/* Called when user tries to insert an entry of this type. */
static int
checkentry(const char *tablename,
const struct ip6t_ip6 *ip,
void *matchinfo,
unsigned int matchinfosize,
unsigned int hook_mask)
{
const struct ip6t_rt *rtinfo = matchinfo;
if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_rt))) {
DEBUGP("ip6t_rt: matchsize %u != %u\n",
matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_rt)));
return 0;
}
if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {
DEBUGP("ip6t_rt: unknown flags %X\n",
rtinfo->invflags);
return 0;
}
if ( (rtinfo->flags & (IP6T_RT_RES|IP6T_RT_FST_MASK)) &&
(!(rtinfo->flags & IP6T_RT_TYP) ||
(rtinfo->rt_type != 0) ||
(rtinfo->invflags & IP6T_RT_INV_TYP)) ) {
DEBUGP("`--rt-type 0' required before `--rt-0-*'");
return 0;
}
return 1;
}
static int ip6t_hl_checkentry(const char *tablename,
const struct ip6t_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
struct ip6t_HL_info *info = targinfo;
if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_HL_info))) {
printk(KERN_WARNING "ip6t_HL: targinfosize %u != %Zu\n",
targinfosize,
IP6T_ALIGN(sizeof(struct ip6t_HL_info)));
return 0;
}
if (strcmp(tablename, "mangle")) {
printk(KERN_WARNING "ip6t_HL: can only be called from "
"\"mangle\" table, not \"%s\"\n", tablename);
return 0;
}
if (info->mode > IP6T_HL_MAXMODE) {
printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
info->mode);
return 0;
}
if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) {
printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
"make sense with value 0\n");
return 0;
}
return 1;
}
static int ip6t_log_checkentry(const char *tablename,
const struct ip6t_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
const struct ip6t_log_info *loginfo = targinfo;
if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_log_info))) {
DEBUGP("LOG: targinfosize %u != %u\n",
targinfosize, IP6T_ALIGN(sizeof(struct ip6t_log_info)));
return 0;
}
if (loginfo->level >= 8) {
DEBUGP("LOG: level %u >= 8\n", loginfo->level);
return 0;
}
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
DEBUGP("LOG: prefix term %i\n",
loginfo->prefix[sizeof(loginfo->prefix)-1]);
return 0;
}
return 1;
}
static int
checkentry(const char *tablename,
const void *ip,
void *matchinfo,
unsigned int matchsize,
unsigned int hook_mask)
{
const struct ip6t_owner_info *info = matchinfo;
if (hook_mask
& ~((1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING))) {
printk("ip6t_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
return 0;
}
if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_owner_info)))
return 0;
if (info->match & (IP6T_OWNER_PID | IP6T_OWNER_SID)) {
printk("ipt_owner: pid and sid matching "
"not supported anymore\n");
return 0;
}
return 1;
}
static int
checkentry(const char *tablename,
const struct ip6t_ip6 *ip,
void *matchinfo,
unsigned int matchsize,
unsigned int hook_mask)
{
if (hook_mask
& ~((1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING))) {
printk("ip6t_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
return 0;
}
if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_owner_info)))
return 0;
#ifdef CONFIG_SMP
/* files->file_lock can not be used in a BH */
if (((struct ip6t_owner_info *)matchinfo)->match
& (IP6T_OWNER_PID|IP6T_OWNER_SID)) {
printk("ip6t_owner: pid and sid matching is broken on SMP.\n");
return 0;
}
#endif
return 1;
}
static int
checkentry(const char *tablename,
const struct ip6t_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
