libxt_sctp.c revision 3810013331414e53a0bde3a791b2ce3648c892d0
13810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy/* Shared library add-on to iptables for SCTP matching 23810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * 33810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * (C) 2003 by Harald Welte <laforge@gnumonks.org> 43810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * 53810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * This program is distributed under the terms of GNU GPL v2, 1991 63810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * 73810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * libipt_ecn.c borrowed heavily from libipt_dscp.c 83810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * 93810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy */ 103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <stdio.h> 113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <string.h> 123810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <stdlib.h> 133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <getopt.h> 143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <netdb.h> 153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <ctype.h> 163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 173810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <ip6tables.h> 183810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <linux/netfilter_ipv6/ip6_tables.h> 193810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 203810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#ifndef ARRAY_SIZE 213810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) 223810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#endif 233810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 243810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#include <linux/netfilter/xt_sctp.h> 253810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 263810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy/* Some ZS!#@:$%*#$! has replaced the ELEMCOUNT macro in ipt_sctp.h with 273810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * ARRAY_SIZE without noticing that this file is used from userserspace, 283810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy * and userspace doesn't have ARRAY_SIZE */ 293810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 303810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#ifndef ELEMCOUNT 313810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#define ELEMCOUNT ARRAY_SIZE 323810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#endif 333810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 343810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#if 0 353810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#define DEBUGP(format, first...) printf(format, ##first) 363810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#define static 373810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#else 383810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#define DEBUGP(format, fist...) 393810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy#endif 403810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 413810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 423810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_chunk(u_int32_t chunknum, int numeric); 433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 443810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy/* Initialize the match. */ 453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyinit(struct ip6t_entry_match *m, 473810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy unsigned int *nfcache) 483810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int i; 503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy struct xt_sctp_info *einfo = (struct xt_sctp_info *)m->data; 513810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 523810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy memset(einfo, 0, sizeof(struct xt_sctp_info)); 533810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 543810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 0; i < XT_NUM_SCTP_FLAGS; i++) { 553810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flag_info[i].chunktype = -1; 563810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 573810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 583810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 593810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void help(void) 603810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 613810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf( 623810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy"SCTP match v%s options\n" 633810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" --source-port [!] port[:port] match source port(s)\n" 643810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" --sport ...\n" 653810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" --destination-port [!] port[:port] match destination port(s)\n" 663810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" --dport ...\n" 673810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" --chunk-types [!] (all|any|none) (chunktype[:flags])+ match if all, any or none of\n" 683810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy" chunktypes are present\n" 693810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy"chunktypes - DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE ASCONF ASCONF_ACK ALL NONE\n", 703810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy IPTABLES_VERSION); 713810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 723810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 733810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic struct option opts[] = { 743810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "source-port", .has_arg = 1, .flag = 0, .val = '1' }, 753810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "sport", .has_arg = 1, .flag = 0, .val = '1' }, 763810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "destination-port", .has_arg = 1, .flag = 0, .val = '2' }, 773810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "dport", .has_arg = 1, .flag = 0, .val = '2' }, 783810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "chunk-types", .has_arg = 1, .flag = 0, .val = '3' }, 793810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = 0 } 803810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy}; 813810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 823810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 833810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyparse_sctp_ports(const char *portstring, 843810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy u_int16_t *ports) 853810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 863810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *buffer; 873810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *cp; 883810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 893810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy buffer = strdup(portstring); 903810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("%s\n", portstring); 913810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if ((cp = strchr(buffer, ':')) == NULL) { 923810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy ports[0] = ports[1] = parse_port(buffer, "sctp"); 933810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 943810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy else { 953810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy *cp = '\0'; 963810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy cp++; 973810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 983810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy ports[0] = buffer[0] ? parse_port(buffer, "sctp") : 0; 993810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy ports[1] = cp[0] ? parse_port(cp, "sctp") : 0xFFFF; 1003810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1013810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (ports[0] > ports[1]) 1023810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 1033810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "invalid portrange (min > max)"); 1043810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1053810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy free(buffer); 1063810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 1073810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1083810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystruct sctp_chunk_names { 1093810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *name; 