xref: /aosp_15_r20/external/iptables/extensions/libip6t_srh.c (revision a71a954618bbadd4a345637e5edcf36eec826889)

/* Shared library to add Segment Routing Header (SRH) matching support.
 *
 * Author:
 *       Ahmed Abdelsalam       <[email protected]>
 */

#include <stdio.h>
#include <xtables.h>
#include <linux/netfilter_ipv6/ip6t_srh.h>
#include <string.h>

/* srh command-line options */
enum {
	O_SRH_NEXTHDR,
	O_SRH_LEN_EQ,
	O_SRH_LEN_GT,
	O_SRH_LEN_LT,
	O_SRH_SEGS_EQ,
	O_SRH_SEGS_GT,
	O_SRH_SEGS_LT,
	O_SRH_LAST_EQ,
	O_SRH_LAST_GT,
	O_SRH_LAST_LT,
	O_SRH_TAG,
	O_SRH_PSID,
	O_SRH_NSID,
	O_SRH_LSID,
};

static void srh_help(void)
{
	printf(
"srh match options:\n"
"[!] --srh-next-hdr		next-hdr        Next Header value of SRH\n"
"[!] --srh-hdr-len-eq		hdr_len         Hdr Ext Len value of SRH\n"
"[!] --srh-hdr-len-gt		hdr_len         Hdr Ext Len value of SRH\n"
"[!] --srh-hdr-len-lt		hdr_len         Hdr Ext Len value of SRH\n"
"[!] --srh-segs-left-eq		segs_left       Segments Left value of SRH\n"
"[!] --srh-segs-left-gt		segs_left       Segments Left value of SRH\n"
"[!] --srh-segs-left-lt		segs_left       Segments Left value of SRH\n"
"[!] --srh-last-entry-eq 	last_entry      Last Entry value of SRH\n"
"[!] --srh-last-entry-gt 	last_entry      Last Entry value of SRH\n"
"[!] --srh-last-entry-lt 	last_entry      Last Entry value of SRH\n"
"[!] --srh-tag			tag             Tag value of SRH\n"
"[!] --srh-psid			addr[/mask]	SRH previous SID\n"
"[!] --srh-nsid			addr[/mask]	SRH next SID\n"
"[!] --srh-lsid			addr[/mask]	SRH Last SID\n");
}

#define s struct ip6t_srh
static const struct xt_option_entry srh_opts[] = {
	{ .name = "srh-next-hdr", .id = O_SRH_NEXTHDR, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, next_hdr)},
	{ .name = "srh-hdr-len-eq", .id = O_SRH_LEN_EQ, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdr_len)},
	{ .name = "srh-hdr-len-gt", .id = O_SRH_LEN_GT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdr_len)},
	{ .name = "srh-hdr-len-lt", .id = O_SRH_LEN_LT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdr_len)},
	{ .name = "srh-segs-left-eq", .id = O_SRH_SEGS_EQ, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, segs_left)},
	{ .name = "srh-segs-left-gt", .id = O_SRH_SEGS_GT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, segs_left)},
	{ .name = "srh-segs-left-lt", .id = O_SRH_SEGS_LT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, segs_left)},
	{ .name = "srh-last-entry-eq", .id = O_SRH_LAST_EQ, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, last_entry)},
	{ .name = "srh-last-entry-gt", .id = O_SRH_LAST_GT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, last_entry)},
	{ .name = "srh-last-entry-lt", .id = O_SRH_LAST_LT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, last_entry)},
	{ .name = "srh-tag", .id = O_SRH_TAG, .type = XTTYPE_UINT16,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, tag)},
	{ }
};
#undef s

