static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *matchinfo, int offset, const void *hdr, u_int16_t datalen, int *hotdrop) { const struct udphdr *udp = hdr; const struct ipt_mport *minfo = matchinfo; /* Must be big enough to read ports. */ if (offset == 0 && datalen < sizeof(struct udphdr)) { /* We've been asked to examine this packet, and we can't. Hence, no choice but to drop. */ duprintf("ipt_mport:" " Dropping evil offset=0 tinygram.\n"); *hotdrop = 1; return 0; } /* Must not be a fragment. */ return !offset && ports_match(minfo, ntohs(udp->source), ntohs(udp->dest)); }
static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *matchinfo, int offset, int *hotdrop) { u16 ports[2]; const struct ipt_mport *minfo = matchinfo; if (offset) return 0; /* Must be big enough to read ports (both UDP and TCP have them at the start). */ if (skb_copy_bits(skb, skb->nh.iph->ihl*4, ports, sizeof(ports)) < 0) { /* We've been asked to examine this packet, and we can't. Hence, no choice but to drop. */ duprintf("ipt_multiport:" " Dropping evil offset=0 tinygram.\n"); *hotdrop = 1; return 0; } return ports_match(minfo, ntohs(ports[0]), ntohs(ports[1])); }