libxt_sctp.c revision 181dead3f13befe02769ef479bcbb51801b7fc4e
13810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy/* Shared library add-on to iptables for SCTP matching 23810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * 33810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * (C) 2003 by Harald Welte <laforge@gnumonks.org> 43810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * 53810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * This program is distributed under the terms of GNU GPL v2, 1991 63810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * 73810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * libipt_ecn.c borrowed heavily from libipt_dscp.c 83810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * 93810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy */ 103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <stdio.h> 113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <string.h> 123810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <stdlib.h> 133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <getopt.h> 143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <netdb.h> 153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <ctype.h> 163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1719f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI#include <xtables.h> 183810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 193810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#ifndef ARRAY_SIZE 203810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) 213810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#endif 223810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 233810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <linux/netfilter/xt_sctp.h> 243810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 253810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy/* Some ZS!#@:$%*#$! has replaced the ELEMCOUNT macro in ipt_sctp.h with 263810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * ARRAY_SIZE without noticing that this file is used from userserspace, 273810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * and userspace doesn't have ARRAY_SIZE */ 283810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 293810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#ifndef ELEMCOUNT 303810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#define ELEMCOUNT ARRAY_SIZE 313810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#endif 323810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 333810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#if 0 343810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#define DEBUGP(format, first...) printf(format, ##first) 353810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#define static 363810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#else 373810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#define DEBUGP(format, fist...) 383810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#endif 393810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 403810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 413810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_chunk(u_int32_t chunknum, int numeric); 423810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy/* Initialize the match. */ 44181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardtstatic void sctp_init(struct xt_entry_match *m) 453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int i; 473810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy struct xt_sctp_info *einfo = (struct xt_sctp_info *)m->data; 483810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy memset(einfo, 0, sizeof(struct xt_sctp_info)); 503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 513810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 0; i < XT_NUM_SCTP_FLAGS; i++) { 523810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flag_info[i].chunktype = -1; 533810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 543810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 553810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 56181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardtstatic void sctp_help(void) 573810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 583810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf( 593810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy"SCTP match v%s options\n" 603810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" --source-port [!] port[:port] match source port(s)\n" 613810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" --sport ...\n" 623810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" --destination-port [!] port[:port] match destination port(s)\n" 633810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" --dport ...\n" 643810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" --chunk-types [!] (all|any|none) (chunktype[:flags])+ match if all, any or none of\n" 653810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" chunktypes are present\n" 663810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy"chunktypes - DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE ASCONF ASCONF_ACK ALL NONE\n", 673810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy IPTABLES_VERSION); 683810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 693810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 70181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardtstatic const struct option sctp_opts[] = { 71500f483fff529dcd88ec96b9d5054be6cd6363a0Patrick McHardy { .name = "source-port", .has_arg = 1, .val = '1' }, 72500f483fff529dcd88ec96b9d5054be6cd6363a0Patrick McHardy { .name = "sport", .has_arg = 1, .val = '1' }, 73500f483fff529dcd88ec96b9d5054be6cd6363a0Patrick McHardy { .name = "destination-port", .has_arg = 1, .val = '2' }, 74500f483fff529dcd88ec96b9d5054be6cd6363a0Patrick McHardy { .name = "dport", .has_arg = 1, .val = '2' }, 75500f483fff529dcd88ec96b9d5054be6cd6363a0Patrick McHardy { .name = "chunk-types", .has_arg = 1, .val = '3' }, 76500f483fff529dcd88ec96b9d5054be6cd6363a0Patrick McHardy { } 773810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy}; 783810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 793810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 803810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyparse_sctp_ports(const char *portstring, 813810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy u_int16_t *ports) 823810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 833810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *buffer; 843810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *cp; 853810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 863810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy buffer = strdup(portstring); 873810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("%s\n", portstring); 883810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if ((cp = strchr(buffer, ':')) == NULL) { 893810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy ports[0] = ports[1] = parse_port(buffer, "sctp"); 903810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 913810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy else { 923810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy *cp = '\0'; 933810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy cp++; 943810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 953810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy ports[0] = buffer[0] ? parse_port(buffer, "sctp") : 0; 963810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy ports[1] = cp[0] ? parse_port(cp, "sctp") : 0xFFFF; 973810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 983810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (ports[0] > ports[1]) 993810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 1003810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "invalid portrange (min > max)"); 1013810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1023810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy free(buffer); 1033810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 1043810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1053810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystruct sctp_chunk_names { 1063810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *name; 1073810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy unsigned int chunk_type; 1083810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *valid_flags; 1093810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy}; 