This file is indexed.

/usr/src/xtables-addons-2.3/libxt_length2.c is in xtables-addons-dkms 2.3-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
#include <getopt.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <xtables.h>
#include "xt_length2.h"
#include "compat_user.h"

enum {
	F_LAYER  = 1 << 0,
	F_LENGTH = 1 << 1,

	XT_LENGTH_LAYER_MASK = XT_LENGTH_LAYER3 | XT_LENGTH_LAYER4 |
	                       XT_LENGTH_LAYER5 | XT_LENGTH_LAYER7,
};

static void length_mt_help(void)
{
	printf(
"length match options:\n"
"    --layer3          Match against layer3 size (e.g. L4 + IPv6 header)\n"
"    --layer4          Match against layer4 size (e.g. L5 + SCTP header)\n"
"    --layer5          Match against layer5 size (e.g. L7 + chunk headers)\n"
"    --layer7          Match against layer7 payload (e.g. SCTP payload)\n"
"[!] --length n[:n]    Match packet length against value or range\n"
"                      of values (inclusive)\n"
);
}

static const struct option length_mt_opts[] = {
	{.name = "layer3", .has_arg = false, .val = '3'},
	{.name = "layer4", .has_arg = false, .val = '4'},
	{.name = "layer5", .has_arg = false, .val = '5'},
	{.name = "layer7", .has_arg = false, .val = '7'},
	{.name = "length", .has_arg = true,  .val = '='},
	{NULL},
};

static void length_mt_init(struct xt_entry_match *match)
{
	struct xt_length_mtinfo2 *info = (void *)match->data;

	info->flags = XT_LENGTH_LAYER3;
}

static int length_mt_parse(int c, char **argv, int invert, unsigned int *flags,
                           const void *entry, struct xt_entry_match **match)
{
	struct xt_length_mtinfo2 *info = (void *)(*match)->data;
	unsigned int from, to;
	char *end;

	switch (c) {
	case '3': /* --layer3 */
		xtables_param_act(XTF_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
		info->flags &= ~XT_LENGTH_LAYER_MASK;
		info->flags |= XT_LENGTH_LAYER3;
		*flags |= F_LAYER;
		return true;
	case '4': /* --layer4 */
		xtables_param_act(XTF_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
		info->flags &= ~XT_LENGTH_LAYER_MASK;
		info->flags |= XT_LENGTH_LAYER4;
		*flags |= F_LAYER;
		return true;
	case '5': /* --layer5 */
		xtables_param_act(XTF_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
		info->flags &= ~XT_LENGTH_LAYER_MASK;
		info->flags |= XT_LENGTH_LAYER5;
		*flags |= F_LAYER;
		return true;
	case '7': /* --layer7 */
		xtables_param_act(XTF_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
		info->flags &= ~XT_LENGTH_LAYER_MASK;
		info->flags |= XT_LENGTH_LAYER7;
		*flags |= F_LAYER;
		return true;
	case '=': /* --length */
		xtables_param_act(XTF_ONLY_ONCE, "length", "--length", *flags & F_LENGTH);
		if (invert)
			info->flags |= XT_LENGTH_INVERT;
		if (!xtables_strtoui(optarg, &end, &from, 0, ~0U))
			xtables_param_act(XTF_BAD_VALUE, "length", "--length", optarg);
		to = from;
		if (*end == ':')
			if (!xtables_strtoui(end + 1, &end, &to, 0, ~0U))
				xtables_param_act(XTF_BAD_VALUE, "length",
				          "--length", optarg);
		if (*end != '\0')
			xtables_param_act(XTF_BAD_VALUE, "length", "--length", optarg);
		info->min = from;
		info->max = to;
		*flags |= F_LENGTH;
		return true;
	}
	return false;
}

static void length_mt_check(unsigned int flags)
{
	if (!(flags & F_LENGTH))
		xtables_error(PARAMETER_PROBLEM,
		           "length: You must specify \"--length\"");
	if (!(flags & F_LAYER))
		fprintf(stderr, "iptables: length match: Defaulting to "
		        "--layer3. Consider specifying it explicitly.\n");
}

static void length_mt_save(const void *ip, const struct xt_entry_match *match)
{
	const struct xt_length_mtinfo2 *info = (const void *)match->data;

	if (info->flags & XT_LENGTH_LAYER3)
		printf(" --layer3 ");
	else if (info->flags & XT_LENGTH_LAYER4)
		printf(" --layer4 ");
	else if (info->flags & XT_LENGTH_LAYER5)
		printf(" --layer5 ");
	else if (info->flags & XT_LENGTH_LAYER7)
		printf(" --layer7 ");
	if (info->flags & XT_LENGTH_INVERT)
		printf(" !");
	printf(" --length ");
	if (info->min == info->max)
		printf("%u ", (unsigned int)info->min);
	else
		printf("%u:%u ", (unsigned int)info->min,
		       (unsigned int)info->max);
}

static void length_mt_print(const void *ip, const struct xt_entry_match *match,
                            int numeric)
{
	printf(" -m length2");
	length_mt_save(ip, match);
}

static struct xtables_match length2_mt_reg = {
	.version        = XTABLES_VERSION,
	.name           = "length2",
	.revision       = 2,
	.family         = NFPROTO_UNSPEC,
	.size           = XT_ALIGN(sizeof(struct xt_length_mtinfo2)),
	.userspacesize  = XT_ALIGN(sizeof(struct xt_length_mtinfo2)),
	.init           = length_mt_init,
	.help           = length_mt_help,
	.parse          = length_mt_parse,
	.final_check    = length_mt_check,
	.print          = length_mt_print,
	.save           = length_mt_save,
	.extra_opts     = length_mt_opts,
};

static void _init(void)
{
	xtables_register_match(&length2_mt_reg);
}