Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / 7ac405297ec38449b30e3b05fd6bf2082fd3d803 / . / extensions / libxt_multiport.c
blob: 9ed5931d3c66e2a002745183e6a6e8b23ff38f89 [file] [log] [blame]
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]1/* Shared library add-on to iptables to add multiple TCP port support. */
Jan Engelhardt32b8e612010-07-23 21:16:14 +0200[diff] [blame]2#include <stdbool.h>
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]3#include <stdio.h>
4#include <netdb.h>
5#include <string.h>
6#include <stdlib.h>
7#include <getopt.h>
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]8
9#include <xtables.h>
10#include <libiptc/libiptc.h>
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]11#include <libiptc/libip6tc.h>
Jan Engelhardt4e418542009-02-21 03:46:37 +0100[diff] [blame]12#include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
Jan Engelhardtafe6b352009-02-21 03:44:36 +0100[diff] [blame]13#include <linux/netfilter_ipv4/ip_tables.h>
Jan Engelhardt2bc9d342009-02-21 03:40:27 +0100[diff] [blame]14#include <linux/netfilter_ipv6/ip6_tables.h>
Jan Engelhardta2a7f2b2008-09-01 14:20:13 +0200[diff] [blame]15#include <linux/netfilter/xt_multiport.h>
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]16
17/* Function which prints out usage message. */
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]18static void multiport_help(void)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]19{
20 printf(
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]21"multiport match options:\n"
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]22" --source-ports port[,port,port...]\n"
23" --sports ...\n"
24" match source port(s)\n"
25" --destination-ports port[,port,port...]\n"
26" --dports ...\n"
27" match destination port(s)\n"
28" --ports port[,port,port]\n"
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]29" match both source and destination port(s)\n"
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]30" NOTE: this kernel does not support port ranges in multiport.\n");
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]31}
32
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]33static void multiport_help_v1(void)
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]34{
35 printf(
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]36"multiport match options:\n"
Jan Engelhardt96727922008-08-13 14:42:41 +0200[diff] [blame]37"[!] --source-ports port[,port:port,port...]\n"
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]38" --sports ...\n"
39" match source port(s)\n"
Jan Engelhardt96727922008-08-13 14:42:41 +0200[diff] [blame]40"[!] --destination-ports port[,port:port,port...]\n"
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]41" --dports ...\n"
42" match destination port(s)\n"
Jan Engelhardt96727922008-08-13 14:42:41 +0200[diff] [blame]43"[!] --ports port[,port:port,port]\n"
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]44" match both source and destination port(s)\n");
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]45}
46
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]47static const struct option multiport_opts[] = {
Jan Engelhardt32b8e612010-07-23 21:16:14 +0200[diff] [blame]48 {.name = "source-ports", .has_arg = true, .val = '1'},
49 {.name = "sports", .has_arg = true, .val = '1'}, /* synonym */
50 {.name = "destination-ports", .has_arg = true, .val = '2'},
51 {.name = "dports", .has_arg = true, .val = '2'}, /* synonym */
52 {.name = "ports", .has_arg = true, .val = '3'},
53 XT_GETOPT_TABLEEND,
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]54};
55
Patrick McHardyJesper Brouerc1eae412006-07-25 01:50:48 +0000[diff] [blame]56static char *
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]57proto_to_name(uint8_t proto)
Patrick McHardyJesper Brouerc1eae412006-07-25 01:50:48 +0000[diff] [blame]58{
59 switch (proto) {
60 case IPPROTO_TCP:
61 return "tcp";
62 case IPPROTO_UDP:
63 return "udp";
Patrick McHardy95616062007-01-11 09:08:22 +0000[diff] [blame]64 case IPPROTO_UDPLITE:
65 return "udplite";
Patrick McHardyJesper Brouerc1eae412006-07-25 01:50:48 +0000[diff] [blame]66 case IPPROTO_SCTP:
67 return "sctp";
68 case IPPROTO_DCCP:
69 return "dccp";
70 default:
71 return NULL;
72 }
73}
74
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]75static unsigned int
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]76parse_multi_ports(const char *portstring, uint16_t *ports, const char *proto)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]77{
78 char *buffer, *cp, *next;
79 unsigned int i;
80
81 buffer = strdup(portstring);
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]82 if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]83
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]84 for (cp=buffer, i=0; cp && i<XT_MULTI_PORTS; cp=next,i++)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]85 {
86 next=strchr(cp, ',');
87 if (next) *next++='\0';
Jan Engelhardtaae6be92009-01-30 04:24:47 +0100[diff] [blame]88 ports[i] = xtables_parse_port(cp, proto);
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]89 }
