diff options
author | Patrick McHardy <kaber@trash.net> | 2010-12-15 23:36:19 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-12-15 23:36:19 +0100 |
commit | 3a84b3d5de492e40aff7bae5038b06dd6b6041c4 (patch) | |
tree | 6d9b602bbd4ece24176325d0006ea3c12d7934a7 /extensions/libxt_socket.c | |
parent | 2f09f1b39ced2ae7109382dcf066785bab4a966a (diff) | |
parent | a3f101331deb9314caa0cfa1061c925865e79380 (diff) |
Merge branch 'master' of git://dev.medozas.de/iptables
Diffstat (limited to 'extensions/libxt_socket.c')
-rw-r--r-- | extensions/libxt_socket.c | 76 |
1 files changed, 69 insertions, 7 deletions
diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c index 1490473b..e4dff78b 100644 --- a/extensions/libxt_socket.c +++ b/extensions/libxt_socket.c @@ -3,17 +3,79 @@ * * Copyright (C) 2007 BalaBit IT Ltd. */ +#include <getopt.h> +#include <stdbool.h> +#include <stdio.h> #include <xtables.h> +#include <linux/netfilter/xt_socket.h> -static struct xtables_match socket_mt_reg = { - .name = "socket", - .version = XTABLES_VERSION, - .family = NFPROTO_IPV4, - .size = XT_ALIGN(0), - .userspacesize = XT_ALIGN(0), +static const struct option socket_mt_opts[] = { + {.name = "transparent", .has_arg = false, .val = 't'}, + XT_GETOPT_TABLEEND, +}; + +static void socket_mt_help(void) +{ + printf( + "socket match options:\n" + " --transparent Ignore non-transparent sockets\n\n"); +} + +static int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_match **match) +{ + struct xt_socket_mtinfo1 *info = (void *)(*match)->data; + + switch (c) { + case 't': + info->flags |= XT_SOCKET_TRANSPARENT; + return true; + } + return false; +} + +static void +socket_mt_save(const void *ip, const struct xt_entry_match *match) +{ + const struct xt_socket_mtinfo1 *info = (const void *)match->data; + + if (info->flags & XT_SOCKET_TRANSPARENT) + printf("--transparent "); +} + +static void +socket_mt_print(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + printf("socket "); + socket_mt_save(ip, match); +} + +static struct xtables_match socket_mt_reg[] = { + { + .name = "socket", + .revision = 0, + .family = NFPROTO_IPV4, + .version = XTABLES_VERSION, + .size = XT_ALIGN(0), + .userspacesize = XT_ALIGN(0), + }, + { + .name = "socket", + .revision = 1, + .family = NFPROTO_UNSPEC, + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), + .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), + .help = socket_mt_help, + .parse = socket_mt_parse, + .print = socket_mt_print, + .save = socket_mt_save, + .extra_opts = socket_mt_opts, + }, }; void _init(void) { - xtables_register_match(&socket_mt_reg); + xtables_register_matches(socket_mt_reg, ARRAY_SIZE(socket_mt_reg)); } |