1 #include <stdio.h>
2 #include <xtables.h>
3 #include <linux/netfilter_ipv4/ipt_ah.h>
4
5 enum {
6 O_AHSPI = 0,
7 };
8
ah_help(void)9 static void ah_help(void)
10 {
11 printf(
12 "ah match options:\n"
13 "[!] --ahspi spi[:spi]\n"
14 " match spi (range)\n");
15 }
16
17 static const struct xt_option_entry ah_opts[] = {
18 {.name = "ahspi", .id = O_AHSPI, .type = XTTYPE_UINT32RC,
19 .flags = XTOPT_INVERT | XTOPT_PUT,
20 XTOPT_POINTER(struct ipt_ah, spis)},
21 XTOPT_TABLEEND,
22 };
23
ah_parse(struct xt_option_call * cb)24 static void ah_parse(struct xt_option_call *cb)
25 {
26 struct ipt_ah *ahinfo = cb->data;
27
28 xtables_option_parse(cb);
29 if (cb->nvals == 1)
30 ahinfo->spis[1] = ahinfo->spis[0];
31 if (cb->invert)
32 ahinfo->invflags |= IPT_AH_INV_SPI;
33 }
34
35 static void
print_spis(const char * name,uint32_t min,uint32_t max,int invert)36 print_spis(const char *name, uint32_t min, uint32_t max,
37 int invert)
38 {
39 const char *inv = invert ? "!" : "";
40
41 if (min != 0 || max != 0xFFFFFFFF || invert) {
42 printf("%s", name);
43 if (min == max) {
44 printf(":%s", inv);
45 printf("%u", min);
46 } else {
47 printf("s:%s", inv);
48 printf("%u",min);
49 printf(":");
50 printf("%u",max);
51 }
52 }
53 }
54
ah_print(const void * ip,const struct xt_entry_match * match,int numeric)55 static void ah_print(const void *ip, const struct xt_entry_match *match,
56 int numeric)
57 {
58 const struct ipt_ah *ah = (struct ipt_ah *)match->data;
59
60 printf(" ah ");
61 print_spis("spi", ah->spis[0], ah->spis[1],
62 ah->invflags & IPT_AH_INV_SPI);
63 if (ah->invflags & ~IPT_AH_INV_MASK)
64 printf(" Unknown invflags: 0x%X",
65 ah->invflags & ~IPT_AH_INV_MASK);
66 }
67
ah_save(const void * ip,const struct xt_entry_match * match)68 static void ah_save(const void *ip, const struct xt_entry_match *match)
69 {
70 const struct ipt_ah *ahinfo = (struct ipt_ah *)match->data;
71
72 if (!(ahinfo->spis[0] == 0
73 && ahinfo->spis[1] == 0xFFFFFFFF)) {
74 printf("%s --ahspi ",
75 (ahinfo->invflags & IPT_AH_INV_SPI) ? " !" : "");
76 if (ahinfo->spis[0]
77 != ahinfo->spis[1])
78 printf("%u:%u",
79 ahinfo->spis[0],
80 ahinfo->spis[1]);
81 else
82 printf("%u",
83 ahinfo->spis[0]);
84 }
85
86 }
87
88 static struct xtables_match ah_mt_reg = {
89 .name = "ah",
90 .version = XTABLES_VERSION,
91 .family = NFPROTO_IPV4,
92 .size = XT_ALIGN(sizeof(struct ipt_ah)),
93 .userspacesize = XT_ALIGN(sizeof(struct ipt_ah)),
94 .help = ah_help,
95 .print = ah_print,
96 .save = ah_save,
97 .x6_parse = ah_parse,
98 .x6_options = ah_opts,
99 };
100
101 void
_init(void)102 _init(void)
103 {
104 xtables_register_match(&ah_mt_reg);
105 }
106