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]90 if (cp) xtables_error(PARAMETER_PROBLEM, "too many ports specified");
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]91 free(buffer);
92 return i;
93}
94
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]95static void
96parse_multi_ports_v1(const char *portstring,
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]97 struct xt_multiport_v1 *multiinfo,
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]98 const char *proto)
99{
100 char *buffer, *cp, *next, *range;
101 unsigned int i;
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]102 uint16_t m;
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]103
104 buffer = strdup(portstring);
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]105 if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]106
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]107 for (i=0; i<XT_MULTI_PORTS; i++)
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]108 multiinfo->pflags[i] = 0;
109
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]110 for (cp=buffer, i=0; cp && i<XT_MULTI_PORTS; cp=next, i++) {
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]111 next=strchr(cp, ',');
112 if (next) *next++='\0';
113 range = strchr(cp, ':');
114 if (range) {
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]115 if (i == XT_MULTI_PORTS-1)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]116 xtables_error(PARAMETER_PROBLEM,
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]117 "too many ports specified");
118 *range++ = '\0';
119 }
Jan Engelhardtaae6be92009-01-30 04:24:47 +0100[diff] [blame]120 multiinfo->ports[i] = xtables_parse_port(cp, proto);
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]121 if (range) {
122 multiinfo->pflags[i] = 1;
Jan Engelhardtaae6be92009-01-30 04:24:47 +0100[diff] [blame]123 multiinfo->ports[++i] = xtables_parse_port(range, proto);
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]124 if (multiinfo->ports[i-1] >= multiinfo->ports[i])
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]125 xtables_error(PARAMETER_PROBLEM,
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]126 "invalid portrange specified");
127 m <<= 1;
128 }
129 }
130 multiinfo->count = i;
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]131 if (cp) xtables_error(PARAMETER_PROBLEM, "too many ports specified");
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]132 free(buffer);
133}
134
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]135static const char *
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]136check_proto(uint16_t pnum, uint8_t invflags)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]137{
Patrick McHardy2452baf2006-04-28 08:10:08 +0000[diff] [blame]138 char *proto;
139
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]140 if (invflags & XT_INV_PROTO)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]141 xtables_error(PARAMETER_PROBLEM,
Patrick McHardy95616062007-01-11 09:08:22 +0000[diff] [blame]142 "multiport only works with TCP, UDP, UDPLITE, SCTP and DCCP");
Rusty Russell225f4622005-01-03 09:51:58 +0000[diff] [blame]143
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]144 if ((proto = proto_to_name(pnum)) != NULL)
Patrick McHardy2452baf2006-04-28 08:10:08 +0000[diff] [blame]145 return proto;
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]146 else if (!pnum)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]147 xtables_error(PARAMETER_PROBLEM,
Patrick McHardy95616062007-01-11 09:08:22 +0000[diff] [blame]148 "multiport needs `-p tcp', `-p udp', `-p udplite', "
149 "`-p sctp' or `-p dccp'");
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]150 else
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]151 xtables_error(PARAMETER_PROBLEM,
Patrick McHardy95616062007-01-11 09:08:22 +0000[diff] [blame]152 "multiport only works with TCP, UDP, UDPLITE, SCTP and DCCP");
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]153}
154
155/* Function which parses command options; returns true if it
156 ate an option */
157static int
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]158__multiport_parse(int c, char **argv, int invert, unsigned int *flags,
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]159 struct xt_entry_match **match, uint16_t pnum,
160 uint8_t invflags)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]161{
162 const char *proto;
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]163 struct xt_multiport *multiinfo
164 = (struct xt_multiport *)(*match)->data;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]165
166 switch (c) {
167 case '1':
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]168 xtables_check_inverse(optarg, &invert, &optind, 0, argv);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]169 proto = check_proto(pnum, invflags);
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]170 multiinfo->count = parse_multi_ports(optarg,
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]171 multiinfo->ports, proto);
