Home | History | Annotate | Download | only in extensions 
      1 #include <stdio.h>
      2 #include <xtables.h>
      3 #include <linux/netfilter_ipv4/ipt_ah.h>
      4 
      5 enum {
      6 	O_AHSPI = 0,
      7 };
      8 
      9 static void ah_help(void)
     10 {
     11 	printf(
     12 "ah match options:\n"
     13 "[!] --ahspi spi[:spi]\n"
     14 "				match spi (range)\n");
     15 }
     16 
     17 static const struct xt_option_entry ah_opts[] = {
     18 	{.name = "ahspi", .id = O_AHSPI, .type = XTTYPE_UINT32RC,
     19 	 .flags = XTOPT_INVERT | XTOPT_PUT,
     20 	 XTOPT_POINTER(struct ipt_ah, spis)},
     21 	XTOPT_TABLEEND,
     22 };
     23 
     24 static void ah_parse(struct xt_option_call *cb)
     25 {
     26 	struct ipt_ah *ahinfo = cb->data;
     27 
     28 	xtables_option_parse(cb);
     29 	if (cb->nvals == 1)
     30 		ahinfo->spis[1] = ahinfo->spis[0];
     31 	if (cb->invert)
     32 		ahinfo->invflags |= IPT_AH_INV_SPI;
     33 }
     34 
     35 static void
     36 print_spis(const char *name, uint32_t min, uint32_t max,
     37 	    int invert)
     38 {
     39 	const char *inv = invert ? "!" : "";
     40 
     41 	if (min != 0 || max != 0xFFFFFFFF || invert) {
     42 		printf("%s", name);
     43 		if (min == max) {
     44 			printf(":%s", inv);
     45 			printf("%u", min);
     46 		} else {
     47 			printf("s:%s", inv);
     48 			printf("%u",min);
     49 			printf(":");
     50 			printf("%u",max);
     51 		}
     52 	}
     53 }
     54 
     55 static void ah_print(const void *ip, const struct xt_entry_match *match,
     56                      int numeric)
     57 {
     58 	const struct ipt_ah *ah = (struct ipt_ah *)match->data;
     59 
     60 	printf(" ah ");
     61 	print_spis("spi", ah->spis[0], ah->spis[1],
     62 		    ah->invflags & IPT_AH_INV_SPI);
     63 	if (ah->invflags & ~IPT_AH_INV_MASK)
     64 		printf(" Unknown invflags: 0x%X",
     65 		       ah->invflags & ~IPT_AH_INV_MASK);
     66 }
     67 
     68 static void ah_save(const void *ip, const struct xt_entry_match *match)
     69 {
     70 	const struct ipt_ah *ahinfo = (struct ipt_ah *)match->data;
     71 
     72 	if (!(ahinfo->spis[0] == 0
     73 	    && ahinfo->spis[1] == 0xFFFFFFFF)) {
     74 		printf("%s --ahspi ",
     75 			(ahinfo->invflags & IPT_AH_INV_SPI) ? " !" : "");
     76 		if (ahinfo->spis[0]
     77 		    != ahinfo->spis[1])
     78 			printf("%u:%u",
     79 			       ahinfo->spis[0],
     80 			       ahinfo->spis[1]);
     81 		else
     82 			printf("%u",
     83 			       ahinfo->spis[0]);
     84 	}
     85 
     86 }
     87 
     88 static struct xtables_match ah_mt_reg = {
     89 	.name 		= "ah",
     90 	.version 	= XTABLES_VERSION,
     91 	.family		= NFPROTO_IPV4,
     92 	.size		= XT_ALIGN(sizeof(struct ipt_ah)),
     93 	.userspacesize 	= XT_ALIGN(sizeof(struct ipt_ah)),
     94 	.help 		= ah_help,
     95 	.print 		= ah_print,
     96 	.save 		= ah_save,
     97 	.x6_parse	= ah_parse,
     98 	.x6_options	= ah_opts,
     99 };
    100 
    101 void
    102 _init(void)
    103 {
    104 	xtables_register_match(&ah_mt_reg);
    105 }
    106