diff -Naur iptables-1.2.7a.orig/extensions/libipt_mask.c iptables-1.2.7a/extensions/libipt_mask.c --- iptables-1.2.7a.orig/extensions/libipt_mask.c 1969-12-31 21:00:00.000000000 -0300 +++ iptables-1.2.7a/extensions/libipt_mask.c 2002-11-18 02:20:58.000000000 -0300 @@ -0,0 +1,113 @@ +/* Shared library add-on to iptables to add NFMASK arbitrary mask syntax matching support. */ +#include +#include +#include +#include +#include + +#include +#include + +/* Function which prints out usage message. */ +static void +help(void) +{ + printf( +"mask match v%s options:\n" +"--mask andmask,matchmask match matchmask whit the resutl of (dstadress & andmask)\n" +"\n", +IPTABLES_VERSION); +} + +static struct option opts[] = { + { "mask", 1, 0, '1' }, + {0} +}; + +/* Initialize the match. */ +static void +init(struct ipt_entry_match *m, unsigned int *nfcache) +{ + /* Can't cache this. */ + *nfcache |= NFC_UNKNOWN; +} + +/* Function which parses command options; returns true if it + ate an option */ +static int +parse(int c, char **argv, int invert, unsigned int *flags, + const struct ipt_entry *entry, + unsigned int *nfcache, + struct ipt_entry_match **match) +{ + struct ipt_mask_info *maskinfo = (struct ipt_mask_info *)(*match)->data; + switch (c) { + char *end; + case '1': + maskinfo->and_mask = htonl((u_int32_t)strtoul(optarg, &end, 0)); + if (*end == ',') { + maskinfo->cmpr_mask = htonl((u_int32_t)strtoul(end+1, &end, 0)); + } else + exit_error(PARAMETER_PROBLEM, "must specify both ANDmask,MATCHmask %s",optarg); + if (*end != '\0' || end == optarg) + exit_error(PARAMETER_PROBLEM, "bad mask values `%s'", optarg); + *flags=1; + break; + default: + return 0; + } + return 1; +} + +/* Final check; must have specified --mask. */ +static void +final_check(unsigned int flags) +{ + if (!flags) + exit_error(PARAMETER_PROBLEM, + "mask expection an option"); +} + +/* Prints out the matchinfo. */ +static void +print(const struct ipt_ip *ip, + const struct ipt_entry_match *match, + int numeric) +{ + const struct ipt_mask_info *maskinfo = (const struct ipt_mask_info *)match->data; + + printf("mask match "); + printf("0x%x,0x%x ", ntohl(maskinfo->and_mask), + ntohl(maskinfo->cmpr_mask) ); +} + +/* Saves the union ipt_matchinfo in parsable form to stdout. */ +static void +save(const struct ipt_ip *ip, const struct ipt_entry_match *match) +{ + const struct ipt_mask_info *maskinfo = (const struct ipt_mask_info *)match->data; + printf("--mask "); + printf("0x%x,0x%x ", ntohl(maskinfo->and_mask), + ntohl(maskinfo->cmpr_mask) ); +} + +static +struct iptables_match mask += { NULL, + "mask", + IPTABLES_VERSION, + IPT_ALIGN(sizeof(struct ipt_mask_info)), + IPT_ALIGN(sizeof(struct ipt_mask_info)), + &help, + &init, + &parse, + &final_check, + &print, + &save, + opts +}; + +void _init(void) +{ + register_match(&mask); +} diff -Naur iptables-1.2.7a.orig/extensions/Makefile iptables-1.2.7a/extensions/Makefile --- iptables-1.2.7a.orig/extensions/Makefile 2002-08-09 04:44:10.000000000 -0300 +++ iptables-1.2.7a/extensions/Makefile 2002-11-18 02:21:05.000000000 -0300 @@ -1,6 +1,6 @@ #! /usr/bin/make -PF_EXT_SLIB:=ah conntrack dscp ecn esp helper icmp length limit mac mark multiport owner pkttype standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TCPMSS TOS ULOG +PF_EXT_SLIB:=ah conntrack dscp ecn esp helper icmp length limit mac mark mask multiport owner pkttype standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TCPMSS TOS ULOG PF6_EXT_SLIB:=eui64 icmpv6 length limit mac mark multiport owner standard tcp udp LOG MARK # The following may not be present, but compile them anyway.