1 /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
2 * Patrick Schaaf <bof@bof.de>
3 * Martin Josefsson <gandalf@wlug.westbo.se>
4 * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
11 /* Shared library add-on to iptables to add IP set matching. */
21 #include <linux/netfilter_ipv4/ipt_set.h>
22 #include "libipt_set.h"
24 /* Function which prints out usage message. */
25 static void set_help(void)
27 printf("set match options:\n"
28 " [!] --set name flags\n"
29 " 'name' is the set name from to match,\n"
30 " 'flags' are the comma separated list of\n"
31 " 'src' and 'dst'.\n");
34 static const struct option set_opts[] = {
35 {"set", 1, NULL, '1'},
39 /* Initialize the match. */
40 static void set_init(struct xt_entry_match *match)
42 struct ipt_set_info_match *info =
43 (struct ipt_set_info_match *) match->data;
46 memset(info, 0, sizeof(struct ipt_set_info_match));
50 /* Function which parses command options; returns true if it ate an option */
51 static int set_parse(int c, char **argv, int invert, unsigned int *flags,
52 const void *entry, struct xt_entry_match **match)
54 struct ipt_set_info_match *myinfo =
55 (struct ipt_set_info_match *) (*match)->data;
56 struct ipt_set_info *info = &myinfo->match_set;
59 case '1': /* --set <set> <flag>[,<flag> */
61 exit_error(PARAMETER_PROBLEM,
62 "--set can be specified only once");
64 check_inverse(optarg, &invert, &optind, 0);
66 info->flags[0] |= IPSET_MATCH_INV;
69 || argv[optind][0] == '-'
70 || argv[optind][0] == '!')
71 exit_error(PARAMETER_PROBLEM,
72 "--set requires two args.");
74 if (strlen(argv[optind-1]) > IP_SET_MAXNAMELEN - 1)
75 exit_error(PARAMETER_PROBLEM,
76 "setname `%s' too long, max %d characters.",
77 argv[optind-1], IP_SET_MAXNAMELEN - 1);
79 get_set_byname(argv[optind - 1], info);
80 parse_bindings(argv[optind], info);
81 DEBUGP("parse: set index %u\n", info->index);
94 /* Final check; must have specified --set. */
95 static void set_check(unsigned int flags)
98 exit_error(PARAMETER_PROBLEM,
99 "You must specify `--set' with proper arguments");
100 DEBUGP("final check OK\n");
104 print_match(const char *prefix, const struct ipt_set_info *info)
107 char setname[IP_SET_MAXNAMELEN];
109 get_set_byid(setname, info->index);
111 (info->flags[0] & IPSET_MATCH_INV) ? "! " : "",
114 for (i = 0; i < IP_SET_MAX_BINDINGS; i++) {
119 info->flags[i] & IPSET_SRC ? "src" : "dst");
124 /* Prints out the matchinfo. */
125 static void set_print(const void *ip, const struct xt_entry_match *match,
128 struct ipt_set_info_match *info =
129 (struct ipt_set_info_match *) match->data;
131 print_match("set", &info->match_set);
134 /* Saves the matchinfo in parsable form to stdout. */
135 static void set_save(const void *ip, const struct xt_entry_match *match)
137 struct ipt_set_info_match *info =
138 (struct ipt_set_info_match *) match->data;
140 print_match("--set", &info->match_set);
143 static struct xtables_match set_mt_reg = {
145 .version = XTABLES_VERSION,
147 .size = XT_ALIGN(sizeof(struct ipt_set_info_match)),
148 .userspacesize = XT_ALIGN(sizeof(struct ipt_set_info_match)),
152 .final_check = set_check,
155 .extra_opts = set_opts,
160 xtables_register_match(&set_mt_reg);