#define s struct ip6t_srh1
static const struct xt_option_entry srh1_opts[] = {
	{ .name = "srh-next-hdr", .id = O_SRH_NEXTHDR, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, next_hdr)},
	{ .name = "srh-hdr-len-eq", .id = O_SRH_LEN_EQ, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdr_len)},
	{ .name = "srh-hdr-len-gt", .id = O_SRH_LEN_GT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdr_len)},
	{ .name = "srh-hdr-len-lt", .id = O_SRH_LEN_LT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdr_len)},
	{ .name = "srh-segs-left-eq", .id = O_SRH_SEGS_EQ, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, segs_left)},
	{ .name = "srh-segs-left-gt", .id = O_SRH_SEGS_GT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, segs_left)},
	{ .name = "srh-segs-left-lt", .id = O_SRH_SEGS_LT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, segs_left)},
	{ .name = "srh-last-entry-eq", .id = O_SRH_LAST_EQ, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, last_entry)},
	{ .name = "srh-last-entry-gt", .id = O_SRH_LAST_GT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, last_entry)},
	{ .name = "srh-last-entry-lt", .id = O_SRH_LAST_LT, .type = XTTYPE_UINT8,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, last_entry)},
	{ .name = "srh-tag", .id = O_SRH_TAG, .type = XTTYPE_UINT16,
	.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, tag)},
	{ .name = "srh-psid", .id = O_SRH_PSID, .type = XTTYPE_HOSTMASK,
	.flags = XTOPT_INVERT},
	{ .name = "srh-nsid", .id = O_SRH_NSID, .type = XTTYPE_HOSTMASK,
	.flags = XTOPT_INVERT},
	{ .name = "srh-lsid", .id = O_SRH_LSID, .type = XTTYPE_HOSTMASK,
	.flags = XTOPT_INVERT},
	{ }
};
#undef s

static void srh_init(struct xt_entry_match *m)
{
	struct ip6t_srh *srhinfo = (void *)m->data;

	srhinfo->mt_flags = 0;
	srhinfo->mt_invflags = 0;
}

static void srh1_init(struct xt_entry_match *m)
{
	struct ip6t_srh1 *srhinfo = (void *)m->data;

	srhinfo->mt_flags = 0;
	srhinfo->mt_invflags = 0;
	memset(srhinfo->psid_addr.s6_addr, 0, sizeof(srhinfo->psid_addr.s6_addr));
	memset(srhinfo->nsid_addr.s6_addr, 0, sizeof(srhinfo->nsid_addr.s6_addr));
	memset(srhinfo->lsid_addr.s6_addr, 0, sizeof(srhinfo->lsid_addr.s6_addr));
	memset(srhinfo->psid_msk.s6_addr, 0, sizeof(srhinfo->psid_msk.s6_addr));
	memset(srhinfo->nsid_msk.s6_addr, 0, sizeof(srhinfo->nsid_msk.s6_addr));
	memset(srhinfo->lsid_msk.s6_addr, 0, sizeof(srhinfo->lsid_msk.s6_addr));
}

static void srh_parse(struct xt_option_call *cb)
{
	struct ip6t_srh *srhinfo = cb->data;

	xtables_option_parse(cb);
	switch (cb->entry->id) {
	case O_SRH_NEXTHDR:
		srhinfo->mt_flags |= IP6T_SRH_NEXTHDR;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_NEXTHDR;
		break;
	case O_SRH_LEN_EQ:
		srhinfo->mt_flags |= IP6T_SRH_LEN_EQ;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LEN_EQ;
		break;
	case O_SRH_LEN_GT:
		srhinfo->mt_flags |= IP6T_SRH_LEN_GT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LEN_GT;
		break;
	case O_SRH_LEN_LT:
		srhinfo->mt_flags |= IP6T_SRH_LEN_LT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LEN_LT;
		break;
	case O_SRH_SEGS_EQ:
		srhinfo->mt_flags |= IP6T_SRH_SEGS_EQ;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_SEGS_EQ;
		break;
	case O_SRH_SEGS_GT:
		srhinfo->mt_flags |= IP6T_SRH_SEGS_GT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_SEGS_GT;
		break;
	case O_SRH_SEGS_LT:
		srhinfo->mt_flags |= IP6T_SRH_SEGS_LT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_SEGS_LT;
		break;
	case O_SRH_LAST_EQ:
		srhinfo->mt_flags |= IP6T_SRH_LAST_EQ;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LAST_EQ;
		break;
	case O_SRH_LAST_GT:
		srhinfo->mt_flags |= IP6T_SRH_LAST_GT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LAST_GT;
		break;
	case O_SRH_LAST_LT:
		srhinfo->mt_flags |= IP6T_SRH_LAST_LT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LAST_LT;
		break;
	case O_SRH_TAG:
		srhinfo->mt_flags |= IP6T_SRH_TAG;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_TAG;
		break;
	}
}

