printf(" %s %u", op[info->mode], info->hop_limit);
}
static const struct option hl_opts[] = {
{.name = "hl", .has_arg = true, .val = '2'},
{.name = "hl-eq", .has_arg = true, .val = '2'},
{.name = "hl-lt", .has_arg = true, .val = '3'},
{.name = "hl-gt", .has_arg = true, .val = '4'},
XT_GETOPT_TABLEEND,
};
static struct xtables_match hl_mt6_reg = {
.name = "hl",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV6,
.size = XT_ALIGN(sizeof(struct ip6t_hl_info)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_hl_info)),
.help = hl_help,
.parse = hl_parse,
.final_check = hl_check,
.print = hl_print,
.save = hl_save,
.extra_opts = hl_opts,
};
void _init(void)
{
xtables_register_match(&hl_mt6_reg);
}
(rtinfo->invflags & IP6T_RT_INV_LEN) ? "! " : "",
rtinfo->hdrlen);
}
if (rtinfo->flags & IP6T_RT_RES) printf("--rt-0-res ");
if (rtinfo->flags & IP6T_RT_FST) printf("--rt-0-addrs ");
print_addresses(rtinfo->addrnr, (struct in6_addr *)rtinfo->addrs);
if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf("--rt-0-not-strict ");
}
static struct xtables_match rt_mt6_reg = {
.name = "rt",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV6,
.size = XT_ALIGN(sizeof(struct ip6t_rt)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_rt)),
.help = rt_help,
.init = rt_init,
.parse = rt_parse,
.print = rt_print,
.save = rt_save,
.extra_opts = rt_opts,
};
void
_init(void)
{
xtables_register_match(&rt_mt6_reg);
}
printf("DSCP set ");
print_dscp(dinfo->dscp, numeric);
}
static void DSCP_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_DSCP_info *dinfo =
(const struct xt_DSCP_info *)target->data;
printf("--set-dscp 0x%02x ", dinfo->dscp);
}
static struct xtables_target dscp_target = {
.family = NFPROTO_UNSPEC,
.name = "DSCP",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_DSCP_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_DSCP_info)),
.help = DSCP_help,
.parse = DSCP_parse,
.final_check = DSCP_check,
.print = DSCP_print,
.save = DSCP_save,
.extra_opts = DSCP_opts,
};
void _init(void)
{
xtables_register_target(&dscp_target);
}
printf(" !");
/* special hack for 'any' case */
if (icmp->type == 0xFF) {
printf(" --icmp-type any");
} else {
printf(" --icmp-type %u", icmp->type);
if (icmp->code[0] != 0 || icmp->code[1] != 0xFF)
printf("/%u", icmp->code[0]);
}
}
static struct xtables_match icmp_mt_reg = {
.name = "icmp",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct ipt_icmp)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_icmp)),
.help = icmp_help,
.init = icmp_init,
.print = icmp_print,
.save = icmp_save,
.x6_parse = icmp_parse,
.x6_options = icmp_opts,
};
void _init(void)
{
xtables_register_match(&icmp_mt_reg);
}
!= espinfo->spis[1])
printf("%u:%u",
espinfo->spis[0],
espinfo->spis[1]);
else
printf("%u",
espinfo->spis[0]);
}
}
static struct xtables_match esp_match = {
.family = NFPROTO_UNSPEC,
.name = "esp",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_esp)),
.userspacesize = XT_ALIGN(sizeof(struct xt_esp)),
.help = esp_help,
.init = esp_init,
.parse = esp_parse,
.print = esp_print,
.save = esp_save,
.extra_opts = esp_opts,
};
void
_init(void)
{
xtables_register_match(&esp_match);
}
static void gradm_mt_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_gradm_mtinfo *info = (const void *)match->data;
if (info->invflags)
printf(" --disabled ");
else
printf(" --enabled ");
}
static struct xtables_match gradm_mt_reg = {
.family = NFPROTO_UNSPEC,
.name = "gradm",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_gradm_mtinfo)),
.userspacesize = XT_ALIGN(sizeof(struct xt_gradm_mtinfo)),
.help = gradm_mt_help,
.init = gradm_mt_init,
.parse = gradm_mt_parse,
.final_check = gradm_mt_check,
.print = gradm_mt_print,
.save = gradm_mt_save,
.extra_opts = gradm_mt_opts,
};
static __attribute__((constructor)) void gradm_mt_ldr(void)
{
xtables_register_match(&gradm_mt_reg);
}
unsigned int i;
print_flags("--", info);
for (i = 0; i < info->len; i++) {
print_entry("--", &info->pol[i], false, NFPROTO_IPV6);
if (i + 1 < info->len)
printf("--next ");
}
}
static struct xtables_match policy_mt_reg[] = {
{
.name = "policy",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct xt_policy_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
