extensions/libipt_ipv4options.c - platform/external/iptables - Gitiles

 /* Shared library add-on to iptables to add ipv4 options matching support. */
 #include <stdio.h>
 #include <netdb.h>
 #include <string.h>
 #include <stdlib.h>
 #include <getopt.h>

 #include <iptables.h>
 #include <linux/netfilter_ipv4/ipt_ipv4options.h>

 /* Function which prints out usage message. */
 static void
 help(void)
 {
 	printf(
 "ipv4options v%s options:\n"
 "      --ssrr    (match strict source routing flag)\n"
 "      --lsrr    (match loose  source routing flag)\n"
 "      --no-srr  (match packets with no source routing)\n\n"
 "  [!] --rr      (match record route flag)\n\n"
 "  [!] --ts      (match timestamp flag)\n\n"
 "  [!] --ra      (match router-alert option)\n\n"
 "  [!] --any-opt (match any option or no option at all if used with '!')\n",
 IPTABLES_VERSION);
 }

 static struct option opts[] = {
 	{ "ssrr", 0, 0, '1' },
 	{ "lsrr", 0, 0, '2' },
 	{ "no-srr", 0, 0, '3'},
 	{ "rr", 0, 0, '4'},
 	{ "ts", 0, 0, '5'},
 	{ "ra", 0, 0, '6'},
 	{ "any-opt", 0, 0, '7'},
 	{0}
 };

 /* Initialize the match. */
 static void
 init(struct ipt_entry_match *m, unsigned int *nfcache)
 {
 	/* caching not yet implemented */
         *nfcache |= NFC_UNKNOWN;
 }

 /* Function which parses command options; returns true if it
    ate an option */
 static int
 parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
       unsigned int *nfcache,
       struct ipt_entry_match **match)
 {
 	struct ipt_ipv4options_info *info = (struct ipt_ipv4options_info *)(*match)->data;

 	switch (c)
 	{
 		/* strict-source-routing */
 	case '1':
 		if (invert)
 			exit_error(PARAMETER_PROBLEM,
 				   "ipv4options: unexpected `!' with --ssrr");
 		if (*flags & IPT_IPV4OPTION_MATCH_SSRR)
                         exit_error(PARAMETER_PROBLEM,
                                    "Can't specify --ssrr twice");
 		if (*flags & IPT_IPV4OPTION_MATCH_LSRR)
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --ssrr with --lsrr");
 		if (*flags & IPT_IPV4OPTION_DONT_MATCH_SRR)
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --ssrr with --no-srr");

 		info->options |= IPT_IPV4OPTION_MATCH_SSRR;
 		*flags |= IPT_IPV4OPTION_MATCH_SSRR;
 		break;

 		/* loose-source-routing */
 	case '2':
 		if (invert)
 			exit_error(PARAMETER_PROBLEM,
 				   "ipv4options: unexpected `!' with --lsrr");
 		if (*flags & IPT_IPV4OPTION_MATCH_SSRR)
                         exit_error(PARAMETER_PROBLEM,
                                    "Can't specify --lsrr twice");
 		if (*flags & IPT_IPV4OPTION_MATCH_LSRR)
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --lsrr with --ssrr");
 		if (*flags & IPT_IPV4OPTION_DONT_MATCH_SRR)
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --lsrr with --no-srr");
 		info->options |= IPT_IPV4OPTION_MATCH_LSRR;
 		*flags |= IPT_IPV4OPTION_MATCH_LSRR;
 		break;

 		/* no-source-routing */
 	case '3':
 		if (invert)
 			exit_error(PARAMETER_PROBLEM,
 					   "ipv4options: unexpected `!' with --no-srr");
 		if (*flags & IPT_IPV4OPTION_DONT_MATCH_SRR)
                         exit_error(PARAMETER_PROBLEM,
                                    "Can't specify --no-srr twice");
 		if (*flags & IPT_IPV4OPTION_MATCH_SSRR)
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --no-srr with --ssrr");
 		if (*flags & IPT_IPV4OPTION_MATCH_LSRR)
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --no-srr with --lsrr");
 		info->options |= IPT_IPV4OPTION_DONT_MATCH_SRR;
 		*flags |= IPT_IPV4OPTION_DONT_MATCH_SRR;
 		break;