static void srh1_parse(struct xt_option_call *cb)
{
	struct ip6t_srh1 *srhinfo = cb->data;

	xtables_option_parse(cb);
	switch (cb->entry->id) {
	case O_SRH_NEXTHDR:
		srhinfo->mt_flags |= IP6T_SRH_NEXTHDR;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_NEXTHDR;
		break;
	case O_SRH_LEN_EQ:
		srhinfo->mt_flags |= IP6T_SRH_LEN_EQ;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LEN_EQ;
		break;
	case O_SRH_LEN_GT:
		srhinfo->mt_flags |= IP6T_SRH_LEN_GT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LEN_GT;
		break;
	case O_SRH_LEN_LT:
		srhinfo->mt_flags |= IP6T_SRH_LEN_LT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LEN_LT;
		break;
	case O_SRH_SEGS_EQ:
		srhinfo->mt_flags |= IP6T_SRH_SEGS_EQ;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_SEGS_EQ;
		break;
	case O_SRH_SEGS_GT:
		srhinfo->mt_flags |= IP6T_SRH_SEGS_GT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_SEGS_GT;
		break;
	case O_SRH_SEGS_LT:
		srhinfo->mt_flags |= IP6T_SRH_SEGS_LT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_SEGS_LT;
		break;
	case O_SRH_LAST_EQ:
		srhinfo->mt_flags |= IP6T_SRH_LAST_EQ;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LAST_EQ;
		break;
	case O_SRH_LAST_GT:
		srhinfo->mt_flags |= IP6T_SRH_LAST_GT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LAST_GT;
		break;
	case O_SRH_LAST_LT:
		srhinfo->mt_flags |= IP6T_SRH_LAST_LT;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LAST_LT;
		break;
	case O_SRH_TAG:
		srhinfo->mt_flags |= IP6T_SRH_TAG;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_TAG;
		break;
	case O_SRH_PSID:
		srhinfo->mt_flags |= IP6T_SRH_PSID;
		srhinfo->psid_addr = cb->val.haddr.in6;
		srhinfo->psid_msk  = cb->val.hmask.in6;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_PSID;
		break;
	case O_SRH_NSID:
		srhinfo->mt_flags |= IP6T_SRH_NSID;
		srhinfo->nsid_addr = cb->val.haddr.in6;
		srhinfo->nsid_msk  = cb->val.hmask.in6;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_NSID;
		break;
	case O_SRH_LSID:
		srhinfo->mt_flags |= IP6T_SRH_LSID;
		srhinfo->lsid_addr = cb->val.haddr.in6;
		srhinfo->lsid_msk  = cb->val.hmask.in6;
		if (cb->invert)
			srhinfo->mt_invflags |= IP6T_SRH_INV_LSID;
		break;
	}
}

static void srh_print(const void *ip, const struct xt_entry_match *match,
			int numeric)
{
	const struct ip6t_srh *srhinfo = (struct ip6t_srh *)match->data;

	printf(" srh");
	if (srhinfo->mt_flags & IP6T_SRH_NEXTHDR)
		printf(" next-hdr:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_NEXTHDR ? "!" : "",
			srhinfo->next_hdr);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_EQ)
		printf(" hdr-len-eq:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LEN_EQ ? "!" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_GT)
		printf(" hdr-len-gt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LEN_GT ? "!" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_LT)
		printf(" hdr-len-lt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LEN_LT ? "!" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_EQ)
		printf(" segs-left-eq:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_EQ ? "!" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_GT)
		printf(" segs-left-gt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_GT ? "!" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_LT)
		printf(" segs-left-lt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_LT ? "!" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_EQ)
		printf(" last-entry-eq:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LAST_EQ ? "!" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_GT)
		printf(" last-entry-gt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LAST_GT ? "!" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_LT)
		printf(" last-entry-lt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LAST_LT ? "!" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_TAG)
		printf(" tag:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_TAG ? "!" : "",
			srhinfo->tag);
}

