1/* Shared library add-on to iptables to add comment match support. 2 * 3 * ChangeLog 4 * 2003-05-13: Brad Fisher <brad@info-link.net> 5 * Initial comment match 6 * 2004-05-12: Brad Fisher <brad@info-link.net> 7 * Port to patch-o-matic-ng 8 */ 9#include <stdio.h> 10#include <string.h> 11#include <stdlib.h> 12#include <getopt.h> 13 14#include <iptables.h> 15#include <linux/netfilter_ipv4/ipt_comment.h> 16 17/* Function which prints out usage message. */ 18static void 19help(void) 20{ 21 printf( 22 "COMMENT match options:\n" 23 "--comment COMMENT Attach a comment to a rule\n\n" 24 ); 25} 26 27static struct option opts[] = { 28 { "comment", 1, 0, '1' }, 29 {0} 30}; 31 32static void 33parse_comment(const char *s, struct ipt_comment_info *info) 34{ 35 int slen = strlen(s); 36 37 if (slen >= IPT_MAX_COMMENT_LEN) { 38 exit_error(PARAMETER_PROBLEM, 39 "COMMENT must be shorter than %i characters", IPT_MAX_COMMENT_LEN); 40 } 41 strcpy((char *)info->comment, s); 42} 43 44/* Function which parses command options; returns true if it 45 ate an option */ 46static int 47parse(int c, char **argv, int invert, unsigned int *flags, 48 const struct ipt_entry *entry, 49 unsigned int *nfcache, 50 struct ipt_entry_match **match) 51{ 52 struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)(*match)->data; 53 54 switch (c) { 55 case '1': 56 check_inverse(argv[optind-1], &invert, &optind, 0); 57 if (invert) { 58 exit_error(PARAMETER_PROBLEM, 59 "Sorry, you can't have an inverted comment"); 60 } 61 parse_comment(argv[optind-1], commentinfo); 62 *flags = 1; 63 break; 64 65 default: 66 return 0; 67 } 68 return 1; 69} 70 71/* Final check; must have specified --comment. */ 72static void 73final_check(unsigned int flags) 74{ 75 if (!flags) 76 exit_error(PARAMETER_PROBLEM, 77 "COMMENT match: You must specify `--comment'"); 78} 79 80/* Prints out the matchinfo. */ 81static void 82print(const struct ipt_ip *ip, 83 const struct ipt_entry_match *match, 84 int numeric) 85{ 86 struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)match->data; 87 88 commentinfo->comment[IPT_MAX_COMMENT_LEN-1] = '\0'; 89 printf("/* %s */ ", commentinfo->comment); 90} 91 92/* Saves the union ipt_matchinfo in parsable form to stdout. */ 93static void 94save(const struct ipt_ip *ip, const struct ipt_entry_match *match) 95{ 96 struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)match->data; 97 98 commentinfo->comment[IPT_MAX_COMMENT_LEN-1] = '\0'; 99 printf("--comment \"%s\" ", commentinfo->comment); 100} 101 102static struct iptables_match comment = { 103 .next = NULL, 104 .name = "comment", 105 .version = IPTABLES_VERSION, 106 .size = IPT_ALIGN(sizeof(struct ipt_comment_info)), 107 .userspacesize = IPT_ALIGN(sizeof(struct ipt_comment_info)), 108 .help = &help, 109 .parse = &parse, 110 .final_check = &final_check, 111 .print = &print, 112 .save = &save, 113 .extra_opts = opts 114}; 115 116void _init(void) 117{ 118 register_match(&comment); 119} 120