if (targinfosize != IP6T_ALIGN(sizeof(struct ipt_NFQ_info))) {
printk(KERN_WARNING "NFQUEUE: targinfosize %u != %Zu\n",
targinfosize,
IP6T_ALIGN(sizeof(struct ipt_NFQ_info)));
return 0;
}
return 1;
}
static int
ipt_limit_checkentry(const char *tablename,
const struct ip6t_ip6 *ip,
void *matchinfo,
unsigned int matchsize,
unsigned int hook_mask)
{
struct ipt_rateinfo *r = matchinfo;
if (matchsize != IP6T_ALIGN(sizeof(struct ipt_rateinfo)))
return 0;
/* Check for overflow. */
if (r->burst == 0
|| user2credits(r->avg * r->burst) < user2credits(r->avg)) {
printk("Call rusty: overflow in ipt_limit: %u/%u\n",
r->avg, r->burst);
return 0;
}
/* User avg in seconds * IPT_LIMIT_SCALE: convert to jiffies *
128. */
r->prev = jiffies;
r->credit = user2credits(r->avg * r->burst); /* Credits full. */
r->credit_cap = user2credits(r->avg * r->burst); /* Credits full. */
r->cost = user2credits(r->avg);
/* For SMP, we only want to use one set of counters. */
r->master = r;
return 1;
}
static int imq_checkentry(const char *tablename,
const struct ip6t_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
struct ip6t_imq_info *mr;
if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_imq_info))) {
printk(KERN_WARNING "IMQ: invalid targinfosize\n");
return 0;
}
mr = (struct ip6t_imq_info*)targinfo;
if (strcmp(tablename, "mangle") != 0) {
printk(KERN_WARNING
"IMQ: IMQ can only be called from \"mangle\" table, not \"%s\"\n",
tablename);
return 0;
}
if (mr->todev > IMQ_MAX_DEVS) {
printk(KERN_WARNING
"IMQ: invalid device specified, highest is %u\n",
IMQ_MAX_DEVS);
return 0;
}
return 1;
}
static int
ipv6header_checkentry(const char *tablename,
const struct ip6t_ip6 *ip,
void *matchinfo,
unsigned int matchsize,
unsigned int hook_mask)
{
/* Check for obvious errors */
/* This match is valid in all hooks! */
if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info))) {
DEBUGP("ip6t_ipv6header: matchsize != %u\n",
IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info)));
return 0;
}
return 1;
}
static int checkentry(const char *tablename, const struct ip6t_ip6 *ip,
void *matchinfo, unsigned int matchsize,
unsigned int hook_mask)
{
if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_hl_info)))
return 0;
return 1;
}
/* Called when user tries to insert an entry of this type. */
static int
checkentry(const char *tablename,
const struct ip6t_ip6 *ip,
void *matchinfo,
unsigned int matchinfosize,
unsigned int hook_mask)
{
const struct ip6t_ah *ahinfo = matchinfo;
if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_ah))) {
DEBUGP("ip6t_ah: matchsize %u != %u\n",
matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_ah)));
return 0;
}
if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
DEBUGP("ip6t_ah: unknown flags %X\n", ahinfo->invflags);
return 0;
}
return 1;
}
static int
checkentry(const char *tablename,
const struct ip6t_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_mark_target_info))) {
printk(KERN_WARNING "MARK: targinfosize %u != %Zu\n",
targinfosize,
IP6T_ALIGN(sizeof(struct ip6t_mark_target_info)));
return 0;
}
if (strcmp(tablename, "mangle") != 0) {
printk(KERN_WARNING "MARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
return 0;
}
return 1;
}
static int
checkentry(const char *tablename,
const struct ip6t_ip6 *ip,
void *matchinfo,
unsigned int matchsize,
unsigned int hook_mask)
{
const struct ip6t_physdev_info *info = matchinfo;
if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_physdev_info)))
return 0;
if (!(info->bitmask & IP6T_PHYSDEV_OP_MASK) ||
