search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / ebtables / extensions / ebt_mark.c
blob5776b1cb24509b1a006fff8a7692ff068b548d52
1 /* ebt_mark
2 *
3 * Authors:
4 * Bart De Schuymer <bdschuym@pandora.be>
5 *
6 * July, 2002, September 2006
7 */
8
9 #include <stdio.h>
10 #include <stdlib.h>
11 #include <string.h>
12 #include <getopt.h>
13 #include "../include/ebtables_u.h"
14 #include <linux/netfilter_bridge/ebt_mark_t.h>
15
16 static int mark_supplied;
17
18 #define MARK_TARGET '1'
19 #define MARK_SETMARK '2'
20 #define MARK_ORMARK '3'
21 #define MARK_ANDMARK '4'
22 #define MARK_XORMARK '5'
23 static struct option opts[] =
24 {
25 { "mark-target" , required_argument, 0, MARK_TARGET },
26 /* an oldtime messup, we should have always used the scheme
27 * <extension-name>-<option> */
28 { "set-mark" , required_argument, 0, MARK_SETMARK },
29 { "mark-set" , required_argument, 0, MARK_SETMARK },
30 { "mark-or" , required_argument, 0, MARK_ORMARK },
31 { "mark-and" , required_argument, 0, MARK_ANDMARK },
32 { "mark-xor" , required_argument, 0, MARK_XORMARK },
33 { 0 }
34 };
35
36 static void print_help()
37 {
38 printf(
39 "mark target options:\n"
40 " --mark-set value : Set nfmark value\n"
41 " --mark-or value : Or nfmark with value (nfmark |= value)\n"
42 " --mark-and value : And nfmark with value (nfmark &= value)\n"
43 " --mark-xor value : Xor nfmark with value (nfmark ^= value)\n"
44 " --mark-target target : ACCEPT, DROP, RETURN or CONTINUE\n");
45 }
46
47 static void init(struct ebt_entry_target *target)
48 {
49 struct ebt_mark_t_info *markinfo =
50 (struct ebt_mark_t_info *)target->data;
51
52 markinfo->target = EBT_ACCEPT;
53 markinfo->mark = 0;
54 mark_supplied = 0;
55 }
56
57 #define OPT_MARK_TARGET 0x01
58 #define OPT_MARK_SETMARK 0x02
59 #define OPT_MARK_ORMARK 0x04
60 #define OPT_MARK_ANDMARK 0x08
61 #define OPT_MARK_XORMARK 0x10
62 static int parse(int c, char **argv, int argc,
63 const struct ebt_u_entry *entry, unsigned int *flags,
64 struct ebt_entry_target **target)
65 {
66 struct ebt_mark_t_info *markinfo =
67 (struct ebt_mark_t_info *)(*target)->data;
68 char *end;
69
70 switch (c) {
71 case MARK_TARGET:
72 { int tmp;
73 ebt_check_option2(flags, OPT_MARK_TARGET);
74 if (FILL_TARGET(optarg, tmp))
75 ebt_print_error2("Illegal --mark-target target");
76 /* the 4 lsb are left to designate the target */
77 markinfo->target = (markinfo->target & ~EBT_VERDICT_BITS) | (tmp & EBT_VERDICT_BITS);
78 }
79 return 1;
80 case MARK_SETMARK:
81 ebt_check_option2(flags, OPT_MARK_SETMARK);
82 if (*flags & (OPT_MARK_ORMARK|OPT_MARK_ANDMARK|OPT_MARK_XORMARK))
83 ebt_print_error2("--mark-set cannot be used together with specific --mark option");
84 break;
85 case MARK_ORMARK:
86 ebt_check_option2(flags, OPT_MARK_ORMARK);
87 if (*flags & (OPT_MARK_SETMARK|OPT_MARK_ANDMARK|OPT_MARK_XORMARK))
88 ebt_print_error2("--mark-or cannot be used together with specific --mark option");
89 markinfo->target = (markinfo->target & EBT_VERDICT_BITS) | MARK_OR_VALUE;
90 break;
91 case MARK_ANDMARK:
92 ebt_check_option2(flags, OPT_MARK_ANDMARK);
93 if (*flags & (OPT_MARK_SETMARK|OPT_MARK_ORMARK|OPT_MARK_XORMARK))
94 ebt_print_error2("--mark-and cannot be used together with specific --mark option");
95 markinfo->target = (markinfo->target & EBT_VERDICT_BITS) | MARK_AND_VALUE;
96 break;
97 case MARK_XORMARK:
98 ebt_check_option2(flags, OPT_MARK_XORMARK);
99 if (*flags & (OPT_MARK_SETMARK|OPT_MARK_ANDMARK|OPT_MARK_ORMARK))
100 ebt_print_error2("--mark-xor cannot be used together with specific --mark option");
101 markinfo->target = (markinfo->target & EBT_VERDICT_BITS) | MARK_XOR_VALUE;
102 break;
103 default:
104 return 0;
105 }
106 /* mutual code */
107 markinfo->mark = strtoul(optarg, &end, 0);
108 if (*end != '\0' || end == optarg)
109 ebt_print_error2("Bad MARK value '%s'", optarg);
110 mark_supplied = 1;
111 return 1;
112 }
113
114 static void final_check(const struct ebt_u_entry *entry,
115 const struct ebt_entry_target *target, const char *name,
116 unsigned int hookmask, unsigned int time)
117 {
118 struct ebt_mark_t_info *markinfo =
119 (struct ebt_mark_t_info *)target->data;
120
121 if (time == 0 && mark_supplied == 0) {
122 ebt_print_error("No mark value supplied");
123 } else if (BASE_CHAIN && (markinfo->target|~EBT_VERDICT_BITS) == EBT_RETURN)
124 ebt_print_error("--mark-target RETURN not allowed on base chain");
125 }
126
127 static void print(const struct ebt_u_entry *entry,
128 const struct ebt_entry_target *target)
129 {
130 struct ebt_mark_t_info *markinfo =
131 (struct ebt_mark_t_info *)target->data;
132 int tmp;
133
134 tmp = markinfo->target & ~EBT_VERDICT_BITS;
135 if (tmp == MARK_SET_VALUE)
136 printf("--mark-set");
137 else if (tmp == MARK_OR_VALUE)
138 printf("--mark-or");
139 else if (tmp == MARK_XOR_VALUE)
140 printf("--mark-xor");
141 else if (tmp == MARK_AND_VALUE)
142 printf("--mark-and");
143 else
144 ebt_print_error("oops, unknown mark action, try a later version of ebtables");
145 printf(" 0x%lx", markinfo->mark);
146 tmp = markinfo->target | ~EBT_VERDICT_BITS;
147 printf(" --mark-target %s", TARGET_NAME(tmp));
148 }
149
150 static int compare(const struct ebt_entry_target *t1,
151 const struct ebt_entry_target *t2)
152 {
153 struct ebt_mark_t_info *markinfo1 =
154 (struct ebt_mark_t_info *)t1->data;
155 struct ebt_mark_t_info *markinfo2 =
156 (struct ebt_mark_t_info *)t2->data;
157
158 return markinfo1->target == markinfo2->target &&
159 markinfo1->mark == markinfo2->mark;
160 }
161
162 static struct ebt_u_target mark_target =
163 {
164 .name = "mark",
165 .size = sizeof(struct ebt_mark_t_info),
166 .help = print_help,
167 .init = init,
168 .parse = parse,
169 .final_check = final_check,
170 .print = print,
171 .compare = compare,
172 .extra_ops = opts,
173 };
174
175 void _init(void)
176 {
177 ebt_register_target(&mark_target);
178 }