Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / bf97128c7262f17a02fec41cdae75b472ba77f88 / . / extensions / libipt_SAME.c
blob: ed02ef9503c131e78c7dd66867e6710e88109a3d [file] [log] [blame]
Harald Welte18f1aff2001-03-25 19:03:23 +0000[diff] [blame]1/* Shared library add-on to iptables to add simple non load-balancing SNAT support. */
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]2#include <stdio.h>
3#include <netdb.h>
4#include <string.h>
5#include <stdlib.h>
6#include <getopt.h>
Jan Engelhardt5d9678a2008-11-20 10:15:35 +0100[diff] [blame]7#include <xtables.h>
Jan Engelhardt978e27e2009-02-21 04:42:32 +0100[diff] [blame]8#include <net/netfilter/nf_nat.h>
Martin Josefsson1eb00812004-05-26 15:58:07 +0000[diff] [blame]9/* For 64bit kernel / 32bit userspace */
Jan Engelhardta2a7f2b2008-09-01 14:20:13 +0200[diff] [blame]10#include <linux/netfilter_ipv4/ipt_SAME.h>
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]11
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]12static void SAME_help(void)
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]13{
14 printf(
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]15"SAME target options:\n"
Harald Welte18f1aff2001-03-25 19:03:23 +0000[diff] [blame]16" --to <ipaddr>-<ipaddr>\n"
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]17" Addresses to map source to.\n"
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]18" May be specified more than\n"
19" once for multiple ranges.\n"
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]20" --nodst\n"
21" Don't use destination-ip in\n"
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]22" source selection\n"
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]23" --random\n"
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]24" Randomize source port\n");
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]25}
26
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]27static const struct option SAME_opts[] = {
Patrick McHardy500f4832007-09-08 15:59:04 +0000[diff] [blame]28 { "to", 1, NULL, '1' },
29 { "nodst", 0, NULL, '2'},
30 { "random", 0, NULL, '3' },
Max Kellermann9ee386a2008-01-29 13:48:05 +0000[diff] [blame]31 { .name = NULL }
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]32};
33
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]34static void SAME_init(struct xt_entry_target *t)
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]35{
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]36 struct ipt_same_info *mr = (struct ipt_same_info *)t->data;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]37
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]38 /* Set default to 0 */
39 mr->rangesize = 0;
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]40 mr->info = 0;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]41 mr->ipnum = 0;
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]42
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]43}
44
45/* Parses range of IPs */
46static void
Jan Engelhardt978e27e2009-02-21 04:42:32 +0100[diff] [blame]47parse_to(char *arg, struct nf_nat_range *range)
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]48{
49 char *dash;
Jan Engelhardtbd943842008-01-20 13:38:08 +0000[diff] [blame]50 const struct in_addr *ip;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]51
52 range->flags |= IP_NAT_RANGE_MAP_IPS;
53 dash = strchr(arg, '-');
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]54
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]55 if (dash)
56 *dash = '\0';
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]57
Jan Engelhardt1e01b0b2009-01-30 04:20:32 +0100[diff] [blame]58 ip = xtables_numeric_to_ipaddr(arg);
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]59 if (!ip)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]60 xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]61 arg);
62 range->min_ip = ip->s_addr;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]63
64 if (dash) {
Jan Engelhardt1e01b0b2009-01-30 04:20:32 +0100[diff] [blame]65 ip = xtables_numeric_to_ipaddr(dash+1);
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]66 if (!ip)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]67 xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]68 dash+1);
69 }
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]70 range->max_ip = ip->s_addr;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]71 if (dash)
72 if (range->min_ip > range->max_ip)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]73 xtables_error(PARAMETER_PROBLEM, "Bad IP range \"%s-%s\"\n",
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]74 arg, dash+1);
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]75}
76
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]77#define IPT_SAME_OPT_TO 0x01
78#define IPT_SAME_OPT_NODST 0x02
Patrick McHardye656e262007-04-18 12:56:05 +0000[diff] [blame]79#define IPT_SAME_OPT_RANDOM 0x04
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]80
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]81static int SAME_parse(int c, char **argv, int invert, unsigned int *flags,
82 const void *entry, struct xt_entry_target **target)
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]83{
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]84 struct ipt_same_info *mr
85 = (struct ipt_same_info *)(*target)->data;
Jan Engelhardt7a236f42008-03-03 12:30:41 +0100[diff] [blame]86 unsigned int count;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]87
88 switch (c) {
89 case '1':
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]90 if (mr->rangesize == IPT_SAME_MAX_RANGE)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]91 xtables_error(PARAMETER_PROBLEM,
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]92 "Too many ranges specified, maximum "
93 "is %i ranges.\n",
94 IPT_SAME_MAX_RANGE);
Jan Engelhardtbf971282009-11-03 19:55:11 +0100[diff] [blame^]95 if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]96 xtables_error(PARAMETER_PROBLEM,
Harald Welte18f1aff2001-03-25 19:03:23 +0000[diff] [blame]97 "Unexpected `!' after --to");
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]98
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]99 parse_to(optarg, &mr->range[mr->rangesize]);
Patrick McHardye656e262007-04-18 12:56:05 +0000[diff] [blame]100 /* WTF do we need this for? */
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]101 if (*flags & IPT_SAME_OPT_RANDOM)
102 mr->range[mr->rangesize].flags
