[netfilter-cvslog] r6951 - in trunk/iptables: extensions include/linux/netfilter

yasuyuki at netfilter.org yasuyuki at netfilter.org
Tue Jul 24 09:09:51 CEST 2007


Author: yasuyuki at netfilter.org
Date: 2007-07-24 09:09:51 +0200 (Tue, 24 Jul 2007)
New Revision: 6951

Added:
   trunk/iptables/extensions/libxt_mac.c
   trunk/iptables/include/linux/netfilter/xt_mac.h
Removed:
   trunk/iptables/extensions/libip6t_mac.c
   trunk/iptables/extensions/libipt_mac.c
Modified:
   trunk/iptables/extensions/Makefile
Log:
Unifies libip[6]t_mac.c into libxt_mac.c



Modified: trunk/iptables/extensions/Makefile
===================================================================
--- trunk/iptables/extensions/Makefile	2007-07-24 07:06:57 UTC (rev 6950)
+++ trunk/iptables/extensions/Makefile	2007-07-24 07:09:51 UTC (rev 6951)
@@ -5,9 +5,9 @@
 # header files are present in the include/linux directory of this iptables
 # package (HW)
 #
-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac owner policy realm state tos ttl unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE REDIRECT REJECT SAME SNAT TCPMSS TOS TTL TRACE ULOG
-PF6_EXT_SLIB:=connlimit connmark eui64 hl icmp6 length limit mac owner policy state CONNMARK HL LOG NFQUEUE MARK TCPMSS TRACE
-PFX_EXT_SLIB:=mark multiport physdev pkttype sctp standard tcp tcpmss udp NOTRACK
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit owner policy realm state tos ttl unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE REDIRECT REJECT SAME SNAT TCPMSS TOS TTL TRACE ULOG
+PF6_EXT_SLIB:=connlimit connmark eui64 hl icmp6 length limit owner policy state CONNMARK HL LOG NFQUEUE MARK TCPMSS TRACE
+PFX_EXT_SLIB:=mac mark multiport physdev pkttype sctp standard tcp tcpmss udp NOTRACK
 