1103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy unsigned int chunk_type; 1113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *valid_flags; 1123810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy}; 1133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy/*'ALL' and 'NONE' will be treated specially. */ 1153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic struct sctp_chunk_names sctp_chunk_names[] 1163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy= { { .name = "DATA", .chunk_type = 0, .valid_flags = "-----UBE"}, 1173810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "INIT", .chunk_type = 1, .valid_flags = "--------"}, 1183810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "INIT_ACK", .chunk_type = 2, .valid_flags = "--------"}, 1193810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "SACK", .chunk_type = 3, .valid_flags = "--------"}, 1203810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "HEARTBEAT", .chunk_type = 4, .valid_flags = "--------"}, 1213810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "HEARTBEAT_ACK", .chunk_type = 5, .valid_flags = "--------"}, 1223810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ABORT", .chunk_type = 6, .valid_flags = "-------T"}, 1233810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "SHUTDOWN", .chunk_type = 7, .valid_flags = "--------"}, 1243810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "SHUTDOWN_ACK", .chunk_type = 8, .valid_flags = "--------"}, 1253810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ERROR", .chunk_type = 9, .valid_flags = "--------"}, 1263810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "COOKIE_ECHO", .chunk_type = 10, .valid_flags = "--------"}, 1273810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "COOKIE_ACK", .chunk_type = 11, .valid_flags = "--------"}, 1283810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ECN_ECNE", .chunk_type = 12, .valid_flags = "--------"}, 1293810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ECN_CWR", .chunk_type = 13, .valid_flags = "--------"}, 1303810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "SHUTDOWN_COMPLETE", .chunk_type = 14, .valid_flags = "-------T"}, 1313810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ASCONF", .chunk_type = 31, .valid_flags = "--------"}, 1323810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy { .name = "ASCONF_ACK", .chunk_type = 30, .valid_flags = "--------"}, 1333810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy}; 1343810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1353810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 1363810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardysave_chunk_flag_info(struct xt_sctp_flag_info *flag_info, 1373810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int *flag_count, 1383810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int chunktype, 1393810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int bit, 1403810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int set) 1413810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 1423810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int i; 1433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1443810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 0; i < *flag_count; i++) { 1453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (flag_info[i].chunktype == chunktype) { 1463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Previous match found\n"); 1473810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[i].chunktype = chunktype; 1483810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[i].flag_mask |= (1 << bit); 1493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (set) { 1503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[i].flag |= (1 << bit); 1513810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1523810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1533810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return; 1543810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1553810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1563810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1573810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (*flag_count == XT_NUM_SCTP_FLAGS) { 1583810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error (PARAMETER_PROBLEM, 1593810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Number of chunk types with flags exceeds currently allowed limit." 1603810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Increasing this limit involves changing XT_NUM_SCTP_FLAGS and" 1613810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "recompiling both the kernel space and user space modules\n"); 1623810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1633810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1643810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[*flag_count].chunktype = chunktype; 1653810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[*flag_count].flag_mask |= (1 << bit); 1663810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (set) { 1673810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[*flag_count].flag |= (1 << bit); 1683810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1693810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy (*flag_count)++; 1703810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 1713810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1723810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 1733810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyparse_sctp_chunk(struct xt_sctp_info *einfo, 1743810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *chunks) 1753810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 1763810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *ptr; 1773810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *buffer; 1783810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy unsigned int i, j; 1793810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int found = 0; 1803810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *chunk_flags; 1813810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1823810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy buffer = strdup(chunks); 1833810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Buffer: %s\n", buffer); 1843810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1853810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy SCTP_CHUNKMAP_RESET(einfo->chunkmap); 1863810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1873810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (!strcasecmp(buffer, "ALL")) { 1883810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy SCTP_CHUNKMAP_SET_ALL(einfo->chunkmap); 1893810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy goto out; 1903810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1913810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1923810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (!strcasecmp(buffer, "NONE")) { 1933810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy SCTP_CHUNKMAP_RESET(einfo->chunkmap); 1943810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy goto out; 1953810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 1963810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 1973810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (ptr = strtok(buffer, ","); ptr; ptr = strtok(NULL, ",")) { 1983810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy found = 0; 1993810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Next Chunk type %s\n", ptr); 2003810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2013810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if ((chunk_flags = strchr(ptr, ':')) != NULL) { 2023810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy *chunk_flags++ = 0; 2033810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2043810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2053810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 0; i < ELEMCOUNT(sctp_chunk_names); i++) { 2063810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (strcasecmp(sctp_chunk_names[i].name, ptr) == 0) { 2073810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Chunk num %d\n", sctp_chunk_names[i].chunk_type); 2083810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy SCTP_CHUNKMAP_SET(einfo->chunkmap, 2093810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy sctp_chunk_names[i].chunk_type); 2103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy found = 1; 2113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy break; 