summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorBrad Fisher <brad@info-link.net>2004-09-20 08:52:19 +0000
committerPatrick McHardy <kaber@trash.net>2004-09-20 08:52:19 +0000
commit514b1b488eaf07d66e209681f4f34246d7db2f60 (patch)
tree32a279862120585751e142a7b42bddce5fc783ea /extensions
parent0371c0c5eb17c81e8dd44c4aa31b58318e9b7b72 (diff)
Add comment match extension (Brad Fisher)
Diffstat (limited to 'extensions')
-rw-r--r--extensions/Makefile2
-rw-r--r--extensions/libipt_comment.c127
2 files changed, 128 insertions, 1 deletions
diff --git a/extensions/Makefile b/extensions/Makefile
index 81631c42..ac7eefa7 100644
--- a/extensions/Makefile
+++ b/extensions/Makefile
@@ -5,7 +5,7 @@
# header files are present in the include/linux directory of this iptables
# package (HW)
#
-PF_EXT_SLIB:=ah addrtype connlimit connmark conntrack dscp ecn esp helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner physdev standard tcp udp HL LOG MARK TRACE
# Optionals
diff --git a/extensions/libipt_comment.c b/extensions/libipt_comment.c
new file mode 100644
index 00000000..778051e8
--- /dev/null
+++ b/extensions/libipt_comment.c
@@ -0,0 +1,127 @@
+/* Shared library add-on to iptables to add comment match support.
+ *
+ * ChangeLog
+ * 2003-05-13: Brad Fisher <brad@info-link.net>
+ * Initial comment match
+ * 2004-05-12: Brad Fisher <brad@info-link.net>
+ * Port to patch-o-matic-ng
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <iptables.h>
+#include <linux/netfilter_ipv4/ipt_comment.h>
+
+/* Function which prints out usage message. */
+static void
+help(void)
+{
+ printf(
+ "COMMENT match options:\n"
+ "--comment COMMENT Attach a comment to a rule\n\n"
+ );
+}
+
+static struct option opts[] = {
+ { "comment", 1, 0, '1' },
+ {0}
+};
+
+/* Initialize the match. */
+static void
+init(struct ipt_entry_match *m, unsigned int *nfcache)
+{
+ *nfcache |= NFC_UNKNOWN;
+}
+
+static void
+parse_comment(const unsigned char *s, struct ipt_comment_info *info)
+{
+ int slen = strlen(s);
+
+ if (slen >= IPT_MAX_COMMENT_LEN) {
+ exit_error(PARAMETER_PROBLEM,
+ "COMMENT must be shorter than %i characters", IPT_MAX_COMMENT_LEN);
+ }
+ strcpy(info->comment, s);
+}
+
+/* Function which parses command options; returns true if it
+ ate an option */
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+ const struct ipt_entry *entry,
+ unsigned int *nfcache,
+ struct ipt_entry_match **match)
+{
+ struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)(*match)->data;
+
+ switch (c) {
+ case '1':
+ check_inverse(argv[optind-1], &invert, &optind, 0);
+ if (invert) {
+ exit_error(PARAMETER_PROBLEM,
+ "Sorry, you can't have an inverted comment");
+ }
+ parse_comment(argv[optind-1], commentinfo);
+ *flags = 1;
+ break;
+
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+/* Final check; must have specified --comment. */
+static void
+final_check(unsigned int flags)
+{
+ if (!flags)
+ exit_error(PARAMETER_PROBLEM,
+ "COMMENT match: You must specify `--comment'");
+}
+
+/* Prints out the matchinfo. */
+static void
+print(const struct ipt_ip *ip,
+ const struct ipt_entry_match *match,
+ int numeric)
+{
+ struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)match->data;
+
+ commentinfo->comment[IPT_MAX_COMMENT_LEN-1] = '\0';
+ printf("/* %s */ ", commentinfo->comment);
+}
+
+/* Saves the union ipt_matchinfo in parsable form to stdout. */
+static void
+save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+{
+ struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)match->data;
+
+ commentinfo->comment[IPT_MAX_COMMENT_LEN-1] = '\0';
+ printf("--comment \"%s\" ", commentinfo->comment);
+}
+
+static struct iptables_match comment = {
+ NULL,
+ "comment",
+ IPTABLES_VERSION,
+ IPT_ALIGN(sizeof(struct ipt_comment_info)),
+ IPT_ALIGN(sizeof(struct ipt_comment_info)),
+ &help,
+ &init,
+ &parse,
+ &final_check,
+ &print,
+ &save,
+ opts
+};
+
+void _init(void)
+{
+ register_match(&comment);
+}