Home | History | Annotate | Download | only in extensions 
      1 #include <stdio.h>
      2 #include <xtables.h>
      3 #include <linux/netfilter/xt_esp.h>
      4 
      5 enum {
      6 	O_ESPSPI = 0,
      7 };
      8 
      9 static void esp_help(void)
     10 {
     11 	printf(
     12 "esp match options:\n"
     13 "[!] --espspi spi[:spi]\n"
     14 "				match spi (range)\n");
     15 }
     16 
     17 static const struct xt_option_entry esp_opts[] = {
     18 	{.name = "espspi", .id = O_ESPSPI, .type = XTTYPE_UINT32RC,
     19 	 .flags = XTOPT_INVERT | XTOPT_PUT,
     20 	 XTOPT_POINTER(struct xt_esp, spis)},
     21 	XTOPT_TABLEEND,
     22 };
     23 
     24 static void esp_parse(struct xt_option_call *cb)
     25 {
     26 	struct xt_esp *espinfo = cb->data;
     27 
     28 	xtables_option_parse(cb);
     29 	if (cb->nvals == 1)
     30 		espinfo->spis[1] = espinfo->spis[0];
     31 	if (cb->invert)
     32 		espinfo->invflags |= XT_ESP_INV_SPI;
     33 }
     34 
     35 static void
     36 print_spis(const char *name, uint32_t min, uint32_t max,
     37 	    int invert)
     38 {
     39 	const char *inv = invert ? "!" : "";
     40 
     41 	if (min != 0 || max != 0xFFFFFFFF || invert) {
     42 		if (min == max)
     43 			printf(" %s:%s%u", name, inv, min);
     44 		else
     45 			printf(" %ss:%s%u:%u", name, inv, min, max);
     46 	}
     47 }
     48 
     49 static void
     50 esp_print(const void *ip, const struct xt_entry_match *match, int numeric)
     51 {
     52 	const struct xt_esp *esp = (struct xt_esp *)match->data;
     53 
     54 	printf(" esp");
     55 	print_spis("spi", esp->spis[0], esp->spis[1],
     56 		    esp->invflags & XT_ESP_INV_SPI);
     57 	if (esp->invflags & ~XT_ESP_INV_MASK)
     58 		printf(" Unknown invflags: 0x%X",
     59 		       esp->invflags & ~XT_ESP_INV_MASK);
     60 }
     61 
     62 static void esp_save(const void *ip, const struct xt_entry_match *match)
     63 {
     64 	const struct xt_esp *espinfo = (struct xt_esp *)match->data;
     65 
     66 	if (!(espinfo->spis[0] == 0
     67 	    && espinfo->spis[1] == 0xFFFFFFFF)) {
     68 		printf("%s --espspi ",
     69 			(espinfo->invflags & XT_ESP_INV_SPI) ? " !" : "");
     70 		if (espinfo->spis[0]
     71 		    != espinfo->spis[1])
     72 			printf("%u:%u",
     73 			       espinfo->spis[0],
     74 			       espinfo->spis[1]);
     75 		else
     76 			printf("%u",
     77 			       espinfo->spis[0]);
     78 	}
     79 
     80 }
     81 
     82 static struct xtables_match esp_match = {
     83 	.family		= NFPROTO_UNSPEC,
     84 	.name 		= "esp",
     85 	.version 	= XTABLES_VERSION,
     86 	.size		= XT_ALIGN(sizeof(struct xt_esp)),
     87 	.userspacesize	= XT_ALIGN(sizeof(struct xt_esp)),
     88 	.help		= esp_help,
     89 	.print		= esp_print,
     90 	.save		= esp_save,
     91 	.x6_parse	= esp_parse,
     92 	.x6_options	= esp_opts,
     93 };
     94 
     95 void
     96 _init(void)
     97 {
     98 	xtables_register_match(&esp_match);
     99 }
    100