 		/* record-route */
 	case '4':
 		if ((!invert) && (*flags & IPT_IPV4OPTION_MATCH_RR))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --rr twice");
 		if (invert && (*flags & IPT_IPV4OPTION_DONT_MATCH_RR))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify ! --rr twice");
 		if ((!invert) && (*flags & IPT_IPV4OPTION_DONT_MATCH_RR))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --rr with ! --rr");
 		if (invert && (*flags & IPT_IPV4OPTION_MATCH_RR))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify ! --rr with --rr");
 		if (invert) {
 			info->options |= IPT_IPV4OPTION_DONT_MATCH_RR;
 			*flags |= IPT_IPV4OPTION_DONT_MATCH_RR;
 		}
 		else {
 			info->options |= IPT_IPV4OPTION_MATCH_RR;
 			*flags |= IPT_IPV4OPTION_MATCH_RR;
 		}
 		break;

 		/* timestamp */
 	case '5':
 		if ((!invert) && (*flags & IPT_IPV4OPTION_MATCH_TIMESTAMP))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --ts twice");
 		if (invert && (*flags & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify ! --ts twice");
 		if ((!invert) && (*flags & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --ts with ! --ts");
 		if (invert && (*flags & IPT_IPV4OPTION_MATCH_TIMESTAMP))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify ! --ts with --ts");
 		if (invert) {
 			info->options |= IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP;
 			*flags |= IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP;
 		}
 		else {
 			info->options |= IPT_IPV4OPTION_MATCH_TIMESTAMP;
 			*flags |= IPT_IPV4OPTION_MATCH_TIMESTAMP;
 		}
 		break;

 		/* router-alert  */
 	case '6':
 		if ((!invert) && (*flags & IPT_IPV4OPTION_MATCH_ROUTER_ALERT))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --ra twice");
 		if (invert && (*flags & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify ! --rr twice");
 		if ((!invert) && (*flags & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --ra with ! --ra");
 		if (invert && (*flags & IPT_IPV4OPTION_MATCH_ROUTER_ALERT))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify ! --ra with --ra");
 		if (invert) {
 			info->options |= IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT;
 			*flags |= IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT;
 		}
 		else {
 			info->options |= IPT_IPV4OPTION_MATCH_ROUTER_ALERT;
 			*flags |= IPT_IPV4OPTION_MATCH_ROUTER_ALERT;
 		}
 		break;

 		/* any option */
 	case '7' :
 		if ((!invert) && (*flags & IPT_IPV4OPTION_MATCH_ANY_OPT))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --any-opt twice");
 		if (invert && (*flags & IPT_IPV4OPTION_MATCH_ANY_OPT))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify ! --any-opt with --any-opt");
 		if (invert && (*flags & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify ! --any-opt twice");
 		if ((!invert) &&
 		    ((*flags & IPT_IPV4OPTION_DONT_MATCH_SRR)       ||
 		     (*flags & IPT_IPV4OPTION_DONT_MATCH_RR)        ||
 		     (*flags & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) ||
 		     (*flags & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT)))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify --any-opt with any other negative ipv4options match");
 		if (invert &&
 		    ((*flags & IPT_IPV4OPTION_MATCH_LSRR)      ||
 		     (*flags & IPT_IPV4OPTION_MATCH_SSRR)      ||
 		     (*flags & IPT_IPV4OPTION_MATCH_RR)        ||
 		     (*flags & IPT_IPV4OPTION_MATCH_TIMESTAMP) ||
 		     (*flags & IPT_IPV4OPTION_MATCH_ROUTER_ALERT)))
 			exit_error(PARAMETER_PROBLEM,
 				   "Can't specify ! --any-opt with any other positive ipv4options match");
 		if (invert) {
 			info->options |= IPT_IPV4OPTION_DONT_MATCH_ANY_OPT;
 			*flags |= IPT_IPV4OPTION_DONT_MATCH_ANY_OPT;
 		}
 		else {
 			info->options |= IPT_IPV4OPTION_MATCH_ANY_OPT;
 			*flags |= IPT_IPV4OPTION_MATCH_ANY_OPT;
 		}
 		break;

 	default:
 		return 0;
 	}
 	return 1;
 }

 static void
 final_check(unsigned int flags)
 {
 	if (flags == 0)
 		exit_error(PARAMETER_PROBLEM,
 			   "ipv4options match: you must specify some parameters. See iptables -m ipv4options --help for help.'");
 }

