• Home
  • History
  • Annotate
  • Raw
  • Download
  • only in /netgear-R7000-V1.0.7.12_1.2.5/ap/gpl/iptables-1.4.12.1/extensions/

Lines Matching defs:*

0 /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
2  *                         Patrick Schaaf <bof@bof.de>
3  *                         Martin Josefsson <gandalf@wlug.westbo.se>
4  * Copyright (C) 2003-2010 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation.  
11 /* Shared library add-on to iptables to add IP set matching. */
12 #include <stdbool.h>
13 #include <stdio.h>
14 #include <netdb.h>
15 #include <string.h>
16 #include <stdlib.h>
17 #include <getopt.h>
18 #include <ctype.h>
19 #include <errno.h>
21 #include <xtables.h>
22 #include <linux/netfilter/xt_set.h>
23 #include "libxt_set.h"
25 /* Revision 0 */
27 static void
28 set_help_v0(void)
30 	printf("set match options:\n"
31 	       " [!] --match-set name flags\n"
32 	       "		 'name' is the set name from to match,\n" 
33 	       "		 'flags' are the comma separated list of\n"
34 	       "		 'src' and 'dst' specifications.\n");
37 static const struct option set_opts_v0[] = {
38 	{.name = "match-set", .has_arg = true, .val = '1'},
39 	{.name = "set",       .has_arg = true, .val = '2'},
40 	XT_GETOPT_TABLEEND,
43 static void
44 set_check_v0(unsigned int flags)
46 	if (!flags)
47 		xtables_error(PARAMETER_PROBLEM,
48 			"You must specify `--match-set' with proper arguments");
51 static int
52 set_parse_v0(int c, char **argv, int invert, unsigned int *flags,
53 	     const void *entry, struct xt_entry_match **match)
55 	struct xt_set_info_match_v0 *myinfo = 
56 		(struct xt_set_info_match_v0 *) (*match)->data;
57 	struct xt_set_info_v0 *info = &myinfo->match_set;
59 	switch (c) {
60 	case '2':
61 		fprintf(stderr,
62 			"--set option deprecated, please use --match-set\n");
63 	case '1':		/* --match-set <set> <flag>[,<flag> */
64 		if (info->u.flags[0])
65 			xtables_error(PARAMETER_PROBLEM,
66 				      "--match-set can be specified only once");
67 		if (invert)
68 			info->u.flags[0] |= IPSET_MATCH_INV;
70 		if (!argv[optind]
71 		    || argv[optind][0] == '-'
72 		    || argv[optind][0] == '!')
73 			xtables_error(PARAMETER_PROBLEM,
74 				      "--match-set requires two args.");
76 		if (strlen(optarg) > IPSET_MAXNAMELEN - 1)
77 			xtables_error(PARAMETER_PROBLEM,
78 				      "setname `%s' too long, max %d characters.",
79 				      optarg, IPSET_MAXNAMELEN - 1);
81 		get_set_byname(optarg, (struct xt_set_info *)info);
82 		parse_dirs_v0(argv[optind], info);
83 		DEBUGP("parse: set index %u\n", info->index);
84 		optind++;
86 		*flags = 1;
87 		break;
90 	return 1;
93 static void
94 print_match_v0(const char *prefix, const struct xt_set_info_v0 *info)
96 	int i;
97 	char setname[IPSET_MAXNAMELEN];
99 	get_set_byid(setname, info->index);
100 	printf("%s %s %s",
101 	       (info->u.flags[0] & IPSET_MATCH_INV) ? " !" : "",
102 	       prefix,
103 	       setname); 
104 	for (i = 0; i < IPSET_DIM_MAX; i++) {
105 		if (!info->u.flags[i])
106 			break;		
107 		printf("%s%s",
108 		       i == 0 ? " " : ",",
109 		       info->u.flags[i] & IPSET_SRC ? "src" : "dst");
113 /* Prints out the matchinfo. */
114 static void
115 set_print_v0(const void *ip, const struct xt_entry_match *match, int numeric)
117 	const struct xt_set_info_match_v0 *info = (const void *)match->data;
119 	print_match_v0("match-set", &info->match_set);
122 static void
123 set_save_v0(const void *ip, const struct xt_entry_match *match)
125 	const struct xt_set_info_match_v0 *info = (const void *)match->data;
127 	print_match_v0("--match-set", &info->match_set);
130 /* Revision 1 */
131 static int
132 set_parse_v1(int c, char **argv, int invert, unsigned int *flags,
133 	     const void *entry, struct xt_entry_match **match)
135 	struct xt_set_info_match_v1 *myinfo = 
136 		(struct xt_set_info_match_v1 *) (*match)->data;
137 	struct xt_set_info *info = &myinfo->match_set;
139 	switch (c) {
140 	case '2':
141 		fprintf(stderr,
142 			"--set option deprecated, please use --match-set\n");
143 	case '1':		/* --match-set <set> <flag>[,<flag> */
144 		if (info->dim)
145 			xtables_error(PARAMETER_PROBLEM,
146 				      "--match-set can be specified only once");
147 		if (invert)
148 			info->flags |= IPSET_INV_MATCH;
150 		if (!argv[optind]
151 		    || argv[optind][0] == '-'
152 		    || argv[optind][0] == '!')
