|
Packit |
7b22a4 |
#include <stdio.h>
|
|
Packit |
7b22a4 |
#include <netdb.h>
|
|
Packit |
7b22a4 |
#include <string.h>
|
|
Packit |
7b22a4 |
#include <stdlib.h>
|
|
Packit |
7b22a4 |
#include <xtables.h>
|
|
Packit |
7b22a4 |
#include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
|
|
Packit |
7b22a4 |
#include <linux/netfilter_ipv4/ip_tables.h>
|
|
Packit |
7b22a4 |
#include <linux/netfilter_ipv6/ip6_tables.h>
|
|
Packit |
7b22a4 |
#include <linux/netfilter/xt_multiport.h>
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
enum {
|
|
Packit |
7b22a4 |
O_SOURCE_PORTS = 0,
|
|
Packit |
7b22a4 |
O_DEST_PORTS,
|
|
Packit |
7b22a4 |
O_SD_PORTS,
|
|
Packit |
7b22a4 |
F_SOURCE_PORTS = 1 << O_SOURCE_PORTS,
|
|
Packit |
7b22a4 |
F_DEST_PORTS = 1 << O_DEST_PORTS,
|
|
Packit |
7b22a4 |
F_SD_PORTS = 1 << O_SD_PORTS,
|
|
Packit |
7b22a4 |
F_ANY = F_SOURCE_PORTS | F_DEST_PORTS | F_SD_PORTS,
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
/* Function which prints out usage message. */
|
|
Packit |
7b22a4 |
static void multiport_help(void)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
printf(
|
|
Packit |
7b22a4 |
"multiport match options:\n"
|
|
Packit |
7b22a4 |
" --source-ports port[,port,port...]\n"
|
|
Packit |
7b22a4 |
" --sports ...\n"
|
|
Packit |
7b22a4 |
" match source port(s)\n"
|
|
Packit |
7b22a4 |
" --destination-ports port[,port,port...]\n"
|
|
Packit |
7b22a4 |
" --dports ...\n"
|
|
Packit |
7b22a4 |
" match destination port(s)\n"
|
|
Packit |
7b22a4 |
" --ports port[,port,port]\n"
|
|
Packit |
7b22a4 |
" match both source and destination port(s)\n"
|
|
Packit |
7b22a4 |
" NOTE: this kernel does not support port ranges in multiport.\n");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_help_v1(void)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
printf(
|
|
Packit |
7b22a4 |
"multiport match options:\n"
|
|
Packit |
7b22a4 |
"[!] --source-ports port[,port:port,port...]\n"
|
|
Packit |
7b22a4 |
" --sports ...\n"
|
|
Packit |
7b22a4 |
" match source port(s)\n"
|
|
Packit |
7b22a4 |
"[!] --destination-ports port[,port:port,port...]\n"
|
|
Packit |
7b22a4 |
" --dports ...\n"
|
|
Packit |
7b22a4 |
" match destination port(s)\n"
|
|
Packit |
7b22a4 |
"[!] --ports port[,port:port,port]\n"
|
|
Packit |
7b22a4 |
" match both source and destination port(s)\n");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static const struct xt_option_entry multiport_opts[] = {
|
|
Packit |
7b22a4 |
{.name = "source-ports", .id = O_SOURCE_PORTS, .type = XTTYPE_STRING,
|
|
Packit |
7b22a4 |
.excl = F_ANY, .flags = XTOPT_INVERT},
|
|
Packit |
7b22a4 |
{.name = "sports", .id = O_SOURCE_PORTS, .type = XTTYPE_STRING,
|
|
Packit |
7b22a4 |
.excl = F_ANY, .flags = XTOPT_INVERT},
|
|
Packit |
7b22a4 |
{.name = "destination-ports", .id = O_DEST_PORTS,
|
|
Packit |
7b22a4 |
.type = XTTYPE_STRING, .excl = F_ANY, .flags = XTOPT_INVERT},
|
|
Packit |
7b22a4 |
{.name = "dports", .id = O_DEST_PORTS, .type = XTTYPE_STRING,
|
|
Packit |
7b22a4 |
.excl = F_ANY, .flags = XTOPT_INVERT},
|
|
Packit |
7b22a4 |
{.name = "ports", .id = O_SD_PORTS, .type = XTTYPE_STRING,
|
|
Packit |
7b22a4 |
.excl = F_ANY, .flags = XTOPT_INVERT},
|
|
Packit |
7b22a4 |
XTOPT_TABLEEND,
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static const char *
|
|
Packit |
7b22a4 |
proto_to_name(uint8_t proto)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
switch (proto) {
|
|
Packit |
7b22a4 |
case IPPROTO_TCP:
|
|
Packit |
7b22a4 |
return "tcp";
|
|
Packit |
7b22a4 |
case IPPROTO_UDP:
|
|
Packit |
7b22a4 |
return "udp";
|
|
Packit |
7b22a4 |
case IPPROTO_UDPLITE:
|
|
Packit |
7b22a4 |
return "udplite";
|
|
Packit |
7b22a4 |
case IPPROTO_SCTP:
|
|
Packit |
7b22a4 |
return "sctp";
|
|
Packit |
7b22a4 |
case IPPROTO_DCCP:
|
|
Packit |
7b22a4 |
return "dccp";
|
|
Packit |
7b22a4 |
default:
|
|
Packit |
7b22a4 |
