter/xt_mark.h" 11 12/* Function which prints out usage message. */ 13static void 14help(void) 15{ 16 printf( 17"MARK match v%s options:\n" 18"[!] --mark value[/mask] Match nfmark value with optional mask\n" 19"\n", 20IPTABLES_VERSION); 21} 22 23static const struct option opts[] = { 24 { "mark", 1, 0, '1' }, 25 {0} 26}; 27 28/* Function which parses command options; returns true if it 29 ate an option */ 30static int 31parse(int c, char **argv, int invert, unsigned int *flags, 32 const void *entry, 33 unsigned int *nfcache, 34 struct xt_entry_match **match) 35{ 36 struct xt_mark_info *markinfo = (struct xt_mark_info *)(*match)->data; 37 38 switch (c) { 39 char *end; 40 case '1': 41 check_inverse(optarg, &invert, &optind, 0); 42 markinfo->mark = strtoul(optarg, &end, 0); 43 if (*end == '/') { 44 markinfo->mask = strtoul(end+1, &end, 0); 45 } else 46 markinfo->mask = 0xffffffff; 47 if (*end != '\0' || end == optarg) 48 exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg); 49 if (invert) 50 markinfo->invert = 1; 51 *flags = 1; 52 break; 53 54 default: 55 return 0; 56 } 57 return 1; 58} 59 60static void 61print_mark(unsigned long mark, unsigned long mask, int numeric) 62{ 63 if(mask != 0xffffffff) 64 printf("0x%lx/0x%lx ", mark, mask); 65 else 66 printf("0x%lx ", mark); 67} 68 69/* Final check; must have specified --mark. */ 70static void 71final_check(unsigned int flags) 72{ 73 if (!flags) 74 exit_error(PARAMETER_PROBLEM, 75 "MARK match: You must specify `--mark'"); 76} 77 78/* Prints out the matchinfo. */ 79static void 80print(const void *ip, 81 const struct xt_entry_match *match, 82 int numeric) 83{ 84 struct xt_mark_info *info = (struct xt_mark_info *)match->data; 85 86 printf("MARK match "); 87 88 if (info->invert) 89 printf("!"); 90 91 print_mark(info->mark, info->mask, numeric); 92} 93 94/* Saves the union ipt_matchinfo in parsable form to stdout. */ 95static void 96save(const void *ip, const struct xt_entry_match *match) 97{ 98 struct xt_mark_info *info = (struct xt_mark_info *)match->data; 99 100 if (info->invert) 101 printf("! "); 102 103 printf("--mark "); 104 print_mark(info->mark, info->mask, 0); 105} 106 107static struct xtables_match mark = { 108 .family = AF_INET, 109 .name = "mark", 110 .version = IPTABLES_VERSION, 111 .size = XT_ALIGN(sizeof(struct xt_mark_info)), 112 .userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)), 113 .help = &help, 114 .parse = &parse, 115 .final_check = &final_check, 116 .print = &print, 117 .save = &save, 118 .extra_opts = opts 119}; 120 121static struct xtables_match mark6 = { 122 .family = AF_INET6, 123 .name = "mark", 124 .version = IPTABLES_VERSION, 125 .size = XT_ALIGN(sizeof(struct xt_mark_info)), 126 .userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)), 127 .help = &help, 128 .parse = &parse, 129 .final_check = &final_check, 130 .print = &print, 131 .save = &save, 132 .extra_opts = opts 133}; 134 135void _init(void) 136{ 137 xtables_register_match(&mark); 138 xtables_register_match(&mark6); 139} 140