1
/* Shared library add-on to iptables to add UDP support. */
8
#include <linux/netfilter/xt_tcpudp.h>
10
/* Function which prints out usage message. */
11
static void udp_help(void)
15
" --source-port [!] port[:port]\n"
17
" match source port(s)\n"
18
" --destination-port [!] port[:port]\n"
20
" match destination port(s)\n",
24
static const struct option udp_opts[] = {
25
{ "source-port", 1, NULL, '1' },
26
{ "sport", 1, NULL, '1' }, /* synonym */
27
{ "destination-port", 1, NULL, '2' },
28
{ "dport", 1, NULL, '2' }, /* synonym */
33
parse_udp_ports(const char *portstring, u_int16_t *ports)
38
buffer = strdup(portstring);
39
if ((cp = strchr(buffer, ':')) == NULL)
40
ports[0] = ports[1] = parse_port(buffer, "udp");
45
ports[0] = buffer[0] ? parse_port(buffer, "udp") : 0;
46
ports[1] = cp[0] ? parse_port(cp, "udp") : 0xFFFF;
48
if (ports[0] > ports[1])
49
exit_error(PARAMETER_PROBLEM,
50
"invalid portrange (min > max)");
55
/* Initialize the match. */
56
static void udp_init(struct xt_entry_match *m)
58
struct xt_udp *udpinfo = (struct xt_udp *)m->data;
60
udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
63
#define UDP_SRC_PORTS 0x01
64
#define UDP_DST_PORTS 0x02
66
/* Function which parses command options; returns true if it
69
udp_parse(int c, char **argv, int invert, unsigned int *flags,
70
const void *entry, struct xt_entry_match **match)
72
struct xt_udp *udpinfo = (struct xt_udp *)(*match)->data;
76
if (*flags & UDP_SRC_PORTS)
77
exit_error(PARAMETER_PROBLEM,
78
"Only one `--source-port' allowed");
79
check_inverse(optarg, &invert, &optind, 0);
80
parse_udp_ports(argv[optind-1], udpinfo->spts);
82
udpinfo->invflags |= XT_UDP_INV_SRCPT;
83
*flags |= UDP_SRC_PORTS;
87
if (*flags & UDP_DST_PORTS)
88
exit_error(PARAMETER_PROBLEM,
89
"Only one `--destination-port' allowed");
90
check_inverse(optarg, &invert, &optind, 0);
91
parse_udp_ports(argv[optind-1], udpinfo->dpts);
93
udpinfo->invflags |= XT_UDP_INV_DSTPT;
94
*flags |= UDP_DST_PORTS;
105
port_to_service(int port)
107
struct servent *service;
109
if ((service = getservbyport(htons(port), "udp")))
110
return service->s_name;
116
print_port(u_int16_t port, int numeric)
120
if (numeric || (service = port_to_service(port)) == NULL)
123
printf("%s", service);
127
print_ports(const char *name, u_int16_t min, u_int16_t max,
128
int invert, int numeric)
130
const char *inv = invert ? "!" : "";
132
if (min != 0 || max != 0xFFFF || invert) {
136
print_port(min, numeric);
139
print_port(min, numeric);
141
print_port(max, numeric);
147
/* Prints out the union ipt_matchinfo. */
149
udp_print(const void *ip, const struct xt_entry_match *match, int numeric)
151
const struct xt_udp *udp = (struct xt_udp *)match->data;
154
print_ports("spt", udp->spts[0], udp->spts[1],
155
udp->invflags & XT_UDP_INV_SRCPT,
157
print_ports("dpt", udp->dpts[0], udp->dpts[1],
158
udp->invflags & XT_UDP_INV_DSTPT,
160
if (udp->invflags & ~XT_UDP_INV_MASK)
161
printf("Unknown invflags: 0x%X ",
162
udp->invflags & ~XT_UDP_INV_MASK);
165
/* Saves the union ipt_matchinfo in parsable form to stdout. */
166
static void udp_save(const void *ip, const struct xt_entry_match *match)
168
const struct xt_udp *udpinfo = (struct xt_udp *)match->data;
170
if (udpinfo->spts[0] != 0
171
|| udpinfo->spts[1] != 0xFFFF) {
172
if (udpinfo->invflags & XT_UDP_INV_SRCPT)
176
printf("--sport %u:%u ",
180
printf("--sport %u ",
184
if (udpinfo->dpts[0] != 0
185
|| udpinfo->dpts[1] != 0xFFFF) {
186
if (udpinfo->invflags & XT_UDP_INV_DSTPT)
190
printf("--dport %u:%u ",
194
printf("--dport %u ",
199
static struct xtables_match udp_match = {
202
.version = IPTABLES_VERSION,
203
.size = XT_ALIGN(sizeof(struct xt_udp)),
204
.userspacesize = XT_ALIGN(sizeof(struct xt_udp)),
210
.extra_opts = udp_opts,
213
static struct xtables_match udp_match6 = {
216
.version = IPTABLES_VERSION,
217
.size = XT_ALIGN(sizeof(struct xt_udp)),
218
.userspacesize = XT_ALIGN(sizeof(struct xt_udp)),
224
.extra_opts = udp_opts,
230
xtables_register_match(&udp_match);
231
xtables_register_match(&udp_match6);