From f59a4eb9d9e2c43cd9e6a800ad432ce72302835c Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 20 Jan 2021 02:50:01 +0100
Subject: [PATCH] xt_lscan: extend info struct to support more flags (without
 size change)

---
 extensions/libxt_lscan.c | 16 ++++++++--------
 extensions/xt_lscan.c    | 14 ++++++++------
 extensions/xt_lscan.h    |  9 ++++++++-
 3 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/extensions/libxt_lscan.c b/extensions/libxt_lscan.c
index 4d269f9..c3a4aec 100644
--- a/extensions/libxt_lscan.c
+++ b/extensions/libxt_lscan.c
@@ -45,16 +45,16 @@ static int lscan_mt_parse(int c, char **argv, int invert,
 
 	switch (c) {
 	case 'c':
-		info->match_cn = true;
+		info->match_fl3 |= LSCAN_FL3_CN;
 		return true;
 	case 'g':
-		info->match_gr = true;
+		info->match_fl4 |= LSCAN_FL4_GR;
 		return true;
 	case 's':
-		info->match_syn = true;
+		info->match_fl2 |= LSCAN_FL2_SYN;
 		return true;
 	case 'x':
-		info->match_stealth = true;
+		info->match_fl1 |= LSCAN_FL1_STEALTH;
 		return true;
 	}
 	return false;
@@ -68,13 +68,13 @@ static void lscan_mt_save(const void *ip, const struct xt_entry_match *match)
 {
 	const struct xt_lscan_mtinfo *info = (const void *)(match->data);
 
-	if (info->match_stealth)
+	if (info->match_fl1 & LSCAN_FL1_STEALTH)
 		printf(" --stealth ");
-	if (info->match_syn)
+	if (info->match_fl2 & LSCAN_FL2_SYN)
 		printf(" --synscan ");
-	if (info->match_cn)
+	if (info->match_fl3 & LSCAN_FL3_CN)
 		printf(" --cnscan ");
-	if (info->match_gr)
+	if (info->match_fl4 & LSCAN_FL4_GR)
 		printf(" --grscan ");
 }
 
diff --git a/extensions/xt_lscan.c b/extensions/xt_lscan.c
index 6fd6533..de1ca46 100644
--- a/extensions/xt_lscan.c
+++ b/extensions/xt_lscan.c
@@ -186,7 +186,7 @@ lscan_mt(const struct sk_buff *skb, struct xt_action_param *par)
 	/* Check for invalid packets: -m conntrack --ctstate INVALID */
 	ctdata = nf_ct_get(skb, &ctstate);
 	if (ctdata == NULL) {
-		if (info->match_stealth)
+		if (info->match_fl1 & LSCAN_FL1_STEALTH)
 			return lscan_mt_stealth(tcph);
 		/*
 		 * If @ctdata is NULL, we cannot match the other scan
@@ -212,17 +212,19 @@ lscan_mt(const struct sk_buff *skb, struct xt_action_param *par)
 		skb_nfmark(skb) = (skb_nfmark(skb) & ~packet_mask) ^ mark_seen;
 	}
 
-	return (info->match_syn && ctdata->mark == mark_synscan) ||
-	       (info->match_cn && ctdata->mark == mark_cnscan) ||
-	       (info->match_gr && ctdata->mark == mark_grscan);
+	return (info->match_fl1 & LSCAN_FL1_STEALTH && ctdata->mark == mark_synscan) ||
+	       (info->match_fl3 & LSCAN_FL3_CN && ctdata->mark == mark_cnscan) ||
+	       (info->match_fl4 & LSCAN_FL4_GR && ctdata->mark == mark_grscan);
 }
 
 static int lscan_mt_check(const struct xt_mtchk_param *par)
 {
 	const struct xt_lscan_mtinfo *info = par->matchinfo;
 
-	if ((info->match_stealth & ~1) || (info->match_syn & ~1) ||
-	    (info->match_cn & ~1) || (info->match_gr & ~1)) {
+	if ((info->match_fl1 & ~LSCAN_FL1_STEALTH) ||
+	    (info->match_fl2 & ~LSCAN_FL2_SYN) ||
+	    (info->match_fl3 & ~LSCAN_FL3_CN) ||
+	    (info->match_fl4 & ~LSCAN_FL4_GR)) {
 		printk(KERN_WARNING PFX "Invalid flags\n");
 		return -EINVAL;
 	}
diff --git a/extensions/xt_lscan.h b/extensions/xt_lscan.h
index 2cc8b02..9f4822f 100644
--- a/extensions/xt_lscan.h
+++ b/extensions/xt_lscan.h
@@ -1,8 +1,15 @@
 #ifndef _LINUX_NETFILTER_XT_LSCAN_H
 #define _LINUX_NETFILTER_XT_LSCAN_H 1
 
+enum {
+	LSCAN_FL1_STEALTH = 1 << 0,
+	LSCAN_FL2_SYN     = 1 << 0,
+	LSCAN_FL3_CN      = 1 << 0,
+	LSCAN_FL4_GR      = 1 << 0,
+};
+
 struct xt_lscan_mtinfo {
-	uint8_t match_stealth, match_syn, match_cn, match_gr;
+	uint8_t match_fl1, match_fl2, match_fl3, match_fl4;
 };
 
 #endif /* _LINUX_NETFILTER_XT_LSCAN_H */