Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / 1ff0b8d6a6669e6bbbacbfd719bd7e016a4c0406 / . / extensions / libxt_state.c
blob: 3972a3bb120023d5ddfee75709d5ce56aa078b69 [file] [log] [blame]
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]1/* Shared library add-on to iptables to add state tracking support. */
2#include <stdio.h>
3#include <netdb.h>
4#include <string.h>
5#include <stdlib.h>
6#include <getopt.h>
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]7#include <xtables.h>
Patrick McHardy40d54752007-04-18 07:00:36 +0000[diff] [blame]8#include <linux/netfilter/nf_conntrack_common.h>
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]9#include <linux/netfilter/xt_state.h>
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]10
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]11#ifndef XT_STATE_UNTRACKED
12#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
Harald Welte4dc734c2003-10-07 18:55:13 +0000[diff] [blame]13#endif
14
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]15/* Function which prints out usage message. */
16static void
17help(void)
18{
19 printf(
20"state v%s options:\n"
Harald Welte4dc734c2003-10-07 18:55:13 +0000[diff] [blame]21" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n"
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]22" State(s) to match\n"
Harald Welte80fe35d2002-05-29 13:08:15 +0000[diff] [blame]23"\n", IPTABLES_VERSION);
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]24}
25
Jan Engelhardt661f1122007-07-30 14:46:51 +0000[diff] [blame]26static const struct option opts[] = {
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]27 { "state", 1, 0, '1' },
28 {0}
29};
30
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]31static int
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]32parse_state(const char *state, size_t strlen, struct xt_state_info *sinfo)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]33{
34 if (strncasecmp(state, "INVALID", strlen) == 0)
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]35 sinfo->statemask |= XT_STATE_INVALID;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]36 else if (strncasecmp(state, "NEW", strlen) == 0)
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]37 sinfo->statemask |= XT_STATE_BIT(IP_CT_NEW);
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]38 else if (strncasecmp(state, "ESTABLISHED", strlen) == 0)
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]39 sinfo->statemask |= XT_STATE_BIT(IP_CT_ESTABLISHED);
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]40 else if (strncasecmp(state, "RELATED", strlen) == 0)
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]41 sinfo->statemask |= XT_STATE_BIT(IP_CT_RELATED);
Harald Welte4dc734c2003-10-07 18:55:13 +0000[diff] [blame]42 else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]43 sinfo->statemask |= XT_STATE_UNTRACKED;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]44 else
45 return 0;
46 return 1;
47}
48
49static void
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]50parse_states(const char *arg, struct xt_state_info *sinfo)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]51{
52 const char *comma;
53
54 while ((comma = strchr(arg, ',')) != NULL) {
55 if (comma == arg || !parse_state(arg, comma-arg, sinfo))
56 exit_error(PARAMETER_PROBLEM, "Bad state `%s'", arg);
57 arg = comma+1;
58 }
59
60 if (strlen(arg) == 0 || !parse_state(arg, strlen(arg), sinfo))
61 exit_error(PARAMETER_PROBLEM, "Bad state `%s'", arg);
62}
63
64/* Function which parses command options; returns true if it
65 ate an option */
66static int
67parse(int c, char **argv, int invert, unsigned int *flags,
Yasuyuki KOZAKAIc0a9ab92007-07-24 06:02:05 +0000[diff] [blame]68 const void *entry,
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]69 unsigned int *nfcache,
Yasuyuki KOZAKAI193df8e2007-07-24 05:57:28 +0000[diff] [blame]70 struct xt_entry_match **match)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]71{
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]72 struct xt_state_info *sinfo = (struct xt_state_info *)(*match)->data;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]73
74 switch (c) {
75 case '1':
Harald Welteb77f1da2002-03-14 11:35:58 +0000[diff] [blame]76 check_inverse(optarg, &invert, &optind, 0);
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]77
78 parse_states(argv[optind-1], sinfo);
79 if (invert)
80 sinfo->statemask = ~sinfo->statemask;
81 *flags = 1;
82 break;
83
84 default:
85 return 0;
86 }
87
88 return 1;
89}
90
91/* Final check; must have specified --state. */
92static void final_check(unsigned int flags)
93{
94 if (!flags)
95 exit_error(PARAMETER_PROBLEM, "You must specify `--state'");
96}
97
98static void print_state(unsigned int statemask)
99{
100 const char *sep = "";
101
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]102 if (statemask & XT_STATE_INVALID) {
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]103 printf("%sINVALID", sep);
104 sep = ",";
105 }
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]106 if (statemask & XT_STATE_BIT(IP_CT_NEW)) {
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]107 printf("%sNEW", sep);
108 sep = ",";
109 }
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]110 if (statemask & XT_STATE_BIT(IP_CT_RELATED)) {
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]111 printf("%sRELATED", sep);
112 sep = ",";
113 }
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]114 if (statemask & XT_STATE_BIT(IP_CT_ESTABLISHED)) {
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]115 printf("%sESTABLISHED", sep);
116 sep = ",";
117 }
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]118 if (statemask & XT_STATE_UNTRACKED) {
Harald Welte4dc734c2003-10-07 18:55:13 +0000[diff] [blame]119 printf("%sUNTRACKED", sep);
120 sep = ",";
121 }
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]122 printf(" ");
123}
124
125/* Prints out the matchinfo. */
126static void
Yasuyuki KOZAKAIc0a9ab92007-07-24 06:02:05 +0000[diff] [blame]127print(const void *ip,
Yasuyuki KOZAKAI193df8e2007-07-24 05:57:28 +0000[diff] [blame]128 const struct xt_entry_match *match,
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]129 int numeric)
130{
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]131 struct xt_state_info *sinfo = (struct xt_state_info *)match->data;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]132
133 printf("state ");
134 print_state(sinfo->statemask);
135}
136
137/* Saves the matchinfo in parsable form to stdout. */
Yasuyuki KOZAKAIc0a9ab92007-07-24 06:02:05 +0000[diff] [blame]138static void save(const void *ip, const struct xt_entry_match *match)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]139{
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]140 struct xt_state_info *sinfo = (struct xt_state_info *)match->data;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]141
142 printf("--state ");
143 print_state(sinfo->statemask);
144}
145
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]146static struct xtables_match state = {
147 .family = AF_INET,
Pablo Neira8caee8b2004-12-28 13:11:59 +0000[diff] [blame]148 .name = "state",
149 .version = IPTABLES_VERSION,
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]150 .size = XT_ALIGN(sizeof(struct xt_state_info)),
151 .userspacesize = XT_ALIGN(sizeof(struct xt_state_info)),
Pablo Neira8caee8b2004-12-28 13:11:59 +0000[diff] [blame]152 .help = &help,
Pablo Neira8caee8b2004-12-28 13:11:59 +0000[diff] [blame]153 .parse = &parse,
154 .final_check = &final_check,
155 .print = &print,
156 .save = &save,
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]157 .extra_opts = opts,
158};
159
160static struct xtables_match state6 = {
161 .family = AF_INET6,
162 .name = "state",
163 .version = IPTABLES_VERSION,
164 .size = XT_ALIGN(sizeof(struct xt_state_info)),
165 .userspacesize = XT_ALIGN(sizeof(struct xt_state_info)),
166 .help = &help,
167 .parse = &parse,
168 .final_check = &final_check,
169 .print = &print,
170 .save = &save,
171 .extra_opts = opts,
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]172};
173
174void _init(void)
175{
Yasuyuki KOZAKAI1ff0b8d2007-08-04 08:09:51 +0000[diff] [blame^]176 xtables_register_match(&state);
177 xtables_register_match(&state6);
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]178}