Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / aae6be9edc99e58164a3592c510fe5488141c698 / . / extensions / libip6t_ah.c
blob: 63d157346306a8769336c9b46348ea24c87627c5 [file] [log] [blame]
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]1/* Shared library add-on to ip6tables to add AH support. */
2#include <stdio.h>
3#include <netdb.h>
4#include <string.h>
5#include <stdlib.h>
6#include <getopt.h>
7#include <errno.h>
Jan Engelhardt5d9678a2008-11-20 10:15:35 +0100[diff] [blame]8#include <xtables.h>
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]9#include <linux/netfilter_ipv6/ip6t_ah.h>
Jan Engelhardtddac6c52008-09-01 14:22:19 +0200[diff] [blame]10
Jan Engelhardt997045f2007-10-04 16:29:21 +0000[diff] [blame]11static void ah_help(void)
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]12{
13 printf(
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]14"ah match options:\n"
Jan Engelhardt96727922008-08-13 14:42:41 +0200[diff] [blame]15"[!] --ahspi spi[:spi] match spi (range)\n"
16"[!] --ahlen length total length of this header\n"
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]17" --ahres check the reserved filed, too\n");
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]18}
19
Jan Engelhardt997045f2007-10-04 16:29:21 +0000[diff] [blame]20static const struct option ah_opts[] = {
Patrick McHardy500f4832007-09-08 15:59:04 +0000[diff] [blame]21 { .name = "ahspi", .has_arg = 1, .val = '1' },
22 { .name = "ahlen", .has_arg = 1, .val = '2' },
23 { .name = "ahres", .has_arg = 0, .val = '3' },
Max Kellermann9ee386a2008-01-29 13:48:05 +0000[diff] [blame]24 { .name = NULL }
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]25};
26
27static u_int32_t
28parse_ah_spi(const char *spistr, const char *typestr)
29{
30 unsigned long int spi;
31 char* ep;
32
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]33 spi = strtoul(spistr, &ep, 0);
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]34
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]35 if ( spistr == ep )
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]36 exit_error(PARAMETER_PROBLEM,
37 "AH no valid digits in %s `%s'", typestr, spistr);
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]38
39 if ( spi == ULONG_MAX && errno == ERANGE )
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]40 exit_error(PARAMETER_PROBLEM,
41 "%s `%s' specified too big: would overflow",
42 typestr, spistr);
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]43
44 if ( *spistr != '\0' && *ep != '\0' )
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]45 exit_error(PARAMETER_PROBLEM,
46 "AH error parsing %s `%s'", typestr, spistr);
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]47
Jan Engelhardt213e1852009-01-27 17:24:34 +0100[diff] [blame]48 return spi;
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]49}
50
51static void
52parse_ah_spis(const char *spistring, u_int32_t *spis)
53{
54 char *buffer;
55 char *cp;
56
57 buffer = strdup(spistring);
58 if ((cp = strchr(buffer, ':')) == NULL)
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]59 spis[0] = spis[1] = parse_ah_spi(buffer, "spi");
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]60 else {
61 *cp = '\0';
62 cp++;
63
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]64 spis[0] = buffer[0] ? parse_ah_spi(buffer, "spi") : 0;
65 spis[1] = cp[0] ? parse_ah_spi(cp, "spi") : 0xFFFFFFFF;
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]66 }
67 free(buffer);
68}
69
Jan Engelhardt997045f2007-10-04 16:29:21 +0000[diff] [blame]70static void ah_init(struct xt_entry_match *m)
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]71{
72 struct ip6t_ah *ahinfo = (struct ip6t_ah *)m->data;
73
74 ahinfo->spis[1] = 0xFFFFFFFF;
75 ahinfo->hdrlen = 0;
76 ahinfo->hdrres = 0;
77}
78
Jan Engelhardt997045f2007-10-04 16:29:21 +0000[diff] [blame]79static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
80 const void *entry, struct xt_entry_match **match)
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]81{
82 struct ip6t_ah *ahinfo = (struct ip6t_ah *)(*match)->data;
83
84 switch (c) {
85 case '1':
86 if (*flags & IP6T_AH_SPI)
87 exit_error(PARAMETER_PROBLEM,
88 "Only one `--ahspi' allowed");
89 check_inverse(optarg, &invert, &optind, 0);
90 parse_ah_spis(argv[optind-1], ahinfo->spis);
91 if (invert)
92 ahinfo->invflags |= IP6T_AH_INV_SPI;
