URL https://opencores.org/ocsvn/or1k/or1k/trunk

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [net/] [ipv4/] [netfilter/] [ipt_multiport.c] - Blame information for rev 1765

Details | Compare with Previous | View Log


/* Kernel module to match one of a list of TCP/UDP ports: ports are in
   the same place so we can treat them as equal. */
#include <linux/module.h>
#include <linux/types.h>
#include <linux/udp.h>
#include <linux/skbuff.h>
 
#include <linux/netfilter_ipv4/ipt_multiport.h>
#include <linux/netfilter_ipv4/ip_tables.h>
 
#if 0
#define duprintf(format, args...) printk(format , ## args)
#else
#define duprintf(format, args...)
#endif
 
/* Returns 1 if the port is matched by the test, 0 otherwise. */
static inline int
ports_match(const u_int16_t *portlist, enum ipt_multiport_flags flags,
            u_int8_t count, u_int16_t src, u_int16_t dst)
{
        unsigned int i;
        for (i=0; i<count; i++) {
                if (flags != IPT_MULTIPORT_DESTINATION
                    && portlist[i] == src)
                        return 1;
 
                if (flags != IPT_MULTIPORT_SOURCE
                    && portlist[i] == dst)
                        return 1;
        }
 
        return 0;
}
 
static int
match(const struct sk_buff *skb,
      const struct net_device *in,
      const struct net_device *out,
      const void *matchinfo,
      int offset,
      const void *hdr,
      u_int16_t datalen,
      int *hotdrop)
{
        const struct udphdr *udp = hdr;
        const struct ipt_multiport *multiinfo = matchinfo;
 
        /* Must be big enough to read ports. */
        if (offset == 0 && datalen < sizeof(struct udphdr)) {
                /* We've been asked to examine this packet, and we
                   can't.  Hence, no choice but to drop. */
                        duprintf("ipt_multiport:"
                                 " Dropping evil offset=0 tinygram.\n");
                        *hotdrop = 1;
                        return 0;
        }
 
        /* Must not be a fragment. */
        return !offset
                && ports_match(multiinfo->ports,
                               multiinfo->flags, multiinfo->count,
                               ntohs(udp->source), ntohs(udp->dest));
}
 
/* Called when user tries to insert an entry of this type. */
static int
checkentry(const char *tablename,
           const struct ipt_ip *ip,
           void *matchinfo,
           unsigned int matchsize,
           unsigned int hook_mask)
{
        const struct ipt_multiport *multiinfo = matchinfo;
 
        if (matchsize != IPT_ALIGN(sizeof(struct ipt_multiport)))
                return 0;
 
        /* Must specify proto == TCP/UDP, no unknown flags or bad count */
        return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP)
                && !(ip->invflags & IPT_INV_PROTO)
                && matchsize == IPT_ALIGN(sizeof(struct ipt_multiport))
                && (multiinfo->flags == IPT_MULTIPORT_SOURCE
                    || multiinfo->flags == IPT_MULTIPORT_DESTINATION
                    || multiinfo->flags == IPT_MULTIPORT_EITHER)
                && multiinfo->count <= IPT_MULTI_PORTS;
}
 
static struct ipt_match multiport_match
= { { NULL, NULL }, "multiport", &match, &checkentry, NULL, THIS_MODULE };
 
static int __init init(void)
{
        return ipt_register_match(&multiport_match);
}
 
static void __exit fini(void)
{
        ipt_unregister_match(&multiport_match);
}
 
module_init(init);
module_exit(fini);
MODULE_LICENSE("GPL");