153 			xtables_error(PARAMETER_PROBLEM,
154 				      "--match-set requires two args.");
156 		if (strlen(optarg) > IPSET_MAXNAMELEN - 1)
157 			xtables_error(PARAMETER_PROBLEM,
158 				      "setname `%s' too long, max %d characters.",
159 				      optarg, IPSET_MAXNAMELEN - 1);
161 		get_set_byname(optarg, info);
162 		parse_dirs(argv[optind], info);
163 		DEBUGP("parse: set index %u\n", info->index);
164 		optind++;
166 		*flags = 1;
167 		break;
170 	return 1;
173 static void
174 print_match(const char *prefix, const struct xt_set_info *info)
176 	int i;
177 	char setname[IPSET_MAXNAMELEN];
179 	get_set_byid(setname, info->index);
180 	printf("%s %s %s",
181 	       (info->flags & IPSET_INV_MATCH) ? " !" : "",
182 	       prefix,
183 	       setname); 
184 	for (i = 1; i <= info->dim; i++) {		
185 		printf("%s%s",
186 		       i == 1 ? " " : ",",
187 		       info->flags & (1 << i) ? "src" : "dst");
191 /* Prints out the matchinfo. */
192 static void
193 set_print_v1(const void *ip, const struct xt_entry_match *match, int numeric)
195 	const struct xt_set_info_match_v1 *info = (const void *)match->data;
197 	print_match("match-set", &info->match_set);
200 static void
201 set_save_v1(const void *ip, const struct xt_entry_match *match)
203 	const struct xt_set_info_match_v1 *info = (const void *)match->data;
205 	print_match("--match-set", &info->match_set);
208 static struct xtables_match set_mt_reg[] = {
210 		.name		= "set",
211 		.revision	= 0,
212 		.version	= XTABLES_VERSION,
213 		.family		= NFPROTO_IPV4,
214 		.size		= XT_ALIGN(sizeof(struct xt_set_info_match_v0)),
215 		.userspacesize	= XT_ALIGN(sizeof(struct xt_set_info_match_v0)),
216 		.help		= set_help_v0,
217 		.parse		= set_parse_v0,
218 		.final_check	= set_check_v0,
219 		.print		= set_print_v0,
220 		.save		= set_save_v0,
221 		.extra_opts	= set_opts_v0,
224 		.name		= "set",
225 		.revision	= 1,
226 		.version	= XTABLES_VERSION,
227 		.family		= NFPROTO_UNSPEC,
228 		.size		= XT_ALIGN(sizeof(struct xt_set_info_match_v1)),
229 		.userspacesize	= XT_ALIGN(sizeof(struct xt_set_info_match_v1)),
230 		.help		= set_help_v0,
231 		.parse		= set_parse_v1,
232 		.final_check	= set_check_v0,
233 		.print		= set_print_v1,
234 		.save		= set_save_v1,
235 		.extra_opts	= set_opts_v0,
239 void _init(void)
241 	xtables_register_matches(set_mt_reg, ARRAY_SIZE(set_mt_reg));