1 /* Shared library add-on to ip6tables to add packet length matching support. */
10 #include <linux/netfilter_ipv6/ip6t_length.h>
12 /* Function which prints out usage message. */
17 "length v%s options:\n"
18 "[!] --length length[:length] Match packet length against value or range\n"
19 " of values (inclusive)\n",
24 static struct option opts
[] = {
25 { "length", 1, 0, '1' },
30 parse_length(const char *s
)
35 if (string_to_number(s
, 0, 0xFFFF, &len
) == -1)
36 exit_error(PARAMETER_PROBLEM
, "length invalid: `%s'\n", s
);
38 return (u_int16_t
)len
;
41 /* If a single value is provided, min and max are both set to the value */
43 parse_lengths(const char *s
, struct ip6t_length_info
*info
)
49 if ((cp
= strchr(buffer
, ':')) == NULL
)
50 info
->min
= info
->max
= parse_length(buffer
);
55 info
->min
= buffer
[0] ? parse_length(buffer
) : 0;
56 info
->max
= cp
[0] ? parse_length(cp
) : 0xFFFF;
60 if (info
->min
> info
->max
)
61 exit_error(PARAMETER_PROBLEM
,
62 "length min. range value `%u' greater than max. "
63 "range value `%u'", info
->min
, info
->max
);
67 /* Function which parses command options; returns true if it
70 parse(int c
, char **argv
, int invert
, unsigned int *flags
,
71 const struct ip6t_entry
*entry
,
72 unsigned int *nfcache
,
73 struct ip6t_entry_match
**match
)
75 struct ip6t_length_info
*info
= (struct ip6t_length_info
*)(*match
)->data
;
80 exit_error(PARAMETER_PROBLEM
,
81 "length: `--length' may only be "
83 check_inverse(optarg
, &invert
, &optind
, 0);
84 parse_lengths(argv
[optind
-1], info
);
96 /* Final check; must have specified --length. */
98 final_check(unsigned int flags
)
101 exit_error(PARAMETER_PROBLEM
,
102 "length: You must specify `--length'");
105 /* Common match printing code. */
107 print_length(struct ip6t_length_info
*info
)
112 if (info
->max
== info
->min
)
113 printf("%u ", info
->min
);
115 printf("%u:%u ", info
->min
, info
->max
);
118 /* Prints out the matchinfo. */
120 print(const struct ip6t_ip6
*ip
,
121 const struct ip6t_entry_match
*match
,
125 print_length((struct ip6t_length_info
*)match
->data
);
128 /* Saves the union ip6t_matchinfo in parsable form to stdout. */
130 save(const struct ip6t_ip6
*ip
, const struct ip6t_entry_match
*match
)
133 print_length((struct ip6t_length_info
*)match
->data
);
136 struct ip6tables_match length
= {
138 .version
= IPTABLES_VERSION
,
139 .size
= IP6T_ALIGN(sizeof(struct ip6t_length_info
)),
140 .userspacesize
= IP6T_ALIGN(sizeof(struct ip6t_length_info
)),
143 .final_check
= &final_check
,
151 register_match6(&length
);