1103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy/*'ALL' and 'NONE' will be treated specially. */ 1120e2abed11985e16215559cefd90625f99317b96cJan Engelhardtstatic const struct sctp_chunk_names sctp_chunk_names[] 1133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy= { { .name = "DATA", .chunk_type = 0, .valid_flags = "-----UBE"}, 1143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "INIT", .chunk_type = 1, .valid_flags = "--------"}, 1153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "INIT_ACK", .chunk_type = 2, .valid_flags = "--------"}, 1163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "SACK", .chunk_type = 3, .valid_flags = "--------"}, 1173810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "HEARTBEAT", .chunk_type = 4, .valid_flags = "--------"}, 1183810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "HEARTBEAT_ACK", .chunk_type = 5, .valid_flags = "--------"}, 1193810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ABORT", .chunk_type = 6, .valid_flags = "-------T"}, 1203810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "SHUTDOWN", .chunk_type = 7, .valid_flags = "--------"}, 1213810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "SHUTDOWN_ACK", .chunk_type = 8, .valid_flags = "--------"}, 1223810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ERROR", .chunk_type = 9, .valid_flags = "--------"}, 1233810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "COOKIE_ECHO", .chunk_type = 10, .valid_flags = "--------"}, 1243810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "COOKIE_ACK", .chunk_type = 11, .valid_flags = "--------"}, 1253810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ECN_ECNE", .chunk_type = 12, .valid_flags = "--------"}, 1263810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ECN_CWR", .chunk_type = 13, .valid_flags = "--------"}, 1273810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "SHUTDOWN_COMPLETE", .chunk_type = 14, .valid_flags = "-------T"}, 1283810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ASCONF", .chunk_type = 31, .valid_flags = "--------"}, 1293810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ASCONF_ACK", .chunk_type = 30, .valid_flags = "--------"}, 1303810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy}; 1313810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1323810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 1333810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardysave_chunk_flag_info(struct xt_sctp_flag_info *flag_info, 1343810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int *flag_count, 1353810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int chunktype, 1363810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int bit, 1373810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int set) 1383810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 1393810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int i; 1403810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1413810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 0; i < *flag_count; i++) { 1423810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (flag_info[i].chunktype == chunktype) { 1433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Previous match found\n"); 1443810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[i].chunktype = chunktype; 1453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[i].flag_mask |= (1 << bit); 1463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (set) { 1473810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[i].flag |= (1 << bit); 1483810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return; 1513810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1523810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1533810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1543810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (*flag_count == XT_NUM_SCTP_FLAGS) { 1553810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error (PARAMETER_PROBLEM, 1563810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Number of chunk types with flags exceeds currently allowed limit." 15719f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI "Increasing this limit involves changing IPT_NUM_SCTP_FLAGS and" 1583810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "recompiling both the kernel space and user space modules\n"); 1593810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1603810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1613810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[*flag_count].chunktype = chunktype; 1623810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[*flag_count].flag_mask |= (1 << bit); 1633810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (set) { 1643810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[*flag_count].flag |= (1 << bit); 1653810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1663810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy (*flag_count)++; 1673810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 1683810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1693810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 1703810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyparse_sctp_chunk(struct xt_sctp_info *einfo, 1713810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *chunks) 1723810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 1733810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *ptr; 1743810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *buffer; 1753810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy unsigned int i, j; 1763810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int found = 0; 1773810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *chunk_flags; 1783810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1793810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy buffer = strdup(chunks); 1803810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Buffer: %s\n", buffer); 1813810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1823810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy SCTP_CHUNKMAP_RESET(einfo->chunkmap); 1833810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1843810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (!strcasecmp(buffer, "ALL")) { 1853810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy SCTP_CHUNKMAP_SET_ALL(einfo->chunkmap); 1863810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy goto out; 1873810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1883810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1893810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (!strcasecmp(buffer, "NONE")) { 1903810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy SCTP_CHUNKMAP_RESET(einfo->chunkmap); 1913810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy goto out; 1923810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1933810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1943810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (ptr = strtok(buffer, ","); ptr; ptr = strtok(NULL, ",")) { 1953810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy found = 0; 1963810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Next Chunk type %s\n", ptr); 1973810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1983810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if ((chunk_flags = strchr(ptr, ':')) != NULL) { 1993810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy *chunk_flags++ = 0; 2003810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2013810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2023810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 0; i < ELEMCOUNT(sctp_chunk_names); i++) { 2033810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (strcasecmp(sctp_chunk_names[i].name, ptr) == 0) { 2043810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Chunk num %d\n", sctp_chunk_names[i].chunk_type); 2053810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy SCTP_CHUNKMAP_SET(einfo->chunkmap, 2063810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy sctp_chunk_names[i].chunk_type); 2073810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy found = 1; 2083810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy break; 2093810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (!found) 2123810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 2133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Unknown sctp chunk `%s'", ptr); 2143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (chunk_flags) { 2163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Chunk