# header files are present in the include/linux directory of this iptables
# package (HW)
#
-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac owner policy realm state tos ttl unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE REDIRECT REJECT SAME SNAT TCPMSS TOS TTL TRACE ULOG
-PF6_EXT_SLIB:=connlimit connmark eui64 hl icmp6 length limit mac owner policy state CONNMARK HL LOG NFQUEUE MARK TCPMSS TRACE
-PFX_EXT_SLIB:=mark multiport physdev pkttype sctp standard tcp tcpmss udp NOTRACK
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit owner policy realm state tos ttl unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE REDIRECT REJECT SAME SNAT TCPMSS TOS TTL TRACE ULOG
+PF6_EXT_SLIB:=connlimit connmark eui64 hl icmp6 length limit owner policy state CONNMARK HL LOG NFQUEUE MARK TCPMSS TRACE
+PFX_EXT_SLIB:=mac mark multiport physdev pkttype sctp standard tcp tcpmss udp NOTRACK
ifeq ($(DO_SELINUX), 1)
PF_EXT_SE_SLIB:=SECMARK CONNSECMARK
+++ /dev/null
-/* Shared library add-on to iptables to add MAC address support. */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#if defined(__GLIBC__) && __GLIBC__ == 2
-#include <net/ethernet.h>
-#else
-#include <linux/if_ether.h>
-#endif
-#include <ip6tables.h>
-#include <linux/netfilter_ipv6/ip6t_mac.h>
-
-/* Function which prints out usage message. */
-static void
-help(void)
-{
- printf(
-"MAC v%s options:\n"
-" --mac-source [!] XX:XX:XX:XX:XX:XX\n"
-" Match source MAC address\n"
-"\n", IPTABLES_VERSION);
-}
-
-static struct option opts[] = {
- { "mac-source", 1, 0, '1' },
- {0}
-};
-
-static void
-parse_mac(const char *mac, struct ip6t_mac_info *info)
-{
- unsigned int i = 0;
-
- if (strlen(mac) != ETH_ALEN*3-1)
- exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac);
-
- for (i = 0; i < ETH_ALEN; i++) {
- long number;
- char *end;
-
- number = strtol(mac + i*3, &end, 16);
-
- if (end == mac + i*3 + 2
- && number >= 0
- && number <= 255)
- info->srcaddr[i] = number;
- else
- exit_error(PARAMETER_PROBLEM,
- "Bad mac address `%s'", mac);
- }
-}
-
-/* Function which parses command options; returns true if it
- ate an option */
-static int
-parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- unsigned int *nfcache,
- struct xt_entry_match **match)
-{
- struct ip6t_mac_info *macinfo = (struct ip6t_mac_info *)(*match)->data;
-
- switch (c) {
- case '1':
- check_inverse(optarg, &invert, &optind, 0);
- parse_mac(argv[optind-1], macinfo);
- if (invert)
- macinfo->invert = 1;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-static void print_mac(unsigned char macaddress[ETH_ALEN])
-{
- unsigned int i;
-
- printf("%02X", macaddress[0]);
- for (i = 1; i < ETH_ALEN; i++)
- printf(":%02X", macaddress[i]);
- printf(" ");
-}
-
-/* Final check; must have specified --mac. */
-static void final_check(unsigned int flags)
-{
- if (!flags)
- exit_error(PARAMETER_PROBLEM,
- "You must specify `--mac-source'");
-}
-
-/* Prints out the matchinfo. */
-static void
-print(const void *ip,
- const struct xt_entry_match *match,
- int numeric)
-{
- printf("MAC ");
-
- if (((struct ip6t_mac_info *)match->data)->invert)
- printf("! ");
-
- print_mac(((struct ip6t_mac_info *)match->data)->srcaddr);
-}
-
-/* Saves the union ip6t_matchinfo in parsable form to stdout. */
-static void save(const void *ip, const struct xt_entry_match *match)
-{
- if (((struct ip6t_mac_info *)match->data)->invert)
- printf("! ");
-
- printf("--mac-source ");
- print_mac(((struct ip6t_mac_info *)match->data)->srcaddr);
-}
-
-static struct ip6tables_match mac = {
- .name = "mac",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_mac_info)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_mac_info)),
- .help = &help,
- .parse = &parse,
- .final_check = &final_check,
- .print = &print,
- .save = &save,
- .extra_opts = opts,
-};
-
-void _init(void)
-{
- register_match6(&mac);
-}
#else
#include <linux/if_ether.h>
#endif
-#include <iptables.h>
-#include <linux/netfilter_ipv4/ipt_mac.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_mac.h>
/* Function which prints out usage message. */
static void
};
static void
-parse_mac(const char *mac, struct ipt_mac_info *info)
+parse_mac(const char *mac, struct xt_mac_info *info)
{
unsigned int i = 0;
unsigned int *nfcache,
struct xt_entry_match **match)
{
- struct ipt_mac_info *macinfo = (struct ipt_mac_info *)(*match)->data;
+ struct xt_mac_info *macinfo = (struct xt_mac_info *)(*match)->data;
switch (c) {
case '1':
{
printf("MAC ");
- if (((struct ipt_mac_info *)match->data)->invert)
+ if (((struct xt_mac_info *)match->data)->invert)
printf("! ");
- print_mac(((struct ipt_mac_info *)match->data)->srcaddr);
+ print_mac(((struct xt_mac_info *)match->data)->srcaddr);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void save(const void *ip, const struct xt_entry_match *match)
{
- if (((struct ipt_mac_info *)match->data)->invert)
+ if (((struct xt_mac_info *)match->data)->invert)
printf("! ");
printf("--mac-source ");
- print_mac(((struct ipt_mac_info *)match->data)->srcaddr);
+ print_mac(((struct xt_mac_info *)match->data)->srcaddr);
}
-static struct iptables_match mac = {
+static struct xtables_match mac = {
.next = NULL,
+ .family = AF_INET,
.name = "mac",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_mac_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_mac_info)),
+ .size = XT_ALIGN(sizeof(struct xt_mac_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mac_info)),
+ .help = &help,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
+};
+
+static struct xtables_match mac6 = {
+ .next = NULL,
+ .family = AF_INET6,
+ .name = "mac",
+ .version = IPTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_mac_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mac_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
void _init(void)
{
- register_match(&mac);
+ xtables_register_match(&mac);
+ xtables_register_match(&mac6);
}
projects / thirdparty / iptables.git / commitdiff
