search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Busybox: Upgrade to 1.21.1 (stable). lsof active.
[tomato.git] / release / src / router / iptables / extensions / libipt_dccp.c
blobe5782a85d049ca91a411fc3dbf827a442bdd674c
1 /* Shared library add-on to iptables for DCCP matching
2 *
3 * (C) 2005 by Harald Welte <laforge@netfilter.org>
4 *
5 * This program is distributed under the terms of GNU GPL v2, 1991
6 *
7 */
8 #include <stdio.h>
9 #include <string.h>
10 #include <stdlib.h>
11 #include <getopt.h>
12 #include <netdb.h>
13 #include <ctype.h>
14
15 #include <iptables.h>
16 #include <linux/dccp.h>
17 #include <linux/netfilter_ipv4/ip_tables.h>
18 #include <linux/netfilter_ipv4/ipt_dccp.h>
19
20 #if 0
21 #define DEBUGP(format, first...) printf(format, ##first)
22 #define static
23 #else
24 #define DEBUGP(format, fist...)
25 #endif
26
27 /* Initialize the match. */
28 static void
29 init(struct ipt_entry_match *m,
30 unsigned int *nfcache)
31 {
32 struct ipt_dccp_info *einfo = (struct ipt_dccp_info *)m->data;
33
34 memset(einfo, 0, sizeof(struct ipt_dccp_info));
35 }
36
37 static void help(void)
38 {
39 printf(
40 "DCCP match v%s options\n"
41 " --source-port [!] port[:port] match source port(s)\n"
42 " --sport ...\n"
43 " --destination-port [!] port[:port] match destination port(s)\n"
44 " --dport ...\n"
45 ,
46 IPTABLES_VERSION);
47 }
48
49 static struct option opts[] = {
50 { .name = "source-port", .has_arg = 1, .flag = 0, .val = '1' },
51 { .name = "sport", .has_arg = 1, .flag = 0, .val = '1' },
52 { .name = "destination-port", .has_arg = 1, .flag = 0, .val = '2' },
53 { .name = "dport", .has_arg = 1, .flag = 0, .val = '2' },
54 { .name = "dccp-types", .has_arg = 1, .flag = 0, .val = '3' },
55 { .name = "dccp-option", .has_arg = 1, .flag = 0, .val = '4' },
56 { .name = 0 }
57 };
58
59 static void
60 parse_dccp_ports(const char *portstring,
61 u_int16_t *ports)
62 {
63 char *buffer;
64 char *cp;
65
66 buffer = strdup(portstring);
67 DEBUGP("%s\n", portstring);
68 if ((cp = strchr(buffer, ':')) == NULL) {
69 ports[0] = ports[1] = parse_port(buffer, "dccp");
70 }
71 else {
72 *cp = '\0';
73 cp++;
74
75 ports[0] = buffer[0] ? parse_port(buffer, "dccp") : 0;
76 ports[1] = cp[0] ? parse_port(cp, "dccp") : 0xFFFF;
77
78 if (ports[0] > ports[1])
79 exit_error(PARAMETER_PROBLEM,
80 "invalid portrange (min > max)");
81 }
82 free(buffer);
83 }
84
85 static char *dccp_pkt_types[] = {
86 [DCCP_PKT_REQUEST] = "REQUEST",
87 [DCCP_PKT_RESPONSE] = "RESPONSE",
88 [DCCP_PKT_DATA] = "DATA",
89 [DCCP_PKT_ACK] = "ACK",
90 [DCCP_PKT_DATAACK] = "DATAACK",
91 [DCCP_PKT_CLOSEREQ] = "CLOSEREQ",
92 [DCCP_PKT_CLOSE] = "CLOSE",
93 [DCCP_PKT_RESET] = "RESET",
94 [DCCP_PKT_SYNC] = "SYNC",
95 [DCCP_PKT_SYNCACK] = "SYNCACK",
96 [DCCP_PKT_INVALID] = "INVALID",
97 };
98
99 static u_int16_t
100 parse_dccp_types(const char *typestring)
101 {
102 u_int16_t typemask = 0;
103 char *ptr, *buffer;
104
105 buffer = strdup(typestring);
106
107 for (ptr = strtok(buffer, ","); ptr; ptr = strtok(NULL, ",")) {
108 unsigned int i;
109 for (i = 0; i < sizeof(dccp_pkt_types)/sizeof(char *); i++) {
110 if (!strcasecmp(dccp_pkt_types[i], ptr)) {