flags %s\n", chunk_flags); 2173810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (j = 0; j < strlen(chunk_flags); j++) { 2183810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *p; 2193810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int bit; 2203810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2213810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if ((p = strchr(sctp_chunk_names[i].valid_flags, 2223810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy toupper(chunk_flags[j]))) != NULL) { 2233810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy bit = p - sctp_chunk_names[i].valid_flags; 2243810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy bit = 7 - bit; 2253810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2263810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy save_chunk_flag_info(einfo->flag_info, 2273810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy &(einfo->flag_count), i, bit, 2283810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy isupper(chunk_flags[j])); 2293810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else { 2303810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 2313810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Invalid flags for chunk type %d\n", i); 2323810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2333810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2343810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2353810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2363810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyout: 2373810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy free(buffer); 2383810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 2393810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2403810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 2413810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyparse_sctp_chunks(struct xt_sctp_info *einfo, 2423810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *match_type, 2433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *chunks) 2443810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 2453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Match type: %s Chunks: %s\n", match_type, chunks); 2463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (!strcasecmp(match_type, "ANY")) { 2473810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->chunk_match_type = SCTP_CHUNK_MATCH_ANY; 2483810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else if (!strcasecmp(match_type, "ALL")) { 2493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->chunk_match_type = SCTP_CHUNK_MATCH_ALL; 2503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else if (!strcasecmp(match_type, "ONLY")) { 2513810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->chunk_match_type = SCTP_CHUNK_MATCH_ONLY; 2523810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else { 2533810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error (PARAMETER_PROBLEM, 2543810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Match type has to be one of \"ALL\", \"ANY\" or \"ONLY\""); 2553810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2563810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2573810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy SCTP_CHUNKMAP_RESET(einfo->chunkmap); 2583810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy parse_sctp_chunk(einfo, chunks); 2593810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 2603810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2613810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic int 262181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardtsctp_parse(int c, char **argv, int invert, unsigned int *flags, 263181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt const void *entry, struct xt_entry_match **match) 2643810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 2653810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy struct xt_sctp_info *einfo 2663810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy = (struct xt_sctp_info *)(*match)->data; 2673810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2683810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy switch (c) { 2693810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case '1': 2703810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (*flags & XT_SCTP_SRC_PORTS) 2713810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 2723810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Only one `--source-port' allowed"); 2733810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flags |= XT_SCTP_SRC_PORTS; 2743810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy check_inverse(optarg, &invert, &optind, 0); 2753810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy parse_sctp_ports(argv[optind-1], einfo->spts); 2763810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (invert) 2773810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->invflags |= XT_SCTP_SRC_PORTS; 2783810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy *flags |= XT_SCTP_SRC_PORTS; 2793810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy break; 2803810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2813810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case '2': 2823810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (*flags & XT_SCTP_DEST_PORTS) 2833810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 2843810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Only one `--destination-port' allowed"); 2853810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flags |= XT_SCTP_DEST_PORTS; 2863810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy check_inverse(optarg, &invert, &optind, 0); 2873810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy parse_sctp_ports(argv[optind-1], einfo->dpts); 2883810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (invert) 2893810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->invflags |= XT_SCTP_DEST_PORTS; 2903810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy *flags |= XT_SCTP_DEST_PORTS; 2913810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy break; 2923810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2933810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case '3': 2943810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (*flags & XT_SCTP_CHUNK_TYPES) 2953810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 2963810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Only one `--chunk-types' allowed"); 2973810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy check_inverse(optarg, &invert, &optind, 0); 2983810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2993810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (!argv[optind] 3003810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy || argv[optind][0] == '-' || argv[optind][0] == '!') 3013810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 3023810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "--chunk-types requires two args"); 3033810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3043810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flags |= XT_SCTP_CHUNK_TYPES; 3053810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy parse_sctp_chunks(einfo, argv[optind-1], argv[optind]); 3063810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (invert) 3073810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->invflags |= XT_SCTP_CHUNK_TYPES; 3083810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy optind++; 3093810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy *flags |= XT_SCTP_CHUNK_TYPES; 3103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy break; 3113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3123810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy default: 3133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return 0; 3143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return 1; 3163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3173810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3183810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic char * 3193810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyport_to_service(int port) 3203810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 3213810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy struct servent *service; 3223810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3233810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if ((service = getservbyport(htons(port), "sctp"))) 