1 #include <stdbool.h>
2 #include <stdio.h>
3 #include <xtables.h>
4 #include <linux/netfilter/xt_mark.h>
5
6 struct xt_mark_info {
7 unsigned long mark, mask;
8 uint8_t invert;
9 };
10
11 enum {
12 O_MARK = 0,
13 };
14
mark_mt_help(void)15 static void mark_mt_help(void)
16 {
17 printf(
18 "mark match options:\n"
19 "[!] --mark value[/mask] Match nfmark value with optional mask\n");
20 }
21
22 static const struct xt_option_entry mark_mt_opts[] = {
23 {.name = "mark", .id = O_MARK, .type = XTTYPE_MARKMASK32,
24 .flags = XTOPT_MAND | XTOPT_INVERT},
25 XTOPT_TABLEEND,
26 };
27
mark_mt_parse(struct xt_option_call * cb)28 static void mark_mt_parse(struct xt_option_call *cb)
29 {
30 struct xt_mark_mtinfo1 *info = cb->data;
31
32 xtables_option_parse(cb);
33 if (cb->invert)
34 info->invert = true;
35 info->mark = cb->val.mark;
36 info->mask = cb->val.mask;
37 }
38
mark_parse(struct xt_option_call * cb)39 static void mark_parse(struct xt_option_call *cb)
40 {
41 struct xt_mark_info *markinfo = cb->data;
42
43 xtables_option_parse(cb);
44 if (cb->invert)
45 markinfo->invert = 1;
46 markinfo->mark = cb->val.mark;
47 markinfo->mask = cb->val.mask;
48 }
49
print_mark(unsigned int mark,unsigned int mask)50 static void print_mark(unsigned int mark, unsigned int mask)
51 {
52 if (mask != 0xffffffffU)
53 printf(" 0x%x/0x%x", mark, mask);
54 else
55 printf(" 0x%x", mark);
56 }
57
58 static void
mark_mt_print(const void * ip,const struct xt_entry_match * match,int numeric)59 mark_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
60 {
61 const struct xt_mark_mtinfo1 *info = (const void *)match->data;
62
63 printf(" mark match");
64 if (info->invert)
65 printf(" !");
66 print_mark(info->mark, info->mask);
67 }
68
69 static void
mark_print(const void * ip,const struct xt_entry_match * match,int numeric)70 mark_print(const void *ip, const struct xt_entry_match *match, int numeric)
71 {
72 const struct xt_mark_info *info = (const void *)match->data;
73
74 printf(" MARK match");
75
76 if (info->invert)
77 printf(" !");
78
79 print_mark(info->mark, info->mask);
80 }
81
mark_mt_save(const void * ip,const struct xt_entry_match * match)82 static void mark_mt_save(const void *ip, const struct xt_entry_match *match)
83 {
84 const struct xt_mark_mtinfo1 *info = (const void *)match->data;
85
86 if (info->invert)
87 printf(" !");
88
89 printf(" --mark");
90 print_mark(info->mark, info->mask);
91 }
92
93 static void
mark_save(const void * ip,const struct xt_entry_match * match)94 mark_save(const void *ip, const struct xt_entry_match *match)
95 {
96 const struct xt_mark_info *info = (const void *)match->data;
97
98 if (info->invert)
99 printf(" !");
100
101 printf(" --mark");
102 print_mark(info->mark, info->mask);
103 }
104
105 static struct xtables_match mark_mt_reg[] = {
106 {
107 .family = NFPROTO_UNSPEC,
108 .name = "mark",
109 .revision = 0,
110 .version = XTABLES_VERSION,
111 .size = XT_ALIGN(sizeof(struct xt_mark_info)),
112 .userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)),
113 .help = mark_mt_help,
114 .print = mark_print,
115 .save = mark_save,
116 .x6_parse = mark_parse,
117 .x6_options = mark_mt_opts,
118 },
119 {
120 .version = XTABLES_VERSION,
121 .name = "mark",
122 .revision = 1,
123 .family = NFPROTO_UNSPEC,
124 .size = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
125 .userspacesize = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
126 .help = mark_mt_help,
127 .print = mark_mt_print,
128 .save = mark_mt_save,
129 .x6_parse = mark_mt_parse,
130 .x6_options = mark_mt_opts,
131 },
132 };
133
_init(void)134 void _init(void)
135 {
136 xtables_register_matches(mark_mt_reg, ARRAY_SIZE(mark_mt_reg));
137 }
138