.help = policy_help,
.parse = policy4_parse,
.final_check = policy_check,
.print = policy4_print,
.save = policy4_save,
.extra_opts = policy_opts,
},
{
.name = "policy",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV6,
.size = XT_ALIGN(sizeof(struct xt_policy_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_policy_info)),
.help = policy_help,
if (info->bypass)
printf("--queue-bypass ");
}
static void NFQUEUE_init_v1(struct xt_entry_target *t)
{
struct xt_NFQ_info_v1 *tinfo = (void *)t->data;
tinfo->queues_total = 1;
}
static struct xtables_target nfqueue_targets[] = {
{
.family = NFPROTO_UNSPEC,
.name = "NFQUEUE",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_NFQ_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info)),
.help = NFQUEUE_help,
.print = NFQUEUE_print,
.save = NFQUEUE_save,
.x6_parse = NFQUEUE_parse,
.x6_options = NFQUEUE_opts
},{
.family = NFPROTO_UNSPEC,
.revision = 1,
.name = "NFQUEUE",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_NFQ_info_v1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info_v1)),
.help = NFQUEUE_help_v1,
.init = NFQUEUE_init_v1,
/* Shared library add-on to iptables to add TRACE target support. */
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter/x_tables.h>
static struct xtables_target trace_target = {
.family = NFPROTO_UNSPEC,
.name = "TRACE",
.version = XTABLES_VERSION,
.size = XT_ALIGN(0),
.userspacesize = XT_ALIGN(0),
};
void libxt_TRACE_init(void)
{
xtables_register_target(&trace_target);
}
else if (reject->with == IPT_TCP_RESET)
xt_xlate_add(xl, "reject with %s",
reject_table_xlate[i].name);
else
xt_xlate_add(xl, "reject with icmp type %s",
reject_table_xlate[i].name);
return 1;
}
static struct xtables_target reject_tg_reg = {
.name = "REJECT",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct ipt_reject_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_reject_info)),
.help = REJECT_help,
.init = REJECT_init,
.print = REJECT_print,
.save = REJECT_save,
.x6_parse = REJECT_parse,
.x6_options = REJECT_opts,
.xlate = REJECT_xlate,
};
void _init(void)
{
xtables_register_target(&reject_tg_reg);
}
xt_xlate_add(xl, "%sip daddr %s", space,
xtables_ip6addr_to_numeric(&info->dst_min.in6));
xt_xlate_add(xl, "-%s",
xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
return 1;
}
static struct xtables_match iprange_mt_reg[] = {
{
.version = XTABLES_VERSION,
.name = "iprange",
.revision = 0,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct ipt_iprange_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_iprange_info)),
.help = iprange_mt_help,
.x6_parse = iprange_parse,
.x6_fcheck = iprange_mt_check,
.print = iprange_print,
.save = iprange_save,
.x6_options = iprange_mt_opts,
.xlate = iprange_xlate,
},
{
.version = XTABLES_VERSION,
.name = "iprange",
.revision = 1,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
xtables_error(PARAMETER_PROBLEM, "quota: unexpected '!'");
if (!parse_quota(optarg, &info->quota))
xtables_error(PARAMETER_PROBLEM,
"bad quota: '%s'", optarg);
break;
default:
return 0;
}
return 1;
}
static struct xtables_match quota_match = {
.family = NFPROTO_UNSPEC,
.name = "quota",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof (struct xt_quota_info)),
.userspacesize = offsetof(struct xt_quota_info, quota),
.help = quota_help,
.parse = quota_parse,
.print = quota_print,
.save = quota_save,
.extra_opts = quota_opts,
};
void
_init(void)
{
xtables_register_match("a_match);
}
if (info->invert)
op = XT_OP_NEQ;
xt_xlate_add(xl, "mark");
print_mark_xlate(xl, info->mark, info->mask, op);
return 1;
}
static struct xtables_match mark_mt_reg[] = {
{
.family = NFPROTO_UNSPEC,
.name = "mark",
.revision = 0,
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_mark_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)),
.help = mark_mt_help,
.print = mark_print,
.save = mark_save,
.x6_parse = mark_parse,
.x6_options = mark_mt_opts,
.xlate = mark_xlate,
},
{
.version = XTABLES_VERSION,
.name = "mark",
.revision = 1,
.family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
.userspacesize = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
if (info->bitmask & EBT_LOG_NFLOG)
