1 /* Shared library add-on to iptables to add comment match support.
2 *
3 * ChangeLog
4 * 2003-05-13: Brad Fisher <brad@info-link.net>
5 * Initial comment match
6 * 2004-05-12: Brad Fisher <brad@info-link.net>
7 * Port to patch-o-matic-ng
8 */
9 #include <stdio.h>
10 #include <string.h>
11 #include <stdlib.h>
12 #include <getopt.h>
13
14 #include <iptables.h>
15 #include <linux/netfilter_ipv4/ipt_comment.h>
16
17 /* Function which prints out usage message. */
18 static void
help(void)19 help(void)
20 {
21 printf(
22 "COMMENT match options:\n"
23 "--comment COMMENT Attach a comment to a rule\n\n"
24 );
25 }
26
27 static struct option opts[] = {
28 { "comment", 1, 0, '1' },
29 {0}
30 };
31
32 static void
parse_comment(const char * s,struct ipt_comment_info * info)33 parse_comment(const char *s, struct ipt_comment_info *info)
34 {
35 int slen = strlen(s);
36
37 if (slen >= IPT_MAX_COMMENT_LEN) {
38 exit_error(PARAMETER_PROBLEM,
39 "COMMENT must be shorter than %i characters", IPT_MAX_COMMENT_LEN);
40 }
41 strcpy((char *)info->comment, s);
42 }
43
44 /* Function which parses command options; returns true if it
45 ate an option */
46 static int
parse(int c,char ** argv,int invert,unsigned int * flags,const struct ipt_entry * entry,unsigned int * nfcache,struct ipt_entry_match ** match)47 parse(int c, char **argv, int invert, unsigned int *flags,
48 const struct ipt_entry *entry,
49 unsigned int *nfcache,
50 struct ipt_entry_match **match)
51 {
52 struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)(*match)->data;
53
54 switch (c) {
55 case '1':
56 check_inverse(argv[optind-1], &invert, &optind, 0);
57 if (invert) {
58 exit_error(PARAMETER_PROBLEM,
59 "Sorry, you can't have an inverted comment");
60 }
61 parse_comment(argv[optind-1], commentinfo);
62 *flags = 1;
63 break;
64
65 default:
66 return 0;
67 }
68 return 1;
69 }
70
71 /* Final check; must have specified --comment. */
72 static void
final_check(unsigned int flags)73 final_check(unsigned int flags)
74 {
75 if (!flags)
76 exit_error(PARAMETER_PROBLEM,
77 "COMMENT match: You must specify `--comment'");
78 }
79
80 /* Prints out the matchinfo. */
81 static void
print(const struct ipt_ip * ip,const struct ipt_entry_match * match,int numeric)82 print(const struct ipt_ip *ip,
83 const struct ipt_entry_match *match,
84 int numeric)
85 {
86 struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)match->data;
87
88 commentinfo->comment[IPT_MAX_COMMENT_LEN-1] = '\0';
89 printf("/* %s */ ", commentinfo->comment);
90 }
91
92 /* Saves the union ipt_matchinfo in parsable form to stdout. */
93 static void
save(const struct ipt_ip * ip,const struct ipt_entry_match * match)94 save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
95 {
96 struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)match->data;
97
98 commentinfo->comment[IPT_MAX_COMMENT_LEN-1] = '\0';
99 printf("--comment \"%s\" ", commentinfo->comment);
100 }
101
102 static struct iptables_match comment = {
103 .next = NULL,
104 .name = "comment",
105 .version = IPTABLES_VERSION,
106 .size = IPT_ALIGN(sizeof(struct ipt_comment_info)),
107 .userspacesize = IPT_ALIGN(sizeof(struct ipt_comment_info)),
108 .help = &help,
109 .parse = &parse,
110 .final_check = &final_check,
111 .print = &print,
112 .save = &save,
113 .extra_opts = opts
114 };
115
ipt_comment_init(void)116 void ipt_comment_init(void)
117 {
118 register_match(&comment);
119 }
120