1 /* Shared library add-on to iptables to add realm matching support. */
7 #if defined(__GLIBC__) && __GLIBC__ == 2
8 #include <net/ethernet.h>
10 #include <linux/if_ether.h>
13 #include <linux/netfilter_ipv4/ipt_realm.h>
15 /* Function which prints out usage message. */
20 "REALM v%s options:\n"
21 " --realm [!] value[/mask]\n"
23 "\n", IPTABLES_VERSION);
26 static struct option opts[] = {
27 { "realm", 1, 0, '1' },
31 /* Function which parses command options; returns true if it
34 parse(int c, char **argv, int invert, unsigned int *flags,
35 const struct ipt_entry *entry,
36 unsigned int *nfcache,
37 struct ipt_entry_match **match)
39 struct ipt_realm_info *realminfo = (struct ipt_realm_info *)(*match)->data;
44 check_inverse(argv[optind-1], &invert, &optind, 0);
45 optarg = argv[optind-1];
46 realminfo->id = strtoul(optarg, &end, 0);
48 realminfo->mask = strtoul(end+1, &end, 0);
50 realminfo->mask = 0xffffffff;
51 if (*end != '\0' || end == optarg)
52 exit_error(PARAMETER_PROBLEM, "Bad REALM value `%s'", optarg);
54 realminfo->invert = 1;
65 print_realm(unsigned long id, unsigned long mask)
67 if (mask != 0xffffffff)
68 printf("0x%lx/0x%lx ", id, mask);
73 /* Prints out the matchinfo. */
75 print(const struct ipt_ip *ip,
76 const struct ipt_entry_match *match,
79 struct ipt_realm_info *ri = (struct ipt_realm_info *) match->data;
84 printf("REALM match ");
85 print_realm(ri->id, ri->mask);
89 /* Saves the union ipt_matchinfo in parsable form to stdout. */
91 save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
93 struct ipt_realm_info *ri = (struct ipt_realm_info *) match->data;
99 print_realm(ri->id, ri->mask);
102 /* Final check; must have specified --mark. */
104 final_check(unsigned int flags)
107 exit_error(PARAMETER_PROBLEM,
108 "REALM match: You must specify `--realm'");
111 static struct iptables_match realm = { NULL,
113 .version = IPTABLES_VERSION,
114 .size = IPT_ALIGN(sizeof(struct ipt_realm_info)),
115 .userspacesize = IPT_ALIGN(sizeof(struct ipt_realm_info)),
118 .final_check = &final_check,
126 register_match(&realm);