[netfilter-cvslog] r6590 - in trunk/iptables: extensions include
kaber at netfilter.org
kaber at netfilter.org
Fri Apr 28 10:10:17 CEST 2006
Author: kaber at netfilter.org
Date: 2006-04-28 10:10:08 +0200 (Fri, 28 Apr 2006)
New Revision: 6590
Modified:
trunk/iptables/extensions/libip6t_multiport.c
trunk/iptables/extensions/libipt_multiport.c
trunk/iptables/include/ip6tables.h
trunk/iptables/include/iptables.h
Log:
Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18.
Modified: trunk/iptables/extensions/libip6t_multiport.c
===================================================================
--- trunk/iptables/extensions/libip6t_multiport.c 2006-04-28 08:09:07 UTC (rev 6589)
+++ trunk/iptables/extensions/libip6t_multiport.c 2006-04-28 08:10:08 UTC (rev 6590)
@@ -33,6 +33,23 @@
{0}
};
+static char *
+proto_to_name(u_int8_t proto)
+{
+ switch (proto) {
+ case IPPROTO_TCP:
+ return "tcp";
+ case IPPROTO_UDP:
+ return "udp";
+ case IPPROTO_SCTP:
+ return "sctp";
+ case IPPROTO_DCCP:
+ return "dccp";
+ default:
+ return NULL;
+ }
+}
+
static int
service_to_port(const char *name, const char *proto)
{
@@ -86,16 +103,16 @@
static const char *
check_proto(const struct ip6t_entry *entry)
{
- if (entry->ipv6.proto == IPPROTO_TCP)
- return "tcp";
- else if (entry->ipv6.proto == IPPROTO_UDP)
- return "udp";
+ char *proto;
+
+ if ((proto = proto_to_name(entry->ipv6.proto)) != NULL)
+ return proto;
else if (!entry->ipv6.proto)
exit_error(PARAMETER_PROBLEM,
- "multiport needs `-p tcp' or `-p udp'");
+ "multiport needs `-p tcp', `-p udp', `-p sctp' or `-p dccp'");
else
exit_error(PARAMETER_PROBLEM,
- "multiport only works with TCP or UDP");
+ "multiport only works with TCP, UDP, SCTP and DCCP");
}
/* Function which parses command options; returns true if it
@@ -163,8 +180,7 @@
{
struct servent *service;
- if ((service = getservbyport(htons(port),
- proto == IPPROTO_TCP ? "tcp" : "udp")))
+ if ((service = getservbyport(htons(port), proto_to_name(proto))))
return service->s_name;
return NULL;
Modified: trunk/iptables/extensions/libipt_multiport.c
===================================================================
--- trunk/iptables/extensions/libipt_multiport.c 2006-04-28 08:09:07 UTC (rev 6589)
+++ trunk/iptables/extensions/libipt_multiport.c 2006-04-28 08:10:08 UTC (rev 6590)
@@ -51,6 +51,23 @@
{0}
};
+static char *
+proto_to_name(u_int8_t proto)
+{
+ switch (proto) {
+ case IPPROTO_TCP:
+ return "tcp";
+ case IPPROTO_UDP:
+ return "udp";
+ case IPPROTO_SCTP:
+ return "sctp";
+ case IPPROTO_DCCP:
+ return "dccp";
+ default:
+ return NULL;
+ }
+}
+
static int
service_to_port(const char *name, const char *proto)
{
@@ -144,20 +161,20 @@
static const char *
check_proto(const struct ipt_entry *entry)
{
+ char *proto;
+
if (entry->ip.invflags & IPT_INV_PROTO)
exit_error(PARAMETER_PROBLEM,
"multiport only works with TCP or UDP");
- if (entry->ip.proto == IPPROTO_TCP)
- return "tcp";
- else if (entry->ip.proto == IPPROTO_UDP)
- return "udp";
+ if ((proto = proto_to_name(entry->ip.proto)) != NULL)
+ return proto;
else if (!entry->ip.proto)
exit_error(PARAMETER_PROBLEM,
- "multiport needs `-p tcp' or `-p udp'");
+ "multiport needs `-p tcp', `-p udp', `-p sctp' or `-p dccp'");
else
exit_error(PARAMETER_PROBLEM,
- "multiport only works with TCP or UDP");
+ "multiport only works with TCP, UDP, SCTP and DCCP");
}
/* Function which parses command options; returns true if it
@@ -271,8 +288,7 @@
{
struct servent *service;
- if ((service = getservbyport(htons(port),
- proto == IPPROTO_TCP ? "tcp" : "udp")))
+ if ((service = getservbyport(htons(port), proto_to_name(proto))))
return service->s_name;
return NULL;
Modified: trunk/iptables/include/ip6tables.h
===================================================================
--- trunk/iptables/include/ip6tables.h 2006-04-28 08:09:07 UTC (rev 6589)
+++ trunk/iptables/include/ip6tables.h 2006-04-28 08:10:08 UTC (rev 6590)
@@ -8,6 +8,13 @@
#define IP6T_LIB_DIR "/usr/local/lib/iptables"
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
+
struct ip6tables_rule_match
{
struct ip6tables_rule_match *next;
Modified: trunk/iptables/include/iptables.h
===================================================================
--- trunk/iptables/include/iptables.h 2006-04-28 08:09:07 UTC (rev 6589)
+++ trunk/iptables/include/iptables.h 2006-04-28 08:10:08 UTC (rev 6590)
@@ -11,6 +11,9 @@
#ifndef IPPROTO_SCTP
#define IPPROTO_SCTP 132
#endif
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */
#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2)
More information about the netfilter-cvslog
mailing list