2123810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (!found) 2153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 2163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Unknown sctp chunk `%s'", ptr); 2173810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2183810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (chunk_flags) { 2193810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Chunk flags %s\n", chunk_flags); 2203810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (j = 0; j < strlen(chunk_flags); j++) { 2213810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *p; 2223810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int bit; 2233810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2243810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if ((p = strchr(sctp_chunk_names[i].valid_flags, 2253810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy toupper(chunk_flags[j]))) != NULL) { 2263810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy bit = p - sctp_chunk_names[i].valid_flags; 2273810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy bit = 7 - bit; 2283810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2293810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy save_chunk_flag_info(einfo->flag_info, 2303810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy &(einfo->flag_count), i, bit, 2313810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy isupper(chunk_flags[j])); 2323810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else { 2333810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 2343810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Invalid flags for chunk type %d\n", i); 2353810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2363810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2373810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2383810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2393810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyout: 2403810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy free(buffer); 2413810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 2423810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 2443810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyparse_sctp_chunks(struct xt_sctp_info *einfo, 2453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *match_type, 2463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *chunks) 2473810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 2483810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("Match type: %s Chunks: %s\n", match_type, chunks); 2493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (!strcasecmp(match_type, "ANY")) { 2503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->chunk_match_type = SCTP_CHUNK_MATCH_ANY; 2513810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else if (!strcasecmp(match_type, "ALL")) { 2523810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->chunk_match_type = SCTP_CHUNK_MATCH_ALL; 2533810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else if (!strcasecmp(match_type, "ONLY")) { 2543810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->chunk_match_type = SCTP_CHUNK_MATCH_ONLY; 2553810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else { 2563810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error (PARAMETER_PROBLEM, 2573810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Match type has to be one of \"ALL\", \"ANY\" or \"ONLY\""); 2583810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 2593810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2603810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy SCTP_CHUNKMAP_RESET(einfo->chunkmap); 2613810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy parse_sctp_chunk(einfo, chunks); 2623810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 2633810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2643810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic int 2653810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyparse(int c, char **argv, int invert, unsigned int *flags, 2663810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const struct ip6t_entry *entry, 2673810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy unsigned int *nfcache, 2683810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy struct ip6t_entry_match **match) 2693810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 2703810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy struct xt_sctp_info *einfo 2713810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy = (struct xt_sctp_info *)(*match)->data; 2723810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2733810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy switch (c) { 2743810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case '1': 2753810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (*flags & XT_SCTP_SRC_PORTS) 2763810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 2773810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Only one `--source-port' allowed"); 2783810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flags |= XT_SCTP_SRC_PORTS; 2793810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy check_inverse(optarg, &invert, &optind, 0); 2803810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy parse_sctp_ports(argv[optind-1], einfo->spts); 2813810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (invert) 2823810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->invflags |= XT_SCTP_SRC_PORTS; 2833810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy *flags |= XT_SCTP_SRC_PORTS; 2843810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy break; 2853810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2863810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case '2': 2873810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (*flags & XT_SCTP_DEST_PORTS) 2883810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 2893810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Only one `--destination-port' allowed"); 2903810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flags |= XT_SCTP_DEST_PORTS; 2913810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy check_inverse(optarg, &invert, &optind, 0); 2923810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy parse_sctp_ports(argv[optind-1], einfo->dpts); 2933810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (invert) 2943810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->invflags |= XT_SCTP_DEST_PORTS; 2953810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy *flags |= XT_SCTP_DEST_PORTS; 2963810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy break; 2973810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 2983810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case '3': 2993810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (*flags & XT_SCTP_CHUNK_TYPES) 3003810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 3013810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "Only one `--chunk-types' allowed"); 3023810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy check_inverse(optarg, &invert, &optind, 0); 3033810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3043810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (!argv[optind] 3053810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy || argv[optind][0] == '-' || argv[optind][0] == '!') 