1#include <stdint.h> 2#include <stdio.h> 3#include <netdb.h> 4#include <arpa/inet.h> 5#include <xtables.h> 6#include <linux/netfilter/xt_tcpudp.h> 7 8enum { 9 O_SOURCE_PORT = 0, 10 O_DEST_PORT, 11}; 12 13static void udp_help(void) 14{ 15 printf( 16"udp match options:\n" 17"[!] --source-port port[:port]\n" 18" --sport ...\n" 19" match source port(s)\n" 20"[!] --destination-port port[:port]\n" 21" --dport ...\n" 22" match destination port(s)\n"); 23} 24 25#define s struct xt_udp 26static const struct xt_option_entry udp_opts[] = { 27 {.name = "source-port", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC, 28 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)}, 29 {.name = "sport", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC, 30 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)}, 31 {.name = "destination-port", .id = O_DEST_PORT, .type = XTTYPE_PORTRC, 32 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)}, 33 {.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC, 34 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)}, 35 XTOPT_TABLEEND, 36}; 37#undef s 38 39static void udp_init(struct xt_entry_match *m) 40{ 41 struct xt_udp *udpinfo = (struct xt_udp *)m->data; 42 43 udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF; 44} 45 46static void udp_parse(struct xt_option_call *cb) 47{ 48 struct xt_udp *udpinfo = cb->data; 49 50 xtables_option_parse(cb); 51 switch (cb->entry->id) { 52 case O_SOURCE_PORT: 53 if (cb->invert) 54 udpinfo->invflags |= XT_UDP_INV_SRCPT; 55 break; 56 case O_DEST_PORT: 57 if (cb->invert) 58 udpinfo->invflags |= XT_UDP_INV_DSTPT; 59 break; 60 } 61} 62 63static const char * 64port_to_service(int port) 65{ 66 const struct servent *service; 67 68 if ((service = getservbyport(htons(port), "udp"))) 69 return service->s_name; 70 71 return NULL; 72} 73 74static void 75print_port(uint16_t port, int numeric) 76{ 77 const char *service; 78 79 if (numeric || (service = port_to_service(port)) == NULL) 80 printf("%u", port); 81 else 82 printf("%s", service); 83} 84 85static void 86print_ports(const char *name, uint16_t min, uint16_t max, 87 int invert, int numeric) 88{ 89 const char *inv = invert ? "!" : ""; 90 91 if (min != 0 || max != 0xFFFF || invert) { 92 printf(" %s", name); 93 if (min == max) { 94 printf(":%s", inv); 95 print_port(min, numeric); 96 } else { 97 printf("s:%s", inv); 98 print_port(min, numeric); 99 printf(":"); 100 print_port(max, numeric); 101 } 102 } 103} 104 105static void 106udp_print(const void *ip, const struct xt_entry_match *match, int numeric) 107{ 108 const struct xt_udp *udp = (struct xt_udp *)match->data; 109 110 printf(" udp"); 111 print_ports("spt", udp->spts[0], udp->spts[1], 112 udp->invflags & XT_UDP_INV_SRCPT, 113 numeric); 114 print_ports("dpt", udp->dpts[0], udp->dpts[1], 115 udp->invflags & XT_UDP_INV_DSTPT, 116 numeric); 117 if (udp->invflags & ~XT_UDP_INV_MASK) 118 printf(" Unknown invflags: 0x%X", 119 udp->invflags & ~XT_UDP_INV_MASK); 120} 121 122static void udp_save(const void *ip, const struct xt_entry_match *match) 123{ 124 const struct xt_udp *udpinfo = (struct xt_udp *)match->data; 125 126 if (udpinfo->spts[0] != 0 127 || udpinfo->spts[1] != 0xFFFF) { 128 if (udpinfo->invflags & XT_UDP_INV_SRCPT) 129 printf(" !"); 130 if (udpinfo->spts[0] 131 != udpinfo->spts[1]) 132 printf(" --sport %u:%u", 133 udpinfo->spts[0], 134 udpinfo->spts[1]); 135 else 136 printf(" --sport %u", 137 udpinfo->spts[0]); 138 } 139 140 if (udpinfo->dpts[0] != 0 141 || udpinfo->dpts[1] != 0xFFFF) { 142 if (udpinfo->invflags & XT_UDP_INV_DSTPT) 143 printf(" !"); 144 if (udpinfo->dpts[0] 145 != udpinfo->dpts[1]) 146 printf(" --dport %u:%u", 147 udpinfo->dpts[0], 148 udpinfo->dpts[1]); 149 else 150 printf(" --dport %u", 151 udpinfo->dpts[0]); 152 } 153} 154 155static int udp_xlate(struct xt_xlate *xl, 156 const struct xt_xlate_mt_params *params) 157{ 158 const struct xt_udp *udpinfo = (struct xt_udp *)params->match->data; 159 char *space= ""; 160 161 if (udpinfo->spts[0] != 0 || udpinfo->spts[1] != 0xFFFF) { 162 if (udpinfo->spts[0] != udpinfo->spts[1]) { 163 xt_xlate_add(xl,"udp sport %s%u-%u", 164 udpinfo->invflags & XT_UDP_INV_SRCPT ? 165 "!= ": "", 166 udpinfo->spts[0], udpinfo->spts[1]); 167 } else { 168 xt_xlate_add(xl, "udp sport %s%u", 169 udpinfo->invflags & XT_UDP_INV_SRCPT ? 170 "!= ": "", 171 udpinfo->spts[0]); 172 } 173 space = " "; 174 } 175 176 if (udpinfo->dpts[0] != 0 || udpinfo->dpts[1] != 0xFFFF) { 177 if (udpinfo->dpts[0] != udpinfo->dpts[1]) { 178 xt_xlate_add(xl,"%sudp dport %s%u-%u", space, 179 udpinfo->invflags & XT_UDP_INV_SRCPT ? 180 "!= ": "", 181 udpinfo->dpts[0], udpinfo->dpts[1]); 182 } else { 183 xt_xlate_add(xl,"%sudp dport %s%u", space, 184 udpinfo->invflags & XT_UDP_INV_SRCPT ? 185 "!= ": "", 186 udpinfo->dpts[0]); 187 } 188 } 189 190 return 1; 191} 192 193static struct xtables_match udp_match = { 194 .family = NFPROTO_UNSPEC, 195 .name = "udp", 196 .version = XTABLES_VERSION, 197 .size = XT_ALIGN(sizeof(struct xt_udp)), 198 .userspacesize = XT_ALIGN(sizeof(struct xt_udp)), 199 .help = udp_help, 200 .init = udp_init, 201 .print = udp_print, 202 .save = udp_save, 203 .x6_parse = udp_parse, 204 .x6_options = udp_opts, 205 .xlate = udp_xlate, 206}; 207 208void 209_init(void) 210{ 211 xtables_register_match(&udp_match); 212} 213