 ifeq ($(DO_SELINUX), 1)
 PF_EXT_SE_SLIB:=SECMARK CONNSECMARK

Deleted: trunk/iptables/extensions/libip6t_mac.c
===================================================================
--- trunk/iptables/extensions/libip6t_mac.c	2007-07-24 07:06:57 UTC (rev 6950)
+++ trunk/iptables/extensions/libip6t_mac.c	2007-07-24 07:09:51 UTC (rev 6951)
@@ -1,139 +0,0 @@
-/* Shared library add-on to iptables to add MAC address support. */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#if defined(__GLIBC__) && __GLIBC__ == 2
-#include <net/ethernet.h>
-#else
-#include <linux/if_ether.h>
-#endif
-#include <ip6tables.h>
-#include <linux/netfilter_ipv6/ip6t_mac.h>
-
-/* Function which prints out usage message. */
-static void
-help(void)
-{
-	printf(
-"MAC v%s options:\n"
-" --mac-source [!] XX:XX:XX:XX:XX:XX\n"
-"				Match source MAC address\n"
-"\n", IPTABLES_VERSION);
-}
-
-static struct option opts[] = {
-	{ "mac-source", 1, 0, '1' },
-	{0}
-};
-
-static void
-parse_mac(const char *mac, struct ip6t_mac_info *info)
-{
-	unsigned int i = 0;
-
-	if (strlen(mac) != ETH_ALEN*3-1)
-		exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac);
-
-	for (i = 0; i < ETH_ALEN; i++) {
-		long number;
-		char *end;
-
-		number = strtol(mac + i*3, &end, 16);
-
-		if (end == mac + i*3 + 2
-		    && number >= 0
-		    && number <= 255)
-			info->srcaddr[i] = number;
-		else
-			exit_error(PARAMETER_PROBLEM,
-				   "Bad mac address `%s'", mac);
-	}
-}
-
-/* Function which parses command options; returns true if it
-   ate an option */
-static int
-parse(int c, char **argv, int invert, unsigned int *flags,
-      const void *entry,
-      unsigned int *nfcache,
-      struct xt_entry_match **match)
-{
-	struct ip6t_mac_info *macinfo = (struct ip6t_mac_info *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		check_inverse(optarg, &invert, &optind, 0);
-		parse_mac(argv[optind-1], macinfo);
-		if (invert)
-			macinfo->invert = 1;
-		*flags = 1;
-		break;
-
-	default:
-		return 0;
-	}
-
-	return 1;
-}
-
-static void print_mac(unsigned char macaddress[ETH_ALEN])
-{
-	unsigned int i;
-
-	printf("%02X", macaddress[0]);
-	for (i = 1; i < ETH_ALEN; i++)
-		printf(":%02X", macaddress[i]);
-	printf(" ");
-}
-
-/* Final check; must have specified --mac. */
-static void final_check(unsigned int flags)
-{
-	if (!flags)
-		exit_error(PARAMETER_PROBLEM,
-			   "You must specify `--mac-source'");
-}
-
-/* Prints out the matchinfo. */
-static void
-print(const void *ip,
-      const struct xt_entry_match *match,
-      int numeric)
-{
-	printf("MAC ");
-
-	if (((struct ip6t_mac_info *)match->data)->invert)
-		printf("! ");
-
-	print_mac(((struct ip6t_mac_info *)match->data)->srcaddr);
-}
-
-/* Saves the union ip6t_matchinfo in parsable form to stdout. */
-static void save(const void *ip, const struct xt_entry_match *match)
-{
-	if (((struct ip6t_mac_info *)match->data)->invert)
-		printf("! ");
-
-	printf("--mac-source ");
-	print_mac(((struct ip6t_mac_info *)match->data)->srcaddr);
-}
-
-static struct ip6tables_match mac = {
-	.name		= "mac",
-	.version	= IPTABLES_VERSION,
-	.size		= IP6T_ALIGN(sizeof(struct ip6t_mac_info)),
-	.userspacesize	= IP6T_ALIGN(sizeof(struct ip6t_mac_info)),
-	.help		= &help,
-	.parse		= &parse,
-	.final_check	= &final_check,
-	.print		= &print,
-	.save		= &save,
-	.extra_opts	= opts,
-};
-
-void _init(void)
-{
-	register_match6(&mac);
-}

