xt_lscan: extend info struct to support more flags (without size change)

2025-09-06 12:45:13 +02:00 · 2021-01-20 02:50:01 +01:00
parent a238253509
commit f59a4eb9d9
3 changed files with 24 additions and 15 deletions
--- a/extensions/libxt_lscan.c
+++ b/extensions/libxt_lscan.c
@@ -45,16 +45,16 @@ static int lscan_mt_parse(int c, char **argv, int invert,

 	switch (c) {
 	case 'c':
-		info->match_cn = true;
+		info->match_fl3 |= LSCAN_FL3_CN;
 		return true;
 	case 'g':
-		info->match_gr = true;
+		info->match_fl4 |= LSCAN_FL4_GR;
 		return true;
 	case 's':
-		info->match_syn = true;
+		info->match_fl2 |= LSCAN_FL2_SYN;
 		return true;
 	case 'x':
-		info->match_stealth = true;
+		info->match_fl1 |= LSCAN_FL1_STEALTH;
 		return true;
 	}
 	return false;
@@ -68,13 +68,13 @@ static void lscan_mt_save(const void *ip, const struct xt_entry_match *match)
 {
 	const struct xt_lscan_mtinfo *info = (const void *)(match->data);

-	if (info->match_stealth)
+	if (info->match_fl1 & LSCAN_FL1_STEALTH)
 		printf(" --stealth ");
-	if (info->match_syn)
+	if (info->match_fl2 & LSCAN_FL2_SYN)
 		printf(" --synscan ");
-	if (info->match_cn)
+	if (info->match_fl3 & LSCAN_FL3_CN)
 		printf(" --cnscan ");
-	if (info->match_gr)
+	if (info->match_fl4 & LSCAN_FL4_GR)
 		printf(" --grscan ");
 }

--- a/extensions/xt_lscan.c
+++ b/extensions/xt_lscan.c
@@ -186,7 +186,7 @@ lscan_mt(const struct sk_buff *skb, struct xt_action_param *par)
 	/* Check for invalid packets: -m conntrack --ctstate INVALID */
 	ctdata = nf_ct_get(skb, &ctstate);
 	if (ctdata == NULL) {
-		if (info->match_stealth)
+		if (info->match_fl1 & LSCAN_FL1_STEALTH)
 			return lscan_mt_stealth(tcph);
 		/*
 		 * If @ctdata is NULL, we cannot match the other scan
@@ -212,17 +212,19 @@ lscan_mt(const struct sk_buff *skb, struct xt_action_param *par)
 		skb_nfmark(skb) = (skb_nfmark(skb) & ~packet_mask) ^ mark_seen;
 	}

-	return (info->match_syn && ctdata->mark == mark_synscan) ||
-	       (info->match_cn && ctdata->mark == mark_cnscan) ||
-	       (info->match_gr && ctdata->mark == mark_grscan);
+	return (info->match_fl1 & LSCAN_FL1_STEALTH && ctdata->mark == mark_synscan) ||
+	       (info->match_fl3 & LSCAN_FL3_CN && ctdata->mark == mark_cnscan) ||
+	       (info->match_fl4 & LSCAN_FL4_GR && ctdata->mark == mark_grscan);
 }

 static int lscan_mt_check(const struct xt_mtchk_param *par)
 {
 	const struct xt_lscan_mtinfo *info = par->matchinfo;

-	if ((info->match_stealth & ~1) || (info->match_syn & ~1) ||
-	    (info->match_cn & ~1) || (info->match_gr & ~1)) {
+	if ((info->match_fl1 & ~LSCAN_FL1_STEALTH) ||
+	    (info->match_fl2 & ~LSCAN_FL2_SYN) ||
+	    (info->match_fl3 & ~LSCAN_FL3_CN) ||
+	    (info->match_fl4 & ~LSCAN_FL4_GR)) {
 		printk(KERN_WARNING PFX "Invalid flags\n");
 		return -EINVAL;
 	}
--- a/extensions/xt_lscan.h
+++ b/extensions/xt_lscan.h
@@ -1,8 +1,15 @@
 #ifndef _LINUX_NETFILTER_XT_LSCAN_H
 #define _LINUX_NETFILTER_XT_LSCAN_H 1

+enum {
+	LSCAN_FL1_STEALTH = 1 << 0,
+	LSCAN_FL2_SYN     = 1 << 0,
+	LSCAN_FL3_CN      = 1 << 0,
+	LSCAN_FL4_GR      = 1 << 0,
+};
+
 struct xt_lscan_mtinfo {
-	uint8_t match_stealth, match_syn, match_cn, match_gr;
+	uint8_t match_fl1, match_fl2, match_fl3, match_fl4;
 };

 #endif /* _LINUX_NETFILTER_XT_LSCAN_H */