1 /* Shared library add-on to iptables for condition match */
8 #include<linux/netfilter_ipv4/ip_tables.h>
9 #include<linux/netfilter_ipv4/ipt_condition.h>
15 printf("condition match v%s options:\n"
16 "--condition [!] filename "
17 "Match on boolean value stored in /proc file\n",
22 static struct option opts[] = {
23 { .name = "condition", .has_arg = 1, .flag = 0, .val = 'X' },
29 init(struct ipt_entry_match *m, unsigned int *nfcache)
31 *nfcache |= NFC_UNKNOWN;
36 parse(int c, char **argv, int invert, unsigned int *flags,
37 const struct ipt_entry *entry, unsigned int *nfcache,
38 struct ipt_entry_match **match)
40 struct condition_info *info =
41 (struct condition_info *) (*match)->data;
45 exit_error(PARAMETER_PROBLEM,
46 "Can't specify multiple conditions");
48 check_inverse(optarg, &invert, &optind, 0);
50 if (strlen(argv[optind - 1]) < CONDITION_NAME_LEN)
51 strcpy(info->name, argv[optind - 1]);
53 exit_error(PARAMETER_PROBLEM,
54 "File name too long");
56 info->invert = invert;
66 final_check(unsigned int flags)
69 exit_error(PARAMETER_PROBLEM,
70 "Condition match: must specify --condition");
75 print(const struct ipt_ip *ip,
76 const struct ipt_entry_match *match, int numeric)
78 const struct condition_info *info =
79 (const struct condition_info *) match->data;
81 printf("condition %s%s ", (info->invert) ? "!" : "", info->name);
86 save(const struct ipt_ip *ip,
87 const struct ipt_entry_match *match)
89 const struct condition_info *info =
90 (const struct condition_info *) match->data;
92 printf("--condition %s\"%s\" ", (info->invert) ? "! " : "", info->name);
96 static struct iptables_match condition = {
98 .version = IPTABLES_VERSION,
99 .size = IPT_ALIGN(sizeof(struct condition_info)),
100 .userspacesize = IPT_ALIGN(sizeof(struct condition_info)),
104 .final_check = &final_check,
114 register_match(&condition);