111 typemask |= (1 << i);
112 break;
113 }
114 }
115 if (i == sizeof(dccp_pkt_types)/sizeof(char *))
116 exit_error(PARAMETER_PROBLEM,
117 "Unknown DCCP type `%s'", ptr);
118 }
119
120 free(buffer);
121 return typemask;
122 }
123
124 static u_int8_t parse_dccp_option(char *optstring)
125 {
126 unsigned int ret;
127
128 if (string_to_number(optstring, 1, 255, &ret) == -1)
129 exit_error(PARAMETER_PROBLEM, "Bad DCCP option `%s'",
130 optstring);
131
132 return (u_int8_t)ret;
133 }
134
135 static int
136 parse(int c, char **argv, int invert, unsigned int *flags,
137 const struct ipt_entry *entry,
138 unsigned int *nfcache,
139 struct ipt_entry_match **match)
140 {
141 struct ipt_dccp_info *einfo
142 = (struct ipt_dccp_info *)(*match)->data;
143
144 switch (c) {
145 case '1':
146 if (*flags & IPT_DCCP_SRC_PORTS)
147 exit_error(PARAMETER_PROBLEM,
148 "Only one `--source-port' allowed");
149 einfo->flags |= IPT_DCCP_SRC_PORTS;
150 check_inverse(optarg, &invert, &optind, 0);
151 parse_dccp_ports(argv[optind-1], einfo->spts);
152 if (invert)
153 einfo->invflags |= IPT_DCCP_SRC_PORTS;
154 *flags |= IPT_DCCP_SRC_PORTS;
155 break;
156
157 case '2':
158 if (*flags & IPT_DCCP_DEST_PORTS)
159 exit_error(PARAMETER_PROBLEM,
160 "Only one `--destination-port' allowed");
161 einfo->flags |= IPT_DCCP_DEST_PORTS;
162 check_inverse(optarg, &invert, &optind, 0);
163 parse_dccp_ports(argv[optind-1], einfo->dpts);
164 if (invert)
165 einfo->invflags |= IPT_DCCP_DEST_PORTS;
166 *flags |= IPT_DCCP_DEST_PORTS;
167 break;
168
169 case '3':
170 if (*flags & IPT_DCCP_TYPE)
171 exit_error(PARAMETER_PROBLEM,
172 "Only one `--dccp-types' allowed");
173 einfo->flags |= IPT_DCCP_TYPE;
174 check_inverse(optarg, &invert, &optind, 0);
175 einfo->typemask = parse_dccp_types(argv[optind-1]);
176 if (invert)
177 einfo->invflags |= IPT_DCCP_TYPE;
178 *flags |= IPT_DCCP_TYPE;
179 break;
180
181 case '4':
182 if (*flags & IPT_DCCP_OPTION)
183 exit_error(PARAMETER_PROBLEM,
184 "Only one `--dccp-option' allowed");
185 einfo->flags |= IPT_DCCP_OPTION;
186 check_inverse(optarg, &invert, &optind, 0);
187 einfo->option = parse_dccp_option(argv[optind-1]);
188 if (invert)
189 einfo->invflags |= IPT_DCCP_OPTION;
190 *flags |= IPT_DCCP_OPTION;
191 break;
192 default:
193 return 0;
194 }
195 return 1;
196 }
197
198 static void
199 final_check(unsigned int flags)
200 {
201 }
202
203 static char *
204 port_to_service(int port)
205 {
206 struct servent *service;
207
208 if ((service = getservbyport(htons(port), "dccp")))
209 return service->s_name;
210
211 return NULL;
212 }
213
214 static void
215 print_port(u_int16_t port, int numeric)
216 {
217 char *service;
218
219 if (numeric || (service = port_to_service(port)) == NULL)
220 printf("%u", port);
221 else
222 printf("%s", service);
223 }
224
225 static void
226 print_ports(const char *name, u_int16_t min, u_int16_t max,
227 int invert, int numeric)
228 {
229 const char *inv = invert ? "!" : "";
230
231 if (min != 0 || max != 0xFFFF || invert) {
232 printf("%s", name);
233 if (min == max) {
234 printf(":%s", inv);
235 print_port(min, numeric);
236 } else {
237 printf("s:%s", inv);
238 print_port(min, numeric);