return NULL;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static unsigned int
|
|
Packit |
7b22a4 |
parse_multi_ports(const char *portstring, uint16_t *ports, const char *proto)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
char *buffer, *cp, *next;
|
|
Packit |
7b22a4 |
unsigned int i;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
buffer = strdup(portstring);
|
|
Packit |
7b22a4 |
if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
for (cp=buffer, i=0; cp && i
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
next=strchr(cp, ',');
|
|
Packit |
7b22a4 |
if (next) *next++='\0';
|
|
Packit |
7b22a4 |
ports[i] = xtables_parse_port(cp, proto);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
if (cp) xtables_error(PARAMETER_PROBLEM, "too many ports specified");
|
|
Packit |
7b22a4 |
free(buffer);
|
|
Packit |
7b22a4 |
return i;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void
|
|
Packit |
7b22a4 |
parse_multi_ports_v1(const char *portstring,
|
|
Packit |
7b22a4 |
struct xt_multiport_v1 *multiinfo,
|
|
Packit |
7b22a4 |
const char *proto)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
char *buffer, *cp, *next, *range;
|
|
Packit |
7b22a4 |
unsigned int i;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
buffer = strdup(portstring);
|
|
Packit |
7b22a4 |
if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
for (i=0; i
|
|
Packit |
7b22a4 |
multiinfo->pflags[i] = 0;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
for (cp=buffer, i=0; cp && i
|
|
Packit |
7b22a4 |
next=strchr(cp, ',');
|
|
Packit |
7b22a4 |
if (next) *next++='\0';
|
|
Packit |
7b22a4 |
range = strchr(cp, ':');
|
|
Packit |
7b22a4 |
if (range) {
|
|
Packit |
7b22a4 |
if (i == XT_MULTI_PORTS-1)
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM,
|
|
Packit |
7b22a4 |
"too many ports specified");
|
|
Packit |
7b22a4 |
*range++ = '\0';
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
multiinfo->ports[i] = xtables_parse_port(cp, proto);
|
|
Packit |
7b22a4 |
if (range) {
|
|
Packit |
7b22a4 |
multiinfo->pflags[i] = 1;
|
|
Packit |
7b22a4 |
multiinfo->ports[++i] = xtables_parse_port(range, proto);
|
|
Packit |
7b22a4 |
if (multiinfo->ports[i-1] >= multiinfo->ports[i])
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM,
|
|
Packit |
7b22a4 |
"invalid portrange specified");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
multiinfo->count = i;
|
|
Packit |
7b22a4 |
if (cp) xtables_error(PARAMETER_PROBLEM, "too many ports specified");
|
|
Packit |
7b22a4 |
free(buffer);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static const char *
|
|
Packit |
7b22a4 |
check_proto(uint16_t pnum, uint8_t invflags)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const char *proto;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (invflags & XT_INV_PROTO)
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM,
|
|
Packit |
7b22a4 |
"multiport only works with TCP, UDP, UDPLITE, SCTP and DCCP");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if ((proto = proto_to_name(pnum)) != NULL)
|
|
Packit |
7b22a4 |
return proto;
|
|
Packit |
7b22a4 |
else if (!pnum)
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM,
|
|
Packit |
7b22a4 |
"multiport needs `-p tcp', `-p udp', `-p udplite', "
|
|
Packit |
7b22a4 |
"`-p sctp' or `-p dccp'");
|
|
Packit |
7b22a4 |
else
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM,
|
|
Packit |
7b22a4 |
"multiport only works with TCP, UDP, UDPLITE, SCTP and DCCP");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void __multiport_parse(struct xt_option_call *cb, uint16_t pnum,
|
|
Packit |
7b22a4 |
uint8_t invflags)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const char *proto;
|
|
Packit |
7b22a4 |
struct xt_multiport *multiinfo = cb->data;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
xtables_option_parse(cb);
|
|
Packit |
7b22a4 |
switch (cb->entry->id) {
|
|
Packit |
7b22a4 |
