summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
author/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org </C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org>2007-07-24 06:56:21 +0000
committer/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org </C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org>2007-07-24 06:56:21 +0000
commit916b1ce14cf080e5b28ec1dd2e2b0d700ff1ab15 (patch)
tree7e69e8e0597a650fecf19fc22e9e2c9f64c5548b /extensions
parent4c7b164e66594f24be6bfdcc071b7aec6f43ab66 (diff)
Unifies libip[6]t_udp.c into libxt_udp.c
Diffstat (limited to 'extensions')
-rw-r--r--extensions/Makefile6
-rw-r--r--extensions/libip6t_udp.c228
-rw-r--r--extensions/libxt_udp.c (renamed from extensions/libipt_udp.c)55
3 files changed, 40 insertions, 249 deletions
diff --git a/extensions/Makefile b/extensions/Makefile
index 62054f7..8bfb40d 100644
--- a/extensions/Makefile
+++ b/extensions/Makefile
@@ -5,9 +5,9 @@
# header files are present in the include/linux directory of this iptables
# package (HW)
#
-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac owner physdev pkttype policy realm sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE REDIRECT REJECT SAME SNAT TCPMSS TOS TTL TRACE ULOG
-PF6_EXT_SLIB:=connlimit connmark eui64 hl icmp6 length limit mac owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TCPMSS TRACE
-PFX_EXT_SLIB:=mark multiport NOTRACK
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac owner physdev pkttype policy realm sctp standard state tcp tcpmss tos ttl unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE REDIRECT REJECT SAME SNAT TCPMSS TOS TTL TRACE ULOG
+PF6_EXT_SLIB:=connlimit connmark eui64 hl icmp6 length limit mac owner physdev policy standard state tcp CONNMARK HL LOG NFQUEUE MARK TCPMSS TRACE
+PFX_EXT_SLIB:=mark multiport udp NOTRACK
ifeq ($(DO_SELINUX), 1)
PF_EXT_SE_SLIB:=SECMARK CONNSECMARK
diff --git a/extensions/libip6t_udp.c b/extensions/libip6t_udp.c
deleted file mode 100644
index 3355de2..0000000
--- a/extensions/libip6t_udp.c
+++ /dev/null
@@ -1,228 +0,0 @@
-/* Shared library add-on to iptables to add UDP support. */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <ip6tables.h>
-#include <linux/netfilter_ipv6/ip6_tables.h>
-
-/* Function which prints out usage message. */
-static void
-help(void)
-{
- printf(
-"UDP v%s options:\n"
-" --source-port [!] port[:port]\n"
-" --sport ...\n"
-" match source port(s)\n"
-" --destination-port [!] port[:port]\n"
-" --dport ...\n"
-" match destination port(s)\n",
-IPTABLES_VERSION);
-}
-
-static struct option opts[] = {
- { "source-port", 1, 0, '1' },
- { "sport", 1, 0, '1' }, /* synonym */
- { "destination-port", 1, 0, '2' },
- { "dport", 1, 0, '2' }, /* synonym */
- {0}
-};
-
-static void
-parse_udp_ports(const char *portstring, u_int16_t *ports)
-{
- char *buffer;
- char *cp;
-
- buffer = strdup(portstring);
- if ((cp = strchr(buffer, ':')) == NULL)
- ports[0] = ports[1] = parse_port(buffer, "udp");
- else {
- *cp = '\0';
- cp++;
-
- ports[0] = buffer[0] ? parse_port(buffer, "udp") : 0;
- ports[1] = cp[0] ? parse_port(cp, "udp") : 0xFFFF;
-
- if (ports[0] > ports[1])
- exit_error(PARAMETER_PROBLEM,
- "invalid portrange (min > max)");
- }
- free(buffer);
-}
-
-/* Initialize the match. */
-static void
-init(struct xt_entry_match *m, unsigned int *nfcache)
-{
- struct ip6t_udp *udpinfo = (struct ip6t_udp *)m->data;
-
- udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
-}
-
-#define UDP_SRC_PORTS 0x01
-#define UDP_DST_PORTS 0x02
-
-/* Function which parses command options; returns true if it