239 printf(":");
240 print_port(max, numeric);
241 }
242 printf(" ");
243 }
244 }
245
246 static void
247 print_types(u_int16_t types, int inverted, int numeric)
248 {
249 int have_type = 0;
250
251 if (inverted)
252 printf("! ");
253
254 while (types) {
255 unsigned int i;
256
257 for (i = 0; !(types & (1 << i)); i++);
258
259 if (have_type)
260 printf(",");
261 else
262 have_type = 1;
263
264 if (numeric)
265 printf("%u", i);
266 else
267 printf("%s", dccp_pkt_types[i]);
268
269 types &= ~(1 << i);
270 }
271 }
272
273 static void
274 print_option(u_int8_t option, int invert, int numeric)
275 {
276 if (option || invert)
277 printf("option=%s%u ", invert ? "!" : "", option);
278 }
279
280 /* Prints out the matchinfo. */
281 static void
282 print(const struct ipt_ip *ip,
283 const struct ipt_entry_match *match,
284 int numeric)
285 {
286 const struct ipt_dccp_info *einfo =
287 (const struct ipt_dccp_info *)match->data;
288
289 printf("dccp ");
290
291 if (einfo->flags & IPT_DCCP_SRC_PORTS) {
292 print_ports("spt", einfo->spts[0], einfo->spts[1],
293 einfo->invflags & IPT_DCCP_SRC_PORTS,
294 numeric);
295 }
296
297 if (einfo->flags & IPT_DCCP_DEST_PORTS) {
298 print_ports("dpt", einfo->dpts[0], einfo->dpts[1],
299 einfo->invflags & IPT_DCCP_DEST_PORTS,
300 numeric);
301 }
302
303 if (einfo->flags & IPT_DCCP_TYPE) {
304 print_types(einfo->typemask,
305 einfo->invflags & IPT_DCCP_TYPE,
306 numeric);
307 }
308
309 if (einfo->flags & IPT_DCCP_OPTION) {
310 print_option(einfo->option,
311 einfo->invflags & IPT_DCCP_OPTION, numeric);
312 }
313 }
314
315 /* Saves the union ipt_matchinfo in parsable form to stdout. */
316 static void
317 save(const struct ipt_ip *ip,
318 const struct ipt_entry_match *match)
319 {
320 const struct ipt_dccp_info *einfo =
321 (const struct ipt_dccp_info *)match->data;
322
323 if (einfo->flags & IPT_DCCP_SRC_PORTS) {
324 if (einfo->invflags & IPT_DCCP_SRC_PORTS)
325 printf("! ");
326 if (einfo->spts[0] != einfo->spts[1])
327 printf("--sport %u:%u ",
328 einfo->spts[0], einfo->spts[1]);
329 else
330 printf("--sport %u ", einfo->spts[0]);
331 }
332
333 if (einfo->flags & IPT_DCCP_DEST_PORTS) {
334 if (einfo->invflags & IPT_DCCP_DEST_PORTS)
335 printf("! ");
336 if (einfo->dpts[0] != einfo->dpts[1])
337 printf("--dport %u:%u ",
338 einfo->dpts[0], einfo->dpts[1]);
339 else
340 printf("--dport %u ", einfo->dpts[0]);
341 }
342
343 if (einfo->flags & IPT_DCCP_TYPE) {
344 printf("--dccp-type ");
345 print_types(einfo->typemask, einfo->invflags & IPT_DCCP_TYPE,0);
346 }
347
348 if (einfo->flags & IPT_DCCP_OPTION) {
349 printf("--dccp-option %s%u ",
350 einfo->typemask & IPT_DCCP_OPTION ? "! " : "",
351 einfo->option);
352 }
353 }
354
355 static
356 struct iptables_match dccp
357 = { .name = "dccp",
358 .version = IPTABLES_VERSION,
359 .size = IPT_ALIGN(sizeof(struct ipt_dccp_info)),
360 .userspacesize = IPT_ALIGN(sizeof(struct ipt_dccp_info)),
361 .help = &help,
362 .init = &init,
363 .parse = &parse,
364 .final_check = &final_check,
365 .print = &print,
366 .save = &save,
367 .extra_opts = opts
368 };
369
370 void _init(void)
371 {
372 register_match(&dccp);
373 }
374
Tomato firmware and modifications.