1 /* Shared library add-on to iptables to add NFMARK matching support. */
9 /* For 64bit kernel / 32bit userspace */
10 #include "../include/linux/netfilter_ipv4/ipt_mark.h"
12 /* Function which prints out usage message. */
17 "MARK match v%s options:\n"
18 "[!] --mark value[/mask] Match nfmark value with optional mask\n"
23 static struct option opts
[] = {
24 { "mark", 1, 0, '1' },
28 /* Function which parses command options; returns true if it
31 parse(int c
, char **argv
, int invert
, unsigned int *flags
,
32 const struct ipt_entry
*entry
,
33 unsigned int *nfcache
,
34 struct ipt_entry_match
**match
)
36 struct ipt_mark_info
*markinfo
= (struct ipt_mark_info
*)(*match
)->data
;
41 check_inverse(optarg
, &invert
, &optind
, 0);
42 #ifdef KERNEL_64_USERSPACE_32
43 markinfo
->mark
= strtoull(optarg
, &end
, 0);
45 markinfo
->mask
= strtoull(end
+1, &end
, 0);
47 markinfo
->mask
= 0xffffffffffffffffULL
;
49 markinfo
->mark
= strtoul(optarg
, &end
, 0);
51 markinfo
->mask
= strtoul(end
+1, &end
, 0);
53 markinfo
->mask
= 0xffffffff;
55 if (*end
!= '\0' || end
== optarg
)
56 exit_error(PARAMETER_PROBLEM
, "Bad MARK value `%s'", optarg
);
68 #ifdef KERNEL_64_USERSPACE_32
70 print_mark(unsigned long long mark
, unsigned long long mask
, int numeric
)
72 if(mask
!= 0xffffffffffffffffULL
)
73 printf("0x%llx/0x%llx ", mark
, mask
);
75 printf("0x%llx ", mark
);
79 print_mark(unsigned long mark
, unsigned long mask
, int numeric
)
81 if(mask
!= 0xffffffff)
82 printf("0x%lx/0x%lx ", mark
, mask
);
84 printf("0x%lx ", mark
);
88 /* Final check; must have specified --mark. */
90 final_check(unsigned int flags
)
93 exit_error(PARAMETER_PROBLEM
,
94 "MARK match: You must specify `--mark'");
97 /* Prints out the matchinfo. */
99 print(const struct ipt_ip
*ip
,
100 const struct ipt_entry_match
*match
,
103 struct ipt_mark_info
*info
= (struct ipt_mark_info
*)match
->data
;
105 printf("MARK match ");
110 print_mark(info
->mark
, info
->mask
, numeric
);
113 /* Saves the union ipt_matchinfo in parsable form to stdout. */
115 save(const struct ipt_ip
*ip
, const struct ipt_entry_match
*match
)
117 struct ipt_mark_info
*info
= (struct ipt_mark_info
*)match
->data
;
123 print_mark(info
->mark
, info
->mask
, 0);
126 static struct iptables_match mark
= {
129 .version
= IPTABLES_VERSION
,
130 .size
= IPT_ALIGN(sizeof(struct ipt_mark_info
)),
131 .userspacesize
= IPT_ALIGN(sizeof(struct ipt_mark_info
)),
134 .final_check
= &final_check
,
142 register_match(&mark
);