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]172 multiinfo->flags = XT_MULTIPORT_SOURCE;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]173 break;
174
175 case '2':
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]176 xtables_check_inverse(optarg, &invert, &optind, 0, argv);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]177 proto = check_proto(pnum, invflags);
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]178 multiinfo->count = parse_multi_ports(optarg,
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]179 multiinfo->ports, proto);
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]180 multiinfo->flags = XT_MULTIPORT_DESTINATION;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]181 break;
182
183 case '3':
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]184 xtables_check_inverse(optarg, &invert, &optind, 0, argv);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]185 proto = check_proto(pnum, invflags);
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]186 multiinfo->count = parse_multi_ports(optarg,
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]187 multiinfo->ports, proto);
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]188 multiinfo->flags = XT_MULTIPORT_EITHER;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]189 break;
190
191 default:
192 return 0;
193 }
194
Patrick McHardyd0a2e8a2004-09-18 17:43:36 +0000[diff] [blame]195 if (invert)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]196 xtables_error(PARAMETER_PROBLEM,
Patrick McHardyd0a2e8a2004-09-18 17:43:36 +0000[diff] [blame]197 "multiport does not support invert");
198
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]199 if (*flags)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]200 xtables_error(PARAMETER_PROBLEM,
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]201 "multiport can only have one option");
202 *flags = 1;
203 return 1;
204}
205
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]206static int
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]207multiport_parse(int c, char **argv, int invert, unsigned int *flags,
208 const void *e, struct xt_entry_match **match)
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]209{
Yasuyuki KOZAKAIac8b2712007-07-24 06:06:59 +0000[diff] [blame]210 const struct ipt_entry *entry = e;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]211 return __multiport_parse(c, argv, invert, flags, match,
212 entry->ip.proto, entry->ip.invflags);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]213}
214
215static int
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]216multiport_parse6(int c, char **argv, int invert, unsigned int *flags,
217 const void *e, struct xt_entry_match **match)
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]218{
Jan Engelhardtecd48dd2009-06-08 15:46:52 +0200[diff] [blame]219 const struct ip6t_entry *entry = e;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]220 return __multiport_parse(c, argv, invert, flags, match,
221 entry->ipv6.proto, entry->ipv6.invflags);
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]222}
223
224static int
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]225__multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags,
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]226 struct xt_entry_match **match, uint16_t pnum,
227 uint8_t invflags)
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]228{
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]229 const char *proto;
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]230 struct xt_multiport_v1 *multiinfo
231 = (struct xt_multiport_v1 *)(*match)->data;
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]232
233 switch (c) {
234 case '1':
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]235 xtables_check_inverse(optarg, &invert, &optind, 0, argv);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]236 proto = check_proto(pnum, invflags);
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]237 parse_multi_ports_v1(optarg, multiinfo, proto);
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]238 multiinfo->flags = XT_MULTIPORT_SOURCE;
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]239 break;
240
241 case '2':
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]242 xtables_check_inverse(optarg, &invert, &optind, 0, argv);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]243 proto = check_proto(pnum, invflags);
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]244 parse_multi_ports_v1(optarg, multiinfo, proto);
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]245 multiinfo->flags = XT_MULTIPORT_DESTINATION;
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]246 break;
247
248 case '3':
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]249 xtables_check_inverse(optarg, &invert, &optind, 0, argv);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]250 proto = check_proto(pnum, invflags);
Jan Engelhardtbbe83862009-10-24 00:45:33 +0200[diff] [blame]251 parse_multi_ports_v1(optarg, multiinfo, proto);
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]252 multiinfo->flags = XT_MULTIPORT_EITHER;