static void srh1_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
	const struct ip6t_srh1 *srhinfo = (struct ip6t_srh1 *)match->data;

	printf(" srh");
	if (srhinfo->mt_flags & IP6T_SRH_NEXTHDR)
		printf(" next-hdr:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_NEXTHDR ? "!" : "",
			srhinfo->next_hdr);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_EQ)
		printf(" hdr-len-eq:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LEN_EQ ? "!" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_GT)
		printf(" hdr-len-gt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LEN_GT ? "!" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_LT)
		printf(" hdr-len-lt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LEN_LT ? "!" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_EQ)
		printf(" segs-left-eq:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_EQ ? "!" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_GT)
		printf(" segs-left-gt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_GT ? "!" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_LT)
		printf(" segs-left-lt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_LT ? "!" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_EQ)
		printf(" last-entry-eq:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LAST_EQ ? "!" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_GT)
		printf(" last-entry-gt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LAST_GT ? "!" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_LT)
		printf(" last-entry-lt:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_LAST_LT ? "!" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_TAG)
		printf(" tag:%s%d", srhinfo->mt_invflags & IP6T_SRH_INV_TAG ? "!" : "",
			srhinfo->tag);
	if (srhinfo->mt_flags & IP6T_SRH_PSID)
		printf(" psid %s %s/%u", srhinfo->mt_invflags & IP6T_SRH_INV_PSID ? "!" : "",
			xtables_ip6addr_to_numeric(&srhinfo->psid_addr),
			xtables_ip6mask_to_cidr(&srhinfo->psid_msk));
	if (srhinfo->mt_flags & IP6T_SRH_NSID)
		printf(" nsid %s %s/%u", srhinfo->mt_invflags & IP6T_SRH_INV_NSID ? "!" : "",
			xtables_ip6addr_to_numeric(&srhinfo->nsid_addr),
			xtables_ip6mask_to_cidr(&srhinfo->nsid_msk));
	if (srhinfo->mt_flags & IP6T_SRH_LSID)
		printf(" lsid %s %s/%u", srhinfo->mt_invflags & IP6T_SRH_INV_LSID ? "!" : "",
			xtables_ip6addr_to_numeric(&srhinfo->lsid_addr),
			xtables_ip6mask_to_cidr(&srhinfo->lsid_msk));
}

static void srh_save(const void *ip, const struct xt_entry_match *match)
{
	const struct ip6t_srh *srhinfo = (struct ip6t_srh *)match->data;

	if (srhinfo->mt_flags & IP6T_SRH_NEXTHDR)
		printf("%s --srh-next-hdr %u", (srhinfo->mt_invflags & IP6T_SRH_INV_NEXTHDR) ? " !" : "",
			srhinfo->next_hdr);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_EQ)
		printf("%s --srh-hdr-len-eq %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LEN_EQ) ? " !" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_GT)
		printf("%s --srh-hdr-len-gt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LEN_GT) ? " !" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_LT)
		printf("%s --srh-hdr-len-lt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LEN_LT) ? " !" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_EQ)
		printf("%s --srh-segs-left-eq %u", (srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_EQ) ? " !" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_GT)
		printf("%s --srh-segs-left-gt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_GT) ? " !" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_LT)
		printf("%s --srh-segs-left-lt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_LT) ? " !" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_EQ)
		printf("%s --srh-last-entry-eq %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LAST_EQ) ? " !" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_GT)
		printf("%s --srh-last-entry-gt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LAST_GT) ? " !" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_LT)
		printf("%s --srh-last-entry-lt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LAST_LT) ? " !" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_TAG)
		printf("%s --srh-tag %u", (srhinfo->mt_invflags & IP6T_SRH_INV_TAG) ? " !" : "",
			srhinfo->tag);
}

