Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / 0d502bcdbc97ed359e84f6a21dfa0049b3b60a6c / . / extensions / libipt_SAME.c
blob: 7211f608a2bc1f4b96a5313aa8b69f35b46bf2e2 [file] [log] [blame]
Harald Welte18f1aff2001-03-25 19:03:23 +0000[diff] [blame]1/* Shared library add-on to iptables to add simple non load-balancing SNAT support. */
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]2#include <stdio.h>
3#include <netdb.h>
4#include <string.h>
5#include <stdlib.h>
6#include <getopt.h>
7#include <iptables.h>
8#include <linux/netfilter_ipv4/ip_tables.h>
Patrick McHardy40d54752007-04-18 07:00:36 +0000[diff] [blame]9#include <linux/netfilter/nf_nat.h>
Martin Josefsson1eb00812004-05-26 15:58:07 +0000[diff] [blame]10/* For 64bit kernel / 32bit userspace */
11#include "../include/linux/netfilter_ipv4/ipt_SAME.h"
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]12
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]13/* Function which prints out usage message. */
14static void
15help(void)
16{
17 printf(
18"SAME v%s options:\n"
Harald Welte18f1aff2001-03-25 19:03:23 +0000[diff] [blame]19" --to <ipaddr>-<ipaddr>\n"
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]20" Addresses to map source to.\n"
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]21" May be specified more than\n"
22" once for multiple ranges.\n"
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]23" --nodst\n"
24" Don't use destination-ip in\n"
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]25" source selection\n"
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]26" --random\n"
27" Randomize source port\n"
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]28,
Harald Welte80fe35d2002-05-29 13:08:15 +0000[diff] [blame]29IPTABLES_VERSION);
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]30}
31
32static struct option opts[] = {
Harald Welte18f1aff2001-03-25 19:03:23 +0000[diff] [blame]33 { "to", 1, 0, '1' },
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]34 { "nodst", 0, 0, '2'},
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]35 { "random", 0, 0, '3' },
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]36 { 0 }
37};
38
39/* Initialize the target. */
40static void
41init(struct ipt_entry_target *t, unsigned int *nfcache)
42{
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]43 struct ipt_same_info *mr = (struct ipt_same_info *)t->data;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]44
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]45 /* Set default to 0 */
46 mr->rangesize = 0;
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]47 mr->info = 0;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]48 mr->ipnum = 0;
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]49
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]50}
51
52/* Parses range of IPs */
53static void
54parse_to(char *arg, struct ip_nat_range *range)
55{
56 char *dash;
57 struct in_addr *ip;
58
59 range->flags |= IP_NAT_RANGE_MAP_IPS;
60 dash = strchr(arg, '-');
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]61
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]62 if (dash)
63 *dash = '\0';
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]64
65 ip = dotted_to_addr(arg);
66 if (!ip)
67 exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
68 arg);
69 range->min_ip = ip->s_addr;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]70
71 if (dash) {
72 ip = dotted_to_addr(dash+1);
73 if (!ip)
74 exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
75 dash+1);
76 }
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]77 range->max_ip = ip->s_addr;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]78 if (dash)
79 if (range->min_ip > range->max_ip)
80 exit_error(PARAMETER_PROBLEM, "Bad IP range `%s-%s'\n",
81 arg, dash+1);
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]82}
83
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]84#define IPT_SAME_OPT_TO 0x01
85#define IPT_SAME_OPT_NODST 0x02
Patrick McHardye656e262007-04-18 12:56:05 +0000[diff] [blame]86#define IPT_SAME_OPT_RANDOM 0x04
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]87
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]88/* Function which parses command options; returns true if it
89 ate an option */
90static int
91parse(int c, char **argv, int invert, unsigned int *flags,
92 const struct ipt_entry *entry,
93 struct ipt_entry_target **target)
94{
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]95 struct ipt_same_info *mr
96 = (struct ipt_same_info *)(*target)->data;
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]97 int count;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]98
99 switch (c) {
100 case '1':
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]101 if (mr->rangesize == IPT_SAME_MAX_RANGE)
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]102 exit_error(PARAMETER_PROBLEM,
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]103 "Too many ranges specified, maximum "
104 "is %i ranges.\n",
105 IPT_SAME_MAX_RANGE);
Harald Welteb77f1da2002-03-14 11:35:58 +0000[diff] [blame]106 if (check_inverse(optarg, &invert, NULL, 0))
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]107 exit_error(PARAMETER_PROBLEM,
Harald Welte18f1aff2001-03-25 19:03:23 +0000[diff] [blame]108 "Unexpected `!' after --to");