 /* Prints out the matchinfo. */
 static void
 print(const struct ipt_ip *ip,
       const struct ipt_entry_match *match,
       int numeric)
 {
 	struct ipt_ipv4options_info *info = ((struct ipt_ipv4options_info *)match->data);

 	printf(" IPV4OPTS");
 	if (info->options & IPT_IPV4OPTION_MATCH_SSRR)
 		printf(" SSRR");
 	else if (info->options & IPT_IPV4OPTION_MATCH_LSRR)
 		printf(" LSRR");
 	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_SRR)
 		printf(" !SRR");
 	if (info->options & IPT_IPV4OPTION_MATCH_RR)
 		printf(" RR");
 	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_RR)
 		printf(" !RR");
 	if (info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP)
 		printf(" TS");
 	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP)
 		printf(" !TS");
 	if (info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT)
 		printf(" RA");
 	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT)
 		printf(" !RA");
 	if (info->options & IPT_IPV4OPTION_MATCH_ANY_OPT)
 		printf(" ANYOPT ");
 	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_ANY_OPT)
 		printf(" NOOPT");

 	printf(" ");
 }

 /* Saves the data in parsable form to stdout. */
 static void
 save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
 {
 	struct ipt_ipv4options_info *info = ((struct ipt_ipv4options_info *)match->data);

 	if (info->options & IPT_IPV4OPTION_MATCH_SSRR)
 		printf(" --ssrr");
 	else if (info->options & IPT_IPV4OPTION_MATCH_LSRR)
 		printf(" --lsrr");
 	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_SRR)
 		printf(" --no-srr");
 	if (info->options & IPT_IPV4OPTION_MATCH_RR)
 		printf(" --rr");
 	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_RR)
 		printf(" ! --rr");
 	if (info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP)
 		printf(" --ts");
 	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP)
 		printf(" ! --ts");
 	if (info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT)
 		printf(" --ra");
 	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT)
 		printf(" ! --ra");
 	if (info->options & IPT_IPV4OPTION_MATCH_ANY_OPT)
 		printf(" --any-opt");
 	if (info->options & IPT_IPV4OPTION_DONT_MATCH_ANY_OPT)
 		printf(" ! --any-opt");

 	printf(" ");
 }

 static
 struct iptables_match ipv4options_struct
 = { NULL,
     "ipv4options",
     IPTABLES_VERSION,
     IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
     IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
     &help,
     &init,
     &parse,
     &final_check,
     &print,
     &save,
     opts
 };

 void _init(void)
 {
 	register_match(&ipv4options_struct);
 }
	/* Shared library add-on to iptables to add ipv4 options matching support. */
	#include <stdio.h>
	#include <netdb.h>
	#include <string.h>
	#include <stdlib.h>
	#include <getopt.h>

	#include <iptables.h>
	#include <linux/netfilter_ipv4/ipt_ipv4options.h>

	/* Function which prints out usage message. */
	static void
	help(void)
	{
	printf(
	"ipv4options v%s options:\n"
	" --ssrr (match strict source routing flag)\n"
	" --lsrr (match loose source routing flag)\n"
	" --no-srr (match packets with no source routing)\n\n"
	" [!] --rr (match record route flag)\n\n"
	" [!] --ts (match timestamp flag)\n\n"
	" [!] --ra (match router-alert option)\n\n"
	" [!] --any-opt (match any option or no option at all if used with '!')\n",
	IPTABLES_VERSION);
	}

	static struct option opts[] = {
	{ "ssrr", 0, 0, '1' },
	{ "lsrr", 0, 0, '2' },
	{ "no-srr", 0, 0, '3'},
	{ "rr", 0, 0, '4'},
	{ "ts", 0, 0, '5'},
	{ "ra", 0, 0, '6'},
	{ "any-opt", 0, 0, '7'},
	{0}
	};

	/* Initialize the match. */
	static void
	init(struct ipt_entry_match m, unsigned int nfcache)
	{
	/* caching not yet implemented */
	*nfcache \|= NFC_UNKNOWN;
	}

