1 /* Shared library add-on to iptables to add packet length matching support. */
9 #include <linux/netfilter_ipv4/ipt_length.h>
11 /* Function which prints out usage message. */
16 "length v%s options:\n"
17 "[!] --length length[:length] Match packet length against value or range\n"
18 " of values (inclusive)\n",
23 static struct option opts
[] = {
24 { "length", 1, 0, '1' },
29 parse_length(const char *s
)
33 if (string_to_number(s
, 0, 0xFFFF, &len
) == -1)
34 exit_error(PARAMETER_PROBLEM
, "length invalid: `%s'\n", s
);
36 return (u_int16_t
)len
;
39 /* If a single value is provided, min and max are both set to the value */
41 parse_lengths(const char *s
, struct ipt_length_info
*info
)
47 if ((cp
= strchr(buffer
, ':')) == NULL
)
48 info
->min
= info
->max
= parse_length(buffer
);
53 info
->min
= buffer
[0] ? parse_length(buffer
) : 0;
54 info
->max
= cp
[0] ? parse_length(cp
) : 0xFFFF;
58 if (info
->min
> info
->max
)
59 exit_error(PARAMETER_PROBLEM
,
60 "length min. range value `%u' greater than max. "
61 "range value `%u'", info
->min
, info
->max
);
65 /* Function which parses command options; returns true if it
68 parse(int c
, char **argv
, int invert
, unsigned int *flags
,
69 const struct ipt_entry
*entry
,
70 unsigned int *nfcache
,
71 struct ipt_entry_match
**match
)
73 struct ipt_length_info
*info
= (struct ipt_length_info
*)(*match
)->data
;
78 exit_error(PARAMETER_PROBLEM
,
79 "length: `--length' may only be "
81 check_inverse(optarg
, &invert
, &optind
, 0);
82 parse_lengths(argv
[optind
-1], info
);
94 /* Final check; must have specified --length. */
96 final_check(unsigned int flags
)
99 exit_error(PARAMETER_PROBLEM
,
100 "length: You must specify `--length'");
103 /* Common match printing code. */
105 print_length(struct ipt_length_info
*info
)
110 if (info
->max
== info
->min
)
111 printf("%u ", info
->min
);
113 printf("%u:%u ", info
->min
, info
->max
);
116 /* Prints out the matchinfo. */
118 print(const struct ipt_ip
*ip
,
119 const struct ipt_entry_match
*match
,
123 print_length((struct ipt_length_info
*)match
->data
);
126 /* Saves the union ipt_matchinfo in parsable form to stdout. */
128 save(const struct ipt_ip
*ip
, const struct ipt_entry_match
*match
)
131 print_length((struct ipt_length_info
*)match
->data
);
134 static struct iptables_match length
= {
137 .version
= IPTABLES_VERSION
,
138 .size
= IPT_ALIGN(sizeof(struct ipt_length_info
)),
139 .userspacesize
= IPT_ALIGN(sizeof(struct ipt_length_info
)),
142 .final_check
= &final_check
,
150 register_match(&length
);