1 #include <stdint.h>
2 #include <stdio.h>
3 #include <netdb.h>
4 #include <arpa/inet.h>
5 #include <xtables.h>
6 #include <linux/netfilter/xt_tcpudp.h>
7
8 enum {
9 O_SOURCE_PORT = 0,
10 O_DEST_PORT,
11 };
12
udp_help(void)13 static void udp_help(void)
14 {
15 printf(
16 "udp match options:\n"
17 "[!] --source-port port[:port]\n"
18 " --sport ...\n"
19 " match source port(s)\n"
20 "[!] --destination-port port[:port]\n"
21 " --dport ...\n"
22 " match destination port(s)\n");
23 }
24
25 #define s struct xt_udp
26 static const struct xt_option_entry udp_opts[] = {
27 {.name = "source-port", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC,
28 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
29 {.name = "sport", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC,
30 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
31 {.name = "destination-port", .id = O_DEST_PORT, .type = XTTYPE_PORTRC,
32 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
33 {.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC,
34 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
35 XTOPT_TABLEEND,
36 };
37 #undef s
38
udp_init(struct xt_entry_match * m)39 static void udp_init(struct xt_entry_match *m)
40 {
41 struct xt_udp *udpinfo = (struct xt_udp *)m->data;
42
43 udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
44 }
45
udp_parse(struct xt_option_call * cb)46 static void udp_parse(struct xt_option_call *cb)
47 {
48 struct xt_udp *udpinfo = cb->data;
49
50 xtables_option_parse(cb);
51 switch (cb->entry->id) {
52 case O_SOURCE_PORT:
53 if (cb->invert)
54 udpinfo->invflags |= XT_UDP_INV_SRCPT;
55 break;
56 case O_DEST_PORT:
57 if (cb->invert)
58 udpinfo->invflags |= XT_UDP_INV_DSTPT;
59 break;
60 }
61 }
62
63 static const char *
port_to_service(int port)64 port_to_service(int port)
65 {
66 const struct servent *service;
67
68 if ((service = getservbyport(htons(port), "udp")))
69 return service->s_name;
70
71 return NULL;
72 }
73
74 static void
print_port(uint16_t port,int numeric)75 print_port(uint16_t port, int numeric)
76 {
77 const char *service;
78
79 if (numeric || (service = port_to_service(port)) == NULL)
80 printf("%u", port);
81 else
82 printf("%s", service);
83 }
84
85 static void
print_ports(const char * name,uint16_t min,uint16_t max,int invert,int numeric)86 print_ports(const char *name, uint16_t min, uint16_t max,
87 int invert, int numeric)
88 {
89 const char *inv = invert ? "!" : "";
90
91 if (min != 0 || max != 0xFFFF || invert) {
92 printf(" %s", name);
93 if (min == max) {
94 printf(":%s", inv);
95 print_port(min, numeric);
96 } else {
97 printf("s:%s", inv);
98 print_port(min, numeric);
99 printf(":");
100 print_port(max, numeric);
101 }
102 }
103 }
104
105 static void
udp_print(const void * ip,const struct xt_entry_match * match,int numeric)106 udp_print(const void *ip, const struct xt_entry_match *match, int numeric)
107 {
108 const struct xt_udp *udp = (struct xt_udp *)match->data;
109
110 printf(" udp");
111 print_ports("spt", udp->spts[0], udp->spts[1],
112 udp->invflags & XT_UDP_INV_SRCPT,
113 numeric);
114 print_ports("dpt", udp->dpts[0], udp->dpts[1],
115 udp->invflags & XT_UDP_INV_DSTPT,
116 numeric);
117 if (udp->invflags & ~XT_UDP_INV_MASK)
118 printf(" Unknown invflags: 0x%X",
119 udp->invflags & ~XT_UDP_INV_MASK);
120 }
121
udp_save(const void * ip,const struct xt_entry_match * match)122 static void udp_save(const void *ip, const struct xt_entry_match *match)
123 {
124 const struct xt_udp *udpinfo = (struct xt_udp *)match->data;
125
126 if (udpinfo->spts[0] != 0
127 || udpinfo->spts[1] != 0xFFFF) {
128 if (udpinfo->invflags & XT_UDP_INV_SRCPT)
129 printf(" !");
130 if (udpinfo->spts[0]
131 != udpinfo->spts[1])
132 printf(" --sport %u:%u",
133 udpinfo->spts[0],
134 udpinfo->spts[1]);
135 else
136 printf(" --sport %u",
137 udpinfo->spts[0]);
138 }
139
140 if (udpinfo->dpts[0] != 0
141 || udpinfo->dpts[1] != 0xFFFF) {
142 if (udpinfo->invflags & XT_UDP_INV_DSTPT)
143 printf(" !");
144 if (udpinfo->dpts[0]
145 != udpinfo->dpts[1])
146 printf(" --dport %u:%u",
147 udpinfo->dpts[0],
148 udpinfo->dpts[1]);
149 else
150 printf(" --dport %u",
151 udpinfo->dpts[0]);
152 }
153 }
154
udp_xlate(struct xt_xlate * xl,const struct xt_xlate_mt_params * params)155 static int udp_xlate(struct xt_xlate *xl,
156 const struct xt_xlate_mt_params *params)
157 {
158 const struct xt_udp *udpinfo = (struct xt_udp *)params->match->data;
159 char *space= "";
160
161 if (udpinfo->spts[0] != 0 || udpinfo->spts[1] != 0xFFFF) {
162 if (udpinfo->spts[0] != udpinfo->spts[1]) {
163 xt_xlate_add(xl,"udp sport %s%u-%u",
164 udpinfo->invflags & XT_UDP_INV_SRCPT ?
165 "!= ": "",
166 udpinfo->spts[0], udpinfo->spts[1]);
167 } else {
168 xt_xlate_add(xl, "udp sport %s%u",
169 udpinfo->invflags & XT_UDP_INV_SRCPT ?
170 "!= ": "",
171 udpinfo->spts[0]);
172 }
173 space = " ";
174 }
175
176 if (udpinfo->dpts[0] != 0 || udpinfo->dpts[1] != 0xFFFF) {
177 if (udpinfo->dpts[0] != udpinfo->dpts[1]) {
178 xt_xlate_add(xl,"%sudp dport %s%u-%u", space,
179 udpinfo->invflags & XT_UDP_INV_SRCPT ?
180 "!= ": "",
181 udpinfo->dpts[0], udpinfo->dpts[1]);
182 } else {
183 xt_xlate_add(xl,"%sudp dport %s%u", space,
184 udpinfo->invflags & XT_UDP_INV_SRCPT ?
185 "!= ": "",
186 udpinfo->dpts[0]);
187 }
188 }
189
190 return 1;
191 }
192
193 static struct xtables_match udp_match = {
194 .family = NFPROTO_UNSPEC,
195 .name = "udp",
196 .version = XTABLES_VERSION,
197 .size = XT_ALIGN(sizeof(struct xt_udp)),
198 .userspacesize = XT_ALIGN(sizeof(struct xt_udp)),
199 .help = udp_help,
200 .init = udp_init,
201 .print = udp_print,
202 .save = udp_save,
203 .x6_parse = udp_parse,
204 .x6_options = udp_opts,
205 .xlate = udp_xlate,
206 };
207
208 void
_init(void)209 _init(void)
210 {
211 xtables_register_match(&udp_match);
212 }
213