static void srh1_save(const void *ip, const struct xt_entry_match *match)
{
	const struct ip6t_srh1 *srhinfo = (struct ip6t_srh1 *)match->data;

	if (srhinfo->mt_flags & IP6T_SRH_NEXTHDR)
		printf("%s --srh-next-hdr %u", (srhinfo->mt_invflags & IP6T_SRH_INV_NEXTHDR) ? " !" : "",
			srhinfo->next_hdr);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_EQ)
		printf("%s --srh-hdr-len-eq %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LEN_EQ) ? " !" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_GT)
		printf("%s --srh-hdr-len-gt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LEN_GT) ? " !" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_LEN_LT)
		printf("%s --srh-hdr-len-lt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LEN_LT) ? " !" : "",
			srhinfo->hdr_len);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_EQ)
		printf("%s --srh-segs-left-eq %u", (srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_EQ) ? " !" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_GT)
		printf("%s --srh-segs-left-gt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_GT) ? " !" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_SEGS_LT)
		printf("%s --srh-segs-left-lt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_SEGS_LT) ? " !" : "",
			srhinfo->segs_left);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_EQ)
		printf("%s --srh-last-entry-eq %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LAST_EQ) ? " !" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_GT)
		printf("%s --srh-last-entry-gt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LAST_GT) ? " !" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_LAST_LT)
		printf("%s --srh-last-entry-lt %u", (srhinfo->mt_invflags & IP6T_SRH_INV_LAST_LT) ? " !" : "",
			srhinfo->last_entry);
	if (srhinfo->mt_flags & IP6T_SRH_TAG)
		printf("%s --srh-tag %u", (srhinfo->mt_invflags & IP6T_SRH_INV_TAG) ? " !" : "",
			srhinfo->tag);
	if (srhinfo->mt_flags & IP6T_SRH_PSID)
		printf("%s --srh-psid %s/%u", srhinfo->mt_invflags & IP6T_SRH_INV_PSID ? " !" : "",
			xtables_ip6addr_to_numeric(&srhinfo->psid_addr),
			xtables_ip6mask_to_cidr(&srhinfo->psid_msk));
	if (srhinfo->mt_flags & IP6T_SRH_NSID)
		printf("%s --srh-nsid %s/%u", srhinfo->mt_invflags & IP6T_SRH_INV_NSID ? " !" : "",
			xtables_ip6addr_to_numeric(&srhinfo->nsid_addr),
			xtables_ip6mask_to_cidr(&srhinfo->nsid_msk));
	if (srhinfo->mt_flags & IP6T_SRH_LSID)
		printf("%s --srh-lsid %s/%u", srhinfo->mt_invflags & IP6T_SRH_INV_LSID ? " !" : "",
			xtables_ip6addr_to_numeric(&srhinfo->lsid_addr),
			xtables_ip6mask_to_cidr(&srhinfo->lsid_msk));
}

static struct xtables_match srh_mt6_reg[] = {
	{
		.name		= "srh",
		.version	= XTABLES_VERSION,
		.revision	= 0,
		.family		= NFPROTO_IPV6,
		.size		= XT_ALIGN(sizeof(struct ip6t_srh)),
		.userspacesize	= XT_ALIGN(sizeof(struct ip6t_srh)),
		.help		= srh_help,
		.init		= srh_init,
		.print		= srh_print,
		.save		= srh_save,
		.x6_parse	= srh_parse,
		.x6_options	= srh_opts,
	},
	{
		.name		= "srh",
		.version	= XTABLES_VERSION,
		.revision	= 1,
		.family		= NFPROTO_IPV6,
		.size		= XT_ALIGN(sizeof(struct ip6t_srh1)),
		.userspacesize	= XT_ALIGN(sizeof(struct ip6t_srh1)),
		.help		= srh_help,
		.init		= srh1_init,
		.print		= srh1_print,
		.save		= srh1_save,
		.x6_parse	= srh1_parse,
		.x6_options	= srh1_opts,
	}
};

void
_init(void)
{
	xtables_register_matches(srh_mt6_reg, ARRAY_SIZE(srh_mt6_reg));
}