Deleted: trunk/iptables/extensions/libipt_mac.c
===================================================================
--- trunk/iptables/extensions/libipt_mac.c	2007-07-24 07:06:57 UTC (rev 6950)
+++ trunk/iptables/extensions/libipt_mac.c	2007-07-24 07:09:51 UTC (rev 6951)
@@ -1,140 +0,0 @@
-/* Shared library add-on to iptables to add MAC address support. */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#if defined(__GLIBC__) && __GLIBC__ == 2
-#include <net/ethernet.h>
-#else
-#include <linux/if_ether.h>
-#endif
-#include <iptables.h>
-#include <linux/netfilter_ipv4/ipt_mac.h>
-
-/* Function which prints out usage message. */
-static void
-help(void)
-{
-	printf(
-"MAC v%s options:\n"
-" --mac-source [!] XX:XX:XX:XX:XX:XX\n"
-"				Match source MAC address\n"
-"\n", IPTABLES_VERSION);
-}
-
-static struct option opts[] = {
-	{ "mac-source", 1, 0, '1' },
-	{0}
-};
-
-static void
-parse_mac(const char *mac, struct ipt_mac_info *info)
-{
-	unsigned int i = 0;
-
-	if (strlen(mac) != ETH_ALEN*3-1)
-		exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac);
-
-	for (i = 0; i < ETH_ALEN; i++) {
-		long number;
-		char *end;
-
-		number = strtol(mac + i*3, &end, 16);
-
-		if (end == mac + i*3 + 2
-		    && number >= 0
-		    && number <= 255)
-			info->srcaddr[i] = number;
-		else
-			exit_error(PARAMETER_PROBLEM,
-				   "Bad mac address `%s'", mac);
-	}
-}
-
-/* Function which parses command options; returns true if it
-   ate an option */
-static int
-parse(int c, char **argv, int invert, unsigned int *flags,
-      const void *entry,
-      unsigned int *nfcache,
-      struct xt_entry_match **match)
-{
-	struct ipt_mac_info *macinfo = (struct ipt_mac_info *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		check_inverse(optarg, &invert, &optind, 0);
-		parse_mac(argv[optind-1], macinfo);
-		if (invert)
-			macinfo->invert = 1;
-		*flags = 1;
-		break;
-
-	default:
-		return 0;
-	}
-
-	return 1;
-}
-
-static void print_mac(unsigned char macaddress[ETH_ALEN])
-{
-	unsigned int i;
-
-	printf("%02X", macaddress[0]);
-	for (i = 1; i < ETH_ALEN; i++)
-		printf(":%02X", macaddress[i]);
-	printf(" ");
-}
-
-/* Final check; must have specified --mac. */
-static void final_check(unsigned int flags)
-{
-	if (!flags)
-		exit_error(PARAMETER_PROBLEM,
-			   "You must specify `--mac-source'");
-}
-
-/* Prints out the matchinfo. */
-static void
-print(const void *ip,
-      const struct xt_entry_match *match,
-      int numeric)
-{
-	printf("MAC ");
-
-	if (((struct ipt_mac_info *)match->data)->invert)
-		printf("! ");
-	
-	print_mac(((struct ipt_mac_info *)match->data)->srcaddr);
-}
-
-/* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const void *ip, const struct xt_entry_match *match)
-{
-	if (((struct ipt_mac_info *)match->data)->invert)
-		printf("! ");
-
-	printf("--mac-source ");
-	print_mac(((struct ipt_mac_info *)match->data)->srcaddr);
-}
-
-static struct iptables_match mac = { 
-	.next		= NULL,
- 	.name		= "mac",
-	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_mac_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_mac_info)),
-	.help		= &help,
-	.parse		= &parse,
-	.final_check	= &final_check,
-	.print		= &print,
-	.save		= &save,
-	.extra_opts	= opts
-};
-
-void _init(void)
-{
-	register_match(&mac);
-}