info->bitmask & ~IP6T_PHYSDEV_OP_MASK)
return 0;
return 1;
}
/* Called when user tries to insert an entry of this type. */
static int
checkentry(const char *tablename,
const struct ip6t_ip6 *ip,
void *matchinfo,
unsigned int matchsize,
unsigned int hook_mask)
{
const struct ip6t_multiport *multiinfo = matchinfo;
/* Must specify proto == TCP/UDP, no unknown flags or bad count */
return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP)
&& !(ip->flags & IP6T_INV_PROTO)
&& matchsize == IP6T_ALIGN(sizeof(struct ip6t_multiport))
&& (multiinfo->flags == IP6T_MULTIPORT_SOURCE
|| multiinfo->flags == IP6T_MULTIPORT_DESTINATION
|| multiinfo->flags == IP6T_MULTIPORT_EITHER)
&& multiinfo->count <= IP6T_MULTI_PORTS;
}
static int
ipt_mac_checkentry(const char *tablename,
const struct ip6t_ip6 *ip,
void *matchinfo,
unsigned int matchsize,
unsigned int hook_mask)
{
if (hook_mask
& ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN))) {
printk("ipt_mac: only valid for PRE_ROUTING or LOCAL_IN.\n");
return 0;
}
if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_mac_info)))
return 0;
return 1;
}
static unsigned char *
is_same(const STRUCT_ENTRY *a, const STRUCT_ENTRY *b,
unsigned char *matchmask)
{
unsigned int i;
unsigned char *mptr;
/* Always compare head structures: ignore mask here. */
if (memcmp(&a->ipv6.src, &b->ipv6.src, sizeof(struct in6_addr))
|| memcmp(&a->ipv6.dst, &b->ipv6.dst, sizeof(struct in6_addr))
|| memcmp(&a->ipv6.smsk, &b->ipv6.smsk, sizeof(struct in6_addr))
|| memcmp(&a->ipv6.dmsk, &b->ipv6.dmsk, sizeof(struct in6_addr))
|| a->ipv6.proto != b->ipv6.proto
|| a->ipv6.tos != b->ipv6.tos
|| a->ipv6.flags != b->ipv6.flags
|| a->ipv6.invflags != b->ipv6.invflags)
return NULL;
for (i = 0; i < IFNAMSIZ; i++) {
if (a->ipv6.iniface_mask[i] != b->ipv6.iniface_mask[i])
return NULL;
if ((a->ipv6.iniface[i] & a->ipv6.iniface_mask[i])
!= (b->ipv6.iniface[i] & b->ipv6.iniface_mask[i]))
return NULL;
if (a->ipv6.outiface_mask[i] != b->ipv6.outiface_mask[i])
return NULL;
if ((a->ipv6.outiface[i] & a->ipv6.outiface_mask[i])
!= (b->ipv6.outiface[i] & b->ipv6.outiface_mask[i]))
return NULL;
}
if (a->nfcache != b->nfcache
|| a->target_offset != b->target_offset
|| a->next_offset != b->next_offset)
return NULL;
mptr = matchmask + sizeof(STRUCT_ENTRY);
if (IP6T_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
return NULL;
mptr += IP6T_ALIGN(sizeof(struct ip6t_entry_target));
return mptr;
}
static int
ip6t_eui64_checkentry(const char *tablename,
const void *ip,
void *matchinfo,
unsigned int matchsize,
unsigned int hook_mask)
{
if (hook_mask
& ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) |
(1 << NF_IP6_FORWARD))) {
printk("ip6t_eui64: only valid for PRE_ROUTING, LOCAL_IN or FORWARD.\n");
return 0;
}
if (matchsize != IP6T_ALIGN(sizeof(int)))
return 0;
return 1;
}
printf("! ");
if (udpinfo->dpts[0]
!= udpinfo->dpts[1])
printf("--dport %u:%u ",
udpinfo->dpts[0],
udpinfo->dpts[1]);
else
printf("--dport %u ",
udpinfo->dpts[0]);
}
}
static struct ip6tables_match udp = {
.name = "udp",
.version = IPTABLES_VERSION,
.size = IP6T_ALIGN(sizeof(struct ip6t_udp)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_udp)),
.help = &help,
.init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts,
};
void
_init(void)
{
register_match6(&udp);
}
static unsigned int
route6_oif(const struct ip6t_route_target_info *route_info,
struct sk_buff *skb)
{
unsigned int ifindex = 0;
struct net_device *dev_out = NULL;
/* The user set the interface name to use.
