[packages/iptables.git] / mark-bitwise-ops.patch.userspace

--- userspace/extensions/libipt_mark.c.old	2002-09-20 17:25:13.000000000 +0200
+++ userspace/extensions/libipt_mark.c	2003-04-07 03:07:45.000000000 +0200
@@ -14,13 +14,17 @@
 {
 	printf(
 "MARK match v%s options:\n"
-"[!] --mark value[/mask]         Match nfmark value with optional mask\n"
+"[!] --mark    value           Match nfmark value\n"
+"[!] --markor  value/mask      Match nfmark value, the packets nfmark is ORed with mask before matching.\n"
+"[!] --markand value/mask      Match nfmark value, the packets nfmark is ORed with mask before matching.\n"
 "\n",
 IPTABLES_VERSION);
 }
 
 static struct option opts[] = {
 	{ "mark", 1, 0, '1' },
+	{ "markor", 1, 0, '2' },
+	{ "markand", 1, 0, '3' },
 	{0}
 };
 
@@ -41,45 +45,60 @@
       struct ipt_entry_match **match)
 {
 	struct ipt_mark_info *markinfo = (struct ipt_mark_info *)(*match)->data;
+	char *end;
 
-	switch (c) {
-		char *end;
-	case '1':
-		check_inverse(optarg, &invert, &optind, 0);
+	if ((c=='1') || (c=='2') || (c=='3')) // we ate an option ?
+        {
+                if (*flags)
+                        exit_error(PARAMETER_PROBLEM, "mark match: can specify only one action");
 		markinfo->mark = strtoul(optarg, &end, 0);
-		if (*end == '/') {
-			markinfo->mask = strtoul(end+1, &end, 0);
-		} else
-			markinfo->mask = 0xffffffff;
-		if (*end != '\0' || end == optarg)
-			exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+		if (((*end != '\0') && (*end != '/')) || (end == optarg))
+			exit_error(PARAMETER_PROBLEM, "Bad mark value `%s'", optarg);
 		if (invert)
 			markinfo->invert = 1;
-		*flags = 1;
+                *flags = 1;
+        }
+	else
+		return 0;
+
+	switch (c) {
+
+	case '1':
+		markinfo->bit_op = IPT_MARK_BIT_OP_NONE;
+		markinfo->mask = 0;
 		break;
 
+	case '2':
+		if (*end != '/')
+			exit_error(PARAMETER_PROBLEM, "mark match: you must specify a mask when using markor\n");
+		markinfo->mask = strtoul(end+1, &end, 0);
+                if (*end != '\0' || end == optarg)
+                        exit_error(PARAMETER_PROBLEM, "Bad mark OR value `%s'", optarg);
+		markinfo->bit_op = IPT_MARK_BIT_OP_OR;
+                break;
+
+	case '3':
+		if (*end != '/')
+			exit_error(PARAMETER_PROBLEM, "mark match: you must specify a mask when using markand\n");
+		markinfo->mask = strtoul(end+1, &end, 0);
+                if (*end != '\0' || end == optarg)
+                        exit_error(PARAMETER_PROBLEM, "Bad mark AND value `%s'", optarg);
+		markinfo->bit_op = IPT_MARK_BIT_OP_AND;
+                break;
+
 	default:
-		return 0;
+		break; /* will never happen, but at least no warning */
 	}
 	return 1;
 }
 
-static void
-print_mark(unsigned long mark, unsigned long mask, int numeric)
-{
-	if(mask != 0xffffffff)
-		printf("0x%lx/0x%lx ", mark, mask);
-	else
-		printf("0x%lx ", mark);
-}
-
 /* Final check; must have specified --mark. */
 static void
 final_check(unsigned int flags)
 {
 	if (!flags)
 		exit_error(PARAMETER_PROBLEM,
-			   "MARK match: You must specify `--mark'");
+			   "MARK match: you must specify a mark to match");
 }
 
 /* Prints out the matchinfo. */
@@ -90,12 +109,15 @@
 {
 	struct ipt_mark_info *info = (struct ipt_mark_info *)match->data;
 
-	printf("MARK match ");
-
+	printf("MARK ");
+	if (info->bit_op == IPT_MARK_BIT_OP_AND)
+		printf("& 0x%lx ", info->mask);
+	else
+		if (info->bit_op == IPT_MARK_BIT_OP_OR)
+			printf("| 0x%lx ", info->mask);
 	if (info->invert)
-		printf("!");
-	
-	print_mark(info->mark, info->mask, numeric);
+		printf("! ");
+	printf("match 0x%lx ", info->mark);
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
@@ -107,8 +129,18 @@
 	if (info->invert)
 		printf("! ");
 	
-	printf("--mark ");
-	print_mark(info->mark, info->mask, 0);
+	switch (info->bit_op)
+	{
+	case IPT_MARK_BIT_OP_AND :
+		printf("--markand 0x%lx/0x%lx ", info->mark, info->mask);
+		break;
+	case IPT_MARK_BIT_OP_OR :
+		printf("--markor 0x%lx/0x%lx ", info->mark, info->mask);
+		break;
+	case IPT_MARK_BIT_OP_NONE :
+		printf("--mark 0x%lx ", info->mark);
+		break;
+	}
 }
 
