baa7c211f5
This commit implements a new netfilter match "xt_id" which can be used to attach unsigned 32bit IDs to iptables rules. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 41945
60 lines
1.2 KiB
Diff
60 lines
1.2 KiB
Diff
--- /dev/null
|
|
+++ b/extensions/libxt_id.c
|
|
@@ -0,0 +1,45 @@
|
|
+/* Shared library add-on to iptables to add id match support. */
|
|
+
|
|
+#include <stdio.h>
|
|
+#include <xtables.h>
|
|
+#include <linux/netfilter/xt_id.h>
|
|
+
|
|
+enum {
|
|
+ O_ID = 0,
|
|
+};
|
|
+
|
|
+static const struct xt_option_entry id_opts[] = {
|
|
+ {
|
|
+ .name = "id",
|
|
+ .id = O_ID,
|
|
+ .type = XTTYPE_UINT32,
|
|
+ .flags = XTOPT_MAND | XTOPT_PUT,
|
|
+ XTOPT_POINTER(struct xt_id_info, id)
|
|
+ },
|
|
+ XTOPT_TABLEEND,
|
|
+};
|
|
+
|
|
+/* Saves the union ipt_matchinfo in parsable form to stdout. */
|
|
+static void
|
|
+id_save(const void *ip, const struct xt_entry_match *match)
|
|
+{
|
|
+ struct xt_id_info *idinfo = (void *)match->data;
|
|
+
|
|
+ printf(" --id %lu", idinfo->id);
|
|
+}
|
|
+
|
|
+static struct xtables_match id_match = {
|
|
+ .family = NFPROTO_UNSPEC,
|
|
+ .name = "id",
|
|
+ .version = XTABLES_VERSION,
|
|
+ .size = XT_ALIGN(sizeof(struct xt_id_info)),
|
|
+ .userspacesize = XT_ALIGN(sizeof(struct xt_id_info)),
|
|
+ .save = id_save,
|
|
+ .x6_parse = xtables_option_parse,
|
|
+ .x6_options = id_opts,
|
|
+};
|
|
+
|
|
+void _init(void)
|
|
+{
|
|
+ xtables_register_match(&id_match);
|
|
+}
|
|
--- /dev/null
|
|
+++ b/include/linux/netfilter/xt_id.h
|
|
@@ -0,0 +1,8 @@
|
|
+#ifndef _XT_ID_H
|
|
+#define _XT_ID_H
|
|
+
|
|
+struct xt_id_info {
|
|
+ __u32 id;
|
|
+};
|
|
+
|
|
+#endif /* XT_ID_H */
|