nf_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in,
par->out, &li, "%s", info->prefix);
else
ebt_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in,
par->out, &li, info->prefix);
return EBT_CONTINUE;
}
static struct xt_target ebt_log_tg_reg __read_mostly = {
.name = "log",
.revision = 0,
.family = NFPROTO_BRIDGE,
.target = ebt_log_tg,
.checkentry = ebt_log_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_log_info)),
.me = THIS_MODULE,
};
static const struct nf_logger ebt_log_logger = {
.name = "ebt_log",
.logfn = &ebt_log_packet,
.me = THIS_MODULE,
};
static int __init ebt_log_init(void)
{
int ret;
ret = xt_register_target(&ebt_log_tg_reg);
if (ret < 0)
if (einfo->flags & XT_DCCP_TYPE) {
printf("--dccp-type ");
print_types(einfo->typemask, einfo->invflags & XT_DCCP_TYPE,0);
}
if (einfo->flags & XT_DCCP_OPTION) {
printf("--dccp-option %s%u ",
einfo->typemask & XT_DCCP_OPTION ? "! " : "",
einfo->option);
}
}
static struct xtables_match dccp_match = {
.name = "dccp",
.family = NFPROTO_UNSPEC,
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_dccp_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_dccp_info)),
.help = dccp_help,
.init = dccp_init,
.parse = dccp_parse,
.print = dccp_print,
.save = dccp_save,
.extra_opts = dccp_opts,
};
void INIT_FUNC(void)
{
xtables_register_match(&dccp_match);
}
printf("fill ");
}
static void CHECKSUM_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_CHECKSUM_info *einfo =
(const struct xt_CHECKSUM_info *)target->data;
if (einfo->operation & XT_CHECKSUM_OP_FILL)
printf("--checksum-fill ");
}
static struct xtables_target checksum_tg_reg = {
.name = "CHECKSUM",
.version = XTABLES_VERSION,
.family = NFPROTO_UNSPEC,
.size = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)),
.help = CHECKSUM_help,
.parse = CHECKSUM_parse,
.final_check = CHECKSUM_check,
.print = CHECKSUM_print,
.save = CHECKSUM_save,
.extra_opts = CHECKSUM_opts,
};
void libxt_CHECKSUM_init(void)
{
xtables_register_target(&checksum_tg_reg);
}
static void tcpmss_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_tcpmss_match_info *info = (void *)match->data;
printf("%s--mss ", info->invert ? "! " : "");
if (info->mss_min == info->mss_max)
printf("%u ", info->mss_min);
else
printf("%u:%u ", info->mss_min, info->mss_max);
}
static struct xtables_match tcpmss_match = {
.family = NFPROTO_UNSPEC,
.name = "tcpmss",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
.help = tcpmss_help,
.parse = tcpmss_parse,
.final_check = tcpmss_check,
.print = tcpmss_print,
.save = tcpmss_save,
.extra_opts = tcpmss_opts,
};
void INIT_FUNC(void)
{
xtables_register_match(&tcpmss_match);
}
static void owner_mt_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_owner_match_info *info = (void *)match->data;
owner_mt_print_item(info, "--socket-exists", XT_OWNER_SOCKET, true);
owner_mt_print_item(info, "--uid-owner", XT_OWNER_UID, true);
owner_mt_print_item(info, "--gid-owner", XT_OWNER_GID, true);
}
static struct xtables_match owner_mt_reg[] = {
{
.version = XTABLES_VERSION,
.name = "owner",
.revision = 0,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct ipt_owner_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_owner_info)),
.help = owner_mt_help_v0,
.x6_parse = owner_mt_parse_v0,
.x6_fcheck = owner_mt_check,
.print = owner_mt_print_v0,
.save = owner_mt_save_v0,
.x6_options = owner_mt_opts_v0,
},
{
.version = XTABLES_VERSION,
.name = "owner",
.revision = 0,
.family = NFPROTO_IPV6,
.size = XT_ALIGN(sizeof(struct ip6t_owner_info)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_owner_info)),
if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
return false;
tmp = info->target & ~EBT_VERDICT_BITS;
if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE &&
tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE)
return false;
return true;
}
static struct xt_target ebt_mark_tg_reg __read_mostly = {
.name = "mark",
.revision = 0,
.family = NFPROTO_BRIDGE,
.target = ebt_mark_tg,
.checkentry = ebt_mark_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)),
.me = THIS_MODULE,
};
static int __init ebt_mark_init(void)
{
return xt_register_target(&ebt_mark_tg_reg);
}
static void __exit ebt_mark_fini(void)
{
xt_unregister_target(&ebt_mark_tg_reg);
