Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 1 | /* Shared library add-on to iptables to add masquerade support. */ |
| 2 | #include <stdio.h> |
| 3 | #include <netdb.h> |
| 4 | #include <string.h> |
| 5 | #include <stdlib.h> |
| 6 | #include <getopt.h> |
Jan Engelhardt | 5d9678a | 2008-11-20 10:15:35 +0100 | [diff] [blame] | 7 | #include <xtables.h> |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 8 | #include <linux/netfilter_ipv4/ip_tables.h> |
Patrick McHardy | 40d5475 | 2007-04-18 07:00:36 +0000 | [diff] [blame] | 9 | #include <linux/netfilter/nf_nat.h> |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 10 | |
Jan Engelhardt | 1d5b63d | 2007-10-04 16:29:00 +0000 | [diff] [blame] | 11 | static void MASQUERADE_help(void) |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 12 | { |
| 13 | printf( |
Jan Engelhardt | 8b7c64d | 2008-04-15 11:48:25 +0200 | [diff] [blame] | 14 | "MASQUERADE target options:\n" |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 15 | " --to-ports <port>[-<port>]\n" |
Eric Leblond | ae4b0b3 | 2007-02-24 15:11:33 +0000 | [diff] [blame] | 16 | " Port (range) to map to.\n" |
Eric Leblond | ae4b0b3 | 2007-02-24 15:11:33 +0000 | [diff] [blame] | 17 | " --random\n" |
Jan Engelhardt | 8b7c64d | 2008-04-15 11:48:25 +0200 | [diff] [blame] | 18 | " Randomize source port.\n"); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 19 | } |
| 20 | |
Jan Engelhardt | 1d5b63d | 2007-10-04 16:29:00 +0000 | [diff] [blame] | 21 | static const struct option MASQUERADE_opts[] = { |
Patrick McHardy | 500f483 | 2007-09-08 15:59:04 +0000 | [diff] [blame] | 22 | { "to-ports", 1, NULL, '1' }, |
| 23 | { "random", 0, NULL, '2' }, |
Max Kellermann | 9ee386a | 2008-01-29 13:48:05 +0000 | [diff] [blame] | 24 | { .name = NULL } |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 25 | }; |
| 26 | |
Jan Engelhardt | 1d5b63d | 2007-10-04 16:29:00 +0000 | [diff] [blame] | 27 | static void MASQUERADE_init(struct xt_entry_target *t) |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 28 | { |
| 29 | struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data; |
| 30 | |
| 31 | /* Actually, it's 0, but it's ignored at the moment. */ |
| 32 | mr->rangesize = 1; |
| 33 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 34 | } |
| 35 | |
| 36 | /* Parses ports */ |
| 37 | static void |
| 38 | parse_ports(const char *arg, struct ip_nat_multi_range *mr) |
| 39 | { |
| 40 | const char *dash; |
| 41 | int port; |
| 42 | |
| 43 | mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED; |
| 44 | |
| 45 | port = atoi(arg); |
Yasuyuki KOZAKAI | 1d095f8 | 2003-10-30 06:36:49 +0000 | [diff] [blame] | 46 | if (port <= 0 || port > 65535) |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 47 | exit_error(PARAMETER_PROBLEM, "Port `%s' not valid\n", arg); |
| 48 | |
| 49 | dash = strchr(arg, '-'); |
| 50 | if (!dash) { |
| 51 | mr->range[0].min.tcp.port |
| 52 | = mr->range[0].max.tcp.port |
Rusty Russell | f9b2e66 | 2000-04-19 11:24:02 +0000 | [diff] [blame] | 53 | = htons(port); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 54 | } else { |
| 55 | int maxport; |
| 56 | |
| 57 | maxport = atoi(dash + 1); |
| 58 | if (maxport == 0 || maxport > 65535) |
| 59 | exit_error(PARAMETER_PROBLEM, |
| 60 | "Port `%s' not valid\n", dash+1); |
| 61 | if (maxport < port) |
| 62 | /* People are stupid. Present reader excepted. */ |
| 63 | exit_error(PARAMETER_PROBLEM, |
| 64 | "Port range `%s' funky\n", arg); |
Rusty Russell | f9b2e66 | 2000-04-19 11:24:02 +0000 | [diff] [blame] | 65 | mr->range[0].min.tcp.port = htons(port); |
| 66 | mr->range[0].max.tcp.port = htons(maxport); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 67 | } |
| 68 | } |
| 69 | |
Jan Engelhardt | 1d5b63d | 2007-10-04 16:29:00 +0000 | [diff] [blame] | 70 | static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags, |
| 71 | const void *e, struct xt_entry_target **target) |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 72 | { |
Yasuyuki KOZAKAI | ac8b271 | 2007-07-24 06:06:59 +0000 | [diff] [blame] | 73 | const struct ipt_entry *entry = e; |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 74 | int portok; |
| 75 | struct ip_nat_multi_range *mr |
| 76 | = (struct ip_nat_multi_range *)(*target)->data; |
| 77 | |
| 78 | if (entry->ip.proto == IPPROTO_TCP |
Patrick McHardy | 36d870c | 2005-07-22 06:39:45 +0000 | [diff] [blame] | 79 | || entry->ip.proto == IPPROTO_UDP |
Patrick McHardy | 5a942f9 | 2008-11-04 13:22:40 +0100 | [diff] [blame] | 80 | || entry->ip.proto == IPPROTO_SCTP |
| 81 | || entry->ip.proto == IPPROTO_DCCP |
Patrick McHardy | 36d870c | 2005-07-22 06:39:45 +0000 | [diff] [blame] | 82 | || entry->ip.proto == IPPROTO_ICMP) |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 83 | portok = 1; |
| 84 | else |
| 85 | portok = 0; |
| 86 | |