* Getting the current interface index.
*/
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
if ((dev_out = dev_get_by_name(&init_net, route_info->oif))) {
#else
if ((dev_out = dev_get_by_name(route_info->oif))) {
#endif
ifindex = dev_out->ifindex;
} else {
/* Unknown interface name : packet dropped */
if (net_ratelimit())
DEBUGP("ip6t_ROUTE: oif interface %s not found\n", route_info->oif);
if (route_info->flags & IP6T_ROUTE_CONTINUE)
return IP6T_CONTINUE;
else
return NF_DROP;
}
/* Trying the standard way of routing packets */
if (route6(skb, ifindex, route_info)) {
dev_put(dev_out);
if (route_info->flags & IP6T_ROUTE_CONTINUE)
return IP6T_CONTINUE;
ip_direct_send(skb);
return NF_STOLEN;
} else
return NF_DROP;
}
static unsigned int
route6_gw(const struct ip6t_route_target_info *route_info,
struct sk_buff *skb)
{
if (route6(skb, 0, route_info)) {
if (route_info->flags & IP6T_ROUTE_CONTINUE)
return IP6T_CONTINUE;
ip_direct_send(skb);
return NF_STOLEN;
} else
return NF_DROP;
}
static unsigned int
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
target(struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in,
const struct net_device *out,
const void *targinfo,
void *userinfo)
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
target(struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const void *targinfo,
void *userinfo)
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
target(struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo,
void *userinfo)
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
target(struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo)
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
target(struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo)
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,36)
target(struct sk_buff *skb,
const struct xt_target_param *par)
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,36) */
target(struct sk_buff *skb,
const struct xt_action_param *par)
#endif
{
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
const struct ip6t_route_target_info *route_info = targinfo;
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,36)
const struct ip6t_route_target_info *route_info = par->targinfo;
unsigned int hooknum = par->hooknum;
#else
const struct ip6t_route_target_info *route_info = par->targinfo;
unsigned int hooknum = par->hooknum;
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
struct sk_buff *skb = *pskb;
#endif
struct in6_addr *gw = (struct in6_addr*)&route_info->gw;
unsigned int res;
if (route_info->flags & IP6T_ROUTE_CONTINUE)
goto do_it;
/* If we are at PREROUTING or INPUT hook
* the TTL isn't decreased by the IP stack
*/
if (hooknum == NF_INET_PRE_ROUTING ||
hooknum == NF_INET_LOCAL_IN) {
struct ipv6hdr *ipv6h = ipv6_hdr(skb);
if (ipv6h->hop_limit <= 1) {
/* Force OUTPUT device used as source address */
skb->dev = skb_dst(skb)->dev;
icmpv6_send(skb, ICMPV6_TIME_EXCEED,
ICMPV6_EXC_HOPLIMIT, 0);
return NF_DROP;
}
ipv6h->hop_limit--;
}
if ((route_info->flags & IP6T_ROUTE_TEE)) {
/*
* Copy the skb, and route the copy. Will later return
* IP6T_CONTINUE for the original skb, which should continue
* on its way as if nothing happened. The copy should be
* independantly delivered to the ROUTE --gw.