103 |= IP_NAT_RANGE_PROTO_RANDOM;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]104 mr->rangesize++;
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]105 *flags |= IPT_SAME_OPT_TO;
106 break;
107
108 case '2':
109 if (*flags & IPT_SAME_OPT_NODST)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]110 xtables_error(PARAMETER_PROBLEM,
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]111 "Can't specify --nodst twice");
112
113 mr->info |= IPT_SAME_NODST;
114 *flags |= IPT_SAME_OPT_NODST;
115 break;
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]116
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]117 case '3':
118 *flags |= IPT_SAME_OPT_RANDOM;
119 for (count=0; count < mr->rangesize; count++)
120 mr->range[count].flags |= IP_NAT_RANGE_PROTO_RANDOM;
121 break;
Patrick McHardye656e262007-04-18 12:56:05 +0000[diff] [blame]122
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]123 default:
124 return 0;
125 }
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]126
127 return 1;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]128}
129
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]130static void SAME_check(unsigned int flags)
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]131{
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]132 if (!(flags & IPT_SAME_OPT_TO))
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]133 xtables_error(PARAMETER_PROBLEM,
Harald Welte18f1aff2001-03-25 19:03:23 +0000[diff] [blame]134 "SAME needs --to");
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]135}
136
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]137static void SAME_print(const void *ip, const struct xt_entry_target *target,
138 int numeric)
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]139{
Jan Engelhardt7a236f42008-03-03 12:30:41 +0100[diff] [blame]140 unsigned int count;
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]141 const struct ipt_same_info *mr = (const void *)target->data;
Jan Engelhardtdbb77542008-02-11 00:33:30 +0100[diff] [blame]142 int random_selection = 0;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]143
144 printf("same:");
145
146 for (count = 0; count < mr->rangesize; count++) {
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]147 const struct nf_nat_range *r = &mr->range[count];
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]148 struct in_addr a;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]149
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]150 a.s_addr = r->min_ip;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]151
Jan Engelhardte44ea7f2009-01-30 03:55:09 +0100[diff] [blame]152 printf("%s", xtables_ipaddr_to_numeric(&a));
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]153 a.s_addr = r->max_ip;
154
155 if (r->min_ip == r->max_ip)
156 printf(" ");
157 else
Jan Engelhardte44ea7f2009-01-30 03:55:09 +0100[diff] [blame]158 printf("-%s ", xtables_ipaddr_to_numeric(&a));
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]159 if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
Jan Engelhardtdbb77542008-02-11 00:33:30 +0100[diff] [blame]160 random_selection = 1;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]161 }
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]162
163 if (mr->info & IPT_SAME_NODST)
164 printf("nodst ");
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]165
Jan Engelhardtdbb77542008-02-11 00:33:30 +0100[diff] [blame]166 if (random_selection)
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]167 printf("random ");
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]168}
169
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]170static void SAME_save(const void *ip, const struct xt_entry_target *target)
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]171{
Jan Engelhardt7a236f42008-03-03 12:30:41 +0100[diff] [blame]172 unsigned int count;
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]173 const struct ipt_same_info *mr = (const void *)target->data;
Jan Engelhardtdbb77542008-02-11 00:33:30 +0100[diff] [blame]174 int random_selection = 0;
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]175
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]176 for (count = 0; count < mr->rangesize; count++) {
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]177 const struct nf_nat_range *r = &mr->range[count];
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]178 struct in_addr a;
179
180 a.s_addr = r->min_ip;
Jan Engelhardte44ea7f2009-01-30 03:55:09 +0100[diff] [blame]181 printf("--to %s", xtables_ipaddr_to_numeric(&a));
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]182 a.s_addr = r->max_ip;
183
184 if (r->min_ip == r->max_ip)
185 printf(" ");
186 else
Jan Engelhardte44ea7f2009-01-30 03:55:09 +0100[diff] [blame]187 printf("-%s ", xtables_ipaddr_to_numeric(&a));
Patrick McHardy9c67def2007-04-18 14:00:11 +0000[diff] [blame]188 if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
Jan Engelhardtdbb77542008-02-11 00:33:30 +0100[diff] [blame]189 random_selection = 1;
Harald Welte05e0b012001-08-26 08:18:25 +0000[diff] [blame]190 }
Harald Weltecf655eb2001-07-28 18:47:11 +0000[diff] [blame]191
192 if (mr->info & IPT_SAME_NODST)
193 printf("--nodst ");
Patrick McHardy9c67def2007-04-18 14:00:11 +0000[diff] [blame]194
Jan Engelhardtdbb77542008-02-11 00:33:30 +0100[diff] [blame]195 if (random_selection)
Patrick McHardy9c67def2007-04-18 14:00:11 +0000[diff] [blame]196 printf("--random ");
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]197}
198
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]199static struct xtables_target same_tg_reg = {
Pablo Neira8caee8b2004-12-28 13:11:59 +0000[diff] [blame]200 .name = "SAME",
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]201 .version = XTABLES_VERSION,
Jan Engelhardt03d99482008-11-18 12:27:54 +0100[diff] [blame]202 .family = NFPROTO_IPV4,
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]203 .size = XT_ALIGN(sizeof(struct ipt_same_info)),
204 .userspacesize = XT_ALIGN(sizeof(struct ipt_same_info)),
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]205 .help = SAME_help,
206 .init = SAME_init,
207 .parse = SAME_parse,
208 .final_check = SAME_check,
209 .print = SAME_print,
210 .save = SAME_save,
211 .extra_opts = SAME_opts,
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]212};
213
214void _init(void)
215{
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]216 xtables_register_target(&same_tg_reg);
Martin Josefssonf419f752001-02-19 21:55:27 +0000[diff] [blame]217}