- ate an option */
-static int
-parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- unsigned int *nfcache,
- struct xt_entry_match **match)
-{
- struct ip6t_udp *udpinfo = (struct ip6t_udp *)(*match)->data;
-
- switch (c) {
- case '1':
- if (*flags & UDP_SRC_PORTS)
- exit_error(PARAMETER_PROBLEM,
- "Only one `--source-port' allowed");
- check_inverse(optarg, &invert, &optind, 0);
- parse_udp_ports(argv[optind-1], udpinfo->spts);
- if (invert)
- udpinfo->invflags |= IP6T_UDP_INV_SRCPT;
- *flags |= UDP_SRC_PORTS;
- break;
-
- case '2':
- if (*flags & UDP_DST_PORTS)
- exit_error(PARAMETER_PROBLEM,
- "Only one `--destination-port' allowed");
- check_inverse(optarg, &invert, &optind, 0);
- parse_udp_ports(argv[optind-1], udpinfo->dpts);
- if (invert)
- udpinfo->invflags |= IP6T_UDP_INV_DSTPT;
- *flags |= UDP_DST_PORTS;
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-/* Final check; we don't care. */
-static void
-final_check(unsigned int flags)
-{
-}
-
-static char *
-port_to_service(int port)
-{
- struct servent *service;
-
- if ((service = getservbyport(htons(port), "udp")))
- return service->s_name;
-
- return NULL;
-}
-
-static void
-print_port(u_int16_t port, int numeric)
-{
- char *service;
-
- if (numeric || (service = port_to_service(port)) == NULL)
- printf("%u", port);
- else
- printf("%s", service);
-}
-
-static void
-print_ports(const char *name, u_int16_t min, u_int16_t max,
- int invert, int numeric)
-{
- const char *inv = invert ? "!" : "";
-
- if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
- if (min == max) {
- printf(":%s", inv);
- print_port(min, numeric);
- } else {
- printf("s:%s", inv);
- print_port(min, numeric);
- printf(":");
- print_port(max, numeric);
- }
- printf(" ");
- }
-}
-
-/* Prints out the union ipt_matchinfo. */
-static void
-print(const void *ip,
- const struct xt_entry_match *match, int numeric)
-{
- const struct ip6t_udp *udp = (struct ip6t_udp *)match->data;
-
- printf("udp ");
- print_ports("spt", udp->spts[0], udp->spts[1],
- udp->invflags & IP6T_UDP_INV_SRCPT,
- numeric);
- print_ports("dpt", udp->dpts[0], udp->dpts[1],
- udp->invflags & IP6T_UDP_INV_DSTPT,
- numeric);
- if (udp->invflags & ~IP6T_UDP_INV_MASK)
- printf("Unknown invflags: 0x%X ",
- udp->invflags & ~IP6T_UDP_INV_MASK);
-}
-
-/* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const void *ip, const struct xt_entry_match *match)
-{
- const struct ip6t_udp *udpinfo = (struct ip6t_udp *)match->data;
-
- if (udpinfo->spts[0] != 0
- || udpinfo->spts[1] != 0xFFFF) {
- if (udpinfo->invflags & IP6T_UDP_INV_SRCPT)
- printf("! ");
- if (udpinfo->spts[0]
- != udpinfo->spts[1])
- printf("--sport %u:%u ",
- udpinfo->spts[0],
- udpinfo->spts[1]);
- else
- printf("--sport %u ",
- udpinfo->spts[0]);
- }
-
- if (udpinfo->dpts[0] != 0
- || udpinfo->dpts[1] != 0xFFFF) {
- if (udpinfo->invflags & IP6T_UDP_INV_DSTPT)
- printf("! ");
- if (udpinfo->dpts[0]
- != udpinfo->dpts[1])
- printf("--dport %u:%u ",
- udpinfo->dpts[0],
- udpinfo->dpts[1]);
- else
- printf("--dport %u ",
- udpinfo->dpts[0]);
- }
-}
-
-static struct ip6tables_match udp = {
- .name = "udp",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_udp)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_udp)),
- .help = &help,
- .init = &init,
- .parse = &parse,
- .final_check = &final_check,
- .print = &print,
- .save = &save,
- .extra_opts = opts,
-};
-
-void
-_init(void)
-{
- register_match6(&udp);
-}
diff --git a/extensions/libipt_udp.c b/extensions/libxt_udp.c
index 5e7b4a2..c379536 100644
--- a/extensions/libipt_udp.c
+++ b/extensions/libxt_udp.c