case O_SOURCE_PORTS:
|
|
Packit |
7b22a4 |
proto = check_proto(pnum, invflags);
|
|
Packit |
7b22a4 |
multiinfo->count = parse_multi_ports(cb->arg,
|
|
Packit |
7b22a4 |
multiinfo->ports, proto);
|
|
Packit |
7b22a4 |
multiinfo->flags = XT_MULTIPORT_SOURCE;
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_DEST_PORTS:
|
|
Packit |
7b22a4 |
proto = check_proto(pnum, invflags);
|
|
Packit |
7b22a4 |
multiinfo->count = parse_multi_ports(cb->arg,
|
|
Packit |
7b22a4 |
multiinfo->ports, proto);
|
|
Packit |
7b22a4 |
multiinfo->flags = XT_MULTIPORT_DESTINATION;
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_SD_PORTS:
|
|
Packit |
7b22a4 |
proto = check_proto(pnum, invflags);
|
|
Packit |
7b22a4 |
multiinfo->count = parse_multi_ports(cb->arg,
|
|
Packit |
7b22a4 |
multiinfo->ports, proto);
|
|
Packit |
7b22a4 |
multiinfo->flags = XT_MULTIPORT_EITHER;
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
if (cb->invert)
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM,
|
|
Packit |
7b22a4 |
"multiport.0 does not support invert");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_parse(struct xt_option_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ipt_entry *entry = cb->xt_entry;
|
|
Packit |
7b22a4 |
return __multiport_parse(cb,
|
|
Packit |
7b22a4 |
entry->ip.proto, entry->ip.invflags);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_parse6(struct xt_option_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ip6t_entry *entry = cb->xt_entry;
|
|
Packit |
7b22a4 |
return __multiport_parse(cb,
|
|
Packit |
7b22a4 |
entry->ipv6.proto, entry->ipv6.invflags);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void __multiport_parse_v1(struct xt_option_call *cb, uint16_t pnum,
|
|
Packit |
7b22a4 |
uint8_t invflags)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const char *proto;
|
|
Packit |
7b22a4 |
struct xt_multiport_v1 *multiinfo = cb->data;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
xtables_option_parse(cb);
|
|
Packit |
7b22a4 |
switch (cb->entry->id) {
|
|
Packit |
7b22a4 |
case O_SOURCE_PORTS:
|
|
Packit |
7b22a4 |
proto = check_proto(pnum, invflags);
|
|
Packit |
7b22a4 |
parse_multi_ports_v1(cb->arg, multiinfo, proto);
|
|
Packit |
7b22a4 |
multiinfo->flags = XT_MULTIPORT_SOURCE;
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_DEST_PORTS:
|
|
Packit |
7b22a4 |
proto = check_proto(pnum, invflags);
|
|
Packit |
7b22a4 |
parse_multi_ports_v1(cb->arg, multiinfo, proto);
|
|
Packit |
7b22a4 |
multiinfo->flags = XT_MULTIPORT_DESTINATION;
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_SD_PORTS:
|
|
Packit |
7b22a4 |
proto = check_proto(pnum, invflags);
|
|
Packit |
7b22a4 |
parse_multi_ports_v1(cb->arg, multiinfo, proto);
|
|
Packit |
7b22a4 |
multiinfo->flags = XT_MULTIPORT_EITHER;
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
if (cb->invert)
|
|
Packit |
7b22a4 |
multiinfo->invert = 1;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_parse_v1(struct xt_option_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ipt_entry *entry = cb->xt_entry;
|
|
Packit |
7b22a4 |
return __multiport_parse_v1(cb,
|
|
Packit |
7b22a4 |
entry->ip.proto, entry->ip.invflags);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_parse6_v1(struct xt_option_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ip6t_entry *entry = cb->xt_entry;
|
|
Packit |
7b22a4 |
return __multiport_parse_v1(cb,
|
|
Packit |
7b22a4 |
entry->ipv6.proto, entry->ipv6.invflags);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_check(struct xt_fcheck_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
if (cb->xflags == 0)
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, "multiport expection an option");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static const char *
|
|
Packit |
7b22a4 |
