[PATCH 5/5] socket: add support for revision 1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>
---
 extensions/libxt_socket.c   |   76 +++++++++++++++++++++++++++++++++++++++----
 extensions/libxt_socket.man |    3 ++
 2 files changed, 72 insertions(+), 7 deletions(-)

diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c
index 1490473..e4dff78 100644
--- a/extensions/libxt_socket.c
+++ b/extensions/libxt_socket.c
@@ -3,17 +3,79 @@
  *
  * Copyright (C) 2007 BalaBit IT Ltd.
  */
+#include <getopt.h>
+#include <stdbool.h>
+#include <stdio.h>
 #include <xtables.h>
+#include <linux/netfilter/xt_socket.h>
 
-static struct xtables_match socket_mt_reg = {
-	.name	       = "socket",
-	.version       = XTABLES_VERSION,
-	.family	       = NFPROTO_IPV4,
-	.size	       = XT_ALIGN(0),
-	.userspacesize = XT_ALIGN(0),
+static const struct option socket_mt_opts[] = {
+	{.name = "transparent", .has_arg = false, .val = 't'},
+	XT_GETOPT_TABLEEND,
+};
+
+static void socket_mt_help(void)
+{
+	printf(
+		"socket match options:\n"
+		"  --transparent    Ignore non-transparent sockets\n\n");
+}
+
+static int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags,
+			   const void *entry, struct xt_entry_match **match)
+{
+	struct xt_socket_mtinfo1 *info = (void *)(*match)->data;
+
+	switch (c) {
+	case 't':
+		info->flags |= XT_SOCKET_TRANSPARENT;
+		return true;
+	}
+	return false;
+}
+
+static void
+socket_mt_save(const void *ip, const struct xt_entry_match *match)
+{
+	const struct xt_socket_mtinfo1 *info = (const void *)match->data;
+
+	if (info->flags & XT_SOCKET_TRANSPARENT)
+		printf("--transparent ");
+}
+
+static void
+socket_mt_print(const void *ip, const struct xt_entry_match *match,
+		int numeric)
+{
+	printf("socket ");
+	socket_mt_save(ip, match);
+}
+
+static struct xtables_match socket_mt_reg[] = {
+	{
+		.name          = "socket",
+		.revision      = 0,
+		.family        = NFPROTO_IPV4,
+		.version       = XTABLES_VERSION,
+		.size          = XT_ALIGN(0),
+		.userspacesize = XT_ALIGN(0),
+	},
+	{
+		.name          = "socket",
+		.revision      = 1,
+		.family        = NFPROTO_UNSPEC,
+		.version       = XTABLES_VERSION,
+		.size          = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)),
+		.userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)),
+		.help          = socket_mt_help,
+		.parse         = socket_mt_parse,
+		.print         = socket_mt_print,
+		.save          = socket_mt_save,
+		.extra_opts    = socket_mt_opts,
+	},
 };
 
 void _init(void)
 {
-	xtables_register_match(&socket_mt_reg);
+	xtables_register_matches(socket_mt_reg, ARRAY_SIZE(socket_mt_reg));
 }
diff --git a/extensions/libxt_socket.man b/extensions/libxt_socket.man
index 50c8854..41e8d67 100644
--- a/extensions/libxt_socket.man
+++ b/extensions/libxt_socket.man
@@ -1,2 +1,5 @@
 This matches if an open socket can be found by doing a socket lookup on the
 packet.
+.TP
+\fB\-\-transparent\fP
+Ignore non-transparent sockets.
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux