summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorYasuyuki KOZAKAI <yasuyuki@netfilter.org>2007-07-24 06:55:05 +0000
committerYasuyuki KOZAKAI <yasuyuki@netfilter.org>2007-07-24 06:55:05 +0000
commitde9d244eef00ad3633e8a1d303713390ab2e243c (patch)
treee5c634890e67b0428efe86cf6645e0f03585ccac /extensions
parent0af771d5c84ea9143cf947fb944a0e18189f0e63 (diff)
Unifies libip[6]_mark.c into libxt_mark.c
Diffstat (limited to 'extensions')
-rw-r--r--extensions/Makefile6
-rw-r--r--extensions/libip6t_mark.c123
-rw-r--r--extensions/libxt_mark.c (renamed from extensions/libipt_mark.c)16
3 files changed, 19 insertions, 126 deletions
diff --git a/extensions/Makefile b/extensions/Makefile
index 0dd6bc6b..62054f7d 100644
--- a/extensions/Makefile
+++ b/extensions/Makefile
@@ -5,9 +5,9 @@
# header files are present in the include/linux directory of this iptables
# package (HW)
#
-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark owner physdev pkttype policy realm sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE REDIRECT REJECT SAME SNAT TCPMSS TOS TTL TRACE ULOG
-PF6_EXT_SLIB:=connlimit connmark eui64 hl icmp6 length limit mac mark owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TCPMSS TRACE
-PFX_EXT_SLIB:=multiport NOTRACK
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac owner physdev pkttype policy realm sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE REDIRECT REJECT SAME SNAT TCPMSS TOS TTL TRACE ULOG
+PF6_EXT_SLIB:=connlimit connmark eui64 hl icmp6 length limit mac owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TCPMSS TRACE
+PFX_EXT_SLIB:=mark multiport NOTRACK
ifeq ($(DO_SELINUX), 1)
PF_EXT_SE_SLIB:=SECMARK CONNSECMARK
diff --git a/extensions/libip6t_mark.c b/extensions/libip6t_mark.c
deleted file mode 100644
index 9b801a4e..00000000
--- a/extensions/libip6t_mark.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* Shared library add-on to ip6tables to add NFMARK matching support. */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
-#include <ip6tables.h>
-/* For 64bit kernel / 32bit userspace */
-#include "../include/linux/netfilter_ipv6/ip6t_mark.h"
-
-/* Function which prints out usage message. */
-static void
-help(void)
-{
- printf(
-"MARK match v%s options:\n"
-"[!] --mark value[/mask] Match nfmark value with optional mask\n"
-"\n",
-IPTABLES_VERSION);
-}
-
-static struct option opts[] = {
- { "mark", 1, 0, '1' },
- {0}
-};
-
-/* Function which parses command options; returns true if it
- ate an option */
-static int
-parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- unsigned int *nfcache,
- struct xt_entry_match **match)
-{
- struct ip6t_mark_info *markinfo = (struct ip6t_mark_info *)(*match)->data;
-
- switch (c) {
- char *end;
- case '1':
- check_inverse(optarg, &invert, &optind, 0);
- markinfo->mark = strtoul(optarg, &end, 0);
- if (*end == '/') {
- markinfo->mask = strtoul(end+1, &end, 0);
- } else
- markinfo->mask = 0xffffffff;
- if (*end != '\0' || end == optarg)
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
- if (invert)
- markinfo->invert = 1;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
- return 1;
-}
-
-static void
-print_mark(unsigned long mark, unsigned long mask, int numeric)
-{
- if(mask != 0xffffffff)
- printf("0x%lx/0x%lx ", mark, mask);
- else
- printf("0x%lx ", mark);
-}
-
-/* Final check; must have specified --mark. */
-static void
-final_check(unsigned int flags)
-{
- if (!flags)
- exit_error(PARAMETER_PROBLEM,
- "MARK match: You must specify `--mark'");
-}
-
-/* Prints out the matchinfo. */
-static void
-print(const void *ip,
- const struct xt_entry_match *match,
- int numeric)
-{
- struct ip6t_mark_info *info = (struct ip6t_mark_info *)match->data;
-
- printf("MARK match ");
-
- if (info->invert)
- printf("!");
-
- print_mark(info->mark, info->mask, numeric);
-}
-
-/* Saves the union ip6t_matchinfo in parsable form to stdout. */
-static void
-save(const void *ip, const struct xt_entry_match *match)
-{
- struct ip6t_mark_info *info = (struct ip6t_mark_info *)match->data;
-
- if (info->invert)
- printf("! ");
-
- printf("--mark ");
- print_mark(info->mark, info->mask, 0);
-}
-
-static struct ip6tables_match mark = {
- .name = "mark",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_mark_info)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_mark_info)),
- .help = &help,
- .parse = &parse,
- .final_check = &final_check,
- .print = &print,
- .save = &save,
- .extra_opts = opts,
-};
-
-void _init(void)
-{
- register_match6(&mark);
-}
diff --git a/extensions/libipt_mark.c b/extensions/libxt_mark.c
index 47cc4eab..97771b09 100644
--- a/extensions/libipt_mark.c
+++ b/extensions/libxt_mark.c
@@ -119,7 +119,23 @@ static struct xtables_match mark = {
.extra_opts = opts
};
+static struct xtables_match mark6 = {
+ .next = NULL,
+ .family = AF_INET6,
+ .name = "mark",
+ .version = IPTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_mark_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)),
+ .help = &help,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
+};
+
void _init(void)
{
xtables_register_match(&mark);
+ xtables_register_match(&mark6);
}