Added: trunk/iptables/extensions/libxt_mac.c
===================================================================
--- trunk/iptables/extensions/libxt_mac.c	                        (rev 0)
+++ trunk/iptables/extensions/libxt_mac.c	2007-07-24 07:09:51 UTC (rev 6951)
@@ -0,0 +1,157 @@
+/* Shared library add-on to iptables to add MAC address support. */
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+#if defined(__GLIBC__) && __GLIBC__ == 2
+#include <net/ethernet.h>
+#else
+#include <linux/if_ether.h>
+#endif
+#include <xtables.h>
+#include <linux/netfilter/xt_mac.h>
+
+/* Function which prints out usage message. */
+static void
+help(void)
+{
+	printf(
+"MAC v%s options:\n"
+" --mac-source [!] XX:XX:XX:XX:XX:XX\n"
+"				Match source MAC address\n"
+"\n", IPTABLES_VERSION);
+}
+
+static struct option opts[] = {
+	{ "mac-source", 1, 0, '1' },
+	{0}
+};
+
+static void
+parse_mac(const char *mac, struct xt_mac_info *info)
+{
+	unsigned int i = 0;
+
+	if (strlen(mac) != ETH_ALEN*3-1)
+		exit_error(PARAMETER_PROBLEM, "Bad mac address `%s'", mac);
+
+	for (i = 0; i < ETH_ALEN; i++) {
+		long number;
+		char *end;
+
+		number = strtol(mac + i*3, &end, 16);
+
+		if (end == mac + i*3 + 2
+		    && number >= 0
+		    && number <= 255)
+			info->srcaddr[i] = number;
+		else
+			exit_error(PARAMETER_PROBLEM,
+				   "Bad mac address `%s'", mac);
+	}
+}
+
+/* Function which parses command options; returns true if it
+   ate an option */
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+      const void *entry,
+      unsigned int *nfcache,
+      struct xt_entry_match **match)
+{
+	struct xt_mac_info *macinfo = (struct xt_mac_info *)(*match)->data;
+
+	switch (c) {
+	case '1':
+		check_inverse(optarg, &invert, &optind, 0);
+		parse_mac(argv[optind-1], macinfo);
+		if (invert)
+			macinfo->invert = 1;
+		*flags = 1;
+		break;
+
+	default:
+		return 0;
+	}
+
+	return 1;
+}
+
+static void print_mac(unsigned char macaddress[ETH_ALEN])
+{
+	unsigned int i;
+
+	printf("%02X", macaddress[0]);
+	for (i = 1; i < ETH_ALEN; i++)
+		printf(":%02X", macaddress[i]);
+	printf(" ");
+}
+
+/* Final check; must have specified --mac. */
+static void final_check(unsigned int flags)
+{
+	if (!flags)
+		exit_error(PARAMETER_PROBLEM,
+			   "You must specify `--mac-source'");
+}
+
+/* Prints out the matchinfo. */
+static void
+print(const void *ip,
+      const struct xt_entry_match *match,
+      int numeric)
+{
+	printf("MAC ");
+
+	if (((struct xt_mac_info *)match->data)->invert)
+		printf("! ");
+	
+	print_mac(((struct xt_mac_info *)match->data)->srcaddr);
+}
+
+/* Saves the union ipt_matchinfo in parsable form to stdout. */
+static void save(const void *ip, const struct xt_entry_match *match)
+{
+	if (((struct xt_mac_info *)match->data)->invert)
+		printf("! ");
+
+	printf("--mac-source ");
+	print_mac(((struct xt_mac_info *)match->data)->srcaddr);
+}
+
+static struct xtables_match mac = { 
+	.next		= NULL,
+	.family		= AF_INET,
+ 	.name		= "mac",
+	.version	= IPTABLES_VERSION,
+	.size		= XT_ALIGN(sizeof(struct xt_mac_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct xt_mac_info)),
+	.help		= &help,
+	.parse		= &parse,
+	.final_check	= &final_check,
+	.print		= &print,
+	.save		= &save,
+	.extra_opts	= opts
+};
+
+static struct xtables_match mac6 = { 
+	.next		= NULL,
+	.family		= AF_INET6,
+ 	.name		= "mac",
+	.version	= IPTABLES_VERSION,
+	.size		= XT_ALIGN(sizeof(struct xt_mac_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct xt_mac_info)),
+	.help		= &help,
+	.parse		= &parse,
+	.final_check	= &final_check,
+	.print		= &print,
+	.save		= &save,
+	.extra_opts	= opts
+};
+
+void _init(void)
+{
+	xtables_register_match(&mac);
+	xtables_register_match(&mac6);
+}

Added: trunk/iptables/include/linux/netfilter/xt_mac.h
===================================================================
--- trunk/iptables/include/linux/netfilter/xt_mac.h	                        (rev 0)
+++ trunk/iptables/include/linux/netfilter/xt_mac.h	2007-07-24 07:09:51 UTC (rev 6951)
@@ -0,0 +1,8 @@
+#ifndef _XT_MAC_H
+#define _XT_MAC_H
+
+struct xt_mac_info {
+    unsigned char srcaddr[ETH_ALEN];
+    int invert;
+};
+#endif /*_XT_MAC_H*/




More information about the netfilter-cvslog mailing list