port_to_service(int port, uint8_t proto)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct servent *service;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if ((service = getservbyport(htons(port), proto_to_name(proto))))
|
|
Packit |
7b22a4 |
return service->s_name;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
return NULL;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void
|
|
Packit |
7b22a4 |
print_port(uint16_t port, uint8_t protocol, int numeric)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const char *service;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (numeric || (service = port_to_service(port, protocol)) == NULL)
|
|
Packit |
7b22a4 |
printf("%u", port);
|
|
Packit |
7b22a4 |
else
|
|
Packit |
7b22a4 |
printf("%s", service);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void
|
|
Packit |
7b22a4 |
__multiport_print(const struct xt_entry_match *match, int numeric,
|
|
Packit |
7b22a4 |
uint16_t proto)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_multiport *multiinfo
|
|
Packit |
7b22a4 |
= (const struct xt_multiport *)match->data;
|
|
Packit |
7b22a4 |
unsigned int i;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
printf(" multiport ");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
switch (multiinfo->flags) {
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_SOURCE:
|
|
Packit |
7b22a4 |
printf("sports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_DESTINATION:
|
|
Packit |
7b22a4 |
printf("dports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_EITHER:
|
|
Packit |
7b22a4 |
printf("ports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
default:
|
|
Packit |
7b22a4 |
printf("ERROR ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
for (i=0; i < multiinfo->count; i++) {
|
|
Packit |
7b22a4 |
printf("%s", i ? "," : "");
|
|
Packit |
7b22a4 |
print_port(multiinfo->ports[i], proto, numeric);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_print(const void *ip_void,
|
|
Packit |
7b22a4 |
const struct xt_entry_match *match, int numeric)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ipt_ip *ip = ip_void;
|
|
Packit |
7b22a4 |
__multiport_print(match, numeric, ip->proto);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_print6(const void *ip_void,
|
|
Packit |
7b22a4 |
const struct xt_entry_match *match, int numeric)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ip6t_ip6 *ip = ip_void;
|
|
Packit |
7b22a4 |
__multiport_print(match, numeric, ip->proto);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void __multiport_print_v1(const struct xt_entry_match *match,
|
|
Packit |
7b22a4 |
int numeric, uint16_t proto)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_multiport_v1 *multiinfo
|
|
Packit |
7b22a4 |
= (const struct xt_multiport_v1 *)match->data;
|
|
Packit |
7b22a4 |
unsigned int i;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
printf(" multiport ");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
switch (multiinfo->flags) {
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_SOURCE:
|
|
Packit |
7b22a4 |
printf("sports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_DESTINATION:
|
|
Packit |
7b22a4 |
printf("dports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_EITHER:
|
|
Packit |
7b22a4 |
printf("ports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
default:
|
|
Packit |
7b22a4 |
printf("ERROR ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (multiinfo->invert)
|
|
Packit |
7b22a4 |
printf(" !");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
for (i=0; i < multiinfo->count; i++) {
|
|
Packit |
7b22a4 |
printf("%s", i ? "," : "");
|
|
Packit |
7b22a4 |
print_port(multiinfo->ports[i], proto, numeric);
|
|
Packit |
7b22a4 |
if (multiinfo->pflags[i]) {
|
|
Packit |
7b22a4 |
printf(":");
|
|
Packit |
7b22a4 |
print_port(multiinfo->ports[++i], proto, numeric);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_print_v1(const void *ip_void,
|
|
Packit |
7b22a4 |