}
module_init(ebt_mark_init);
module_exit(ebt_mark_fini);
static void
CONNSECMARK_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_connsecmark_target_info *info =
(struct xt_connsecmark_target_info*)target->data;
printf("--");
print_connsecmark(info);
}
static struct xtables_target connsecmark_target = {
.family = NFPROTO_UNSPEC,
.name = "CONNSECMARK",
.version = XTABLES_VERSION,
.revision = 0,
.size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
.parse = CONNSECMARK_parse,
.help = CONNSECMARK_help,
.final_check = CONNSECMARK_check,
.print = CONNSECMARK_print,
.save = CONNSECMARK_save,
.extra_opts = CONNSECMARK_opts,
};
void INIT_FUNC(void)
{
xtables_register_target(&connsecmark_target);
}
printf("! ");
print_port_range(info->sport);
}
if (info->bitmask & EBT_IP_DPORT) {
printf("--ip-dport ");
if (info->invflags & EBT_IP_DPORT)
printf("! ");
print_port_range(info->dport);
}
}
static struct xtables_match brip_match = {
.name = "ip",
.revision = 0,
.version = XTABLES_VERSION,
.family = NFPROTO_BRIDGE,
.size = XT_ALIGN(sizeof(struct ebt_ip_info)),
.userspacesize = XT_ALIGN(sizeof(struct ebt_ip_info)),
.init = brip_init,
.help = brip_print_help,
.parse = brip_parse,
.final_check = brip_final_check,
.print = brip_print,
.extra_opts = brip_opts,
};
void _init(void)
{
xtables_register_match(&brip_match);
}
printf(" state ");
state_print_state(sinfo->statemask);
}
static void state_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_state_info *sinfo = (const void *)match->data;
printf(" --state ");
state_print_state(sinfo->statemask);
}
static struct xtables_match state_match = {
.family = NFPROTO_UNSPEC,
.name = "state",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_state_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_state_info)),
.help = state_help,
.print = state_print,
.save = state_save,
.x6_parse = state_parse,
.x6_options = state_opts,
};
void _init(void)
{
xtables_register_match(&state_match);
}
if ((e->ethproto != htons(ETH_P_ARP) &&
e->ethproto != htons(ETH_P_RARP)) ||
e->invflags & EBT_IPROTO)
return false;
if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK)
return false;
return true;
}
static struct xt_match ebt_arp_mt_reg __read_mostly = {
.name = "arp",
.revision = 0,
.family = NFPROTO_BRIDGE,
.match = ebt_arp_mt,
.checkentry = ebt_arp_mt_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)),
.me = THIS_MODULE,
};
static int __init ebt_arp_init(void)
{
return xt_register_match(&ebt_arp_mt_reg);
}
static void __exit ebt_arp_fini(void)
{
xt_unregister_match(&ebt_arp_mt_reg);
}
module_init(ebt_arp_init);
module_exit(ebt_arp_fini);
static void multiport_save6_v1(const void *ip_void,
const struct xt_entry_match *match)
{
const struct ip6t_ip6 *ip = ip_void;
__multiport_save_v1(match, ip->proto);
}
static struct xtables_match multiport_mt_reg[] = {
#ifndef NO_LEGACY
{
.family = NFPROTO_IPV4,
.name = "multiport",
.revision = 0,
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_multiport)),
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
.help = multiport_help,
.x6_parse = multiport_parse,
.x6_fcheck = multiport_check,
.print = multiport_print,
.save = multiport_save,
.x6_options = multiport_opts,
},
{
.family = NFPROTO_IPV6,
.name = "multiport",
.revision = 0,
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_multiport)),
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
print_protocol(((struct xt_layer7_info *)match->data)->protocol,
((struct xt_layer7_info *)match->data)->invert, numeric);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_layer7_info *info =
(const struct xt_layer7_info*) match->data;
printf("--l7proto %s%s ", (info->invert)? "! ":"", info->protocol);
}
static struct xtables_match layer7 = {
.family = AF_INET,
.name = "layer7",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_layer7_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_layer7_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts
};
void _init(void)
{
xtables_register_match(&layer7);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void save(const void *ip, const struct xt_entry_match *match)
{
if (((struct xt_vlanpriority_info *)match->data)->invert)
printf("! ");
