Home | History | Annotate | Download | only in extensions 
      1 #include <stdint.h>
      2 #include <stdio.h>
      3 #include <netdb.h>
      4 #include <arpa/inet.h>
      5 #include <xtables.h>
      6 #include <linux/netfilter/xt_tcpudp.h>
      7 
      8 enum {
      9 	O_SOURCE_PORT = 0,
     10 	O_DEST_PORT,
     11 };
     12 
     13 static void udp_help(void)
     14 {
     15 	printf(
     16 "udp match options:\n"
     17 "[!] --source-port port[:port]\n"
     18 " --sport ...\n"
     19 "				match source port(s)\n"
     20 "[!] --destination-port port[:port]\n"
     21 " --dport ...\n"
     22 "				match destination port(s)\n");
     23 }
     24 
     25 #define s struct xt_udp
     26 static const struct xt_option_entry udp_opts[] = {
     27 	{.name = "source-port", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC,
     28 	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
     29 	{.name = "sport", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC,
     30 	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
     31 	{.name = "destination-port", .id = O_DEST_PORT, .type = XTTYPE_PORTRC,
     32 	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
     33 	{.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC,
     34 	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
     35 	XTOPT_TABLEEND,
     36 };
     37 #undef s
     38 
     39 static void udp_init(struct xt_entry_match *m)
     40 {
     41 	struct xt_udp *udpinfo = (struct xt_udp *)m->data;
     42 
     43 	udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
     44 }
     45 
     46 static void udp_parse(struct xt_option_call *cb)
     47 {
     48 	struct xt_udp *udpinfo = cb->data;
     49 
     50 	xtables_option_parse(cb);
     51 	switch (cb->entry->id) {
     52 	case O_SOURCE_PORT:
     53 		if (cb->invert)
     54 			udpinfo->invflags |= XT_UDP_INV_SRCPT;
     55 		break;
     56 	case O_DEST_PORT:
     57 		if (cb->invert)
     58 			udpinfo->invflags |= XT_UDP_INV_DSTPT;
     59 		break;
     60 	}
     61 }
     62 
     63 static const char *
     64 port_to_service(int port)
     65 {
     66 	const struct servent *service;
     67 
     68 	if ((service = getservbyport(htons(port), "udp")))
     69 		return service->s_name;
     70 
     71 	return NULL;
     72 }
     73 
     74 static void
     75 print_port(uint16_t port, int numeric)
     76 {
     77 	const char *service;
     78 
     79 	if (numeric || (service = port_to_service(port)) == NULL)
     80 		printf("%u", port);
     81 	else
     82 		printf("%s", service);
     83 }
     84 
     85 static void
     86 print_ports(const char *name, uint16_t min, uint16_t max,
     87 	    int invert, int numeric)
     88 {
     89 	const char *inv = invert ? "!" : "";
     90 
     91 	if (min != 0 || max != 0xFFFF || invert) {
     92 		printf(" %s", name);
     93 		if (min == max) {
     94 			printf(":%s", inv);
     95 			print_port(min, numeric);
     96 		} else {
     97 			printf("s:%s", inv);
     98 			print_port(min, numeric);
     99 			printf(":");
    100 			print_port(max, numeric);
    101 		}
    102 	}
    103 }
    104 
    105 static void
    106 udp_print(const void *ip, const struct xt_entry_match *match, int numeric)
    107 {
    108 	const struct xt_udp *udp = (struct xt_udp *)match->data;
    109 
    110 	printf(" udp");
    111 	print_ports("spt", udp->spts[0], udp->spts[1],
    112 		    udp->invflags & XT_UDP_INV_SRCPT,
    113 		    numeric);
    114 	print_ports("dpt", udp->dpts[0], udp->dpts[1],
    115 		    udp->invflags & XT_UDP_INV_DSTPT,
    116 		    numeric);
    117 	if (udp->invflags & ~XT_UDP_INV_MASK)
    118 		printf(" Unknown invflags: 0x%X",
    119 		       udp->invflags & ~XT_UDP_INV_MASK);
    120 }
    121 
    122 static void udp_save(const void *ip, const struct xt_entry_match *match)
    123 {
    124 	const struct xt_udp *udpinfo = (struct xt_udp *)match->data;
    125 
    126 	if (udpinfo->spts[0] != 0
    127 	    || udpinfo->spts[1] != 0xFFFF) {
    128 		if (udpinfo->invflags & XT_UDP_INV_SRCPT)
    129 			printf(" !");
    130 		if (udpinfo->spts[0]
    131 		    != udpinfo->spts[1])
    132 			printf(" --sport %u:%u",
    133 			       udpinfo->spts[0],
    134 			       udpinfo->spts[1]);
    135 		else
    136 			printf(" --sport %u",
    137 			       udpinfo->spts[0]);
    138 	}
    139 
    140 	if (udpinfo->dpts[0] != 0
    141 	    || udpinfo->dpts[1] != 0xFFFF) {
    142 		if (udpinfo->invflags & XT_UDP_INV_DSTPT)
    143 			printf(" !");
    144 		if (udpinfo->dpts[0]
    145 		    != udpinfo->dpts[1])
    146 			printf(" --dport %u:%u",
    147 			       udpinfo->dpts[0],
    148 			       udpinfo->dpts[1]);
    149 		else
    150 			printf(" --dport %u",
    151 			       udpinfo->dpts[0]);
    152 	}
    153 }
    154 
    155 static struct xtables_match udp_match = {
    156 	.family		= NFPROTO_UNSPEC,
    157 	.name		= "udp",
    158 	.version	= XTABLES_VERSION,
    159 	.size		= XT_ALIGN(sizeof(struct xt_udp)),
    160 	.userspacesize	= XT_ALIGN(sizeof(struct xt_udp)),
    161 	.help		= udp_help,
    162 	.init		= udp_init,
    163 	.print		= udp_print,
    164 	.save		= udp_save,
    165 	.x6_parse	= udp_parse,
    166 	.x6_options	= udp_opts,
    167 };
    168 
    169 void
    170 _init(void)
    171 {
    172 	xtables_register_match(&udp_match);
    173 }
    174