1 /* Shared library add-on to iptables to add u32 matching,
2 * generalized matching on values found at packet offsets
4 * Detailed doc is in the kernel module source
5 * net/netfilter/xt_u32.c
7 * (C) 2002 by Don Cohen <don-netf@isis.cs3-inc.com>
8 * Released under the terms of GNU GPL v2
10 * Copyright © CC Computer Consultants GmbH, 2007
11 * Contact: <jengelh@computergmbh.de>
19 #include <linux/netfilter/xt_u32.h>
25 static const struct xt_option_entry u32_opts[] = {
26 {.name = "u32", .id = O_U32, .type = XTTYPE_STRING,
27 .flags = XTOPT_MAND | XTOPT_INVERT},
31 static void u32_help(void)
34 "u32 match options:\n"
36 "\t\t""tests := location \"=\" value | tests \"&&\" location \"=\" value\n"
37 "\t\t""value := range | value \",\" range\n"
38 "\t\t""range := number | number \":\" number\n"
39 "\t\t""location := number | location operator number\n"
40 "\t\t""operator := \"&\" | \"<<\" | \">>\" | \"@\"\n");
43 static void u32_dump(const struct xt_u32 *data)
45 const struct xt_u32_test *ct;
46 unsigned int testind, i;
49 for (testind = 0; testind < data->ntests; ++testind) {
50 ct = &data->tests[testind];
55 printf("0x%x", ct->location[0].number);
56 for (i = 1; i < ct->nnums; ++i) {
57 switch (ct->location[i].nextop) {
71 printf("0x%x", ct->location[i].number);
75 for (i = 0; i < ct->nvalues; ++i) {
78 if (ct->value[i].min == ct->value[i].max)
79 printf("0x%x", ct->value[i].min);
81 printf("0x%x:0x%x", ct->value[i].min,
88 /* string_to_number() is not quite what we need here ... */
89 static uint32_t parse_number(const char **s, int pos)
94 if (!xtables_strtoui(*s, &end, &number, 0, UINT32_MAX) ||
96 xtables_error(PARAMETER_PROBLEM,
97 "u32: at char %d: not a number or out of range", pos);
102 static void u32_parse(struct xt_option_call *cb)
104 struct xt_u32 *data = cb->data;
105 unsigned int testind = 0, locind = 0, valind = 0;
106 struct xt_u32_test *ct = &data->tests[testind]; /* current test */
107 const char *arg = cb->arg; /* the argument string */
108 const char *start = cb->arg;
111 xtables_option_parse(cb);
112 data->invert = cb->invert;
116 * 0 = looking for numbers and operations,
117 * 1 = looking for ranges
120 /* read next operand/number or range */
121 while (isspace(*arg))
125 /* end of argument found */
127 xtables_error(PARAMETER_PROBLEM,
128 "u32: abrupt end of input after location specifier");
130 xtables_error(PARAMETER_PROBLEM,
131 "u32: test ended with no value specified");
134 ct->nvalues = valind;
135 data->ntests = ++testind;
137 if (testind > XT_U32_MAXSIZE)
138 xtables_error(PARAMETER_PROBLEM,
139 "u32: at char %u: too many \"&&\"s",
140 (unsigned int)(arg - start));
146 * reading location: read a number if nothing read yet,
147 * otherwise either op number or = to end location spec
151 xtables_error(PARAMETER_PROBLEM,
153 "location spec missing",
154 (unsigned int)(arg - start));
161 /* need op before number */
163 ct->location[locind].nextop = XT_U32_AND;
164 } else if (*arg == '<') {
166 xtables_error(PARAMETER_PROBLEM,
167 "u32: at char %u: a second '<' was expected", (unsigned int)(arg - start));
168 ct->location[locind].nextop = XT_U32_LEFTSH;
169 } else if (*arg == '>') {
171 xtables_error(PARAMETER_PROBLEM,
172 "u32: at char %u: a second '>' was expected", (unsigned int)(arg - start));
173 ct->location[locind].nextop = XT_U32_RIGHTSH;
174 } else if (*arg == '@') {
175 ct->location[locind].nextop = XT_U32_AT;
177 xtables_error(PARAMETER_PROBLEM,
178 "u32: at char %u: operator expected", (unsigned int)(arg - start));
182 /* now a number; string_to_number skips white space? */
183 ct->location[locind].number =
184 parse_number(&arg, arg - start);
185 if (++locind > XT_U32_MAXSIZE)
186 xtables_error(PARAMETER_PROBLEM,
187 "u32: at char %u: too many operators", (unsigned int)(arg - start));
191 * state 1 - reading values: read a range if nothing
192 * read yet, otherwise either ,range or && to end
197 xtables_error(PARAMETER_PROBLEM,
198 "u32: at char %u: a second '&' was expected", (unsigned int)(arg - start));
200 xtables_error(PARAMETER_PROBLEM,
201 "u32: at char %u: value spec missing", (unsigned int)(arg - start));
204 ct->nvalues = valind;
205 ct = &data->tests[++testind];
206 if (testind > XT_U32_MAXSIZE)
207 xtables_error(PARAMETER_PROBLEM,
208 "u32: at char %u: too many \"&&\"s", (unsigned int)(arg - start));
214 } else { /* read value range */
215 if (valind > 0) { /* need , before number */
217 xtables_error(PARAMETER_PROBLEM,
218 "u32: at char %u: expected \",\" or \"&&\"", (unsigned int)(arg - start));
221 ct->value[valind].min =
222 parse_number(&arg, arg - start);
224 while (isspace(*arg))
229 ct->value[valind].max =
230 parse_number(&arg, arg-start);
232 ct->value[valind].max =
233 ct->value[valind].min;
236 if (++valind > XT_U32_MAXSIZE)
237 xtables_error(PARAMETER_PROBLEM,
238 "u32: at char %u: too many \",\"s", (unsigned int)(arg - start));
244 static void u32_print(const void *ip, const struct xt_entry_match *match,
247 const struct xt_u32 *data = (const void *)match->data;
254 static void u32_save(const void *ip, const struct xt_entry_match *match)
256 const struct xt_u32 *data = (const void *)match->data;
263 static struct xtables_match u32_match = {
265 .family = NFPROTO_UNSPEC,
266 .version = XTABLES_VERSION,
267 .size = XT_ALIGN(sizeof(struct xt_u32)),
268 .userspacesize = XT_ALIGN(sizeof(struct xt_u32)),
272 .x6_parse = u32_parse,
273 .x6_options = u32_opts,
278 xtables_register_match(&u32_match);
projects / external / iptables.git / blob