3063810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy exit_error(PARAMETER_PROBLEM, 3073810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy "--chunk-types requires two args"); 3083810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3093810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flags |= XT_SCTP_CHUNK_TYPES; 3103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy parse_sctp_chunks(einfo, argv[optind-1], argv[optind]); 3113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (invert) 3123810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->invflags |= XT_SCTP_CHUNK_TYPES; 3133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy optind++; 3143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy *flags |= XT_SCTP_CHUNK_TYPES; 3153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy break; 3163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3173810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy default: 3183810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return 0; 3193810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3203810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return 1; 3213810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3223810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3233810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 3243810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyfinal_check(unsigned int flags) 3253810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 3263810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3273810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3283810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic char * 3293810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyport_to_service(int port) 3303810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 3313810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy struct servent *service; 3323810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3333810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if ((service = getservbyport(htons(port), "sctp"))) 3343810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return service->s_name; 3353810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3363810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return NULL; 3373810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3383810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3393810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 3403810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_port(u_int16_t port, int numeric) 3413810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 3423810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy char *service; 3433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3443810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (numeric || (service = port_to_service(port)) == NULL) 3453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%u", port); 3463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy else 3473810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%s", service); 3483810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 3513810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_ports(const char *name, u_int16_t min, u_int16_t max, 3523810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int invert, int numeric) 3533810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 3543810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const char *inv = invert ? "!" : ""; 3553810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3563810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (min != 0 || max != 0xFFFF || invert) { 3573810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%s", name); 3583810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (min == max) { 3593810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(":%s", inv); 3603810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_port(min, numeric); 3613810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else { 3623810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("s:%s", inv); 3633810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_port(min, numeric); 3643810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(":"); 3653810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_port(max, numeric); 3663810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3673810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(" "); 3683810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3693810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3703810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3713810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 3723810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_chunk_flags(u_int32_t chunknum, u_int8_t chunk_flags, u_int8_t chunk_flags_mask) 3733810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 3743810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int i; 3753810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3763810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy DEBUGP("type: %d\tflags: %x\tflag mask: %x\n", chunknum, chunk_flags, 3773810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy chunk_flags_mask); 3783810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3793810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (chunk_flags_mask) { 3803810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(":"); 3813810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3823810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3833810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 7; i >= 0; i--) { 3843810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (chunk_flags_mask & (1 << i)) { 3853810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (chunk_flags & (1 << i)) { 3863810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%c", sctp_chunk_names[chunknum].valid_flags[7-i]); 3873810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } else { 3883810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%c", tolower(sctp_chunk_names[chunknum].valid_flags[7-i])); 3893810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3903810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3913810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 3923810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 3933810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 3943810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 3953810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_chunk(u_int32_t chunknum, int numeric) 3963810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 3973810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (numeric) { 3983810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("0x%04X", chunknum); 3993810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4003810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy else { 4013810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int i; 4023810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4033810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 0; i < ELEMCOUNT(sctp_chunk_names); i++) { 4043810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (sctp_chunk_names[i].chunk_type == chunknum) 4053810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("%s", sctp_chunk_names[chunknum].name); 4063810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4073810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4083810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 4093810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 4113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint_chunks(u_int32_t chunk_match_type, 4123810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const u_int32_t *chunkmap, 4133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const struct xt_sctp_flag_info *flag_info, 4143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int flag_count, 4153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int numeric) 4163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 4173810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int i, j; 4183810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int flag; 4193810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4203810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy switch (chunk_match_type) { 4213810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case SCTP_CHUNK_MATCH_ANY: printf("any "); break; 4223810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case SCTP_CHUNK_MATCH_ALL: printf("all "); break; 4233810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy case SCTP_CHUNK_MATCH_ONLY: printf("only "); break; 4243810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy default: printf("Never reach herer\n"); break; 4253810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4263810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4273810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (SCTP_CHUNKMAP_IS_CLEAR(chunkmap)) { 4283810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("NONE "); 4293810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy goto out; 4303810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4313810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4323810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (SCTP_CHUNKMAP_IS_ALL_SET(chunkmap)) { 4333810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("ALL "); 4343810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy goto out; 4353810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4363810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4373810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag = 0; 4383810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (i = 0; i < 256; i++) { 4393810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (SCTP_CHUNKMAP_IS_SET(chunkmap, i)) { 