update to condition extension, add condition6 (Stephane Ouellette)

diff --git a/extensions/.condition-test6 b/extensions/.condition-test6
new file mode 100755 (executable)
index 0000000..f4af61f
--- /dev/null
+++ b/extensions/.condition-test6
@@ -0,0 +1,3 @@
+#!/bin/sh
+# True if condition6 is applied.
+[ -f $KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_condition.h ] && echo condition

diff --git a/extensions/libip6t_condition.c b/extensions/libip6t_condition.c
new file mode 100644 (file)
index 0000000..474b497
--- /dev/null
+++ b/extensions/libip6t_condition.c
@@ -0,0 +1,114 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <getopt.h>
+#include <ip6tables.h>
+
+#include<linux/netfilter_ipv6/ip6_tables.h>
+#include<linux/netfilter_ipv6/ip6t_condition.h>
+
+
+static void
+help(void)
+{
+       printf("condition match v%s options:\n"
+              "--condition [!] filename       "
+              "Match on boolean value stored in /proc file\n",
+              IPTABLES_VERSION);
+}
+
+
+static struct option opts[] = {
+       { .name = "condition", .has_arg = 1, .flag = 0, .val = 'X' },
+       { .name = 0 }
+};
+
+
+static void
+init(struct ip6t_entry_match *m, unsigned int *nfcache)
+{
+       *nfcache |= NFC_UNKNOWN;
+}
+
+
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+      const struct ip6t_entry *entry, unsigned int *nfcache,
+      struct ip6t_entry_match **match)
+{
+       struct condition6_info *info =
+           (struct condition6_info *) (*match)->data;
+
+       check_inverse(optarg, &invert, &optind, 0);
+
+       if (*flags)
+               exit_error(PARAMETER_PROBLEM,
+                          "Can't specify multiple conditions");
+
+       if (c == 'X') {
+               if (strlen(argv[optind - 1]) < CONDITION6_NAME_LEN)
+                       strcpy(info->name, argv[optind - 1]);
+               else
+                       exit_error(PARAMETER_PROBLEM,
+                                  "File name too long");
+
+               info->invert = invert;
+               *flags = 1;
+               return 1;
+       }
+
+       return 0;
+}
+
+
+static void
+final_check(unsigned int flags)
+{
+       if (!flags)
+               exit_error(PARAMETER_PROBLEM,
+                          "Condition match: must specify --condition");
+}
+
+
+static void
+print(const struct ip6t_ip6 *ip,
+                 const struct ip6t_entry_match *match, int numeric)
+{
+       const struct condition6_info *info =
+           (const struct condition6_info *) match->data;
+
+       printf("condition %s%s ", (info->invert) ? "!" : "", info->name);
+}
+
+
+static void
+save(const struct ip6t_ip6 *ip,
+                const struct ip6t_entry_match *match)
+{
+       const struct condition6_info *info =
+           (const struct condition6_info *) match->data;
+
+       printf("--condition %s%s ", (info->invert) ? "! " : "", info->name);
+}
+
+
+static struct ip6tables_match condition = {
+       .name = "condition",
+       .version = IPTABLES_VERSION,
+       .size = IP6T_ALIGN(sizeof(struct condition6_info)),
+       .userspacesize = IP6T_ALIGN(sizeof(struct condition6_info)),
+       .help = &help,
+       .init = &init,
+       .parse = &parse,
+       .final_check = &final_check,
+       .print = &print,
+       .save = &save,
+       .extra_opts = opts
+};
+
+
+void
+_init(void)
+{
+       register_match6(&condition);
+}

diff --git a/extensions/libipt_condition.c b/extensions/libipt_condition.c
index 351c1aa465fad7ec402c4af40749857cba86f583..41216ca376a9f6be335b6abfaf7a96a18eb3c6b4 100644 (file)
--- a/extensions/libipt_condition.c
+++ b/extensions/libipt_condition.c
@@ -8,89 +8,107 @@
 #include<linux/netfilter_ipv4/ipt_condition.h>
 
 
-static void help(void)
+static void
+help(void)
 {
-  printf("condition match v%s options:\n"
-  "--condition [!] filename       Match on boolean value stored in /proc file"
-  "\n", IPTABLES_VERSION);
+       printf("condition match v%s options:\n"
+              "--condition [!] filename       "
+              "Match on boolean value stored in /proc file\n",
+              IPTABLES_VERSION);
 }
 
