search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
manpages: do not include v4-only modules in ip6tables manpage
[jleu-iptables.git] / extensions / libxt_tcpmss.c
blob46529f9788d8b79731defedde6d4f23df9e3e195
1 /* Shared library add-on to iptables to add tcp MSS matching support. */
2 #include <stdio.h>
3 #include <netdb.h>
4 #include <string.h>
5 #include <stdlib.h>
6 #include <getopt.h>
7
8 #include <xtables.h>
9 #include <linux/netfilter/xt_tcpmss.h>
10
11 static void tcpmss_help(void)
12 {
13 printf(
14 "tcpmss match options:\n"
15 "[!] --mss value[:value] Match TCP MSS range.\n"
16 " (only valid for TCP SYN or SYN/ACK packets)\n");
17 }
18
19 static const struct option tcpmss_opts[] = {
20 { "mss", 1, NULL, '1' },
21 { .name = NULL }
22 };
23
24 static u_int16_t
25 parse_tcp_mssvalue(const char *mssvalue)
26 {
27 unsigned int mssvaluenum;
28
29 if (xtables_strtoui(mssvalue, NULL, &mssvaluenum, 0, UINT16_MAX))
30 return mssvaluenum;
31
32 xtables_error(PARAMETER_PROBLEM,
33 "Invalid mss `%s' specified", mssvalue);
34 }
35
36 static void
37 parse_tcp_mssvalues(const char *mssvaluestring,
38 u_int16_t *mss_min, u_int16_t *mss_max)
39 {
40 char *buffer;
41 char *cp;
42
43 buffer = strdup(mssvaluestring);
44 if ((cp = strchr(buffer, ':')) == NULL)
45 *mss_min = *mss_max = parse_tcp_mssvalue(buffer);
46 else {
47 *cp = '\0';
48 cp++;
49
50 *mss_min = buffer[0] ? parse_tcp_mssvalue(buffer) : 0;
51 *mss_max = cp[0] ? parse_tcp_mssvalue(cp) : 0xFFFF;
52 }
53 free(buffer);
54 }
55
56 static int
57 tcpmss_parse(int c, char **argv, int invert, unsigned int *flags,
58 const void *entry, struct xt_entry_match **match)
59 {
60 struct xt_tcpmss_match_info *mssinfo =
61 (struct xt_tcpmss_match_info *)(*match)->data;
62
63 switch (c) {
64 case '1':
65 if (*flags)
66 xtables_error(PARAMETER_PROBLEM,
67 "Only one `--mss' allowed");
68 xtables_check_inverse(optarg, &invert, &optind, 0);
69 parse_tcp_mssvalues(argv[optind-1],
70 &mssinfo->mss_min, &mssinfo->mss_max);
71 if (invert)
72 mssinfo->invert = 1;
73 *flags = 1;
74 break;
75 default:
76 return 0;
77 }
78 return 1;
79 }
80
81 static void tcpmss_check(unsigned int flags)
82 {
83 if (!flags)
84 xtables_error(PARAMETER_PROBLEM,
85 "tcpmss match: You must specify `--mss'");
86 }
87
88 static void
89 tcpmss_print(const void *ip, const struct xt_entry_match *match, int numeric)
90 {
91 const struct xt_tcpmss_match_info *info = (void *)match->data;
92
93 printf("tcpmss match %s", info->invert ? "!" : "");
94 if (info->mss_min == info->mss_max)
95 printf("%u ", info->mss_min);
96 else
97 printf("%u:%u ", info->mss_min, info->mss_max);
98 }
99
100 static void tcpmss_save(const void *ip, const struct xt_entry_match *match)
101 {
102 const struct xt_tcpmss_match_info *info = (void *)match->data;
103
104 printf("%s--mss ", info->invert ? "! " : "");
105 if (info->mss_min == info->mss_max)
106 printf("%u ", info->mss_min);
107 else
108 printf("%u:%u ", info->mss_min, info->mss_max);
109 }
110
111 static struct xtables_match tcpmss_match = {
112 .family = NFPROTO_IPV4,
113 .name = "tcpmss",
114 .version = XTABLES_VERSION,
115 .size = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
116 .userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
117 .help = tcpmss_help,
118 .parse = tcpmss_parse,
119 .final_check = tcpmss_check,
120 .print = tcpmss_print,
121 .save = tcpmss_save,
122 .extra_opts = tcpmss_opts,
123 };
124
125 static struct xtables_match tcpmss_match6 = {
126 .family = NFPROTO_IPV6,
127 .name = "tcpmss",
128 .version = XTABLES_VERSION,
129 .size = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
130 .userspacesize = XT_ALIGN(sizeof(struct xt_tcpmss_match_info)),
131 .help = tcpmss_help,
132 .parse = tcpmss_parse,
133 .final_check = tcpmss_check,
134 .print = tcpmss_print,
135 .save = tcpmss_save,
136 .extra_opts = tcpmss_opts,
137 };
138
139 void _init(void)
140 {
141 xtables_register_match(&tcpmss_match);
142 xtables_register_match(&tcpmss_match6);
143 }
Various project for iptables