 static
Commit	Line	Data
98f7edcb JR	1	--- userspace/extensions/libipt_mark.c.old 2002-09-20 17:25:13.000000000 +0200
98f7edcb JR	2	+++ userspace/extensions/libipt_mark.c 2003-04-07 03:07:45.000000000 +0200
5e9efab3	3	@@ -14,13 +14,17 @@
c807228b	4	{
	5	printf(
	6	"MARK match v%s options:\n"
	7	-"[!] --mark value[/mask] Match nfmark value with optional mask\n"
	8	+"[!] --mark value Match nfmark value\n"
	9	+"[!] --markor value/mask Match nfmark value, the packets nfmark is ORed with mask before matching.\n"
	10	+"[!] --markand value/mask Match nfmark value, the packets nfmark is ORed with mask before matching.\n"
	11	"\n",
5385fc7c	12	IPTABLES_VERSION);
c807228b	13	}
	14
	15	static struct option opts[] = {
	16	{ "mark", 1, 0, '1' },
	17	+ { "markor", 1, 0, '2' },
	18	+ { "markand", 1, 0, '3' },
	19	{0}
	20	};
	21
d73bbb97	22	@@ -41,45 +45,60 @@
c807228b	23	struct ipt_entry_match **match)
	24	{
	25	struct ipt_mark_info markinfo = (struct ipt_mark_info )(*match)->data;
	26	+ char *end;
	27
	28	- switch (c) {
	29	- char *end;
	30	- case '1':
	31	- check_inverse(optarg, &invert, &optind, 0);
	32	+ if ((c=='1') \|\| (c=='2') \|\| (c=='3')) // we ate an option ?
	33	+ {
	34	+ if (*flags)
	35	+ exit_error(PARAMETER_PROBLEM, "mark match: can specify only one action");
	36	markinfo->mark = strtoul(optarg, &end, 0);
	37	- if (*end == '/') {
	38	- markinfo->mask = strtoul(end+1, &end, 0);
	39	- } else
	40	- markinfo->mask = 0xffffffff;
	41	- if (*end != '\0' \|\| end == optarg)
	42	- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
	43	+ if (((end != '\0') && (end != '/')) \|\| (end == optarg))
	44	+ exit_error(PARAMETER_PROBLEM, "Bad mark value `%s'", optarg);
	45	if (invert)
	46	markinfo->invert = 1;
	47	- *flags = 1;
	48	+ *flags = 1;
	49	+ }
	50	+ else
	51	+ return 0;
	52	+
	53	+ switch (c) {
	54	+
	55	+ case '1':
	56	+ markinfo->bit_op = IPT_MARK_BIT_OP_NONE;
	57	+ markinfo->mask = 0;
	58	break;
	59
	60	+ case '2':
	61	+ if (*end != '/')
	62	+ exit_error(PARAMETER_PROBLEM, "mark match: you must specify a mask when using markor\n");
	63	+ markinfo->mask = strtoul(end+1, &end, 0);
	64	+ if (*end != '\0' \|\| end == optarg)
	65	+ exit_error(PARAMETER_PROBLEM, "Bad mark OR value `%s'", optarg);
	66	+ markinfo->bit_op = IPT_MARK_BIT_OP_OR;
	67	+ break;
	68	+
	69	+ case '3':
	70	+ if (*end != '/')
	71	+ exit_error(PARAMETER_PROBLEM, "mark match: you must specify a mask when using markand\n");
	72	+ markinfo->mask = strtoul(end+1, &end, 0);
	73	+ if (*end != '\0' \|\| end == optarg)
	74	+ exit_error(PARAMETER_PROBLEM, "Bad mark AND value `%s'", optarg);
	75	+ markinfo->bit_op = IPT_MARK_BIT_OP_AND;
	76	+ break;
	77	+
	78	default:
	79	- return 0;
	80	+ break; /* will never happen, but at least no warning */
	81	}
	82	return 1;
	83	}
	84
	85	-static void
d73bbb97	86	-print_mark(unsigned long mark, unsigned long mask, int numeric)
c807228b	87	-{
c807228b	88	- if(mask != 0xffffffff)
	89	- printf("0x%lx/0x%lx ", mark, mask);
	90	- else
	91	- printf("0x%lx ", mark);
	92	-}
	93	-
	94	/* Final check; must have specified --mark. */
	95	static void
	96	final_check(unsigned int flags)
	97	{
	98	if (!flags)
	99	exit_error(PARAMETER_PROBLEM,
	100	- "MARK match: You must specify `--mark'");
	101	+ "MARK match: you must specify a mark to match");
	102	}
	103
	104	/* Prints out the matchinfo. */
98f7edcb JR	105	@@ -90,12 +109,15 @@
	106	{
	107	struct ipt_mark_info info = (struct ipt_mark_info )match->data;
	108
	109	- printf("MARK match ");
	110	-
	111	+ printf("MARK ");
	112	+ if (info->bit_op == IPT_MARK_BIT_OP_AND)
	113	+ printf("& 0x%lx ", info->mask);
	114	+ else
	115	+ if (info->bit_op == IPT_MARK_BIT_OP_OR)
	116	+ printf("\| 0x%lx ", info->mask);
	117	if (info->invert)
	118	- printf("!");
	119	-
	120	- print_mark(info->mark, info->mask, numeric);
	121	+ printf("! ");
	122	+ printf("match 0x%lx ", info->mark);
	123	}
	124
	125	/* Saves the union ipt_matchinfo in parsable form to stdout. */
	126	@@ -107,8 +129,18 @@
	127	if (info->invert)
	128	printf("! ");
	129
	130	- printf("--mark ");
	131	- print_mark(info->mark, info->mask, 0);
	132	+ switch (info->bit_op)
	133	+ {
	134	+ case IPT_MARK_BIT_OP_AND :
	135	+ printf("--markand 0x%lx/0x%lx ", info->mark, info->mask);
	136	+ break;
	137	+ case IPT_MARK_BIT_OP_OR :
	138	+ printf("--markor 0x%lx/0x%lx ", info->mark, info->mask);
	139	+ break;
	140	+ case IPT_MARK_BIT_OP_NONE :
	141	+ printf("--mark 0x%lx ", info->mark);
	142	+ break;
	143	+ }
	144	}
	145
	146	static