1 /* Shared library add-on to iptables to add IP address pool matching. */
10 #include <linux/netfilter_ipv4/ip_conntrack.h>
11 #include <linux/netfilter_ipv4/ipt_pool.h>
13 #include <libippool/ip_pool_support.h>
16 #include "../ippool/libippool.c"
18 /* Function which prints out usage message. */
24 " [!] --srcpool NAME|INDEX\n"
25 " [!] --dstpool NAME|INDEX\n"
26 " Pool index (or name from %s) to match\n"
27 "\n", IPTABLES_VERSION, IPPOOL_CONF);
30 static struct option opts[] = {
31 { "srcpool", 1, 0, '1' },
32 { "dstpool", 1, 0, '2' },
36 /* Initialize the match. */
38 init(struct ipt_entry_match *match, unsigned int *nfcache)
40 struct ipt_pool_info *info =
41 (struct ipt_pool_info *)match->data;
43 info->src = IP_POOL_NONE;
44 info->dst = IP_POOL_NONE;
48 /* Function which parses command options; returns true if it ate an option */
50 parse(int c, char **argv, int invert, unsigned int *flags,
51 const struct ipt_entry *entry,
52 unsigned int *nfcache,
53 struct ipt_entry_match **match)
55 struct ipt_pool_info *info =
56 (struct ipt_pool_info *)(*match)->data;
60 check_inverse(optarg, &invert, &optind, 0);
61 info->src = ip_pool_get_index(argv[optind-1]);
62 if (invert) info->flags |= IPT_POOL_INV_SRC;
66 check_inverse(optarg, &invert, &optind, 0);
67 info->dst = ip_pool_get_index(argv[optind-1]);
68 if (invert) info->flags |= IPT_POOL_INV_DST;
79 /* Final check; must have specified --srcpool or --dstpool. */
80 static void final_check(unsigned int flags)
83 exit_error(PARAMETER_PROBLEM, "You must specify either `--srcpool or --dstpool'");
86 /* Prints out the matchinfo. */
88 print(const struct ipt_ip *ip,
89 const struct ipt_entry_match *match,
93 struct ipt_pool_info *info =
94 (struct ipt_pool_info *)match->data;
96 if (info->src != IP_POOL_NONE)
97 printf("%ssrcpool %s ",
98 (info->flags & IPT_POOL_INV_SRC) ? "!" : "",
99 ip_pool_get_name(buf, sizeof(buf), info->src, 0));
100 if (info->dst != IP_POOL_NONE)
101 printf("%sdstpool %s ",
102 (info->flags & IPT_POOL_INV_DST) ? "!" : "",
103 ip_pool_get_name(buf, sizeof(buf), info->dst, 0));
106 /* Saves the matchinfo in parsable form to stdout. */
107 static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
110 struct ipt_pool_info *info =
111 (struct ipt_pool_info *)match->data;
113 if (info->src != IP_POOL_NONE)
114 printf("%s--srcpool %s ",
115 (info->flags & IPT_POOL_INV_SRC) ? "! " : "",
116 ip_pool_get_name(buf, sizeof(buf), info->src, 0));
117 if (info->dst != IP_POOL_NONE)
118 printf("%s--dstpool %s ",
119 (info->flags & IPT_POOL_INV_DST) ? "! " : "",
120 ip_pool_get_name(buf, sizeof(buf), info->dst, 0));
123 static struct iptables_match pool = {
126 .version = IPTABLES_VERSION,
127 .size = IPT_ALIGN(sizeof(struct ipt_pool_info)),
128 .userspacesize = IPT_ALIGN(sizeof(struct ipt_pool_info)),
132 .final_check = &final_check,
140 register_match(&pool);