1 /* Shared library add-on to iptables to add IP address pool matching. */
10 #include <linux/netfilter_ipv4/ip_conntrack.h>
11 #include <linux/netfilter_ipv4/ipt_pool.h>
13 #include <libippool/ip_pool_support.h>
16 #include "../ippool/libippool.c"
18 /* Function which prints out usage message. */
24 " [!] --srcpool NAME|INDEX\n"
25 " [!] --dstpool NAME|INDEX\n"
26 " Pool index (or name from %s) to match\n"
27 "\n", IPTABLES_VERSION, IPPOOL_CONF);
30 static struct option opts[] = {
31 { "srcpool", 1, 0, '1' },
32 { "dstpool", 1, 0, '2' },
36 /* Initialize the match. */
38 init(struct ipt_entry_match *match, unsigned int *nfcache)
40 struct ipt_pool_info *info =
41 (struct ipt_pool_info *)match->data;
43 info->src = IP_POOL_NONE;
44 info->dst = IP_POOL_NONE;
46 /* Can't cache this - XXX */
47 *nfcache |= NFC_UNKNOWN;
50 /* Function which parses command options; returns true if it ate an option */
52 parse(int c, char **argv, int invert, unsigned int *flags,
53 const struct ipt_entry *entry,
54 unsigned int *nfcache,
55 struct ipt_entry_match **match)
57 struct ipt_pool_info *info =
58 (struct ipt_pool_info *)(*match)->data;
62 check_inverse(optarg, &invert, &optind, 0);
63 info->src = ip_pool_get_index(argv[optind-1]);
64 if (invert) info->flags |= IPT_POOL_INV_SRC;
68 check_inverse(optarg, &invert, &optind, 0);
69 info->dst = ip_pool_get_index(argv[optind-1]);
70 if (invert) info->flags |= IPT_POOL_INV_DST;
81 /* Final check; must have specified --srcpool or --dstpool. */
82 static void final_check(unsigned int flags)
85 exit_error(PARAMETER_PROBLEM, "You must specify either `--srcpool or --dstpool'");
88 /* Prints out the matchinfo. */
90 print(const struct ipt_ip *ip,
91 const struct ipt_entry_match *match,
95 struct ipt_pool_info *info =
96 (struct ipt_pool_info *)match->data;
98 if (info->src != IP_POOL_NONE)
99 printf("%ssrcpool %s ",
100 (info->flags & IPT_POOL_INV_SRC) ? "!" : "",
101 ip_pool_get_name(buf, sizeof(buf), info->src, 0));
102 if (info->dst != IP_POOL_NONE)
103 printf("%sdstpool %s ",
104 (info->flags & IPT_POOL_INV_DST) ? "!" : "",
105 ip_pool_get_name(buf, sizeof(buf), info->dst, 0));
108 /* Saves the matchinfo in parsable form to stdout. */
109 static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
112 struct ipt_pool_info *info =
113 (struct ipt_pool_info *)match->data;
115 if (info->src != IP_POOL_NONE)
116 printf("%s--srcpool %s ",
117 (info->flags & IPT_POOL_INV_SRC) ? "! " : "",
118 ip_pool_get_name(buf, sizeof(buf), info->src, 0));
119 if (info->dst != IP_POOL_NONE)
120 printf("%s--dstpool %s ",
121 (info->flags & IPT_POOL_INV_DST) ? "! " : "",
122 ip_pool_get_name(buf, sizeof(buf), info->dst, 0));
126 struct iptables_match pool
130 IPT_ALIGN(sizeof(struct ipt_pool_info)),
131 IPT_ALIGN(sizeof(struct ipt_pool_info)),
143 register_match(&pool);