1 /* Shared library add-on to iptables to add AH support. */
9 #include <linux/netfilter_ipv4/ipt_ah.h>
11 /* Function which prints out usage message. */
12 static void ah_help(void)
16 " --ahspi [!] spi[:spi]\n"
17 " match spi (range)\n");
20 static const struct option ah_opts[] = {
21 { "ahspi", 1, NULL, '1' },
26 parse_ah_spi(const char *spistr)
28 unsigned long int spi;
31 spi = strtoul(spistr,&ep,0) ;
34 exit_error(PARAMETER_PROBLEM,
35 "AH no valid digits in spi `%s'", spistr);
37 if ( spi == ULONG_MAX && errno == ERANGE ) {
38 exit_error(PARAMETER_PROBLEM,
39 "spi `%s' specified too big: would overflow", spistr);
41 if ( *spistr != '\0' && *ep != '\0' ) {
42 exit_error(PARAMETER_PROBLEM,
43 "AH error parsing spi `%s'", spistr);
45 return (u_int32_t) spi;
49 parse_ah_spis(const char *spistring, u_int32_t *spis)
54 buffer = strdup(spistring);
55 if ((cp = strchr(buffer, ':')) == NULL)
56 spis[0] = spis[1] = parse_ah_spi(buffer);
61 spis[0] = buffer[0] ? parse_ah_spi(buffer) : 0;
62 spis[1] = cp[0] ? parse_ah_spi(cp) : 0xFFFFFFFF;
67 /* Initialize the match. */
68 static void ah_init(struct xt_entry_match *m)
70 struct ipt_ah *ahinfo = (struct ipt_ah *)m->data;
72 ahinfo->spis[1] = 0xFFFFFFFF;
77 /* Function which parses command options; returns true if it
79 static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
80 const void *entry, struct xt_entry_match **match)
82 struct ipt_ah *ahinfo = (struct ipt_ah *)(*match)->data;
87 exit_error(PARAMETER_PROBLEM,
88 "Only one `--ahspi' allowed");
89 check_inverse(optarg, &invert, &optind, 0);
90 parse_ah_spis(argv[optind-1], ahinfo->spis);
92 ahinfo->invflags |= IPT_AH_INV_SPI;
103 print_spis(const char *name, u_int32_t min, u_int32_t max,
106 const char *inv = invert ? "!" : "";
108 if (min != 0 || max != 0xFFFFFFFF || invert) {
123 /* Prints out the union ipt_matchinfo. */
124 static void ah_print(const void *ip, const struct xt_entry_match *match,
127 const struct ipt_ah *ah = (struct ipt_ah *)match->data;
130 print_spis("spi", ah->spis[0], ah->spis[1],
131 ah->invflags & IPT_AH_INV_SPI);
132 if (ah->invflags & ~IPT_AH_INV_MASK)
133 printf("Unknown invflags: 0x%X ",
134 ah->invflags & ~IPT_AH_INV_MASK);
137 /* Saves the union ipt_matchinfo in parsable form to stdout. */
138 static void ah_save(const void *ip, const struct xt_entry_match *match)
140 const struct ipt_ah *ahinfo = (struct ipt_ah *)match->data;
142 if (!(ahinfo->spis[0] == 0
143 && ahinfo->spis[1] == 0xFFFFFFFF)) {
145 (ahinfo->invflags & IPT_AH_INV_SPI) ? "! " : "");
158 static struct xtables_match ah_mt_reg = {
160 .version = XTABLES_VERSION,
162 .size = XT_ALIGN(sizeof(struct ipt_ah)),
163 .userspacesize = XT_ALIGN(sizeof(struct ipt_ah)),
169 .extra_opts = ah_opts,
175 xtables_register_match(&ah_mt_reg);