@@ -4,8 +4,8 @@
#include <string.h>
#include <stdlib.h>
#include <getopt.h>
-#include <iptables.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_tcpudp.h>
/* Function which prints out usage message. */
static void
@@ -57,7 +57,7 @@ parse_udp_ports(const char *portstring, u_int16_t *ports)
static void
init(struct xt_entry_match *m, unsigned int *nfcache)
{
- struct ipt_udp *udpinfo = (struct ipt_udp *)m->data;
+ struct xt_udp *udpinfo = (struct xt_udp *)m->data;
udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
}
@@ -73,7 +73,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
unsigned int *nfcache,
struct xt_entry_match **match)
{
- struct ipt_udp *udpinfo = (struct ipt_udp *)(*match)->data;
+ struct xt_udp *udpinfo = (struct xt_udp *)(*match)->data;
switch (c) {
case '1':
@@ -83,7 +83,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->spts);
if (invert)
- udpinfo->invflags |= IPT_UDP_INV_SRCPT;
+ udpinfo->invflags |= XT_UDP_INV_SRCPT;
*flags |= UDP_SRC_PORTS;
break;
@@ -94,7 +94,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->dpts);
if (invert)
- udpinfo->invflags |= IPT_UDP_INV_DSTPT;
+ udpinfo->invflags |= XT_UDP_INV_DSTPT;
*flags |= UDP_DST_PORTS;
break;
@@ -159,28 +159,28 @@ static void
print(const void *ip,
const struct xt_entry_match *match, int numeric)
{
- const struct ipt_udp *udp = (struct ipt_udp *)match->data;
+ const struct xt_udp *udp = (struct xt_udp *)match->data;
printf("udp ");
print_ports("spt", udp->spts[0], udp->spts[1],
- udp->invflags & IPT_UDP_INV_SRCPT,
+ udp->invflags & XT_UDP_INV_SRCPT,
numeric);
print_ports("dpt", udp->dpts[0], udp->dpts[1],
- udp->invflags & IPT_UDP_INV_DSTPT,
+ udp->invflags & XT_UDP_INV_DSTPT,
numeric);
- if (udp->invflags & ~IPT_UDP_INV_MASK)
+ if (udp->invflags & ~XT_UDP_INV_MASK)
printf("Unknown invflags: 0x%X ",
- udp->invflags & ~IPT_UDP_INV_MASK);
+ udp->invflags & ~XT_UDP_INV_MASK);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void save(const void *ip, const struct xt_entry_match *match)
{
- const struct ipt_udp *udpinfo = (struct ipt_udp *)match->data;
+ const struct xt_udp *udpinfo = (struct xt_udp *)match->data;
if (udpinfo->spts[0] != 0
|| udpinfo->spts[1] != 0xFFFF) {
- if (udpinfo->invflags & IPT_UDP_INV_SRCPT)
+ if (udpinfo->invflags & XT_UDP_INV_SRCPT)
printf("! ");
if (udpinfo->spts[0]
!= udpinfo->spts[1])
@@ -194,7 +194,7 @@ static void save(const void *ip, const struct xt_entry_match *match)
if (udpinfo->dpts[0] != 0
|| udpinfo->dpts[1] != 0xFFFF) {
- if (udpinfo->invflags & IPT_UDP_INV_DSTPT)
+ if (udpinfo->invflags & XT_UDP_INV_DSTPT)
printf("! ");
if (udpinfo->dpts[0]
!= udpinfo->dpts[1])
@@ -208,12 +208,30 @@ static void save(const void *ip, const struct xt_entry_match *match)
}
static
-struct iptables_match udp = {
+struct xtables_match udp = {
.next = NULL,
+ .family = AF_INET,
.name = "udp",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_udp)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_udp)),
+ .size = XT_ALIGN(sizeof(struct xt_udp)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_udp)),
+ .help = &help,
+ .init = &init,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
+};
+
+static
+struct xtables_match udp6 = {
+ .next = NULL,
+ .family = AF_INET6,
+ .name = "udp",
+ .version = IPTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_udp)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_udp)),
.help = &help,
.init = &init,
.parse = &parse,
@@ -226,5 +244,6 @@ struct iptables_match udp = {
void
_init(void)
{
- register_match(&udp);
+ xtables_register_match(&udp);
+ xtables_register_match(&udp6);
}