const struct xt_entry_match *match, int numeric)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ipt_ip *ip = ip_void;
|
|
Packit |
7b22a4 |
__multiport_print_v1(match, numeric, ip->proto);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_print6_v1(const void *ip_void,
|
|
Packit |
7b22a4 |
const struct xt_entry_match *match, int numeric)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ip6t_ip6 *ip = ip_void;
|
|
Packit |
7b22a4 |
__multiport_print_v1(match, numeric, ip->proto);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void __multiport_save(const struct xt_entry_match *match,
|
|
Packit |
7b22a4 |
uint16_t proto)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_multiport *multiinfo
|
|
Packit |
7b22a4 |
= (const struct xt_multiport *)match->data;
|
|
Packit |
7b22a4 |
unsigned int i;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
switch (multiinfo->flags) {
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_SOURCE:
|
|
Packit |
7b22a4 |
printf(" --sports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_DESTINATION:
|
|
Packit |
7b22a4 |
printf(" --dports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_EITHER:
|
|
Packit |
7b22a4 |
printf(" --ports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
for (i=0; i < multiinfo->count; i++) {
|
|
Packit |
7b22a4 |
printf("%s", i ? "," : "");
|
|
Packit |
7b22a4 |
print_port(multiinfo->ports[i], proto, 1);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_save(const void *ip_void,
|
|
Packit |
7b22a4 |
const struct xt_entry_match *match)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ipt_ip *ip = ip_void;
|
|
Packit |
7b22a4 |
__multiport_save(match, ip->proto);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_save6(const void *ip_void,
|
|
Packit |
7b22a4 |
const struct xt_entry_match *match)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ip6t_ip6 *ip = ip_void;
|
|
Packit |
7b22a4 |
__multiport_save(match, ip->proto);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void __multiport_save_v1(const struct xt_entry_match *match,
|
|
Packit |
7b22a4 |
uint16_t proto)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_multiport_v1 *multiinfo
|
|
Packit |
7b22a4 |
= (const struct xt_multiport_v1 *)match->data;
|
|
Packit |
7b22a4 |
unsigned int i;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (multiinfo->invert)
|
|
Packit |
7b22a4 |
printf(" !");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
switch (multiinfo->flags) {
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_SOURCE:
|
|
Packit |
7b22a4 |
printf(" --sports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_DESTINATION:
|
|
Packit |
7b22a4 |
printf(" --dports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_EITHER:
|
|
Packit |
7b22a4 |
printf(" --ports ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
for (i=0; i < multiinfo->count; i++) {
|
|
Packit |
7b22a4 |
printf("%s", i ? "," : "");
|
|
Packit |
7b22a4 |
print_port(multiinfo->ports[i], proto, 1);
|
|
Packit |
7b22a4 |
if (multiinfo->pflags[i]) {
|
|
Packit |
7b22a4 |
printf(":");
|
|
Packit |
7b22a4 |
print_port(multiinfo->ports[++i], proto, 1);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_save_v1(const void *ip_void,
|
|
Packit |
7b22a4 |
const struct xt_entry_match *match)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ipt_ip *ip = ip_void;
|
|
Packit |
7b22a4 |
__multiport_save_v1(match, ip->proto);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void multiport_save6_v1(const void *ip_void,
|
|
Packit |
7b22a4 |
const struct xt_entry_match *match)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct ip6t_ip6 *ip = ip_void;
|
|
Packit |
7b22a4 |
__multiport_save_v1(match, ip->proto);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static int __multiport_xlate(struct xt_xlate *xl,
|
|
Packit |
7b22a4 |