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]253 break;
254
255 default:
256 return 0;
257 }
258
259 if (invert)
Phil Oesterb2eedcd2005-02-02 19:20:15 +0000[diff] [blame]260 multiinfo->invert = 1;
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]261
262 if (*flags)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]263 xtables_error(PARAMETER_PROBLEM,
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]264 "multiport can only have one option");
265 *flags = 1;
266 return 1;
267}
268
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]269static int
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]270multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags,
271 const void *e, struct xt_entry_match **match)
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]272{
273 const struct ipt_entry *entry = e;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]274 return __multiport_parse_v1(c, argv, invert, flags, match,
275 entry->ip.proto, entry->ip.invflags);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]276}
277
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]278static int
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]279multiport_parse6_v1(int c, char **argv, int invert, unsigned int *flags,
280 const void *e, struct xt_entry_match **match)
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]281{
Jan Engelhardtecd48dd2009-06-08 15:46:52 +0200[diff] [blame]282 const struct ip6t_entry *entry = e;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]283 return __multiport_parse_v1(c, argv, invert, flags, match,
284 entry->ipv6.proto, entry->ipv6.invflags);
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]285}
286
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]287/* Final check; must specify something. */
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]288static void multiport_check(unsigned int flags)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]289{
290 if (!flags)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]291 xtables_error(PARAMETER_PROBLEM, "multiport expection an option");
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]292}
293
294static char *
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]295port_to_service(int port, uint8_t proto)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]296{
297 struct servent *service;
298
Patrick McHardyJesper Brouerc1eae412006-07-25 01:50:48 +0000[diff] [blame]299 if ((service = getservbyport(htons(port), proto_to_name(proto))))
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]300 return service->s_name;
301
302 return NULL;
303}
304
305static void
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]306print_port(uint16_t port, uint8_t protocol, int numeric)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]307{
308 char *service;
309
310 if (numeric || (service = port_to_service(port, protocol)) == NULL)
311 printf("%u", port);
312 else
313 printf("%s", service);
314}
315
316/* Prints out the matchinfo. */
317static void
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]318__multiport_print(const struct xt_entry_match *match, int numeric,
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]319 uint16_t proto)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]320{
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]321 const struct xt_multiport *multiinfo
322 = (const struct xt_multiport *)match->data;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]323 unsigned int i;
324
325 printf("multiport ");
326
327 switch (multiinfo->flags) {
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]328 case XT_MULTIPORT_SOURCE:
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]329 printf("sports ");
330 break;
331
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]332 case XT_MULTIPORT_DESTINATION:
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]333 printf("dports ");
334 break;
335
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]336 case XT_MULTIPORT_EITHER:
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]337 printf("ports ");
338 break;
339
340 default:
341 printf("ERROR ");
342 break;
343 }
344
345 for (i=0; i < multiinfo->count; i++) {
346 printf("%s", i ? "," : "");
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]347 print_port(multiinfo->ports[i], proto, numeric);
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]348 }
349 printf(" ");
350}
351
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]352static void multiport_print(const void *ip_void,
353 const struct xt_entry_match *match, int numeric)
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]354{
Yasuyuki KOZAKAIac8b2712007-07-24 06:06:59 +0000[diff] [blame]355 const struct ipt_ip *ip = ip_void;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]356 __multiport_print(match, numeric, ip->proto);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]357}
358
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]359static void multiport_print6(const void *ip_void,
360 const struct xt_entry_match *match, int numeric)