4403810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (flag) 4413810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(","); 4423810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag = 1; 4433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_chunk(i, numeric); 4443810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy for (j = 0; j < flag_count; j++) { 4453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (flag_info[j].chunktype == i) { 4463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_chunk_flags(i, flag_info[j].flag, 4473810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy flag_info[j].flag_mask); 4483810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4513810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4523810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4533810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (flag) 4543810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf(" "); 4553810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyout: 4563810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy return; 4573810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 4583810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4593810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy/* Prints out the matchinfo. */ 4603810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 4613810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyprint(const struct ip6t_ip6 *ip, 4623810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const struct ip6t_entry_match *match, 4633810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy int numeric) 4643810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 4653810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const struct xt_sctp_info *einfo = 4663810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy (const struct xt_sctp_info *)match->data; 4673810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4683810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("sctp "); 4693810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4703810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_SRC_PORTS) { 4713810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_ports("spt", einfo->spts[0], einfo->spts[1], 4723810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->invflags & XT_SCTP_SRC_PORTS, 4733810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy numeric); 4743810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4753810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4763810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_DEST_PORTS) { 4773810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_ports("dpt", einfo->dpts[0], einfo->dpts[1], 4783810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->invflags & XT_SCTP_DEST_PORTS, 4793810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy numeric); 4803810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4813810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4823810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_CHUNK_TYPES) { 4833810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy /* FIXME: print_chunks() is used in save() where the printing of '!' 4843810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy s taken care of, so we need to do that here as well */ 4853810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->invflags & XT_SCTP_CHUNK_TYPES) { 4863810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("! "); 4873810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4883810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_chunks(einfo->chunk_match_type, einfo->chunkmap, 4893810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flag_info, einfo->flag_count, numeric); 4903810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 4913810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 4923810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 4933810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy/* Saves the union xt_matchinfo in parsable form to stdout. */ 4943810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic void 4953810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardysave(const struct ip6t_ip6 *ip, 4963810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const struct ip6t_entry_match *match) 4973810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 4983810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy const struct xt_sctp_info *einfo = 4993810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy (const struct xt_sctp_info *)match->data; 5003810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 5013810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_SRC_PORTS) { 5023810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->invflags & XT_SCTP_SRC_PORTS) 5033810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("! "); 5043810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->spts[0] != einfo->spts[1]) 5053810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("--sport %u:%u ", 5063810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->spts[0], einfo->spts[1]); 5073810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy else 5083810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("--sport %u ", einfo->spts[0]); 5093810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 5103810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 5113810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_DEST_PORTS) { 5123810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->invflags & XT_SCTP_DEST_PORTS) 5133810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("! "); 5143810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->dpts[0] != einfo->dpts[1]) 5153810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("--dport %u:%u ", 5163810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->dpts[0], einfo->dpts[1]); 5173810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy else 5183810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("--dport %u ", einfo->dpts[0]); 5193810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 5203810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 5213810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->flags & XT_SCTP_CHUNK_TYPES) { 5223810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy if (einfo->invflags & XT_SCTP_CHUNK_TYPES) 5233810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("! "); 5243810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy printf("--chunk-types "); 5253810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 5263810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy print_chunks(einfo->chunk_match_type, einfo->chunkmap, 5273810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy einfo->flag_info, einfo->flag_count, 0); 5283810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy } 5293810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 5303810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 5313810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystatic 5323810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardystruct ip6tables_match sctp 5333810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy= { .name = "sctp", 5343810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy .version = IPTABLES_VERSION, 5353810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy .size = IP6T_ALIGN(sizeof(struct xt_sctp_info)), 5363810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy .userspacesize = IP6T_ALIGN(sizeof(struct xt_sctp_info)), 5373810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy .help = &help, 5383810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy .init = &init, 5393810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy .parse = &parse, 5403810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy .final_check = &final_check, 5413810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy .print = &print, 5423810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy .save = &save, 5433810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy .extra_opts = opts 5443810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy}; 5453810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 5463810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardyvoid _init(void) 5473810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy{ 5483810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy register_match6(&sctp); 5493810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy} 5503810013331414e53a0bde3a791b2ce3648c892d0Patrick McHardy 551