Line No.	Rev	Author	Line
1	1275	phoenix	`/* Kernel module to match one of a list of TCP/UDP ports: ports are in`
2			`the same place so we can treat them as equal. */`
3			`#include <linux/module.h>`
4			`#include <linux/types.h>`
5			`#include <linux/udp.h>`
6			`#include <linux/skbuff.h>`
7
8			`#include <linux/netfilter_ipv4/ipt_multiport.h>`
9			`#include <linux/netfilter_ipv4/ip_tables.h>`
10
11			`#if 0`
12			`#define duprintf(format, args...) printk(format , ## args)`
13			`#else`
14			`#define duprintf(format, args...)`
15			`#endif`
16
17			`/* Returns 1 if the port is matched by the test, 0 otherwise. */`
18			`static inline int`
19			`ports_match(const u_int16_t *portlist, enum ipt_multiport_flags flags,`
20			`u_int8_t count, u_int16_t src, u_int16_t dst)`
21			`{`
22			`unsigned int i;`
23			`for (i=0; i<count; i++) {`
24			`if (flags != IPT_MULTIPORT_DESTINATION`
25			`&& portlist[i] == src)`
26			`return 1;`
27
28			`if (flags != IPT_MULTIPORT_SOURCE`
29			`&& portlist[i] == dst)`
30			`return 1;`
31			`}`
32
33			`return 0;`
34			`}`
35
36			`static int`
37			`match(const struct sk_buff *skb,`
38			`const struct net_device *in,`
39			`const struct net_device *out,`
40			`const void *matchinfo,`
41			`int offset,`
42			`const void *hdr,`
43			`u_int16_t datalen,`
44			`int *hotdrop)`
45			`{`
46			`const struct udphdr *udp = hdr;`
47			`const struct ipt_multiport *multiinfo = matchinfo;`
48
49			`/* Must be big enough to read ports. */`
50			`if (offset == 0 && datalen < sizeof(struct udphdr)) {`
51			`/* We've been asked to examine this packet, and we`
52			`can't. Hence, no choice but to drop. */`
53			`duprintf("ipt_multiport:"`
54			`" Dropping evil offset=0 tinygram.\n");`
55			`*hotdrop = 1;`
56			`return 0;`
57			`}`
58
59			`/* Must not be a fragment. */`
60			`return !offset`
61			`&& ports_match(multiinfo->ports,`
62			`multiinfo->flags, multiinfo->count,`
63			`ntohs(udp->source), ntohs(udp->dest));`
64			`}`
65
66			`/* Called when user tries to insert an entry of this type. */`
67			`static int`
68			`checkentry(const char *tablename,`
69			`const struct ipt_ip *ip,`
70			`void *matchinfo,`
71			`unsigned int matchsize,`
72			`unsigned int hook_mask)`
73			`{`
74			`const struct ipt_multiport *multiinfo = matchinfo;`
75
76			`if (matchsize != IPT_ALIGN(sizeof(struct ipt_multiport)))`
77			`return 0;`
78
79			`/* Must specify proto == TCP/UDP, no unknown flags or bad count */`
80			`return (ip->proto == IPPROTO_TCP \|\| ip->proto == IPPROTO_UDP)`
81			`&& !(ip->invflags & IPT_INV_PROTO)`
82			`&& matchsize == IPT_ALIGN(sizeof(struct ipt_multiport))`
83			`&& (multiinfo->flags == IPT_MULTIPORT_SOURCE`
84			`\|\| multiinfo->flags == IPT_MULTIPORT_DESTINATION`
85			`\|\| multiinfo->flags == IPT_MULTIPORT_EITHER)`
86			`&& multiinfo->count <= IPT_MULTI_PORTS;`
87			`}`
88
89			`static struct ipt_match multiport_match`
90			`= { { NULL, NULL }, "multiport", &match, &checkentry, NULL, THIS_MODULE };`
91
92			`static int __init init(void)`
93			`{`
94			`return ipt_register_match(&multiport_match);`
95			`}`
96
97			`static void __exit fini(void)`
98			`{`
99			`ipt_unregister_match(&multiport_match);`
100			`}`
101
102			`module_init(init);`
103			`module_exit(fini);`
104			`MODULE_LICENSE("GPL");`

Browse

Tools

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [net/] [ipv4/] [netfilter/] [ipt_multiport.c] - Blame information for rev 1765