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]361{
Jan Engelhardtecd48dd2009-06-08 15:46:52 +0200[diff] [blame]362 const struct ip6t_ip6 *ip = ip_void;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]363 __multiport_print(match, numeric, ip->proto);
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]364}
365
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]366static void __multiport_print_v1(const struct xt_entry_match *match,
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]367 int numeric, uint16_t proto)
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]368{
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]369 const struct xt_multiport_v1 *multiinfo
370 = (const struct xt_multiport_v1 *)match->data;
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]371 unsigned int i;
372
373 printf("multiport ");
374
375 switch (multiinfo->flags) {
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]376 case XT_MULTIPORT_SOURCE:
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]377 printf("sports ");
378 break;
379
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]380 case XT_MULTIPORT_DESTINATION:
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]381 printf("dports ");
382 break;
383
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]384 case XT_MULTIPORT_EITHER:
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]385 printf("ports ");
386 break;
387
388 default:
389 printf("ERROR ");
390 break;
391 }
392
Phil Oesterb2eedcd2005-02-02 19:20:15 +0000[diff] [blame]393 if (multiinfo->invert)
394 printf("! ");
395
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]396 for (i=0; i < multiinfo->count; i++) {
397 printf("%s", i ? "," : "");
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]398 print_port(multiinfo->ports[i], proto, numeric);
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]399 if (multiinfo->pflags[i]) {
400 printf(":");
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]401 print_port(multiinfo->ports[++i], proto, numeric);
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]402 }
403 }
404 printf(" ");
405}
406
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]407static void multiport_print_v1(const void *ip_void,
408 const struct xt_entry_match *match, int numeric)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]409{
Yasuyuki KOZAKAIac8b2712007-07-24 06:06:59 +0000[diff] [blame]410 const struct ipt_ip *ip = ip_void;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]411 __multiport_print_v1(match, numeric, ip->proto);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]412}
413
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]414static void multiport_print6_v1(const void *ip_void,
415 const struct xt_entry_match *match, int numeric)
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]416{
Jan Engelhardtecd48dd2009-06-08 15:46:52 +0200[diff] [blame]417 const struct ip6t_ip6 *ip = ip_void;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]418 __multiport_print_v1(match, numeric, ip->proto);
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]419}
420
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]421/* Saves the union ipt_matchinfo in parsable form to stdout. */
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]422static void __multiport_save(const struct xt_entry_match *match,
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]423 uint16_t proto)
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]424{
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]425 const struct xt_multiport *multiinfo
426 = (const struct xt_multiport *)match->data;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]427 unsigned int i;
428
429 switch (multiinfo->flags) {
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]430 case XT_MULTIPORT_SOURCE:
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]431 printf("--sports ");
432 break;
433
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]434 case XT_MULTIPORT_DESTINATION:
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]435 printf("--dports ");
436 break;
437
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]438 case XT_MULTIPORT_EITHER:
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]439 printf("--ports ");
440 break;
441 }
442
443 for (i=0; i < multiinfo->count; i++) {
444 printf("%s", i ? "," : "");
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]445 print_port(multiinfo->ports[i], proto, 1);
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]446 }
447 printf(" ");
448}
449
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]450static void multiport_save(const void *ip_void,
451 const struct xt_entry_match *match)
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]452{
Yasuyuki KOZAKAIac8b2712007-07-24 06:06:59 +0000[diff] [blame]453 const struct ipt_ip *ip = ip_void;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]454 __multiport_save(match, ip->proto);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]455}
456
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]457static void multiport_save6(const void *ip_void,
458 const struct xt_entry_match *match)