const struct xt_xlate_mt_params *params)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_multiport *multiinfo
|
|
Packit |
7b22a4 |
= (const struct xt_multiport *)params->match->data;
|
|
Packit |
7b22a4 |
unsigned int i;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
switch (multiinfo->flags) {
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_SOURCE:
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, " sport ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_DESTINATION:
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, " dport ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_EITHER:
|
|
Packit |
7b22a4 |
return 0;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (multiinfo->count > 1)
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "{ ");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
for (i = 0; i < multiinfo->count; i++)
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "%s%u", i ? "," : "", multiinfo->ports[i]);
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (multiinfo->count > 1)
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "}");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
return 1;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static int multiport_xlate(struct xt_xlate *xl,
|
|
Packit |
7b22a4 |
const struct xt_xlate_mt_params *params)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
uint8_t proto = ((const struct ipt_ip *)params->ip)->proto;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "%s", proto_to_name(proto));
|
|
Packit |
7b22a4 |
return __multiport_xlate(xl, params);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static int multiport_xlate6(struct xt_xlate *xl,
|
|
Packit |
7b22a4 |
const struct xt_xlate_mt_params *params)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
uint8_t proto = ((const struct ip6t_ip6 *)params->ip)->proto;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "%s", proto_to_name(proto));
|
|
Packit |
7b22a4 |
return __multiport_xlate(xl, params);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static int __multiport_xlate_v1(struct xt_xlate *xl,
|
|
Packit |
7b22a4 |
const struct xt_xlate_mt_params *params)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_multiport_v1 *multiinfo =
|
|
Packit |
7b22a4 |
(const struct xt_multiport_v1 *)params->match->data;
|
|
Packit |
7b22a4 |
unsigned int i;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
switch (multiinfo->flags) {
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_SOURCE:
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, " sport ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_DESTINATION:
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, " dport ");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case XT_MULTIPORT_EITHER:
|
|
Packit |
7b22a4 |
return 0;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (multiinfo->invert)
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "!= ");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (multiinfo->count > 2 ||
|
|
Packit |
7b22a4 |
(multiinfo->count > 1 && !multiinfo->pflags[0]))
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "{ ");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
for (i = 0; i < multiinfo->count; i++) {
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "%s%u", i ? "," : "", multiinfo->ports[i]);
|
|
Packit |
7b22a4 |
if (multiinfo->pflags[i])
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "-%u", multiinfo->ports[++i]);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (multiinfo->count > 2 ||
|
|
Packit |
7b22a4 |
(multiinfo->count > 1 && !multiinfo->pflags[0]))
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "}");
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
return 1;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static int multiport_xlate_v1(struct xt_xlate *xl,
|
|
Packit |
7b22a4 |
const struct xt_xlate_mt_params *params)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