printf("--prio-value ");
print_vlanpriority(((struct xt_vlanpriority_info *)match->data)->priority);
}
static struct xtables_match vlanpriority = {
.name = "vlanpriority",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct xt_vlanpriority_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_vlanpriority_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts
};
void _init(void)
{
xtables_register_match(&vlanpriority);
}
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void ethport_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_ethport_info *dinfo = (const struct xt_ethport_info *)match->data;
printf("--portnum ");
print_ethport(dinfo->portnum, dinfo->invert, 1);
}
static struct xtables_match ethport_match = {
.family = NFPROTO_IPV4,
.name = "ethport",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_ethport_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_ethport_info)),
.help = ethport_help,
.parse = ethport_parse,
.final_check = ethport_check,
.print = ethport_print,
.save = ethport_save,
.extra_opts = ethport_opts,
};
static struct xtables_match ethport_match6 = {
.family = NFPROTO_UNSPEC,
.name = "ethport",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_ethport_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_ethport_info)),
#include <getopt.h>
#include <xtables.h>
static void standard_help(void)
{
printf(
"standard match options:\n"
"(If target is DROP, ACCEPT, RETURN or nothing)\n");
}
static int standard_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_target **target)
{
return 0;
}
static struct xtables_target standard_target = {
.family = AF_UNSPEC,
.name = "standard",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(int)),
.userspacesize = XT_ALIGN(sizeof(int)),
.help = standard_help,
.parse = standard_parse,
};
void libxt_standard_init(void)
{
xtables_register_target(&standard_target);
}
int command_default(struct iptables_command_state *cs,
struct xtables_globals *gl)
{
struct xtables_rule_match *matchp;
struct xtables_match *m;
if (cs->target != NULL &&
(cs->target->parse != NULL || cs->target->x6_parse != NULL) &&
cs->c >= cs->target->option_offset &&
cs->c < cs->target->option_offset + XT_OPTION_OFFSET_SCALE) {
xtables_option_tpcall(cs->c, cs->argv, cs->invert,
cs->target, &cs->fw);
return 0;
}
for (matchp = cs->matches; matchp; matchp = matchp->next) {
m = matchp->match;
if (matchp->completed ||
(m->x6_parse == NULL && m->parse == NULL))
continue;
if (cs->c < matchp->match->option_offset ||
cs->c >= matchp->match->option_offset + XT_OPTION_OFFSET_SCALE)
continue;
xtables_option_mpcall(cs->c, cs->argv, cs->invert, m, &cs->fw);
return 0;
}
/* Try loading protocol */
m = load_proto(cs);
if (m != NULL) {
size_t size;
cs->proto_used = 1;
size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
m->m = xtables_calloc(1, size);
m->m->u.match_size = size;
strcpy(m->m->u.user.name, m->name);
m->m->u.user.revision = m->revision;
xs_init_match(m);
if (m->x6_options != NULL)
gl->opts = xtables_options_xfrm(gl->orig_opts,
gl->opts,
m->x6_options,
&m->option_offset);
else
gl->opts = xtables_merge_options(gl->orig_opts,
gl->opts,
m->extra_opts,
&m->option_offset);
if (gl->opts == NULL)
xtables_error(OTHER_PROBLEM, "can't alloc memory!");
optind--;
/* Indicate to rerun getopt *immediately* */
return 1;
}
if (cs->c == ':')
xtables_error(PARAMETER_PROBLEM, "option \"%s\" "
"requires an argument", cs->argv[optind-1]);
if (cs->c == '?')
xtables_error(PARAMETER_PROBLEM, "unknown option "
"\"%s\"", cs->argv[optind-1]);
xtables_error(PARAMETER_PROBLEM, "Unknown arg \"%s\"", optarg);
return 0;
}
};
static const struct option addrtype_opts_v1[] = {
{ "src-type", 1, NULL, '1' },
{ "dst-type", 1, NULL, '2' },
{ "limit-iface-in", 0, NULL, '3' },
{ "limit-iface-out", 0, NULL, '4' },
{ .name = NULL }
};
static struct xtables_match addrtype_mt_reg[] = {
{
.name = "addrtype",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
.help = addrtype_help_v0,
.parse = addrtype_parse_v0,
.final_check = addrtype_check_v0,
.print = addrtype_print_v0,
.save = addrtype_save_v0,
.extra_opts = addrtype_opts_v0,
},
{
.name = "addrtype",
.revision = 1,
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),