new revision of TTL and ttl patch. Match bugfixed, supports now == !+ < >

diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c
index c125bdf877252dd2208428f652aff7381aea163f..985b914685be6c7a954569d2cd6036add60b77de 100644 (file)
--- a/extensions/libipt_TTL.c
+++ b/extensions/libipt_TTL.c
@@ -1,7 +1,7 @@
 /* Shared library add-on to iptables for the TTL target
  * (C) 2000 by Harald Welte <laforge@gnumonks.org>
  *
- * Version: 1.2
+ * libipt_TTL.c,v 1.3 2000/11/13 11:16:08 laforge Exp
  *
  * This program is distributed under the terms of GNU GPL
  */

diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c
index 1acd7cfbf0a64a65a7c2d8478901346da4398bc7..060b2409a15228fed2e599613e4c29a59c261be1 100644 (file)
--- a/extensions/libipt_ttl.c
+++ b/extensions/libipt_ttl.c
@@ -1,7 +1,7 @@
 /* Shared library add-on to iptables to add TTL matching support 
  * (C) 2000 by Harald Welte <laforge@gnumonks.org>
  *
- * Version: 1.3
+ * libipt_ttl.c,v 1.4 2000/11/13 11:16:08 laforge Exp
  *
  * This program is released under the terms of GNU GPL */
 
@@ -18,12 +18,16 @@ static void help(void)
 {
        printf(
 "TTL match v%s options:\n"
-"  --ttl value         Match time to live value\n", NETFILTER_VERSION);
+"  --ttl-eq value      Match time to live value\n"
+"  --ttl-lt value      Match TTL < value\n"
+"  --ttl-gt value      Match TTL > value\n"
+, NETFILTER_VERSION);
 }
 
 static void init(struct ipt_entry_match *m, unsigned int *nfcache)
 {
        /* caching not yet implemented */
+       *nfcache |= NFC_UNKNOWN;
 }
 
 static int parse(int c, char **argv, int invert, unsigned int *flags,
@@ -33,16 +37,48 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
        struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data;
        u_int8_t value;
 
+       if (check_inverse(optarg, &invert))
+               optind++;
+       value = atoi(argv[optind-1]);
+
+       if (*flags) 
+               exit_error(PARAMETER_PROBLEM, 
+                               "Can't specify TTL option twice");
+
+       if (!optarg)
+               exit_error(PARAMETER_PROBLEM,
+                               "ttl: You must specify a value");
        switch (c) {
-               case '1':
-                       if (check_inverse(optarg, &invert))
-                               optind++;
-                       value = atoi(argv[optind-1]);
+               case '2':
+                       if (invert)
+                               info->mode = IPT_TTL_NE;
+                       else
+                               info->mode = IPT_TTL_EQ;
 
                        /* is 0 allowed? */
                        info->ttl = value;
+                       *flags = 1;
+
+                       break;
+               case '3':
+                       if (invert) 
+                               exit_error(PARAMETER_PROBLEM,
+                                               "ttl: unexpected `!'");
+
+                       info->mode = IPT_TTL_LT;
+                       info->ttl = value;
+                       *flags = 1;
+
+                       break;
+               case '4':
                        if (invert)
-                               info->invert = 1;
+                               exit_error(PARAMETER_PROBLEM,
+                                               "ttl: unexpected `!'");
+
+                       info->mode = IPT_TTL_GT;
+                       info->ttl = value;
+                       *flags = 1;
+
                        break;
                default:
                        return 0;
@@ -56,7 +92,8 @@ static void final_check(unsigned int flags)
 {
        if (!flags) 
                exit_error(PARAMETER_PROBLEM,
-                       "TTL match: You must specify `--ttl'");
+                       "TTL match: You must specify one of "
+                       "`--ttl-eq', `--ttl-lt', `--ttl-gt");
 }
 
 static void print(const struct ipt_ip *ip, 
@@ -67,8 +104,20 @@ static void print(const struct ipt_ip *ip,
                (struct ipt_ttl_info *) match->data;
 
        printf("TTL match ");
-       if (info->invert)
-               printf("!");
+       switch (info->mode) {
+               case IPT_TTL_EQ:
+                       printf("TTL == ");
+                       break;
+               case IPT_TTL_NE:
+                       printf("TTL != ");
+                       break;
+               case IPT_TTL_LT:
+                       printf("TTL < ");
+                       break;
+               case IPT_TTL_GT:
+                       printf("TTL > ");
+                       break;
+       }
        printf("%u ", info->ttl);
 }
 
@@ -78,14 +127,31 @@ static void save(const struct ipt_ip *ip,
        const struct ipt_ttl_info *info =
                (struct ipt_ttl_info *) match->data;
 
-       printf("--ttl ");
-       if (info->invert)
-               printf("!");
+       switch (info->mode) {
+               case IPT_TTL_EQ:
+                       printf("--ttl-eq ");
+                       break;
+               case IPT_TTL_NE:
+                       printf("! --ttl-eq ");
+                       break;
+               case IPT_TTL_LT:
+                       printf("--ttl-lt ");
+                       break;
+               case IPT_TTL_GT:
+                       printf("--ttl-gt ");
+                       break;
+               default:
+                       /* error */
+                       break;
+       }
        printf("%u ", info->ttl);
 }
 
 static struct option opts[] = {
-       { "ttl", 0, '1' },
+       { "ttl", 1, 0, '2' },
+       { "ttl-eq", 1, 0, '2'},
+       { "ttl-lt", 1, 0, '3'},
+       { "ttl-gt", 1, 0, '4'},
        { 0 }
 };