uint8_t proto = ((const struct ipt_ip *)params->ip)->proto;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "%s", proto_to_name(proto));
|
|
Packit |
7b22a4 |
return __multiport_xlate_v1(xl, params);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static int multiport_xlate6_v1(struct xt_xlate *xl,
|
|
Packit |
7b22a4 |
const struct xt_xlate_mt_params *params)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
uint8_t proto = ((const struct ip6t_ip6 *)params->ip)->proto;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
xt_xlate_add(xl, "%s", proto_to_name(proto));
|
|
Packit |
7b22a4 |
return __multiport_xlate_v1(xl, params);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static struct xtables_match multiport_mt_reg[] = {
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
.family = NFPROTO_IPV4,
|
|
Packit |
7b22a4 |
.name = "multiport",
|
|
Packit |
7b22a4 |
.revision = 0,
|
|
Packit |
7b22a4 |
.version = XTABLES_VERSION,
|
|
Packit |
7b22a4 |
.size = XT_ALIGN(sizeof(struct xt_multiport)),
|
|
Packit |
7b22a4 |
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
|
|
Packit |
7b22a4 |
.help = multiport_help,
|
|
Packit |
7b22a4 |
.x6_parse = multiport_parse,
|
|
Packit |
7b22a4 |
.x6_fcheck = multiport_check,
|
|
Packit |
7b22a4 |
.print = multiport_print,
|
|
Packit |
7b22a4 |
.save = multiport_save,
|
|
Packit |
7b22a4 |
.x6_options = multiport_opts,
|
|
Packit |
7b22a4 |
.xlate = multiport_xlate,
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
.family = NFPROTO_IPV6,
|
|
Packit |
7b22a4 |
.name = "multiport",
|
|
Packit |
7b22a4 |
.revision = 0,
|
|
Packit |
7b22a4 |
.version = XTABLES_VERSION,
|
|
Packit |
7b22a4 |
.size = XT_ALIGN(sizeof(struct xt_multiport)),
|
|
Packit |
7b22a4 |
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
|
|
Packit |
7b22a4 |
.help = multiport_help,
|
|
Packit |
7b22a4 |
.x6_parse = multiport_parse6,
|
|
Packit |
7b22a4 |
.x6_fcheck = multiport_check,
|
|
Packit |
7b22a4 |
.print = multiport_print6,
|
|
Packit |
7b22a4 |
.save = multiport_save6,
|
|
Packit |
7b22a4 |
.x6_options = multiport_opts,
|
|
Packit |
7b22a4 |
.xlate = multiport_xlate6,
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
.family = NFPROTO_IPV4,
|
|
Packit |
7b22a4 |
.name = "multiport",
|
|
Packit |
7b22a4 |
.version = XTABLES_VERSION,
|
|
Packit |
7b22a4 |
.revision = 1,
|
|
Packit |
7b22a4 |
.size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
|
|
Packit |
7b22a4 |
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
|
|
Packit |
7b22a4 |
.help = multiport_help_v1,
|
|
Packit |
7b22a4 |
.x6_parse = multiport_parse_v1,
|
|
Packit |
7b22a4 |
.x6_fcheck = multiport_check,
|
|
Packit |
7b22a4 |
.print = multiport_print_v1,
|
|
Packit |
7b22a4 |
.save = multiport_save_v1,
|
|
Packit |
7b22a4 |
.x6_options = multiport_opts,
|
|
Packit |
7b22a4 |
.xlate = multiport_xlate_v1,
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
.family = NFPROTO_IPV6,
|
|
Packit |
7b22a4 |
.name = "multiport",
|
|
Packit |
7b22a4 |
.version = XTABLES_VERSION,
|
|
Packit |
7b22a4 |
.revision = 1,
|
|
Packit |
7b22a4 |
.size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
|
|
Packit |
7b22a4 |
.userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
|
|
Packit |
7b22a4 |
.help = multiport_help_v1,
|
|
Packit |
7b22a4 |
.x6_parse = multiport_parse6_v1,
|
|
Packit |
7b22a4 |
.x6_fcheck = multiport_check,
|
|
Packit |
7b22a4 |
.print = multiport_print6_v1,
|
|
Packit |
7b22a4 |
.save = multiport_save6_v1,
|
|
Packit |
7b22a4 |
.x6_options = multiport_opts,
|
|
Packit |
7b22a4 |
.xlate = multiport_xlate6_v1,
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
void
|
|
Packit |
7b22a4 |
_init(void)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
xtables_register_matches(multiport_mt_reg, ARRAY_SIZE(multiport_mt_reg));
|
|
Packit |
7b22a4 |
}
|