1 /* 2 * Shared library add-on to iptables to add early socket matching support. 3 * 4 * Copyright (C) 2007 BalaBit IT Ltd. 5 */ 6 #include <stdio.h> 7 #include <xtables.h> 8 #include <linux/netfilter/xt_socket.h> 9 10 enum { 11 O_TRANSPARENT = 0, 12 }; 13 14 static const struct xt_option_entry socket_mt_opts[] = { 15 {.name = "transparent", .id = O_TRANSPARENT, .type = XTTYPE_NONE}, 16 XTOPT_TABLEEND, 17 }; 18 19 static void socket_mt_help(void) 20 { 21 printf( 22 "socket match options:\n" 23 " --transparent Ignore non-transparent sockets\n\n"); 24 } 25 26 static void socket_mt_parse(struct xt_option_call *cb) 27 { 28 struct xt_socket_mtinfo1 *info = cb->data; 29 30 xtables_option_parse(cb); 31 switch (cb->entry->id) { 32 case O_TRANSPARENT: 33 info->flags |= XT_SOCKET_TRANSPARENT; 34 break; 35 } 36 } 37 38 static void 39 socket_mt_save(const void *ip, const struct xt_entry_match *match) 40 { 41 const struct xt_socket_mtinfo1 *info = (const void *)match->data; 42 43 if (info->flags & XT_SOCKET_TRANSPARENT) 44 printf(" --transparent"); 45 } 46 47 static void 48 socket_mt_print(const void *ip, const struct xt_entry_match *match, 49 int numeric) 50 { 51 printf(" socket"); 52 socket_mt_save(ip, match); 53 } 54 55 static struct xtables_match socket_mt_reg[] = { 56 { 57 .name = "socket", 58 .revision = 0, 59 .family = NFPROTO_IPV4, 60 .version = XTABLES_VERSION, 61 .size = XT_ALIGN(0), 62 .userspacesize = XT_ALIGN(0), 63 }, 64 { 65 .name = "socket", 66 .revision = 1, 67 .family = NFPROTO_UNSPEC, 68 .version = XTABLES_VERSION, 69 .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), 70 .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), 71 .help = socket_mt_help, 72 .print = socket_mt_print, 73 .save = socket_mt_save, 74 .x6_parse = socket_mt_parse, 75 .x6_options = socket_mt_opts, 76 }, 77 }; 78 79 void _init(void) 80 { 81 xtables_register_matches(socket_mt_reg, ARRAY_SIZE(socket_mt_reg)); 82 } 83