*/
skb = skb_copy(skb, GFP_ATOMIC);
if (!skb) {
if (net_ratelimit())
DEBUGP(KERN_DEBUG "ip6t_ROUTE: copy failed!\n");
return IP6T_CONTINUE;
}
}
do_it:
if (route_info->oif[0]) {
res = route6_oif(route_info, skb);
} else if (!ipv6_addr_any(gw)) {
res = route6_gw(route_info, skb);
} else {
if (net_ratelimit())
DEBUGP(KERN_DEBUG "ip6t_ROUTE: no parameter !\n");
res = IP6T_CONTINUE;
}
if ((route_info->flags & IP6T_ROUTE_TEE))
res = IP6T_CONTINUE;
return res;
}
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
static int
checkentry(const char *tablename,
const struct ip6t_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
static int
checkentry(const char *tablename,
const void *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
static int
checkentry(const char *tablename,
const void *e,
const struct xt_target *target,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
static int
checkentry(const char *tablename,
const void *e,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
static bool
checkentry(const char *tablename,
const void *e,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) */
static bool
checkentry(const struct xt_tgchk_param *par)
#endif
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
const char *tablename = par->table;
#endif
if (strcmp(tablename, "mangle") != 0) {
printk("ip6t_ROUTE: can only be called from \"mangle\" table.\n");
return 0;
}
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_route_target_info))) {
printk(KERN_WARNING "ip6t_ROUTE: targinfosize %u != %Zu\n",
targinfosize,
IP6T_ALIGN(sizeof(struct ip6t_route_target_info)));
return 0;
}
#endif
return 1;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
static struct xt_target ip6t_route_reg = {
#else
static struct ip6t_target ip6t_route_reg = {
#endif
.name = "ROUTE",
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
.family = AF_INET6,
#endif
.target = target,
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
.targetsize = sizeof(struct ip6t_route_target_info),
#endif
.checkentry = checkentry,
.me = THIS_MODULE
};
static int __init init(void)
{
printk(KERN_DEBUG "registering ipv6 ROUTE target\n");
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
if (xt_register_target(&ip6t_route_reg))
#else
if (ip6t_register_target(&ip6t_route_reg))
#endif
return -EINVAL;
return 0;
}
static void __exit fini(void)
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
xt_unregister_target(&ip6t_route_reg);
#else
ip6t_unregister_target(&ip6t_route_reg);
#endif
}
module_init(init);
module_exit(fini);
MODULE_LICENSE("GPL");
static void
save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match)
{
struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
if (info->invert)
printf("! ");
printf("--mark ");
print_mark(info->mark, info->mask, 0);
}
static struct ip6tables_match connmark_match = {
.name = "connmark",
.version = IPTABLES_VERSION,
.size = IP6T_ALIGN(sizeof(struct ipt_connmark_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ipt_connmark_info)),
.help = &help,
.init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts
};
void _init(void)
{
register_match6(&connmark_match);
}
static void
save(const struct ip6t_ip6 *ip,
const struct ip6t_entry_match *match)
{
const struct condition6_info *info =
(const struct condition6_info *) match->data;
printf("--condition %s\"%s\" ", (info->invert) ? "! " : "", info->name);
}
static struct ip6tables_match condition = {
.name = "condition",
.version = IPTABLES_VERSION,
.size = IP6T_ALIGN(sizeof(struct condition6_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct condition6_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts
};
void
_init(void)
{
register_match6(&condition);
}
}
printf("%u ", info->hop_limit);
}
static struct option opts[] = {
{ "hl-set", 1, 0, '1' },
{ "hl-dec", 1, 0, '2' },
{ "hl-inc", 1, 0, '3' },
{ 0 }
};
static
struct ip6tables_target HL = { NULL,
.name = "HL",
.version = IPTABLES_VERSION,
.size = IP6T_ALIGN(sizeof(struct ip6t_HL_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_HL_info)),
.help = &help,
.init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts
};
void _init(void)
{
register_target6(&HL);
