Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / 96e8db3d4bcfa7a3f53b2cc85776e006b911c7f3 / . / extensions / libxt_socket.c
blob: f19c2804c69b36950a51a78f3699186808b22855 [file] [log] [blame]
KOVACS Krisztian430bbc72008-10-15 11:50:34 +0200[diff] [blame]1/*
2 * Shared library add-on to iptables to add early socket matching support.
3 *
4 * Copyright (C) 2007 BalaBit IT Ltd.
5 */
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]6#include <stdio.h>
KOVACS Krisztian430bbc72008-10-15 11:50:34 +0200[diff] [blame]7#include <xtables.h>
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]8#include <linux/netfilter/xt_socket.h>
KOVACS Krisztian430bbc72008-10-15 11:50:34 +0200[diff] [blame]9
Jan Engelhardt9c5c1052011-02-18 03:22:52 +0100[diff] [blame]10enum {
11 O_TRANSPARENT = 0,
Eric Dumazet64d45792013-06-20 05:52:35 -0700[diff] [blame]12 O_NOWILDCARD = 1,
Jan Engelhardt9c5c1052011-02-18 03:22:52 +0100[diff] [blame]13};
14
15static const struct xt_option_entry socket_mt_opts[] = {
16 {.name = "transparent", .id = O_TRANSPARENT, .type = XTTYPE_NONE},
17 XTOPT_TABLEEND,
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]18};
19
Eric Dumazet64d45792013-06-20 05:52:35 -0700[diff] [blame]20static const struct xt_option_entry socket_mt_opts_v2[] = {
21 {.name = "transparent", .id = O_TRANSPARENT, .type = XTTYPE_NONE},
22 {.name = "nowildcard", .id = O_NOWILDCARD, .type = XTTYPE_NONE},
23 XTOPT_TABLEEND,
24};
25
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]26static void socket_mt_help(void)
27{
28 printf(
29 "socket match options:\n"
30 " --transparent Ignore non-transparent sockets\n\n");
31}
32
Eric Dumazet64d45792013-06-20 05:52:35 -0700[diff] [blame]33static void socket_mt_help_v2(void)
34{
35 printf(
36 "socket match options:\n"
37 " --nowildcard Do not ignore LISTEN sockets bound on INADDR_ANY\n"
38 " --transparent Ignore non-transparent sockets\n\n");
39}
40
Jan Engelhardt9c5c1052011-02-18 03:22:52 +0100[diff] [blame]41static void socket_mt_parse(struct xt_option_call *cb)
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]42{
Jan Engelhardt9c5c1052011-02-18 03:22:52 +0100[diff] [blame]43 struct xt_socket_mtinfo1 *info = cb->data;
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]44
Jan Engelhardt9c5c1052011-02-18 03:22:52 +0100[diff] [blame]45 xtables_option_parse(cb);
46 switch (cb->entry->id) {
47 case O_TRANSPARENT:
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]48 info->flags |= XT_SOCKET_TRANSPARENT;
Jan Engelhardt9c5c1052011-02-18 03:22:52 +0100[diff] [blame]49 break;
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]50 }
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]51}
52
Eric Dumazet64d45792013-06-20 05:52:35 -0700[diff] [blame]53static void socket_mt_parse_v2(struct xt_option_call *cb)
54{
55 struct xt_socket_mtinfo2 *info = cb->data;
56
57 xtables_option_parse(cb);
58 switch (cb->entry->id) {
59 case O_TRANSPARENT:
60 info->flags |= XT_SOCKET_TRANSPARENT;
61 break;
62 case O_NOWILDCARD:
63 info->flags |= XT_SOCKET_NOWILDCARD;
64 break;
65 }
66}
67
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]68static void
69socket_mt_save(const void *ip, const struct xt_entry_match *match)
70{
71 const struct xt_socket_mtinfo1 *info = (const void *)match->data;
72
73 if (info->flags & XT_SOCKET_TRANSPARENT)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]74 printf(" --transparent");
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]75}
76
77static void
78socket_mt_print(const void *ip, const struct xt_entry_match *match,
79 int numeric)
80{
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]81 printf(" socket");
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]82 socket_mt_save(ip, match);
83}
84
Eric Dumazet64d45792013-06-20 05:52:35 -0700[diff] [blame]85static void
86socket_mt_save_v2(const void *ip, const struct xt_entry_match *match)
87{
88 const struct xt_socket_mtinfo2 *info = (const void *)match->data;
89
90 if (info->flags & XT_SOCKET_TRANSPARENT)
91 printf(" --transparent");
92 if (info->flags & XT_SOCKET_NOWILDCARD)
93 printf(" --nowildcard");
94}
95
96static void
97socket_mt_print_v2(const void *ip, const struct xt_entry_match *match,
98 int numeric)
99{
100 printf(" socket");
101 socket_mt_save_v2(ip, match);
102}
103
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]104static struct xtables_match socket_mt_reg[] = {
105 {
106 .name = "socket",
107 .revision = 0,
108 .family = NFPROTO_IPV4,
109 .version = XTABLES_VERSION,
110 .size = XT_ALIGN(0),
111 .userspacesize = XT_ALIGN(0),
112 },
113 {
114 .name = "socket",
115 .revision = 1,
116 .family = NFPROTO_UNSPEC,
117 .version = XTABLES_VERSION,
118 .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)),
119 .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)),
120 .help = socket_mt_help,
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]121 .print = socket_mt_print,
122 .save = socket_mt_save,
Jan Engelhardt9c5c1052011-02-18 03:22:52 +0100[diff] [blame]123 .x6_parse = socket_mt_parse,
124 .x6_options = socket_mt_opts,
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]125 },
Eric Dumazet64d45792013-06-20 05:52:35 -0700[diff] [blame]126 {
127 .name = "socket",
128 .revision = 2,
129 .family = NFPROTO_UNSPEC,
130 .version = XTABLES_VERSION,
131 .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo2)),
132 .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo2)),
133 .help = socket_mt_help_v2,
134 .print = socket_mt_print_v2,
135 .save = socket_mt_save_v2,
136 .x6_parse = socket_mt_parse_v2,
137 .x6_options = socket_mt_opts_v2,
138 },
KOVACS Krisztian430bbc72008-10-15 11:50:34 +0200[diff] [blame]139};
140
141void _init(void)
142{
Jan Engelhardt4d2a77f2010-12-03 22:55:34 +0100[diff] [blame]143 xtables_register_matches(socket_mt_reg, ARRAY_SIZE(socket_mt_reg));
KOVACS Krisztian430bbc72008-10-15 11:50:34 +0200[diff] [blame]144}