-static struct option opts[] = { { "condition", 1, 0, 'X' }, { 0 } };
 
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
+static struct option opts[] = {
+       { .name = "condition", .has_arg = 1, .flag = 0, .val = 'X' },
+       { .name = 0 }
+};
+
+
+static void
+init(struct ipt_entry_match *m, unsigned int *nfcache)
 {
-  *nfcache |= NFC_UNKNOWN;
+       *nfcache |= NFC_UNKNOWN;
 }
 
-static int parse(int c, char **argv, int invert, unsigned int *flags,
-               const struct ipt_entry *entry, unsigned int *nfcache,
-               struct ipt_entry_match **match)
+
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+      const struct ipt_entry *entry, unsigned int *nfcache,
+      struct ipt_entry_match **match)
 {
-  struct condition_info *info = (struct condition_info*)(*match)->data;
+       struct condition_info *info =
+           (struct condition_info *) (*match)->data;
 
-  check_inverse(optarg, &invert, &optind, 0);
+       check_inverse(optarg, &invert, &optind, 0);
 
-  if(*flags)
-    exit_error(PARAMETER_PROBLEM, "Can't specify multiple conditions");
+       if (*flags)
+               exit_error(PARAMETER_PROBLEM,
+                          "Can't specify multiple conditions");
 
-  if(c == 'X')
-  {
-    if(strlen(argv[optind-1]) < VARIABLE_NAME_LEN)
-      strcpy(info->name, argv[optind-1]);
-    else
-      exit_error(PARAMETER_PROBLEM, "File name too long");
+       if (c == 'X') {
+               if (strlen(argv[optind - 1]) < CONDITION_NAME_LEN)
+                       strcpy(info->name, argv[optind - 1]);
+               else
+                       exit_error(PARAMETER_PROBLEM,
+                                  "File name too long");
 
-    info->invert = invert;
-    *flags = 1;
-    return 1;
-  }
+               info->invert = invert;
+               *flags = 1;
+               return 1;
+       }
 
-  return 0;
+       return 0;
 }
 
 
-static void final_check(unsigned int flags)
+static void
+final_check(unsigned int flags)
 {
-  if(!flags)
-    exit_error(PARAMETER_PROBLEM, "Condition match: must specify --condition");
+       if (!flags)
+               exit_error(PARAMETER_PROBLEM,
+                          "Condition match: must specify --condition");
 }
 
 
-static void print(const struct ipt_ip *ip,
-               const struct ipt_entry_match *match, int numeric)
+static void
+print(const struct ipt_ip *ip,
+                 const struct ipt_entry_match *match, int numeric)
 {
-  const struct condition_info *info = (const struct condition_info*)match->data;
+       const struct condition_info *info =
+           (const struct condition_info *) match->data;
 
-  printf("condition %s%s ", (info->invert) ? "!" : "", info->name);
+       printf("condition %s%s ", (info->invert) ? "!" : "", info->name);
 }
 
 
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void
+save(const struct ipt_ip *ip,
+                const struct ipt_entry_match *match)
 {
-  const struct condition_info *info = (const struct condition_info*)match->data;
+       const struct condition_info *info =
+           (const struct condition_info *) match->data;
 
-  printf("--condition %s%s ", (info->invert) ? "! " : "", info->name);
+       printf("--condition %s%s ", (info->invert) ? "! " : "", info->name);
 }
 
 
 static struct iptables_match condition = {
-  NULL,
-  "condition",
-  IPTABLES_VERSION,
-  IPT_ALIGN(sizeof(struct condition_info)),
-  IPT_ALIGN(sizeof(struct condition_info)),
-  &help,
-  &init,
-  &parse,
-  &final_check,
-  &print,
-  &save,
-  opts
+       .name = "condition",
+       .version = IPTABLES_VERSION,
+       .size = IPT_ALIGN(sizeof(struct condition_info)),
+       .userspacesize = IPT_ALIGN(sizeof(struct condition_info)),
+       .help = &help,
+       .init = &init,
+       .parse = &parse,
+       .final_check = &final_check,
+       .print = &print,
+       .save = &save,
+       .extra_opts = opts
 };
 
 
-void _init(void)
+void
+_init(void)
 {
-  register_match(&condition);
+       register_match(&condition);
 }
-