From 07d13c6f31c75ee8ce8dc2e509a890f5dec0f299 Mon Sep 17 00:00:00 2001 From: laforge Date: Fri, 16 Feb 2001 15:19:51 +0000 Subject: Port of IPv6 owner match, fixes for IPv6 limit mac and multiport matches (Jan Rekorajski) --- extensions/libip6t_mac.c | 145 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 extensions/libip6t_mac.c (limited to 'extensions/libip6t_mac.c') diff --git a/extensions/libip6t_mac.c b/extensions/libip6t_mac.c new file mode 100644 index 0000000..283c486 --- /dev/null +++ b/extensions/libip6t_mac.c @@ -0,0 +1,145 @@ +/* Shared library add-on to iptables to add MAC address support. */ +#include +#include +#include +#include +#include +#if defined(__GLIBC__) && __GLIBC__ == 2 +#include +#else +#include +#endif +#include +#include + +/* Function which prints out usage message. */ +static void +help(void) +{ + printf( +"MAC v%s options:\n" +" --mac-source [!] XX:XX:XX:XX:XX:XX\n" +" Match source MAC address\n" +"\n", NETFILTER_VERSION); +} + +static struct option opts[] = { + { "mac-source", 1, 0, '1' }, + {0} +}; + +/* Initialize the match. */ +static void +init(struct ip6t_entry_match *m, unsigned int *nfcache) +{ + /* Can't cache this */ + *nfcache |= NFC_UNKNOWN; +} + +static void +parse_mac(const char *mac, struct ip6t_mac_info *info) +{ + unsigned int i = 0; + + if (strlen(mac) != ETH_ALEN*3-1) + exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac); + + for (i = 0; i < ETH_ALEN; i++) { + long number; + char *end; + + number = strtol(mac + i*3, &end, 16); + + if (end == mac + i*3 + 2 + && number >= 0 + && number <= 255) + info->srcaddr[i] = number; + else + exit_error(PARAMETER_PROBLEM, + "Bad mac address `%s'", mac); + } +} + +/* Function which parses command options; returns true if it + ate an option */ +static int +parse(int c, char **argv, int invert, unsigned int *flags, + const struct ip6t_entry *entry, + unsigned int *nfcache, + struct ip6t_entry_match **match) +{ + struct ip6t_mac_info *macinfo = (struct ip6t_mac_info *)(*match)->data; + + switch (c) { + case '1': + if (check_inverse(optarg, &invert)) + optind++; + parse_mac(argv[optind-1], macinfo); + if (invert) + macinfo->invert = 1; + *flags = 1; + break; + + default: + return 0; + } + + return 1; +} + +static void print_mac(unsigned char macaddress[ETH_ALEN], int invert) +{ + unsigned int i; + + printf("%s%02X", invert ? "!" : "", macaddress[0]); + for (i = 1; i < ETH_ALEN; i++) + printf(":%02X", macaddress[i]); + printf(" "); +} + +/* Final check; must have specified --mac. */ +static void final_check(unsigned int flags) +{ + if (!flags) + exit_error(PARAMETER_PROBLEM, + "You must specify `--mac-source'"); +} + +/* Prints out the matchinfo. */ +static void +print(const struct ip6t_ip6 *ip, + const struct ip6t_entry_match *match, + int numeric) +{ + printf("MAC "); + print_mac(((struct ip6t_mac_info *)match->data)->srcaddr, + ((struct ip6t_mac_info *)match->data)->invert); +} + +/* Saves the union ip6t_matchinfo in parsable form to stdout. */ +static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match) +{ + printf("--mac "); + print_mac(((struct ip6t_mac_info *)match->data)->srcaddr, + ((struct ip6t_mac_info *)match->data)->invert); +} + +struct ip6tables_match mac += { NULL, + "mac", + NETFILTER_VERSION, + IP6T_ALIGN(sizeof(struct ip6t_mac_info)), + IP6T_ALIGN(sizeof(struct ip6t_mac_info)), + &help, + &init, + &parse, + &final_check, + &print, + &save, + opts +}; + +void _init(void) +{ + register_match6(&mac); +} -- cgit v1.2.3