From 9ea637d5a7ebfb04e97db4cb114117474bbda9cf Mon Sep 17 00:00:00 2001 From: Yasuyuki KOZAKAI Date: Tue, 24 Jul 2007 07:21:17 +0000 Subject: Add IPv6 support to comment match --- extensions/libxt_comment.c | 136 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 extensions/libxt_comment.c (limited to 'extensions/libxt_comment.c') diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c new file mode 100644 index 00000000..9a0c9605 --- /dev/null +++ b/extensions/libxt_comment.c @@ -0,0 +1,136 @@ +/* Shared library add-on to iptables to add comment match support. + * + * ChangeLog + * 2003-05-13: Brad Fisher + * Initial comment match + * 2004-05-12: Brad Fisher + * Port to patch-o-matic-ng + */ +#include +#include +#include +#include + +#include +#include + +/* Function which prints out usage message. */ +static void +help(void) +{ + printf( + "COMMENT match options:\n" + "--comment COMMENT Attach a comment to a rule\n\n" + ); +} + +static struct option opts[] = { + { "comment", 1, 0, '1' }, + {0} +}; + +static void +parse_comment(const char *s, struct xt_comment_info *info) +{ + int slen = strlen(s); + + if (slen >= XT_MAX_COMMENT_LEN) { + exit_error(PARAMETER_PROBLEM, + "COMMENT must be shorter than %i characters", XT_MAX_COMMENT_LEN); + } + strcpy((char *)info->comment, s); +} + +/* Function which parses command options; returns true if it + ate an option */ +static int +parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, + unsigned int *nfcache, + struct xt_entry_match **match) +{ + struct xt_comment_info *commentinfo = (struct xt_comment_info *)(*match)->data; + + switch (c) { + case '1': + check_inverse(argv[optind-1], &invert, &optind, 0); + if (invert) { + exit_error(PARAMETER_PROBLEM, + "Sorry, you can't have an inverted comment"); + } + parse_comment(argv[optind-1], commentinfo); + *flags = 1; + break; + + default: + return 0; + } + return 1; +} + +/* Final check; must have specified --comment. */ +static void +final_check(unsigned int flags) +{ + if (!flags) + exit_error(PARAMETER_PROBLEM, + "COMMENT match: You must specify `--comment'"); +} + +/* Prints out the matchinfo. */ +static void +print(const void *ip, + const struct xt_entry_match *match, + int numeric) +{ + struct xt_comment_info *commentinfo = (struct xt_comment_info *)match->data; + + commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0'; + printf("/* %s */ ", commentinfo->comment); +} + +/* Saves the union ipt_matchinfo in parsable form to stdout. */ +static void +save(const void *ip, const struct xt_entry_match *match) +{ + struct xt_comment_info *commentinfo = (struct xt_comment_info *)match->data; + + commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0'; + printf("--comment \"%s\" ", commentinfo->comment); +} + +static struct xtables_match comment = { + .next = NULL, + .family = AF_INET, + .name = "comment", + .version = IPTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_comment_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_comment_info)), + .help = &help, + .parse = &parse, + .final_check = &final_check, + .print = &print, + .save = &save, + .extra_opts = opts +}; + +static struct xtables_match comment6 = { + .next = NULL, + .family = AF_INET6, + .name = "comment", + .version = IPTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_comment_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_comment_info)), + .help = &help, + .parse = &parse, + .final_check = &final_check, + .print = &print, + .save = &save, + .extra_opts = opts +}; + +void _init(void) +{ + xtables_register_match(&comment); + xtables_register_match(&comment6); +} -- cgit v1.2.3