	/* Function which parses command options; returns true if it
	ate an option */
	static int
	parse(int c, char *argv, int invert, unsigned int flags,
	const struct ipt_entry *entry,
	unsigned int *nfcache,
	struct ipt_entry_match **match)
	{
	struct ipt_ipv4options_info info = (struct ipt_ipv4options_info )(*match)->data;

	switch (c)
	{
	/* strict-source-routing */
	case '1':
	if (invert)
	exit_error(PARAMETER_PROBLEM,
	"ipv4options: unexpected `!' with --ssrr");
	if (*flags & IPT_IPV4OPTION_MATCH_SSRR)
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --ssrr twice");
	if (*flags & IPT_IPV4OPTION_MATCH_LSRR)
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --ssrr with --lsrr");
	if (*flags & IPT_IPV4OPTION_DONT_MATCH_SRR)
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --ssrr with --no-srr");

	info->options \|= IPT_IPV4OPTION_MATCH_SSRR;
	*flags \|= IPT_IPV4OPTION_MATCH_SSRR;
	break;

	/* loose-source-routing */
	case '2':
	if (invert)
	exit_error(PARAMETER_PROBLEM,
	"ipv4options: unexpected `!' with --lsrr");
	if (*flags & IPT_IPV4OPTION_MATCH_SSRR)
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --lsrr twice");
	if (*flags & IPT_IPV4OPTION_MATCH_LSRR)
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --lsrr with --ssrr");
	if (*flags & IPT_IPV4OPTION_DONT_MATCH_SRR)
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --lsrr with --no-srr");
	info->options \|= IPT_IPV4OPTION_MATCH_LSRR;
	*flags \|= IPT_IPV4OPTION_MATCH_LSRR;
	break;

	/* no-source-routing */
	case '3':
	if (invert)
	exit_error(PARAMETER_PROBLEM,
	"ipv4options: unexpected `!' with --no-srr");
	if (*flags & IPT_IPV4OPTION_DONT_MATCH_SRR)
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --no-srr twice");
	if (*flags & IPT_IPV4OPTION_MATCH_SSRR)
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --no-srr with --ssrr");
	if (*flags & IPT_IPV4OPTION_MATCH_LSRR)
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --no-srr with --lsrr");
	info->options \|= IPT_IPV4OPTION_DONT_MATCH_SRR;
	*flags \|= IPT_IPV4OPTION_DONT_MATCH_SRR;
	break;

	/* record-route */
	case '4':
	if ((!invert) && (*flags & IPT_IPV4OPTION_MATCH_RR))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --rr twice");
	if (invert && (*flags & IPT_IPV4OPTION_DONT_MATCH_RR))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify ! --rr twice");
	if ((!invert) && (*flags & IPT_IPV4OPTION_DONT_MATCH_RR))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --rr with ! --rr");
	if (invert && (*flags & IPT_IPV4OPTION_MATCH_RR))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify ! --rr with --rr");
	if (invert) {
	info->options \|= IPT_IPV4OPTION_DONT_MATCH_RR;
	*flags \|= IPT_IPV4OPTION_DONT_MATCH_RR;
	}
	else {
	info->options \|= IPT_IPV4OPTION_MATCH_RR;
	*flags \|= IPT_IPV4OPTION_MATCH_RR;
	}
	break;

	/* timestamp */
	case '5':
	if ((!invert) && (*flags & IPT_IPV4OPTION_MATCH_TIMESTAMP))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --ts twice");
	if (invert && (*flags & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify ! --ts twice");
	if ((!invert) && (*flags & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --ts with ! --ts");
	if (invert && (*flags & IPT_IPV4OPTION_MATCH_TIMESTAMP))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify ! --ts with --ts");
	if (invert) {
	info->options \|= IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP;
	*flags \|= IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP;
	}
	else {
	info->options \|= IPT_IPV4OPTION_MATCH_TIMESTAMP;
	*flags \|= IPT_IPV4OPTION_MATCH_TIMESTAMP;
	}
	break;

	/* router-alert */
	case '6':
	if ((!invert) && (*flags & IPT_IPV4OPTION_MATCH_ROUTER_ALERT))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --ra twice");
	if (invert && (*flags & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify ! --rr twice");
	if ((!invert) && (*flags & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --ra with ! --ra");
	if (invert && (*flags & IPT_IPV4OPTION_MATCH_ROUTER_ALERT))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify ! --ra with --ra");
	if (invert) {
	info->options \|= IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT;
	*flags \|= IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT;
	}
	else {
	info->options \|= IPT_IPV4OPTION_MATCH_ROUTER_ALERT;
	*flags \|= IPT_IPV4OPTION_MATCH_ROUTER_ALERT;
	}
	break;