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]109
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]110 parse_to(optarg, &mr->range[mr->rangesize]);
Patrick McHardye656e262007-04-18 12:56:05 +0000[diff] [blame]111 /* WTF do we need this for? */
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]112 if (*flags & IPT_SAME_OPT_RANDOM)
113 mr->range[mr->rangesize].flags
114 |= IP_NAT_RANGE_PROTO_RANDOM;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]115 mr->rangesize++;
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]116 *flags |= IPT_SAME_OPT_TO;
117 break;
118
119 case '2':
120 if (*flags & IPT_SAME_OPT_NODST)
121 exit_error(PARAMETER_PROBLEM,
122 "Can't specify --nodst twice");
123
124 mr->info |= IPT_SAME_NODST;
125 *flags |= IPT_SAME_OPT_NODST;
126 break;
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]127
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]128 case '3':
129 *flags |= IPT_SAME_OPT_RANDOM;
130 for (count=0; count < mr->rangesize; count++)
131 mr->range[count].flags |= IP_NAT_RANGE_PROTO_RANDOM;
132 break;
Patrick McHardye656e262007-04-18 12:56:05 +0000[diff] [blame]133
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]134 default:
135 return 0;
136 }
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]137
138 return 1;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]139}
140
Harald Welte18f1aff2001-03-25 19:03:23 +0000[diff] [blame]141/* Final check; need --to. */
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]142static void final_check(unsigned int flags)
143{
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]144 if (!(flags & IPT_SAME_OPT_TO))
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]145 exit_error(PARAMETER_PROBLEM,
Harald Welte18f1aff2001-03-25 19:03:23 +0000[diff] [blame]146 "SAME needs --to");
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]147}
148
149/* Prints out the targinfo. */
150static void
151print(const struct ipt_ip *ip,
152 const struct ipt_entry_target *target,
153 int numeric)
154{
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]155 int count;
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]156 struct ipt_same_info *mr
157 = (struct ipt_same_info *)target->data;
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]158 int random = 0;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]159
160 printf("same:");
161
162 for (count = 0; count < mr->rangesize; count++) {
163 struct ip_nat_range *r = &mr->range[count];
164 struct in_addr a;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]165
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]166 a.s_addr = r->min_ip;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]167
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]168 printf("%s", addr_to_dotted(&a));
169 a.s_addr = r->max_ip;
170
171 if (r->min_ip == r->max_ip)
172 printf(" ");
173 else
174 printf("-%s ", addr_to_dotted(&a));
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]175 if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
176 random = 1;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]177 }
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]178
179 if (mr->info & IPT_SAME_NODST)
180 printf("nodst ");
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]181
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]182 if (random)
183 printf("random ");
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]184}
185
186/* Saves the union ipt_targinfo in parsable form to stdout. */
187static void
188save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
189{
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]190 int count;
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]191 struct ipt_same_info *mr
192 = (struct ipt_same_info *)target->data;
Patrick McHardy9c67def2007-04-18 14:00:11 +0000[diff] [blame]193 int random = 0;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]194
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]195 for (count = 0; count < mr->rangesize; count++) {
196 struct ip_nat_range *r = &mr->range[count];
197 struct in_addr a;
198
199 a.s_addr = r->min_ip;
200 printf("--to %s", addr_to_dotted(&a));
201 a.s_addr = r->max_ip;
202
203 if (r->min_ip == r->max_ip)
204 printf(" ");
205 else
206 printf("-%s ", addr_to_dotted(&a));
Patrick McHardy9c67def2007-04-18 14:00:11 +0000[diff] [blame]207 if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
208 random = 1;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]209 }
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]210
211 if (mr->info & IPT_SAME_NODST)
212 printf("--nodst ");
Patrick McHardy9c67def2007-04-18 14:00:11 +0000[diff] [blame]213
214 if (random)
215 printf("--random ");
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]216}
217
Pablo Neira8caee8b2004-12-28 13:11:59 +0000[diff] [blame]218static struct iptables_target same = {
219 .next = NULL,
220 .name = "SAME",
221 .version = IPTABLES_VERSION,
222 .size = IPT_ALIGN(sizeof(struct ipt_same_info)),
223 .userspacesize = IPT_ALIGN(sizeof(struct ipt_same_info)),
224 .help = &help,
225 .init = &init,
226 .parse = &parse,
227 .final_check = &final_check,
228 .print = &print,
229 .save = &save,
230 .extra_opts = opts
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]231};
232
233void _init(void)
234{
235 register_target(&same);
236}