switch (c) {
case 'c':
- info->match_cn = true;
+ info->match_fl3 |= LSCAN_FL3_CN;
return true;
case 'g':
- info->match_gr = true;
+ info->match_fl4 |= LSCAN_FL4_GR;
return true;
case 's':
- info->match_syn = true;
+ info->match_fl2 |= LSCAN_FL2_SYN;
return true;
case 'x':
- info->match_stealth = true;
+ info->match_fl1 |= LSCAN_FL1_STEALTH;
return true;
}
return false;
{
const struct xt_lscan_mtinfo *info = (const void *)(match->data);
- if (info->match_stealth)
+ if (info->match_fl1 & LSCAN_FL1_STEALTH)
printf(" --stealth ");
- if (info->match_syn)
+ if (info->match_fl2 & LSCAN_FL2_SYN)
printf(" --synscan ");
- if (info->match_cn)
+ if (info->match_fl3 & LSCAN_FL3_CN)
printf(" --cnscan ");
- if (info->match_gr)
+ if (info->match_fl4 & LSCAN_FL4_GR)
printf(" --grscan ");
}
/* Check for invalid packets: -m conntrack --ctstate INVALID */
ctdata = nf_ct_get(skb, &ctstate);
if (ctdata == NULL) {
- if (info->match_stealth)
+ if (info->match_fl1 & LSCAN_FL1_STEALTH)
return lscan_mt_stealth(tcph);
/*
* If @ctdata is NULL, we cannot match the other scan
skb_nfmark(skb) = (skb_nfmark(skb) & ~packet_mask) ^ mark_seen;
}
- return (info->match_syn && ctdata->mark == mark_synscan) ||
- (info->match_cn && ctdata->mark == mark_cnscan) ||
- (info->match_gr && ctdata->mark == mark_grscan);
+ return (info->match_fl1 & LSCAN_FL1_STEALTH && ctdata->mark == mark_synscan) ||
+ (info->match_fl3 & LSCAN_FL3_CN && ctdata->mark == mark_cnscan) ||
+ (info->match_fl4 & LSCAN_FL4_GR && ctdata->mark == mark_grscan);
}
static int lscan_mt_check(const struct xt_mtchk_param *par)
{
const struct xt_lscan_mtinfo *info = par->matchinfo;
- if ((info->match_stealth & ~1) || (info->match_syn & ~1) ||
- (info->match_cn & ~1) || (info->match_gr & ~1)) {
+ if ((info->match_fl1 & ~LSCAN_FL1_STEALTH) ||
+ (info->match_fl2 & ~LSCAN_FL2_SYN) ||
+ (info->match_fl3 & ~LSCAN_FL3_CN) ||
+ (info->match_fl4 & ~LSCAN_FL4_GR)) {
printk(KERN_WARNING PFX "Invalid flags\n");
return -EINVAL;
}
#ifndef _LINUX_NETFILTER_XT_LSCAN_H
#define _LINUX_NETFILTER_XT_LSCAN_H 1
+enum {
+ LSCAN_FL1_STEALTH = 1 << 0,
+ LSCAN_FL2_SYN = 1 << 0,
+ LSCAN_FL3_CN = 1 << 0,
+ LSCAN_FL4_GR = 1 << 0,
+};
+
struct xt_lscan_mtinfo {
- uint8_t match_stealth, match_syn, match_cn, match_gr;
+ uint8_t match_fl1, match_fl2, match_fl3, match_fl4;
};
#endif /* _LINUX_NETFILTER_XT_LSCAN_H */
projects / thirdparty / xtables-addons.git / commitdiff