	/* any option */
	case '7' :
	if ((!invert) && (*flags & IPT_IPV4OPTION_MATCH_ANY_OPT))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --any-opt twice");
	if (invert && (*flags & IPT_IPV4OPTION_MATCH_ANY_OPT))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify ! --any-opt with --any-opt");
	if (invert && (*flags & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify ! --any-opt twice");
	if ((!invert) &&
	((*flags & IPT_IPV4OPTION_DONT_MATCH_SRR) \|\|
	(*flags & IPT_IPV4OPTION_DONT_MATCH_RR) \|\|
	(*flags & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) \|\|
	(*flags & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT)))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify --any-opt with any other negative ipv4options match");
	if (invert &&
	((*flags & IPT_IPV4OPTION_MATCH_LSRR) \|\|
	(*flags & IPT_IPV4OPTION_MATCH_SSRR) \|\|
	(*flags & IPT_IPV4OPTION_MATCH_RR) \|\|
	(*flags & IPT_IPV4OPTION_MATCH_TIMESTAMP) \|\|
	(*flags & IPT_IPV4OPTION_MATCH_ROUTER_ALERT)))
	exit_error(PARAMETER_PROBLEM,
	"Can't specify ! --any-opt with any other positive ipv4options match");
	if (invert) {
	info->options \|= IPT_IPV4OPTION_DONT_MATCH_ANY_OPT;
	*flags \|= IPT_IPV4OPTION_DONT_MATCH_ANY_OPT;
	}
	else {
	info->options \|= IPT_IPV4OPTION_MATCH_ANY_OPT;
	*flags \|= IPT_IPV4OPTION_MATCH_ANY_OPT;
	}
	break;

	default:
	return 0;
	}
	return 1;
	}

	static void
	final_check(unsigned int flags)
	{
	if (flags == 0)
	exit_error(PARAMETER_PROBLEM,
	"ipv4options match: you must specify some parameters. See iptables -m ipv4options --help for help.'");
	}

	/* Prints out the matchinfo. */
	static void
	print(const struct ipt_ip *ip,
	const struct ipt_entry_match *match,
	int numeric)
	{
	struct ipt_ipv4options_info info = ((struct ipt_ipv4options_info )match->data);

	printf(" IPV4OPTS");
	if (info->options & IPT_IPV4OPTION_MATCH_SSRR)
	printf(" SSRR");
	else if (info->options & IPT_IPV4OPTION_MATCH_LSRR)
	printf(" LSRR");
	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_SRR)
	printf(" !SRR");
	if (info->options & IPT_IPV4OPTION_MATCH_RR)
	printf(" RR");
	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_RR)
	printf(" !RR");
	if (info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP)
	printf(" TS");
	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP)
	printf(" !TS");
	if (info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT)
	printf(" RA");
	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT)
	printf(" !RA");
	if (info->options & IPT_IPV4OPTION_MATCH_ANY_OPT)
	printf(" ANYOPT ");
	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_ANY_OPT)
	printf(" NOOPT");

	printf(" ");
	}

	/* Saves the data in parsable form to stdout. */
	static void
	save(const struct ipt_ip ip, const struct ipt_entry_match match)
	{
	struct ipt_ipv4options_info info = ((struct ipt_ipv4options_info )match->data);

	if (info->options & IPT_IPV4OPTION_MATCH_SSRR)
	printf(" --ssrr");
	else if (info->options & IPT_IPV4OPTION_MATCH_LSRR)
	printf(" --lsrr");
	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_SRR)
	printf(" --no-srr");
	if (info->options & IPT_IPV4OPTION_MATCH_RR)
	printf(" --rr");
	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_RR)
	printf(" ! --rr");
	if (info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP)
	printf(" --ts");
	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP)
	printf(" ! --ts");
	if (info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT)
	printf(" --ra");
	else if (info->options & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT)
	printf(" ! --ra");
	if (info->options & IPT_IPV4OPTION_MATCH_ANY_OPT)
	printf(" --any-opt");
	if (info->options & IPT_IPV4OPTION_DONT_MATCH_ANY_OPT)
	printf(" ! --any-opt");

	printf(" ");
	}

	static
	struct iptables_match ipv4options_struct
	= { NULL,
	"ipv4options",
	IPTABLES_VERSION,
	IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
	IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
	&help,
	&init,
	&parse,
	&final_check,
	&print,
	&save,
	opts
	};

	void _init(void)
	{
	register_match(&ipv4options_struct);
	}