| 87 | switch (c) { |
| 88 | case '1': |
| 89 | if (!portok) |
| 90 | exit_error(PARAMETER_PROBLEM, |
Patrick McHardy | 5a942f9 | 2008-11-04 13:22:40 +0100 | [diff] [blame] | 91 | "Need TCP, UDP, SCTP or DCCP with port specification"); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 92 | |
Harald Welte | b77f1da | 2002-03-14 11:35:58 +0000 | [diff] [blame] | 93 | if (check_inverse(optarg, &invert, NULL, 0)) |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 94 | exit_error(PARAMETER_PROBLEM, |
| 95 | "Unexpected `!' after --to-ports"); |
| 96 | |
| 97 | parse_ports(optarg, mr); |
| 98 | return 1; |
| 99 | |
Eric Leblond | ae4b0b3 | 2007-02-24 15:11:33 +0000 | [diff] [blame] | 100 | case '2': |
| 101 | mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; |
| 102 | return 1; |
Eric Leblond | ae4b0b3 | 2007-02-24 15:11:33 +0000 | [diff] [blame] | 103 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 104 | default: |
| 105 | return 0; |
| 106 | } |
| 107 | } |
| 108 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 109 | static void |
Jan Engelhardt | 1d5b63d | 2007-10-04 16:29:00 +0000 | [diff] [blame] | 110 | MASQUERADE_print(const void *ip, const struct xt_entry_target *target, |
| 111 | int numeric) |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 112 | { |
| 113 | struct ip_nat_multi_range *mr |
| 114 | = (struct ip_nat_multi_range *)target->data; |
| 115 | struct ip_nat_range *r = &mr->range[0]; |
| 116 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 117 | if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { |
Rusty Russell | f9b2e66 | 2000-04-19 11:24:02 +0000 | [diff] [blame] | 118 | printf("masq ports: "); |
| 119 | printf("%hu", ntohs(r->min.tcp.port)); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 120 | if (r->max.tcp.port != r->min.tcp.port) |
Rusty Russell | f9b2e66 | 2000-04-19 11:24:02 +0000 | [diff] [blame] | 121 | printf("-%hu", ntohs(r->max.tcp.port)); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 122 | printf(" "); |
| 123 | } |
Eric Leblond | ae4b0b3 | 2007-02-24 15:11:33 +0000 | [diff] [blame] | 124 | |
Patrick McHardy | e656e26 | 2007-04-18 12:56:05 +0000 | [diff] [blame] | 125 | if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) |
Patrick McHardy | 9c67def | 2007-04-18 14:00:11 +0000 | [diff] [blame] | 126 | printf("random "); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 127 | } |
| 128 | |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 129 | static void |
Jan Engelhardt | 1d5b63d | 2007-10-04 16:29:00 +0000 | [diff] [blame] | 130 | MASQUERADE_save(const void *ip, const struct xt_entry_target *target) |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 131 | { |
| 132 | struct ip_nat_multi_range *mr |
| 133 | = (struct ip_nat_multi_range *)target->data; |
| 134 | struct ip_nat_range *r = &mr->range[0]; |
| 135 | |
| 136 | if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { |
A. van Schie | 4b5566b | 2002-04-01 07:51:25 +0000 | [diff] [blame] | 137 | printf("--to-ports %hu", ntohs(r->min.tcp.port)); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 138 | if (r->max.tcp.port != r->min.tcp.port) |
Rusty Russell | f9b2e66 | 2000-04-19 11:24:02 +0000 | [diff] [blame] | 139 | printf("-%hu", ntohs(r->max.tcp.port)); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 140 | printf(" "); |
| 141 | } |
Patrick McHardy | 9c67def | 2007-04-18 14:00:11 +0000 | [diff] [blame] | 142 | |
| 143 | if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) |
| 144 | printf("--random "); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 145 | } |
| 146 | |
Jan Engelhardt | 8b7c64d | 2008-04-15 11:48:25 +0200 | [diff] [blame] | 147 | static struct xtables_target masquerade_tg_reg = { |
Pablo Neira | 8caee8b | 2004-12-28 13:11:59 +0000 | [diff] [blame] | 148 | .name = "MASQUERADE", |
Jan Engelhardt | 8b7c64d | 2008-04-15 11:48:25 +0200 | [diff] [blame] | 149 | .version = XTABLES_VERSION, |
Jan Engelhardt | 03d9948 | 2008-11-18 12:27:54 +0100 | [diff] [blame] | 150 | .family = NFPROTO_IPV4, |
Jan Engelhardt | 8b7c64d | 2008-04-15 11:48:25 +0200 | [diff] [blame] | 151 | .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)), |
| 152 | .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)), |
Jan Engelhardt | 1d5b63d | 2007-10-04 16:29:00 +0000 | [diff] [blame] | 153 | .help = MASQUERADE_help, |
| 154 | .init = MASQUERADE_init, |
| 155 | .parse = MASQUERADE_parse, |
| 156 | .print = MASQUERADE_print, |
| 157 | .save = MASQUERADE_save, |
| 158 | .extra_opts = MASQUERADE_opts, |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 159 | }; |
| 160 | |
| 161 | void _init(void) |
| 162 | { |
Jan Engelhardt | 8b7c64d | 2008-04-15 11:48:25 +0200 | [diff] [blame] | 163 | xtables_register_target(&masquerade_tg_reg); |
Marc Boucher | e6869a8 | 2000-03-20 06:03:29 +0000 | [diff] [blame] | 164 | } |