}
print_state(sinfo->statemask);
}
/* Saves the matchinfo in parsable form to stdout. */
static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match)
{
struct ipt_state_info *sinfo = (struct ipt_state_info *)match->data;
printf("--state ");
print_state(sinfo->statemask);
}
static struct ip6tables_match state = {
.next = NULL,
.name = "state",
.version = IPTABLES_VERSION,
.size = IP6T_ALIGN(sizeof(struct ipt_state_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ipt_state_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts
};
void _init(void)
{
register_match6(&state);
}
case IP6T_MULTIPORT_EITHER:
printf("--ports ");
break;
}
for (i=0; i < multiinfo->count; i++) {
printf("%s", i ? "," : "");
print_port(multiinfo->ports[i], ip->proto, 1);
}
printf(" ");
}
static struct ip6tables_match multiport = {
.name = "multiport",
.version = IPTABLES_VERSION,
.size = IP6T_ALIGN(sizeof(struct ip6t_multiport)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_multiport)),
.help = &help,
.init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts,
};
void
_init(void)
{
register_match6(&multiport);
}
}
if (loginfo->logflags & IP6T_LOG_TCPSEQ)
printf("--log-tcp-sequence ");
if (loginfo->logflags & IP6T_LOG_TCPOPT)
printf("--log-tcp-options ");
if (loginfo->logflags & IP6T_LOG_IPOPT)
printf("--log-ip-options ");
}
static
struct ip6tables_target log
= { NULL,
"LOG",
IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_log_info)),
IP6T_ALIGN(sizeof(struct ip6t_log_info)),
&help,
&init,
&parse,
&final_check,
&print,
&save,
opts
};
void _init(void)
{
register_target6(&log);
}
}
static struct option opts[] = {
{ "hl", 1, 0, '2' },
{ "hl-eq", 1, 0, '2'},
{ "hl-lt", 1, 0, '3'},
{ "hl-gt", 1, 0, '4'},
{ 0 }
};
static
struct ip6tables_match hl = {
NULL,
"hl",
IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_hl_info)),
IP6T_ALIGN(sizeof(struct ip6t_hl_info)),
&help,
&init,
&parse,
&final_check,
&print,
&save,
opts
};
void _init(void)
{
register_match6(&hl);
}
print(const struct ip6t_ip6 *ip,
const struct ip6t_entry_match *match,
int numeric)
{
printf("eui64 ");
}
/* Saves the union ip6t_matchinfo in parsable form to stdout. */
static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match)
{
}
static struct ip6tables_match eui64 = {
.name = "eui64",
.version = IPTABLES_VERSION,
.size = IP6T_ALIGN(sizeof(int)),
.userspacesize = IP6T_ALIGN(sizeof(int)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts,
};
void _init(void)
{
register_match6(&eui64);
}
printf("burst %u ", r->burst);
}
static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match)
{
struct ip6t_rateinfo *r = (struct ip6t_rateinfo *)match->data;
printf("--limit "); print_rate(r->avg);
if (r->burst != IP6T_LIMIT_BURST)
printf("--limit-burst %u ", r->burst);
}
static struct ip6tables_match limit = {
.name = "limit",
.version = IPTABLES_VERSION,
.size = IP6T_ALIGN(sizeof(struct ip6t_rateinfo)),
.userspacesize = offsetof(struct ip6t_rateinfo, prev),
.help = &help,
.init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts,
};
void _init(void)
{
register_match6(&limit);
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)
{
const struct ip6t_mark_target_info *markinfo =
(const struct ip6t_mark_target_info *)target->data;
printf("--set-mark ");
print_mark(markinfo->mark);
}
static
struct ip6tables_target mark = {
.name = "MARK",
.version = IPTABLES_VERSION,
.size = IP6T_ALIGN(sizeof(struct ip6t_mark_target_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_mark_target_info)),
.help = &help,
.init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts
};
void _init(void)
{
register_target6(&mark);
}
fraginfo->hdrlen);
}
if (fraginfo->flags & IP6T_FRAG_RES) printf("--fragres ");
if (fraginfo->flags & IP6T_FRAG_FST) printf("--fragfirst ");
if (fraginfo->flags & IP6T_FRAG_MF) printf("--fragmore ");
if (fraginfo->flags & IP6T_FRAG_NMF) printf("--fraglast ");
}
static
struct ip6tables_match frag
= { NULL,
"frag",
IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_frag)),
IP6T_ALIGN(sizeof(struct ip6t_frag)),
&help,
&init,
&parse,
&final_check,
&print,
&save,
opts
};
void
_init(void)
{
register_match6(&frag);
}