1 /* Shared library add-on to iptables to add packet length matching support. */
9 #include <linux/netfilter/xt_length.h>
11 /* Function which prints out usage message. */
12 static void length_help(void)
15 "length match options:\n"
16 "[!] --length length[:length] Match packet length against value or range\n"
17 " of values (inclusive)\n");
20 static const struct option length_opts[] = {
21 { "length", 1, NULL, '1' },
26 parse_length(const char *s)
30 if (string_to_number(s, 0, 0xFFFF, &len) == -1)
31 exit_error(PARAMETER_PROBLEM, "length invalid: `%s'\n", s);
33 return (u_int16_t )len;
36 /* If a single value is provided, min and max are both set to the value */
38 parse_lengths(const char *s, struct xt_length_info *info)
44 if ((cp = strchr(buffer, ':')) == NULL)
45 info->min = info->max = parse_length(buffer);
50 info->min = buffer[0] ? parse_length(buffer) : 0;
51 info->max = cp[0] ? parse_length(cp) : 0xFFFF;
55 if (info->min > info->max)
56 exit_error(PARAMETER_PROBLEM,
57 "length min. range value `%u' greater than max. "
58 "range value `%u'", info->min, info->max);
62 /* Function which parses command options; returns true if it
65 length_parse(int c, char **argv, int invert, unsigned int *flags,
66 const void *entry, struct xt_entry_match **match)
68 struct xt_length_info *info = (struct xt_length_info *)(*match)->data;
73 exit_error(PARAMETER_PROBLEM,
74 "length: `--length' may only be "
76 check_inverse(optarg, &invert, &optind, 0);
77 parse_lengths(argv[optind-1], info);
89 /* Final check; must have specified --length. */
90 static void length_check(unsigned int flags)
93 exit_error(PARAMETER_PROBLEM,
94 "length: You must specify `--length'");
97 /* Common match printing code. */
99 print_length(struct xt_length_info *info)
104 if (info->max == info->min)
105 printf("%u ", info->min);
107 printf("%u:%u ", info->min, info->max);
110 /* Prints out the matchinfo. */
112 length_print(const void *ip, const struct xt_entry_match *match, int numeric)
115 print_length((struct xt_length_info *)match->data);
118 /* Saves the union ipt_matchinfo in parsable form to stdout. */
119 static void length_save(const void *ip, const struct xt_entry_match *match)
122 print_length((struct xt_length_info *)match->data);
125 static struct xtables_match length_match = {
128 .version = XTABLES_VERSION,
129 .size = XT_ALIGN(sizeof(struct xt_length_info)),
130 .userspacesize = XT_ALIGN(sizeof(struct xt_length_info)),
132 .parse = length_parse,
133 .final_check = length_check,
134 .print = length_print,
136 .extra_opts = length_opts,
141 xtables_register_match(&length_match);