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]459{
Jan Engelhardtecd48dd2009-06-08 15:46:52 +0200[diff] [blame]460 const struct ip6t_ip6 *ip = ip_void;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]461 __multiport_save(match, ip->proto);
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]462}
463
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]464static void __multiport_save_v1(const struct xt_entry_match *match,
Jan Engelhardt7ac40522011-01-07 12:34:04 +0100[diff] [blame^]465 uint16_t proto)
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]466{
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]467 const struct xt_multiport_v1 *multiinfo
468 = (const struct xt_multiport_v1 *)match->data;
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]469 unsigned int i;
470
Jan Engelhardtcea9f712008-12-09 15:06:20 +0100[diff] [blame]471 if (multiinfo->invert)
472 printf("! ");
473
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]474 switch (multiinfo->flags) {
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]475 case XT_MULTIPORT_SOURCE:
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]476 printf("--sports ");
477 break;
478
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]479 case XT_MULTIPORT_DESTINATION:
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]480 printf("--dports ");
481 break;
482
Yasuyuki KOZAKAIeb6e65e2007-07-24 06:45:03 +0000[diff] [blame]483 case XT_MULTIPORT_EITHER:
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]484 printf("--ports ");
485 break;
486 }
487
488 for (i=0; i < multiinfo->count; i++) {
489 printf("%s", i ? "," : "");
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]490 print_port(multiinfo->ports[i], proto, 1);
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]491 if (multiinfo->pflags[i]) {
492 printf(":");
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]493 print_port(multiinfo->ports[++i], proto, 1);
Pablo Neira5df95472005-01-03 09:37:07 +0000[diff] [blame]494 }
495 }
496 printf(" ");
497}
498
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]499static void multiport_save_v1(const void *ip_void,
500 const struct xt_entry_match *match)
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]501{
502 const struct ipt_ip *ip = ip_void;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]503 __multiport_save_v1(match, ip->proto);
Yasuyuki KOZAKAIf451b572007-07-24 06:46:08 +0000[diff] [blame]504}
505
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]506static void multiport_save6_v1(const void *ip_void,
507 const struct xt_entry_match *match)
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]508{
Jan Engelhardtecd48dd2009-06-08 15:46:52 +0200[diff] [blame]509 const struct ip6t_ip6 *ip = ip_void;
Jan Engelhardt181dead2007-10-04 16:27:07 +0000[diff] [blame]510 __multiport_save_v1(match, ip->proto);
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]511}
512
Jan Engelhardtf2a77522009-06-25 20:12:12 +0200[diff] [blame]513static struct xtables_match multiport_mt_reg[] = {
514 {
515 .family = NFPROTO_IPV4,
516 .name = "multiport",
517 .revision = 0,
518 .version = XTABLES_VERSION,
519 .size = XT_ALIGN(sizeof(struct xt_multiport)),
520 .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
521 .help = multiport_help,
522 .parse = multiport_parse,
523 .final_check = multiport_check,
524 .print = multiport_print,
525 .save = multiport_save,
526 .extra_opts = multiport_opts,
527 },
528 {
529 .family = NFPROTO_IPV6,
530 .name = "multiport",
531 .revision = 0,
532 .version = XTABLES_VERSION,
533 .size = XT_ALIGN(sizeof(struct xt_multiport)),
534 .userspacesize = XT_ALIGN(sizeof(struct xt_multiport)),
535 .help = multiport_help,
536 .parse = multiport_parse6,
537 .final_check = multiport_check,
538 .print = multiport_print6,
539 .save = multiport_save6,
540 .extra_opts = multiport_opts,
541 },
542 {
543 .family = NFPROTO_IPV4,
544 .name = "multiport",
545 .version = XTABLES_VERSION,
546 .revision = 1,
547 .size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
548 .userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
549 .help = multiport_help_v1,
550 .parse = multiport_parse_v1,
551 .final_check = multiport_check,
552 .print = multiport_print_v1,
553 .save = multiport_save_v1,
554 .extra_opts = multiport_opts,
555 },
556 {
557 .family = NFPROTO_IPV6,
558 .name = "multiport",
559 .version = XTABLES_VERSION,
560 .revision = 1,
561 .size = XT_ALIGN(sizeof(struct xt_multiport_v1)),
562 .userspacesize = XT_ALIGN(sizeof(struct xt_multiport_v1)),
563 .help = multiport_help_v1,
564 .parse = multiport_parse6_v1,
565 .final_check = multiport_check,
566 .print = multiport_print6_v1,
567 .save = multiport_save6_v1,
568 .extra_opts = multiport_opts,
569 },
Yasuyuki KOZAKAIdf2cf4f2007-07-24 06:49:15 +0000[diff] [blame]570};
571
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]572void
573_init(void)
574{
Jan Engelhardtf2a77522009-06-25 20:12:12 +0200[diff] [blame]575 xtables_register_matches(multiport_mt_reg, ARRAY_SIZE(multiport_mt_reg));
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]576}