93 *flags |= IP6T_AH_SPI;
94 break;
95 case '2':
96 if (*flags & IP6T_AH_LEN)
97 exit_error(PARAMETER_PROBLEM,
98 "Only one `--ahlen' allowed");
99 check_inverse(optarg, &invert, &optind, 0);
100 ahinfo->hdrlen = parse_ah_spi(argv[optind-1], "length");
101 if (invert)
102 ahinfo->invflags |= IP6T_AH_INV_LEN;
103 *flags |= IP6T_AH_LEN;
104 break;
105 case '3':
106 if (*flags & IP6T_AH_RES)
107 exit_error(PARAMETER_PROBLEM,
108 "Only one `--ahres' allowed");
109 ahinfo->hdrres = 1;
110 *flags |= IP6T_AH_RES;
111 break;
112 default:
113 return 0;
114 }
115
116 return 1;
117}
118
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]119static void
120print_spis(const char *name, u_int32_t min, u_int32_t max,
121 int invert)
122{
123 const char *inv = invert ? "!" : "";
124
125 if (min != 0 || max != 0xFFFFFFFF || invert) {
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]126 if (min == max)
127 printf("%s:%s%u ", name, inv, min);
128 else
129 printf("%ss:%s%u:%u ", name, inv, min, max);
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]130 }
131}
132
133static void
134print_len(const char *name, u_int32_t len, int invert)
135{
136 const char *inv = invert ? "!" : "";
137
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]138 if (len != 0 || invert)
139 printf("%s:%s%u ", name, inv, len);
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]140}
141
Jan Engelhardt997045f2007-10-04 16:29:21 +0000[diff] [blame]142static void ah_print(const void *ip, const struct xt_entry_match *match,
143 int numeric)
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]144{
145 const struct ip6t_ah *ah = (struct ip6t_ah *)match->data;
146
147 printf("ah ");
148 print_spis("spi", ah->spis[0], ah->spis[1],
149 ah->invflags & IP6T_AH_INV_SPI);
150 print_len("length", ah->hdrlen,
151 ah->invflags & IP6T_AH_INV_LEN);
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]152
153 if (ah->hdrres)
154 printf("reserved ");
155
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]156 if (ah->invflags & ~IP6T_AH_INV_MASK)
157 printf("Unknown invflags: 0x%X ",
158 ah->invflags & ~IP6T_AH_INV_MASK);
159}
160
Jan Engelhardt997045f2007-10-04 16:29:21 +0000[diff] [blame]161static void ah_save(const void *ip, const struct xt_entry_match *match)
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]162{
163 const struct ip6t_ah *ahinfo = (struct ip6t_ah *)match->data;
164
165 if (!(ahinfo->spis[0] == 0
166 && ahinfo->spis[1] == 0xFFFFFFFF)) {
Jan Engelhardtcea9f712008-12-09 15:06:20 +0100[diff] [blame]167 printf("%s--ahspi ",
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]168 (ahinfo->invflags & IP6T_AH_INV_SPI) ? "! " : "");
169 if (ahinfo->spis[0]
170 != ahinfo->spis[1])
171 printf("%u:%u ",
172 ahinfo->spis[0],
173 ahinfo->spis[1]);
174 else
175 printf("%u ",
176 ahinfo->spis[0]);
177 }
178
András Kis-Szabód8a12a82002-04-24 09:36:30 +0000[diff] [blame]179 if (ahinfo->hdrlen != 0 || (ahinfo->invflags & IP6T_AH_INV_LEN) ) {
Jan Engelhardtcea9f712008-12-09 15:06:20 +0100[diff] [blame]180 printf("%s--ahlen %u ",
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]181 (ahinfo->invflags & IP6T_AH_INV_LEN) ? "! " : "",
182 ahinfo->hdrlen);
183 }
184
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]185 if (ahinfo->hdrres != 0 )
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]186 printf("--ahres ");
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]187}
188
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]189static struct xtables_match ah_mt6_reg = {
Stephane Ouellette703575d2003-08-23 18:41:47 +0000[diff] [blame]190 .name = "ah",
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]191 .version = XTABLES_VERSION,
Jan Engelhardt03d99482008-11-18 12:27:54 +0100[diff] [blame]192 .family = NFPROTO_IPV6,
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]193 .size = XT_ALIGN(sizeof(struct ip6t_ah)),
194 .userspacesize = XT_ALIGN(sizeof(struct ip6t_ah)),
Jan Engelhardt997045f2007-10-04 16:29:21 +0000[diff] [blame]195 .help = ah_help,
196 .init = ah_init,
197 .parse = ah_parse,
198 .print = ah_print,
199 .save = ah_save,
200 .extra_opts = ah_opts,
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]201};
202
203void
204_init(void)
205{
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]206 xtables_register_match(&ah_mt6_reg);
Harald Welted32980d2002-03-25 08:38:26 +0000[diff] [blame]207}