Signed-off-by: Richard Weinberger <richard@xxxxxx>
---
extensions/libxt_APPROVE.c | 83 ++++++++++++++++++++++++++++++++++
extensions/libxt_APPROVE.man | 1 +
include/linux/netfilter/xt_APPROVE.h | 8 +++
3 files changed, 92 insertions(+), 0 deletions(-)
create mode 100644 extensions/libxt_APPROVE.c
create mode 100644 extensions/libxt_APPROVE.man
create mode 100644 include/linux/netfilter/xt_APPROVE.h
diff --git a/extensions/libxt_APPROVE.c b/extensions/libxt_APPROVE.c
new file mode 100644
index 0000000..4142bfa
--- /dev/null
+++ b/extensions/libxt_APPROVE.c
@@ -0,0 +1,83 @@
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <stddef.h>
+
+#include <xtables.h>
+
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_APPROVE.h>
+
+static const struct option approve_opts[] = {
+ {.name = "rule-id", .has_arg = true, .val = 'i'},
+ XT_GETOPT_TABLEEND
+};
+
+static void approve_help(void)
+{
+ printf("APPROVE target options:\n"
+ "--rule-id id assign numberic id to the rule.\n");
+}
+
+static int approve_parse(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_target **target)
+{
+ struct nf_approve_info *ridi = (void *)(*target)->data;
+
+ if(c == 'i') {
+ xtables_param_act(XTF_NO_INVERT, "APPROVE", "--rule-id", invert);
+ ridi->ruleid = strtoul(optarg, NULL, 0);
+
+ if(ridi->ruleid < 1)
+ xtables_error(PARAMETER_PROBLEM,
+ "--rule-id must be greater than 0");
+
+ *flags = 1;
+
+ return true;
+ }
+
+ return false;
+}
+
+static void approve_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ struct nf_approve_info *ridi = (void *)target->data;
+
+ printf("--rule-id %i\n", ridi->ruleid);
+}
+
+static void approve_save(const void *ip, const struct xt_entry_target *target)
+{
+ struct nf_approve_info *ridi = (void *)target->data;
+
+ printf("--rule-id %i\n", ridi->ruleid);
+}
+
+static void approve_final_check(unsigned int flags)
+{
+ if(flags != 1)
+ xtables_error(PARAMETER_PROBLEM,
+ "--rule-id must be specified");
+}
+
+static struct xtables_target approve_target = {
+ .family = NFPROTO_UNSPEC,
+ .name = "APPROVE",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct nf_approve_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_approve_info)),
+ .help = approve_help,
+ .parse = approve_parse,
+ .final_check = approve_final_check,
+ .extra_opts = approve_opts,
+ .print = approve_print,
+ .save = approve_save
+};
+
+void _init(void)
+{
+ xtables_register_target(&approve_target);
+}
diff --git a/extensions/libxt_APPROVE.man b/extensions/libxt_APPROVE.man
new file mode 100644
index 0000000..ce08911
--- /dev/null
+++ b/extensions/libxt_APPROVE.man
@@ -0,0 +1 @@
+Richard was too lazy to write a manpage...
diff --git a/include/linux/netfilter/xt_APPROVE.h b/include/linux/netfilter/xt_APPROVE.h
new file mode 100644
index 0000000..c62c6bc
--- /dev/null
+++ b/include/linux/netfilter/xt_APPROVE.h
@@ -0,0 +1,8 @@
+#ifndef _XT_APPROVE_H
+#define _XT_APPROVE_H
+
+struct nf_approve_info {
+ u_int16_t ruleid;
+};
+
+#endif /* _XT_APPROVE_H */
--
1.6.6.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
