| #include <stdio.h> |
| #include <xtables.h> |
| #include <linux/netfilter/xt_cgroup.h> |
| |
| enum { |
| O_CGROUP = 0, |
| }; |
| |
| static void cgroup_help(void) |
| { |
| printf( |
| "cgroup match options:\n" |
| "[!] --cgroup fwid Match cgroup fwid\n"); |
| } |
| |
| static const struct xt_option_entry cgroup_opts[] = { |
| { |
| .name = "cgroup", |
| .id = O_CGROUP, |
| .type = XTTYPE_UINT32, |
| .flags = XTOPT_INVERT | XTOPT_MAND | XTOPT_PUT, |
| XTOPT_POINTER(struct xt_cgroup_info, id) |
| }, |
| XTOPT_TABLEEND, |
| }; |
| |
| static void cgroup_parse(struct xt_option_call *cb) |
| { |
| struct xt_cgroup_info *cgroupinfo = cb->data; |
| |
| xtables_option_parse(cb); |
| if (cb->invert) |
| cgroupinfo->invert = true; |
| } |
| |
| static void |
| cgroup_print(const void *ip, const struct xt_entry_match *match, int numeric) |
| { |
| const struct xt_cgroup_info *info = (void *) match->data; |
| |
| printf(" cgroup %s%u", info->invert ? "! ":"", info->id); |
| } |
| |
| static void cgroup_save(const void *ip, const struct xt_entry_match *match) |
| { |
| const struct xt_cgroup_info *info = (void *) match->data; |
| |
| printf("%s --cgroup %u", info->invert ? " !" : "", info->id); |
| } |
| |
| static struct xtables_match cgroup_match = { |
| .family = NFPROTO_UNSPEC, |
| .name = "cgroup", |
| .version = XTABLES_VERSION, |
| .size = XT_ALIGN(sizeof(struct xt_cgroup_info)), |
| .userspacesize = XT_ALIGN(sizeof(struct xt_cgroup_info)), |
| .help = cgroup_help, |
| .print = cgroup_print, |
| .save = cgroup_save, |
| .x6_parse = cgroup_parse, |
| .x6_options = cgroup_opts, |
| }; |
| |
| void _init(void) |
| { |
| xtables_register_match(&cgroup_match); |
| } |
