From 129152307ba7b09c9ad667eee2c4e0d23f7c500b Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sat, 21 Feb 2004 09:20:34 +0000 Subject: add userspace part of SCTP match --- include/linux/netfilter_ipv4/ipt_sctp.h | 111 ++++++++++++++++++++++++++------ 1 file changed, 91 insertions(+), 20 deletions(-) (limited to 'include/linux/netfilter_ipv4') diff --git a/include/linux/netfilter_ipv4/ipt_sctp.h b/include/linux/netfilter_ipv4/ipt_sctp.h index 54c58fab..575c6720 100644 --- a/include/linux/netfilter_ipv4/ipt_sctp.h +++ b/include/linux/netfilter_ipv4/ipt_sctp.h @@ -1,25 +1,96 @@ -/* iptables module for matching the SCTP header - * - * (C) 2003 Harald Welte - * - * This software is distributed under GNU GPL v2, 1991 - * - * $Id$ - */ -#ifndef _IPT_SCTP_H -#define _IPT_SCTP_H +#ifndef _IPT_SCTP_H_ +#define _IPT_SCTP_H_ + +#define IPT_SCTP_SRC_PORTS 0x01 +#define IPT_SCTP_DEST_PORTS 0x02 +#define IPT_SCTP_CHUNK_TYPES 0x04 + +#define IPT_SCTP_VALID_FLAGS 0x07 + +#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0])) struct ipt_sctp_info { - u_int16_t spts[2]; /* Souce port range */ - u_int16_t dpts[2]; /* Destination port range */ - u_int32_t chunks; /* chunks to be matched */ - u_int32_t chunk_mask; /* chunk mask to be matched */ - u_int8_t invflags; /* Inverse flags */ + u_int16_t dpts[2]; /* Min, Max */ + u_int16_t spts[2]; /* Min, Max */ + + u_int32_t chunkmap[256 / sizeof (u_int32_t)]; /* Bit mask of chunks to be matched according to RFC 2960 */ + +#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */ +#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */ +#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */ + + u_int32_t chunk_match_type; + + u_int32_t flags; + u_int32_t invflags; }; -#define IPT_SCTP_INV_SRCPT 0x01 /* Invert the sense of source ports */ -#define IPT_SCTP_INV_DSTPT 0x02 /* Invert the sense of dest ports */ -#define IPT_SCTP_INV_CHUNKS 0x03 /* Invert the sense of chunks */ -#define IPT_SCTP_INV_MASK 0x03 /* All possible flags */ +#define bytes(type) (sizeof(type) * 8) + +#define SCTP_CHUNKMAP_SET(chunkmap, type) \ + do { \ + chunkmap[type / bytes(u_int32_t)] |= \ + 1 << (type % bytes(u_int32_t)); \ + } while (0) + +#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \ + do { \ + chunkmap[type / bytes(u_int32_t)] &= \ + ~(1 << (type % bytes(u_int32_t))); \ + } while (0) + +#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \ +({ \ + (chunkmap[type / bytes (u_int32_t)] & \ + (1 << (type % bytes (u_int32_t)))) ? 1: 0; \ +}) + +#define SCTP_CHUNKMAP_RESET(chunkmap) \ + do { \ + int i; \ + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ + chunkmap[i] = 0; \ + } while (0) + +#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \ + do { \ + int i; \ + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ + chunkmap[i] = ~0; \ + } while (0) + +#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \ + do { \ + int i; \ + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ + destmap[i] = srcmap[i]; \ + } while (0) + +#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \ +({ \ + int i; \ + int flag = 1; \ + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \ + if (chunkmap[i]) { \ + flag = 0; \ + break; \ + } \ + } \ + flag; \ +}) + +#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \ +({ \ + int i; \ + int flag = 1; \ + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \ + if (chunkmap[i] != ~0) { \ + flag = 0; \ + break; \ + } \ + } \ + flag; \ +}) + +#endif /* _IPT_SCTP_H_ */ -#endif /* _IPT_SCTP_H */ -- cgit v1.2.3