From c57941e15eac73a26c704c66691eab79ff521516 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org" Date: Fri, 28 Apr 2006 08:10:08 +0000 Subject: Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18. --- extensions/libip6t_multiport.c | 32 ++++++++++++++++++++++++-------- extensions/libipt_multiport.c | 32 ++++++++++++++++++++++++-------- include/ip6tables.h | 7 +++++++ include/iptables.h | 3 +++ 4 files changed, 58 insertions(+), 16 deletions(-) diff --git a/extensions/libip6t_multiport.c b/extensions/libip6t_multiport.c index 013241b..a8a8e08 100644 --- a/extensions/libip6t_multiport.c +++ b/extensions/libip6t_multiport.c @@ -33,6 +33,23 @@ static struct option opts[] = { {0} }; +static char * +proto_to_name(u_int8_t proto) +{ + switch (proto) { + case IPPROTO_TCP: + return "tcp"; + case IPPROTO_UDP: + return "udp"; + case IPPROTO_SCTP: + return "sctp"; + case IPPROTO_DCCP: + return "dccp"; + default: + return NULL; + } +} + static int service_to_port(const char *name, const char *proto) { @@ -86,16 +103,16 @@ init(struct ip6t_entry_match *m, unsigned int *nfcache) static const char * check_proto(const struct ip6t_entry *entry) { - if (entry->ipv6.proto == IPPROTO_TCP) - return "tcp"; - else if (entry->ipv6.proto == IPPROTO_UDP) - return "udp"; + char *proto; + + if ((proto = proto_to_name(entry->ipv6.proto)) != NULL) + return proto; else if (!entry->ipv6.proto) exit_error(PARAMETER_PROBLEM, - "multiport needs `-p tcp' or `-p udp'"); + "multiport needs `-p tcp', `-p udp', `-p sctp' or `-p dccp'"); else exit_error(PARAMETER_PROBLEM, - "multiport only works with TCP or UDP"); + "multiport only works with TCP, UDP, SCTP and DCCP"); } /* Function which parses command options; returns true if it @@ -163,8 +180,7 @@ port_to_service(int port, u_int8_t proto) { struct servent *service; - if ((service = getservbyport(htons(port), - proto == IPPROTO_TCP ? "tcp" : "udp"))) + if ((service = getservbyport(htons(port), proto_to_name(proto)))) return service->s_name; return NULL; diff --git a/extensions/libipt_multiport.c b/extensions/libipt_multiport.c index 9f5193f..97e1476 100644 --- a/extensions/libipt_multiport.c +++ b/extensions/libipt_multiport.c @@ -51,6 +51,23 @@ static struct option opts[] = { {0} }; +static char * +proto_to_name(u_int8_t proto) +{ + switch (proto) { + case IPPROTO_TCP: + return "tcp"; + case IPPROTO_UDP: + return "udp"; + case IPPROTO_SCTP: + return "sctp"; + case IPPROTO_DCCP: + return "dccp"; + default: + return NULL; + } +} + static int service_to_port(const char *name, const char *proto) { @@ -144,20 +161,20 @@ init(struct ipt_entry_match *m, unsigned int *nfcache) static const char * check_proto(const struct ipt_entry *entry) { + char *proto; + if (entry->ip.invflags & IPT_INV_PROTO) exit_error(PARAMETER_PROBLEM, "multiport only works with TCP or UDP"); - if (entry->ip.proto == IPPROTO_TCP) - return "tcp"; - else if (entry->ip.proto == IPPROTO_UDP) - return "udp"; + if ((proto = proto_to_name(entry->ip.proto)) != NULL) + return proto; else if (!entry->ip.proto) exit_error(PARAMETER_PROBLEM, - "multiport needs `-p tcp' or `-p udp'"); + "multiport needs `-p tcp', `-p udp', `-p sctp' or `-p dccp'"); else exit_error(PARAMETER_PROBLEM, - "multiport only works with TCP or UDP"); + "multiport only works with TCP, UDP, SCTP and DCCP"); } /* Function which parses command options; returns true if it @@ -271,8 +288,7 @@ port_to_service(int port, u_int8_t proto) { struct servent *service; - if ((service = getservbyport(htons(port), - proto == IPPROTO_TCP ? "tcp" : "udp"))) + if ((service = getservbyport(htons(port), proto_to_name(proto)))) return service->s_name; return NULL; diff --git a/include/ip6tables.h b/include/ip6tables.h index d5ea878..96f9798 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -8,6 +8,13 @@ #define IP6T_LIB_DIR "/usr/local/lib/iptables" #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 +#endif + struct ip6tables_rule_match { struct ip6tables_rule_match *next; diff --git a/include/iptables.h b/include/iptables.h index c56a005..1cd9dc4 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -11,6 +11,9 @@ #ifndef IPPROTO_SCTP #define IPPROTO_SCTP 132 #endif +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 +#endif #ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */ #define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) -- cgit v1.2.3