3243810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return service->s_name; 3253810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3263810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return NULL; 3273810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3283810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3293810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 3303810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_port(u_int16_t port, int numeric) 3313810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 3323810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *service; 3333810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3343810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (numeric || (service = port_to_service(port)) == NULL) 3353810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%u", port); 3363810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy else 3373810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%s", service); 3383810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3393810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3403810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 3413810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_ports(const char *name, u_int16_t min, u_int16_t max, 3423810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int invert, int numeric) 3433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 3443810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *inv = invert ? "!" : ""; 3453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (min != 0 || max != 0xFFFF || invert) { 3473810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%s", name); 3483810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (min == max) { 3493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(":%s", inv); 3503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_port(min, numeric); 3513810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else { 3523810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("s:%s", inv); 3533810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_port(min, numeric); 3543810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(":"); 3553810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_port(max, numeric); 3563810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3573810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(" "); 3583810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3593810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3603810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3613810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 3623810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_chunk_flags(u_int32_t chunknum, u_int8_t chunk_flags, u_int8_t chunk_flags_mask) 3633810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 3643810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int i; 3653810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3663810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("type: %d\tflags: %x\tflag mask: %x\n", chunknum, chunk_flags, 3673810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy chunk_flags_mask); 3683810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3693810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (chunk_flags_mask) { 3703810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(":"); 3713810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3723810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3733810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 7; i >= 0; i--) { 3743810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (chunk_flags_mask & (1 << i)) { 3753810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (chunk_flags & (1 << i)) { 3763810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%c", sctp_chunk_names[chunknum].valid_flags[7-i]); 3773810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else { 3783810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%c", tolower(sctp_chunk_names[chunknum].valid_flags[7-i])); 3793810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3803810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3813810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3823810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3833810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3843810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 3853810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_chunk(u_int32_t chunknum, int numeric) 3863810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 3873810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (numeric) { 3883810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("0x%04X", chunknum); 3893810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3903810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy else { 3913810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int i; 3923810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3933810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 0; i < ELEMCOUNT(sctp_chunk_names); i++) { 3943810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (sctp_chunk_names[i].chunk_type == chunknum) 3953810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%s", sctp_chunk_names[chunknum].name); 3963810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3973810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3983810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3993810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4003810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 4013810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_chunks(u_int32_t chunk_match_type, 4023810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const u_int32_t *chunkmap, 4033810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const struct xt_sctp_flag_info *flag_info, 4043810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int flag_count, 4053810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int numeric) 4063810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 4073810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int i, j; 4083810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int flag; 4093810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy switch (chunk_match_type) { 4113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case SCTP_CHUNK_MATCH_ANY: printf("any "); break; 4123810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case SCTP_CHUNK_MATCH_ALL: printf("all "); break; 4133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case SCTP_CHUNK_MATCH_ONLY: printf("only "); break; 4143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy default: printf("Never reach herer\n"); break; 4153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4173810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (SCTP_CHUNKMAP_IS_CLEAR(chunkmap)) { 4183810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("NONE "); 4193810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy goto out; 4203810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4213810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4223810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (SCTP_CHUNKMAP_IS_ALL_SET(chunkmap)) { 4233810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("ALL "); 4243810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy goto out; 4253810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4263810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4273810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag = 0; 4283810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 0; i < 256; i++) { 4293810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (SCTP_CHUNKMAP_IS_SET(chunkmap, i)) { 4303810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (flag) 4313810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(","); 4323810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag = 1; 4333810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_chunk(i, numeric); 4343810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (j = 0; j < flag_count; j++) { 4353810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (flag_info[j].chunktype == i) { 4363810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_chunk_flags(i, flag_info[j].flag, 4373810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[j].flag_mask); 4383810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4393810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4403810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4413810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4423810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (flag) 