socket match - add wildcard option [3/4]

Nepenthes Development Team <nepenthesdev@xxxxxxxxx> · Sun, 25 Jul 2010 16:51:09 +0200

iptables-socket-match-add-wildcard-option.diff
  - add wildcard option to socket match

diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c
index 2230a93..f7f5c3c 100644
--- a/extensions/libxt_socket.c
+++ b/extensions/libxt_socket.c
@@ -16,11 +16,14 @@ static void socket_mt_help_v0(void)
 static void socket_mt_help_v1(void)
 {
 	printf("socket match options:\n"
-"--transparent      Matches only if the socket's transparent option is set\n");
+"--transparent      Matches only if the socket's transparent option is set\n"
+"--wildcard         Match wildcard socket's too\n"
+);
 }
 
 static const struct option socket_opts_v1[] = {
 	{ "transparent", 0, NULL, '1' },
+	{ "wildcard",    0, NULL, '2' },
 	{ }
 };
 
@@ -39,11 +42,18 @@ static int socket_mt_parse_v1(int c, char **argv, int invert,
 
 	switch (c) {
 	case '1':
-		if (*flags)
+		if (*flags & XT_SOCKET_TRANSPARENT)
 			xtables_error(PARAMETER_PROBLEM,
 				      "Can't specify multiple --transparent");
 		info->flags |= XT_SOCKET_TRANSPARENT;
-		*flags = 1;
+		*flags |= XT_SOCKET_TRANSPARENT;
+		break;
+	case '2':
+		if (*flags & XT_SOCKET_WILDCARD)
+			xtables_error(PARAMETER_PROBLEM,
+				      "Can't specify multiple --wildcard");
+		info->flags |= XT_SOCKET_WILDCARD;
+		*flags |= XT_SOCKET_WILDCARD;
 		break;
 	default:
 		return 0;
@@ -63,6 +73,9 @@ static void socket_mt_print_v1(const void *ip,
 	printf("socket ");
 	if (info->flags & XT_SOCKET_TRANSPARENT)
 		printf("transparent ");
+	if (info->flags & XT_SOCKET_WILDCARD)
+		printf("wildcard ");
+
 }
 
 static void socket_mt_save_v1(const void *ip,
@@ -72,6 +85,10 @@ static void socket_mt_save_v1(const void *ip,
 
 	if (info->flags & XT_SOCKET_TRANSPARENT)
 		printf("--transparent ");
+
+	if (info->flags & XT_SOCKET_WILDCARD)
+		printf("--wildcard ");
+
 }
 
 static struct xtables_match socket_mt_reg_v0 = {
diff --git a/extensions/libxt_socket.man b/extensions/libxt_socket.man
index edc9d75..9051c7f 100644
--- a/extensions/libxt_socket.man
+++ b/extensions/libxt_socket.man
@@ -4,3 +4,5 @@ packet which doesn\'t listen on the \'any\' IP address (0.0.0.0).
 .BI "\-\-transparent"
 Enables additional check, that the actual socket's transparent socket option
 has to be set.
+.BI "\-\-wildcard"
+Matches sockets listening on the \'any\' IP address (0.0.0.0) too.
diff --git a/include/linux/netfilter/xt_socket.h b/include/linux/netfilter/xt_socket.h
index f6ba866..2127c57 100644
--- a/include/linux/netfilter/xt_socket.h
+++ b/include/linux/netfilter/xt_socket.h
@@ -3,6 +3,7 @@
 
 enum {
 	XT_SOCKET_TRANSPARENT = 1 << 0,
+	XT_SOCKET_WILDCARD = 1 << 1,
 };
 
 struct xt_socket_mtinfo1 {




