1 /* Shared library add-on to iptables to add connmark matching support.
3 * (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
4 * by Henrik Nordstrom <hno@marasystems.com>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include <linux/netfilter/xt_connmark.h>
28 struct xt_connmark_info {
29 unsigned long mark, mask;
37 static void connmark_mt_help(void)
40 "connmark match options:\n"
41 "[!] --mark value[/mask] Match ctmark value with optional mask\n");
44 static const struct xt_option_entry connmark_mt_opts[] = {
45 {.name = "mark", .id = O_MARK, .type = XTTYPE_MARKMASK32,
46 .flags = XTOPT_MAND | XTOPT_INVERT},
50 static void connmark_mt_parse(struct xt_option_call *cb)
52 struct xt_connmark_mtinfo1 *info = cb->data;
54 xtables_option_parse(cb);
57 info->mark = cb->val.mark;
58 info->mask = cb->val.mask;
61 static void connmark_parse(struct xt_option_call *cb)
63 struct xt_connmark_info *markinfo = cb->data;
65 xtables_option_parse(cb);
66 markinfo->mark = cb->val.mark;
67 markinfo->mask = cb->val.mask;
72 static void print_mark(unsigned int mark, unsigned int mask)
74 if (mask != 0xffffffffU)
75 printf(" 0x%x/0x%x", mark, mask);
77 printf(" 0x%x", mark);
81 connmark_print(const void *ip, const struct xt_entry_match *match, int numeric)
83 const struct xt_connmark_info *info = (const void *)match->data;
85 printf(" CONNMARK match ");
88 print_mark(info->mark, info->mask);
92 connmark_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
94 const struct xt_connmark_mtinfo1 *info = (const void *)match->data;
96 printf(" connmark match ");
99 print_mark(info->mark, info->mask);
102 static void connmark_save(const void *ip, const struct xt_entry_match *match)
104 const struct xt_connmark_info *info = (const void *)match->data;
110 print_mark(info->mark, info->mask);
114 connmark_mt_save(const void *ip, const struct xt_entry_match *match)
116 const struct xt_connmark_mtinfo1 *info = (const void *)match->data;
122 print_mark(info->mark, info->mask);
125 static struct xtables_match connmark_mt_reg[] = {
127 .family = NFPROTO_UNSPEC,
130 .version = XTABLES_VERSION,
131 .size = XT_ALIGN(sizeof(struct xt_connmark_info)),
132 .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
133 .help = connmark_mt_help,
134 .print = connmark_print,
135 .save = connmark_save,
136 .x6_parse = connmark_parse,
137 .x6_options = connmark_mt_opts,
140 .version = XTABLES_VERSION,
143 .family = NFPROTO_UNSPEC,
144 .size = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
145 .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_mtinfo1)),
146 .help = connmark_mt_help,
147 .print = connmark_mt_print,
148 .save = connmark_mt_save,
149 .x6_parse = connmark_mt_parse,
150 .x6_options = connmark_mt_opts,
156 xtables_register_matches(connmark_mt_reg, ARRAY_SIZE(connmark_mt_reg));