On Wed, Mar 06, 2024 at 11:11:25AM +0100, Florian Westphal wrote:
> v2: document the match semantics of -m socket.
>
> Ignore --nowildcard if used with other options when translating
> and add "wildcard 0" if the option is missing.
>
> "-m socket" will ignore sockets bound to 0.0.0.0/:: by default,
> unless --nowildcard is given.
>
> So, xlate must always append "wildcard 0", can elide "wildcard"
> if other options are present along with --nowildcard.
>
> To emulate "-m socket --nowildcard", check for "wildcard <= 1" to
> get a "socket exists" type matching.
>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
> extensions/libxt_socket.c | 39 ++++++++++++++++++++++++++++++++++
> extensions/libxt_socket.txlate | 17 +++++++++++++++
> 2 files changed, 56 insertions(+)
> create mode 100644 extensions/libxt_socket.txlate
>
> diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c
> index a99135cdfa0a..016ea3435339 100644
> --- a/extensions/libxt_socket.c
> +++ b/extensions/libxt_socket.c
> @@ -159,6 +159,42 @@ socket_mt_print_v3(const void *ip, const struct xt_entry_match *match,
> socket_mt_save_v3(ip, match);
> }
>
> +static int socket_mt_xlate(struct xt_xlate *xl, const struct xt_xlate_mt_params *params)
> +{
> + const struct xt_socket_mtinfo3 *info = (const void *)params->match->data;
> + const char *space = "";
The whole "leading space or not" handling is not necessary, I made
xt_xlate_add() insert leading space automatically if the first
character is alpha-numeric or a brace.
Thanks, Phil
