static int match_v1(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *matchinfo, int offset, #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) const void *hdr, u_int16_t datalen, #endif int *hotdrop) { const struct udphdr *udp = hdr; const struct ip6t_multiport_v1 *multiinfo = matchinfo; /* Must be big enough to read ports. */ if (offset == 0 && datalen < sizeof(struct udphdr)) { /* We've been asked to examine this packet, and we can't. Hence, no choice but to drop. */ duprintf("ip6t_multiport:" " Dropping evil offset=0 tinygram.\n"); *hotdrop = 1; return 0; } /* Must not be a fragment. */ return !offset && ports_match_v1(multiinfo, ntohs(udp->source), ntohs(udp->dest)); }
static bool multiport_mt(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) { const __be16 *pptr; __be16 _ports[2]; const struct xt_multiport_v1 *multiinfo = matchinfo; if (offset) return false; pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports); if (pptr == NULL) { /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); *hotdrop = true; return false; } return ports_match_v1(multiinfo, ntohs(pptr[0]), ntohs(pptr[1])); }
static int match_v1(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *matchinfo, int offset, #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) const void *hdr, u_int16_t datalen, #endif int *hotdrop) { u16 _ports[2], *pptr; const struct ipt_multiport_v1 *multiinfo = matchinfo; if (offset) return 0; pptr = skb_header_pointer(skb, skb->nh.iph->ihl * 4, sizeof(_ports), _ports); if (pptr == NULL) { /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("ipt_multiport:" " Dropping evil offset=0 tinygram.\n"); *hotdrop = 1; return 0; } return ports_match_v1(multiinfo, ntohs(pptr[0]), ntohs(pptr[1])); }
static bool match_v1(const struct sk_buff *skb, struct xt_action_param *par) { __be16 _ports[2], *pptr; const struct xt_multiport_v1 *multiinfo = par->matchinfo; if (par->fragoff != 0) return 0; pptr = skb_header_pointer(skb, par->thoff, sizeof(_ports), _ports); if (pptr == NULL) { /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); par->hotdrop = true; return 0; } return ports_match_v1(multiinfo, ntohs(pptr[0]), ntohs(pptr[1])); }