search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
manpages: do not include v4-only modules in ip6tables manpage
[jleu-iptables.git] / extensions / libipt_ttl.c
blob019a556a7ab5b7a850a875d84b9cb4e2564c8fbd
1 /* Shared library add-on to iptables to add TTL matching support
2 * (C) 2000 by Harald Welte <laforge@gnumonks.org>
3 *
4 * $Id$
5 *
6 * This program is released under the terms of GNU GPL */
7
8 #include <stdio.h>
9 #include <stdlib.h>
10 #include <string.h>
11 #include <getopt.h>
12 #include <xtables.h>
13
14 #include <linux/netfilter_ipv4/ipt_ttl.h>
15
16 static void ttl_help(void)
17 {
18 printf(
19 "ttl match options:\n"
20 " --ttl-eq value Match time to live value\n"
21 " --ttl-lt value Match TTL < value\n"
22 " --ttl-gt value Match TTL > value\n");
23 }
24
25 static int ttl_parse(int c, char **argv, int invert, unsigned int *flags,
26 const void *entry, struct xt_entry_match **match)
27 {
28 struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data;
29 unsigned int value;
30
31 xtables_check_inverse(optarg, &invert, &optind, 0);
32
33 switch (c) {
34 case '2':
35 if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
36 xtables_error(PARAMETER_PROBLEM,
37 "ttl: Expected value between 0 and 255");
38
39 if (invert)
40 info->mode = IPT_TTL_NE;
41 else
42 info->mode = IPT_TTL_EQ;
43
44 /* is 0 allowed? */
45 info->ttl = value;
46 break;
47 case '3':
48 if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
49 xtables_error(PARAMETER_PROBLEM,
50 "ttl: Expected value between 0 and 255");
51
52 if (invert)
53 xtables_error(PARAMETER_PROBLEM,
54 "ttl: unexpected `!'");
55
56 info->mode = IPT_TTL_LT;
57 info->ttl = value;
58 break;
59 case '4':
60 if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
61 xtables_error(PARAMETER_PROBLEM,
62 "ttl: Expected value between 0 and 255");
63
64 if (invert)
65 xtables_error(PARAMETER_PROBLEM,
66 "ttl: unexpected `!'");
67
68 info->mode = IPT_TTL_GT;
69 info->ttl = value;
70 break;
71 default:
72 return 0;
73
74 }
75
76 if (*flags)
77 xtables_error(PARAMETER_PROBLEM,
78 "Can't specify TTL option twice");
79 *flags = 1;
80
81 return 1;
82 }
83
84 static void ttl_check(unsigned int flags)
85 {
86 if (!flags)
87 xtables_error(PARAMETER_PROBLEM,
88 "TTL match: You must specify one of "
89 "`--ttl-eq', `--ttl-lt', `--ttl-gt");
90 }
91
92 static void ttl_print(const void *ip, const struct xt_entry_match *match,
93 int numeric)
94 {
95 const struct ipt_ttl_info *info =
96 (struct ipt_ttl_info *) match->data;
97
98 printf("TTL match ");
99 switch (info->mode) {
100 case IPT_TTL_EQ:
101 printf("TTL == ");
102 break;
103 case IPT_TTL_NE:
104 printf("TTL != ");
105 break;
106 case IPT_TTL_LT:
107 printf("TTL < ");
108 break;
109 case IPT_TTL_GT:
110 printf("TTL > ");
111 break;
112 }
113 printf("%u ", info->ttl);
114 }
115
116 static void ttl_save(const void *ip, const struct xt_entry_match *match)
117 {
118 const struct ipt_ttl_info *info =
119 (struct ipt_ttl_info *) match->data;
120
121 switch (info->mode) {
122 case IPT_TTL_EQ:
123 printf("--ttl-eq ");
124 break;
125 case IPT_TTL_NE:
126 printf("! --ttl-eq ");
127 break;
128 case IPT_TTL_LT:
129 printf("--ttl-lt ");
130 break;
131 case IPT_TTL_GT:
132 printf("--ttl-gt ");
133 break;
134 default:
135 /* error */
136 break;
137 }
138 printf("%u ", info->ttl);
139 }
140
141 static const struct option ttl_opts[] = {
142 { "ttl", 1, NULL, '2' },
143 { "ttl-eq", 1, NULL, '2'},
144 { "ttl-lt", 1, NULL, '3'},
145 { "ttl-gt", 1, NULL, '4'},
146 { .name = NULL }
147 };
148
149 static struct xtables_match ttl_mt_reg = {
150 .name = "ttl",
151 .version = XTABLES_VERSION,
152 .family = NFPROTO_IPV4,
153 .size = XT_ALIGN(sizeof(struct ipt_ttl_info)),
154 .userspacesize = XT_ALIGN(sizeof(struct ipt_ttl_info)),
155 .help = ttl_help,
156 .parse = ttl_parse,
157 .final_check = ttl_check,
158 .print = ttl_print,
159 .save = ttl_save,
160 .extra_opts = ttl_opts,
161 };
162
163
164 void _init(void)
165 {
166 xtables_register_match(&ttl_mt_reg);
167 }
Various project for iptables