1 #include <stdbool.h> 2 #include <stdio.h> 3 #include <xtables.h> 4 #include <linux/netfilter/xt_mark.h> 5 6 struct xt_mark_info { 7 unsigned long mark, mask; 8 uint8_t invert; 9 }; 10 11 enum { 12 O_MARK = 0, 13 }; 14 15 static void mark_mt_help(void) 16 { 17 printf( 18 "mark match options:\n" 19 "[!] --mark value[/mask] Match nfmark value with optional mask\n"); 20 } 21 22 static const struct xt_option_entry mark_mt_opts[] = { 23 {.name = "mark", .id = O_MARK, .type = XTTYPE_MARKMASK32, 24 .flags = XTOPT_MAND | XTOPT_INVERT}, 25 XTOPT_TABLEEND, 26 }; 27 28 static void mark_mt_parse(struct xt_option_call *cb) 29 { 30 struct xt_mark_mtinfo1 *info = cb->data; 31 32 xtables_option_parse(cb); 33 if (cb->invert) 34 info->invert = true; 35 info->mark = cb->val.mark; 36 info->mask = cb->val.mask; 37 } 38 39 static void mark_parse(struct xt_option_call *cb) 40 { 41 struct xt_mark_info *markinfo = cb->data; 42 43 xtables_option_parse(cb); 44 if (cb->invert) 45 markinfo->invert = 1; 46 markinfo->mark = cb->val.mark; 47 markinfo->mask = cb->val.mask; 48 } 49 50 static void print_mark(unsigned int mark, unsigned int mask) 51 { 52 if (mask != 0xffffffffU) 53 printf(" 0x%x/0x%x", mark, mask); 54 else 55 printf(" 0x%x", mark); 56 } 57 58 static void 59 mark_mt_print(const void *ip, const struct xt_entry_match *match, int numeric) 60 { 61 const struct xt_mark_mtinfo1 *info = (const void *)match->data; 62 63 printf(" mark match"); 64 if (info->invert) 65 printf(" !"); 66 print_mark(info->mark, info->mask); 67 } 68 69 static void 70 mark_print(const void *ip, const struct xt_entry_match *match, int numeric) 71 { 72 const struct xt_mark_info *info = (const void *)match->data; 73 74 printf(" MARK match"); 75 76 if (info->invert) 77 printf(" !"); 78 79 print_mark(info->mark, info->mask); 80 } 81 82 static void mark_mt_save(const void *ip, const struct xt_entry_match *match) 83 { 84 const struct xt_mark_mtinfo1 *info = (const void *)match->data; 85 86 if (info->invert) 87 printf(" !"); 88 89 printf(" --mark"); 90 print_mark(info->mark, info->mask); 91 } 92 93 static void 94 mark_save(const void *ip, const struct xt_entry_match *match) 95 { 96 const struct xt_mark_info *info = (const void *)match->data; 97 98 if (info->invert) 99 printf(" !"); 100 101 printf(" --mark"); 102 print_mark(info->mark, info->mask); 103 } 104 105 static struct xtables_match mark_mt_reg[] = { 106 { 107 .family = NFPROTO_UNSPEC, 108 .name = "mark", 109 .revision = 0, 110 .version = XTABLES_VERSION, 111 .size = XT_ALIGN(sizeof(struct xt_mark_info)), 112 .userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)), 113 .help = mark_mt_help, 114 .print = mark_print, 115 .save = mark_save, 116 .x6_parse = mark_parse, 117 .x6_options = mark_mt_opts, 118 }, 119 { 120 .version = XTABLES_VERSION, 121 .name = "mark", 122 .revision = 1, 123 .family = NFPROTO_UNSPEC, 124 .size = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)), 125 .userspacesize = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)), 126 .help = mark_mt_help, 127 .print = mark_mt_print, 128 .save = mark_mt_save, 129 .x6_parse = mark_mt_parse, 130 .x6_options = mark_mt_opts, 131 }, 132 }; 133 134 void _init(void) 135 { 136 xtables_register_matches(mark_mt_reg, ARRAY_SIZE(mark_mt_reg)); 137 } 138
