-/* Shared library add-on to iptables to add CONNMARK target support. */
+/* Shared library add-on to iptables to add CONNMARK target support.
+ *
+ * (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * by Henrik Nordstrom <hno@marasystems.com>
+ *
+ * Version 1.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
{
printf(
"CONNMARK target v%s options:\n"
-" --set-mark value Set conntrack mark value\n"
-" --save-mark Save the packet nfmark on the connection\n"
-" --restore-mark Restore saved nfmark value\n"
+" --set-mark value[/mask] Set conntrack mark value\n"
+" --save-mark [--mask mask] Save the packet nfmark in the connection\n"
+" --restore-mark [--mask mask] Restore saved nfmark value\n"
"\n",
IPTABLES_VERSION);
}
{ "set-mark", 1, 0, '1' },
{ "save-mark", 0, 0, '2' },
{ "restore-mark", 0, 0, '3' },
+ { "mask", 1, 0, '4' },
{ 0 }
};
char *end;
case '1':
markinfo->mode = IPT_CONNMARK_SET;
+ markinfo->mask = ~0;
markinfo->mark = strtoul(optarg, &end, 0);
+ if (*end == '/' && end[1] != '\0')
+ markinfo->mask = strtoul(end+1, &end, 0);
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
if (*flags)
break;
case '2':
markinfo->mode = IPT_CONNMARK_SAVE;
+ markinfo->mask = ~0;
if (*flags)
exit_error(PARAMETER_PROBLEM,
"CONNMARK target: Can't specify --save-mark twice");
break;
case '3':
markinfo->mode = IPT_CONNMARK_RESTORE;
+ markinfo->mask = ~0;
if (*flags)
exit_error(PARAMETER_PROBLEM,
"CONNMARK target: Can't specify --restore-mark twice");
*flags = 1;
break;
+ case '4':
+ if (!*flags)
+ exit_error(PARAMETER_PROBLEM,
+ "CONNMARK target: Can't specify --mask without a operation");
+ markinfo->mark = strtoul(optarg, &end, 0);
+ if (*end != '\0' || end == optarg)
+ exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+ break;
default:
return 0;
}
{
if (!flags)
exit_error(PARAMETER_PROBLEM,
- "CONNMARK target: Parameter --set-mark is required");
-}
-
-static void
-print_mark(unsigned long mark, int numeric)
-{
- printf("0x%lx ", mark);
+ "CONNMARK target: No operation specified");
}
-/* Prints out the targinfo. */
+/* Prints out the target info. */
static void
print(const struct ipt_ip *ip,
const struct ipt_entry_target *target,
(const struct ipt_connmark_target_info *)target->data;
switch (markinfo->mode) {
case IPT_CONNMARK_SET:
- printf("CONNMARK set ");
- print_mark(markinfo->mark, numeric);
+ printf("CONNMARK set 0x%lx", markinfo->mark);
+ if (markinfo->mask != ~0)
+ printf("/0x%lx", markinfo->mask);
+ printf(" ");
break;
case IPT_CONNMARK_SAVE:
printf("CONNMARK save ");
+ if (markinfo->mask != ~0)
+ printf("mask 0x%lx", markinfo->mask);
+ printf(" ");
break;
case IPT_CONNMARK_RESTORE:
printf("CONNMARK restore ");
+ if (markinfo->mask != ~0)
+ printf("mask 0x%lx", markinfo->mask);
break;
default:
printf("ERROR: UNKNOWN CONNMARK MODE ");
}
}
-/* Saves the union ipt_targinfo in parsable form to stdout. */
+/* Saves the target into in parsable form to stdout. */
static void
save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
{
switch (markinfo->mode) {
case IPT_CONNMARK_SET:
- printf("--set-mark 0x%lx ", markinfo->mark);
+ printf("--set-mark 0x%lx", markinfo->mark);
+ if (markinfo->mask != ~0)
+ printf("/0x%lx", markinfo->mask);
+ printf(" ");
break;
case IPT_CONNMARK_SAVE:
printf("--save-mark ");
+ if (markinfo->mask != ~0)
+ printf("--mask 0x%lx", markinfo->mask);
break;
case IPT_CONNMARK_RESTORE:
printf("--restore-mark ");
+ if (markinfo->mask != ~0)
+ printf("--mask 0x%lx", markinfo->mask);
break;
default:
printf("ERROR: UNKNOWN CONNMARK MODE ");
}
}
-static
-struct iptables_target mark
-= { NULL,
- "CONNMARK",
- IPTABLES_VERSION,
- IPT_ALIGN(sizeof(struct ipt_connmark_target_info)),
- IPT_ALIGN(sizeof(struct ipt_connmark_target_info)),
- &help,
- &init,
- &parse,
- &final_check,
- &print,
- &save,
- opts
+static struct iptables_target connmark_target = {
+ .name = "CONNMARK",
+ .version = IPTABLES_VERSION,
+ .size = IPT_ALIGN(sizeof(struct ipt_connmark_target_info)),
+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_connmark_target_info)),
+ .help = &help,
+ .init = &init,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
};
void _init(void)
{
- register_target(&mark);
+ register_target(&connmark_target);
}
-/* Shared library add-on to iptables to add CONNMARK matching support. */
+/* Shared library add-on to iptables to add connmark matching support.
+ *
+ * (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * by Henrik Nordstrom <hno@marasystems.com>
+ *
+ * Version 1.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
#include <stdio.h>
#include <netdb.h>
#include <string.h>
if (*end == '/') {
markinfo->mask = strtoul(end+1, &end, 0);
} else
- markinfo->mask = 0xffffffff;
+ markinfo->mask = ~0;
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
if (invert)
static void
print_mark(unsigned long mark, unsigned long mask, int numeric)
{
- if(mask != 0xffffffff)
+ if(mask != ~0)
printf("0x%lx/0x%lx ", mark, mask);
else
printf("0x%lx ", mark);
print_mark(info->mark, info->mask, numeric);
}
-/* Saves the union ipt_matchinfo in parsable form to stdout. */
+/* Saves the matchinfo in parsable form to stdout. */
static void
save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
{
print_mark(info->mark, info->mask, 0);
}
-static
-struct iptables_match mark
-= { NULL,
- "connmark",
- IPTABLES_VERSION,
- IPT_ALIGN(sizeof(struct ipt_connmark_info)),
- IPT_ALIGN(sizeof(struct ipt_connmark_info)),
- &help,
- &init,
- &parse,
- &final_check,
- &print,
- &save,
- opts
+static struct iptables_match connmark_match = {
+ .name = "connmark",
+ .version = IPTABLES_VERSION,
+ .size = IPT_ALIGN(sizeof(struct ipt_connmark_info)),
+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_connmark_info)),
+ .help = &help,
+ .init = &init,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
};
void _init(void)
{
- register_match(&mark);
+ register_match(&connmark_match);
}
projects / thirdparty / iptables.git / commitdiff