4443810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(" "); 4453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyout: 4463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return; 4473810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 4483810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy/* Prints out the matchinfo. */ 4503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 451181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardtsctp_print(const void *ip, const struct xt_entry_match *match, int numeric) 4523810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 4533810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const struct xt_sctp_info *einfo = 4543810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy (const struct xt_sctp_info *)match->data; 4553810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4563810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("sctp "); 4573810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4583810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_SRC_PORTS) { 4593810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_ports("spt", einfo->spts[0], einfo->spts[1], 4603810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->invflags & XT_SCTP_SRC_PORTS, 4613810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy numeric); 4623810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4633810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4643810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_DEST_PORTS) { 4653810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_ports("dpt", einfo->dpts[0], einfo->dpts[1], 4663810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->invflags & XT_SCTP_DEST_PORTS, 4673810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy numeric); 4683810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4693810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4703810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_CHUNK_TYPES) { 4713810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy /* FIXME: print_chunks() is used in save() where the printing of '!' 4723810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy s taken care of, so we need to do that here as well */ 4733810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->invflags & XT_SCTP_CHUNK_TYPES) { 4743810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("! "); 4753810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4763810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_chunks(einfo->chunk_match_type, einfo->chunkmap, 4773810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flag_info, einfo->flag_count, numeric); 4783810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4793810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 4803810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 48119f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI/* Saves the union ipt_matchinfo in parsable form to stdout. */ 482181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardtstatic void sctp_save(const void *ip, const struct xt_entry_match *match) 4833810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 4843810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const struct xt_sctp_info *einfo = 4853810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy (const struct xt_sctp_info *)match->data; 4863810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4873810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_SRC_PORTS) { 4883810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->invflags & XT_SCTP_SRC_PORTS) 4893810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("! "); 4903810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->spts[0] != einfo->spts[1]) 4913810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("--sport %u:%u ", 4923810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->spts[0], einfo->spts[1]); 4933810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy else 4943810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("--sport %u ", einfo->spts[0]); 4953810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4963810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4973810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_DEST_PORTS) { 4983810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->invflags & XT_SCTP_DEST_PORTS) 4993810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("! "); 5003810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->dpts[0] != einfo->dpts[1]) 5013810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("--dport %u:%u ", 5023810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->dpts[0], einfo->dpts[1]); 5033810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy else 5043810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("--dport %u ", einfo->dpts[0]); 5053810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 5063810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 5073810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_CHUNK_TYPES) { 5083810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->invflags & XT_SCTP_CHUNK_TYPES) 5093810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("! "); 5103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("--chunk-types "); 5113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 5123810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_chunks(einfo->chunk_match_type, einfo->chunkmap, 5133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flag_info, einfo->flag_count, 0); 5143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 5153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 5163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 517181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardtstatic struct xtables_match sctp_match = { 51819f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI .name = "sctp", 51919f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI .family = AF_INET, 52019f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI .version = IPTABLES_VERSION, 52119f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI .size = XT_ALIGN(sizeof(struct xt_sctp_info)), 52219f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI .userspacesize = XT_ALIGN(sizeof(struct xt_sctp_info)), 523181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .help = sctp_help, 524181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .init = sctp_init, 525181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .parse = sctp_parse, 526181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .print = sctp_print, 527181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .save = sctp_save, 528181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .extra_opts = sctp_opts, 52919f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI}; 53019f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI 531181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardtstatic struct xtables_match sctp_match6 = { 53219f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI .name = "sctp", 53319f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI .family = AF_INET6, 53419f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI .version = IPTABLES_VERSION, 53519f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI .size = XT_ALIGN(sizeof(struct xt_sctp_info)), 53619f29509c8a97219c578aeaf8be15cf005d46eb3Yasuyuki KOZAKAI .userspacesize = XT_ALIGN(sizeof(struct xt_sctp_info)), 537181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .help = sctp_help, 538181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .init = sctp_init, 539181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .parse = sctp_parse, 540181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .print = sctp_print, 541181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .save = sctp_save, 542181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt .extra_opts = sctp_opts, 5433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy}; 5443810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 5453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyvoid _init(void) 5463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 547181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt xtables_register_match(&sctp_match); 548181dead3f13befe02769ef479bcbb51801b7fc4eJan Engelhardt xtables_register_match(&sctp_match6); 5493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 5503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 551