king
/
v811_spc009
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8f4c154c05'
${ noResults }
v811_spc009/external/iptables/extensions/libipt_ttl.c

166 lines
3.6 KiB
Raw Blame History

/* Shared library add-on to iptables to add TTL matching support
* (C) 2000 by Harald Welte <laforge@gnumonks.org>
*
* This program is released under the terms of GNU GPL */
#include <stdio.h>
#include <xtables.h>
#include <linux/netfilter_ipv4/ipt_ttl.h>
enum {
O_TTL_EQ = 0,
O_TTL_LT,
O_TTL_GT,
F_TTL_EQ = 1 << O_TTL_EQ,
F_TTL_LT = 1 << O_TTL_LT,
F_TTL_GT = 1 << O_TTL_GT,
F_ANY = F_TTL_EQ | F_TTL_LT | F_TTL_GT,
};
static void ttl_help(void)
{
printf(
"ttl match options:\n"
"[!] --ttl-eq value Match time to live value\n"
" --ttl-lt value Match TTL < value\n"
" --ttl-gt value Match TTL > value\n");
}
static void ttl_parse(struct xt_option_call *cb)
{
struct ipt_ttl_info *info = cb->data;
xtables_option_parse(cb);
switch (cb->entry->id) {
case O_TTL_EQ:
info->mode = cb->invert ? IPT_TTL_NE : IPT_TTL_EQ;
break;
case O_TTL_LT:
info->mode = IPT_TTL_LT;
break;
case O_TTL_GT:
info->mode = IPT_TTL_GT;
break;
}
}
static void ttl_check(struct xt_fcheck_call *cb)
{
if (!(cb->xflags & F_ANY))
xtables_error(PARAMETER_PROBLEM,
"TTL match: You must specify one of "
"`--ttl-eq', `--ttl-lt', `--ttl-gt");
}
static void ttl_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
const struct ipt_ttl_info *info =
(struct ipt_ttl_info *) match->data;
printf(" TTL match ");
switch (info->mode) {
case IPT_TTL_EQ:
printf("TTL ==");
break;
case IPT_TTL_NE:
printf("TTL !=");
break;
case IPT_TTL_LT:
printf("TTL <");
break;
case IPT_TTL_GT:
printf("TTL >");
break;
}
printf(" %u", info->ttl);
}
static void ttl_save(const void *ip, const struct xt_entry_match *match)
{
const struct ipt_ttl_info *info =
(struct ipt_ttl_info *) match->data;
switch (info->mode) {
case IPT_TTL_EQ:
printf(" --ttl-eq");
break;
case IPT_TTL_NE:
printf(" ! --ttl-eq");
break;
case IPT_TTL_LT:
printf(" --ttl-lt");
break;
case IPT_TTL_GT:
printf(" --ttl-gt");
break;
default:
/* error */
break;
}
printf(" %u", info->ttl);
}
static int ttl_xlate(struct xt_xlate *xl,
const struct xt_xlate_mt_params *params)
{
const struct ipt_ttl_info *info =
(struct ipt_ttl_info *) params->match->data;
switch (info->mode) {
case IPT_TTL_EQ:
xt_xlate_add(xl, "ip ttl");
break;
case IPT_TTL_NE:
xt_xlate_add(xl, "ip ttl !=");
break;
case IPT_TTL_LT:
xt_xlate_add(xl, "ip ttl lt");
break;
case IPT_TTL_GT:
xt_xlate_add(xl, "ip ttl gt");
break;
default:
/* Should not happen. */
break;
}
xt_xlate_add(xl, " %u", info->ttl);
return 1;
}
#define s struct ipt_ttl_info
static const struct xt_option_entry ttl_opts[] = {
{.name = "ttl-lt", .id = O_TTL_LT, .excl = F_ANY, .type = XTTYPE_UINT8,
.flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)},
{.name = "ttl-gt", .id = O_TTL_GT, .excl = F_ANY, .type = XTTYPE_UINT8,
.flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)},
{.name = "ttl-eq", .id = O_TTL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8,
.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, ttl)},
{.name = "ttl", .id = O_TTL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8,
.flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)},
XTOPT_TABLEEND,
};
#undef s
static struct xtables_match ttl_mt_reg = {
.name = "ttl",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct ipt_ttl_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_ttl_info)),
.help = ttl_help,
.print = ttl_print,
.save = ttl_save,
.x6_parse = ttl_parse,
.x6_fcheck = ttl_check,
.x6_options = ttl_opts,
.xlate = ttl_xlate,
};
void _init(void)
{
xtables_register_match(&ttl_mt_reg);
}
Reference in new issue View Git Blame Copy Permalink