1 #include <stdio.h> 2 #include <xtables.h> 3 #include <linux/netfilter/xt_esp.h> 4 5 enum { 6 O_ESPSPI = 0, 7 }; 8 9 static void esp_help(void) 10 { 11 printf( 12 "esp match options:\n" 13 "[!] --espspi spi[:spi]\n" 14 " match spi (range)\n"); 15 } 16 17 static const struct xt_option_entry esp_opts[] = { 18 {.name = "espspi", .id = O_ESPSPI, .type = XTTYPE_UINT32RC, 19 .flags = XTOPT_INVERT | XTOPT_PUT, 20 XTOPT_POINTER(struct xt_esp, spis)}, 21 XTOPT_TABLEEND, 22 }; 23 24 static void esp_init(struct xt_entry_match *m) 25 { 26 struct xt_esp *espinfo = (void *)m->data; 27 28 espinfo->spis[1] = ~0U; 29 } 30 31 static void esp_parse(struct xt_option_call *cb) 32 { 33 struct xt_esp *espinfo = cb->data; 34 35 xtables_option_parse(cb); 36 if (cb->nvals == 1) 37 espinfo->spis[1] = espinfo->spis[0]; 38 if (cb->invert) 39 espinfo->invflags |= XT_ESP_INV_SPI; 40 } 41 42 static void 43 print_spis(const char *name, uint32_t min, uint32_t max, 44 int invert) 45 { 46 const char *inv = invert ? "!" : ""; 47 48 if (min != 0 || max != 0xFFFFFFFF || invert) { 49 if (min == max) 50 printf(" %s:%s%u", name, inv, min); 51 else 52 printf(" %ss:%s%u:%u", name, inv, min, max); 53 } 54 } 55 56 static void 57 esp_print(const void *ip, const struct xt_entry_match *match, int numeric) 58 { 59 const struct xt_esp *esp = (struct xt_esp *)match->data; 60 61 printf(" esp"); 62 print_spis("spi", esp->spis[0], esp->spis[1], 63 esp->invflags & XT_ESP_INV_SPI); 64 if (esp->invflags & ~XT_ESP_INV_MASK) 65 printf(" Unknown invflags: 0x%X", 66 esp->invflags & ~XT_ESP_INV_MASK); 67 } 68 69 static void esp_save(const void *ip, const struct xt_entry_match *match) 70 { 71 const struct xt_esp *espinfo = (struct xt_esp *)match->data; 72 73 if (!(espinfo->spis[0] == 0 74 && espinfo->spis[1] == 0xFFFFFFFF)) { 75 printf("%s --espspi ", 76 (espinfo->invflags & XT_ESP_INV_SPI) ? " !" : ""); 77 if (espinfo->spis[0] 78 != espinfo->spis[1]) 79 printf("%u:%u", 80 espinfo->spis[0], 81 espinfo->spis[1]); 82 else 83 printf("%u", 84 espinfo->spis[0]); 85 } 86 87 } 88 89 static int esp_xlate(struct xt_xlate *xl, 90 const struct xt_xlate_mt_params *params) 91 { 92 const struct xt_esp *espinfo = (struct xt_esp *)params->match->data; 93 94 if (!(espinfo->spis[0] == 0 && espinfo->spis[1] == 0xFFFFFFFF)) { 95 xt_xlate_add(xl, "esp spi%s", 96 (espinfo->invflags & XT_ESP_INV_SPI) ? " !=" : ""); 97 if (espinfo->spis[0] != espinfo->spis[1]) 98 xt_xlate_add(xl, " %u-%u", espinfo->spis[0], 99 espinfo->spis[1]); 100 else 101 xt_xlate_add(xl, " %u", espinfo->spis[0]); 102 } 103 104 return 1; 105 } 106 107 static struct xtables_match esp_match = { 108 .family = NFPROTO_UNSPEC, 109 .name = "esp", 110 .version = XTABLES_VERSION, 111 .size = XT_ALIGN(sizeof(struct xt_esp)), 112 .userspacesize = XT_ALIGN(sizeof(struct xt_esp)), 113 .help = esp_help, 114 .init = esp_init, 115 .print = esp_print, 116 .save = esp_save, 117 .x6_parse = esp_parse, 118 .x6_options = esp_opts, 119 .xlate = esp_xlate, 120 }; 121 122 void 123 _init(void) 124 { 125 xtables_register_match(&esp_match); 126 } 127
