Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / d7282413763b0ba85d512c1cd49174b762ff449c / . / extensions / libipt_REDIRECT.c
blob: 471ff29aa4f73e0f80f99996a3eec23f52f50a89 [file] [log] [blame]
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]1/* Shared library add-on to iptables to add redirect support. */
Jan Engelhardt32b8e612010-07-23 21:16:14 +0200[diff] [blame]2#include <stdbool.h>
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]3#include <stdio.h>
4#include <netdb.h>
5#include <string.h>
6#include <stdlib.h>
7#include <getopt.h>
Jan Engelhardt5d9678a2008-11-20 10:15:35 +0100[diff] [blame]8#include <xtables.h>
Jan Engelhardt4e418542009-02-21 03:46:37 +0100[diff] [blame]9#include <limits.h> /* INT_MAX in ip_tables.h */
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]10#include <linux/netfilter_ipv4/ip_tables.h>
Jan Engelhardt978e27e2009-02-21 04:42:32 +0100[diff] [blame]11#include <net/netfilter/nf_nat.h>
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]12
Patrick McHardyef399a32007-05-29 11:24:45 +0000[diff] [blame]13#define IPT_REDIRECT_OPT_DEST 0x01
14#define IPT_REDIRECT_OPT_RANDOM 0x02
15
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]16static void REDIRECT_help(void)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]17{
18 printf(
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]19"REDIRECT target options:\n"
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]20" --to-ports <port>[-<port>]\n"
Eric Dumazet59ccf532010-07-23 12:54:05 +0200[diff] [blame]21" Port (range) to map to.\n"
22" [--random]\n");
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]23}
24
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]25static const struct option REDIRECT_opts[] = {
Jan Engelhardt32b8e612010-07-23 21:16:14 +0200[diff] [blame]26 {.name = "to-ports", .has_arg = true, .val = '1'},
27 {.name = "random", .has_arg = false, .val = '2'},
28 XT_GETOPT_TABLEEND,
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]29};
30
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]31static void REDIRECT_init(struct xt_entry_target *t)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]32{
Jan Engelhardt978e27e2009-02-21 04:42:32 +0100[diff] [blame]33 struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]34
35 /* Actually, it's 0, but it's ignored at the moment. */
36 mr->rangesize = 1;
37
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]38}
39
40/* Parses ports */
41static void
Jan Engelhardt978e27e2009-02-21 04:42:32 +0100[diff] [blame]42parse_ports(const char *arg, struct nf_nat_multi_range *mr)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]43{
Stephen Beahm63ef52a2010-12-09 06:15:50 -0500[diff] [blame]44 char *end = "";
Dmitry V. Levin84d758b2010-05-14 13:24:51 +0200[diff] [blame]45 unsigned int port, maxport;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]46
47 mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
48
Dmitry V. Levin84d758b2010-05-14 13:24:51 +0200[diff] [blame]49 if (!xtables_strtoui(arg, &end, &port, 0, UINT16_MAX) &&
50 (port = xtables_service_to_port(arg, NULL)) == (unsigned)-1)
51 xtables_param_act(XTF_BAD_VALUE, "REDIRECT", "--to-ports", arg);
Phil Oester3836fcc2006-06-20 13:45:38 +0000[diff] [blame]52
Dmitry V. Levin84d758b2010-05-14 13:24:51 +0200[diff] [blame]53 switch (*end) {
54 case '\0':
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]55 mr->range[0].min.tcp.port
56 = mr->range[0].max.tcp.port
Rusty Russellf9b2e662000-04-19 11:24:02 +0000[diff] [blame]57 = htons(port);
Dmitry V. Levin84d758b2010-05-14 13:24:51 +0200[diff] [blame]58 return;
59 case '-':
60 if (!xtables_strtoui(end + 1, NULL, &maxport, 0, UINT16_MAX) &&
61 (maxport = xtables_service_to_port(end + 1, NULL)) == (unsigned)-1)
62 break;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]63
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]64 if (maxport < port)
Dmitry V. Levin84d758b2010-05-14 13:24:51 +0200[diff] [blame]65 break;
66
Rusty Russellf9b2e662000-04-19 11:24:02 +0000[diff] [blame]67 mr->range[0].min.tcp.port = htons(port);
68 mr->range[0].max.tcp.port = htons(maxport);
Dmitry V. Levin84d758b2010-05-14 13:24:51 +0200[diff] [blame]69 return;
70 default:
71 break;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]72 }
Dmitry V. Levin84d758b2010-05-14 13:24:51 +0200[diff] [blame]73 xtables_param_act(XTF_BAD_VALUE, "REDIRECT", "--to-ports", arg);
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]74}
75
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]76static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags,
77 const void *e, struct xt_entry_target **target)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]78{
Yasuyuki KOZAKAIac8b2712007-07-24 06:06:59 +0000[diff] [blame]79 const struct ipt_entry *entry = e;
Jan Engelhardt978e27e2009-02-21 04:42:32 +0100[diff] [blame]80 struct nf_nat_multi_range *mr
81 = (struct nf_nat_multi_range *)(*target)->data;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]82 int portok;
83
84 if (entry->ip.proto == IPPROTO_TCP
Patrick McHardy36d870c2005-07-22 06:39:45 +0000[diff] [blame]85 || entry->ip.proto == IPPROTO_UDP
Patrick McHardy5a942f92008-11-04 13:22:40 +0100[diff] [blame]86 || entry->ip.proto == IPPROTO_SCTP
87 || entry->ip.proto == IPPROTO_DCCP
Patrick McHardy36d870c2005-07-22 06:39:45 +0000[diff] [blame]88 || entry->ip.proto == IPPROTO_ICMP)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]89 portok = 1;
90 else
91 portok = 0;
92
93 switch (c) {
94 case '1':
95 if (!portok)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]96 xtables_error(PARAMETER_PROBLEM,
Patrick McHardy5a942f92008-11-04 13:22:40 +0100[diff] [blame]97 "Need TCP, UDP, SCTP or DCCP with port specification");
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]98
Jan Engelhardtbf971282009-11-03 19:55:11 +0100[diff] [blame]99 if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]100 xtables_error(PARAMETER_PROBLEM,
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]101 "Unexpected `!' after --to-ports");
102
103 parse_ports(optarg, mr);
Patrick McHardyef399a32007-05-29 11:24:45 +0000[diff] [blame]104 if (*flags & IPT_REDIRECT_OPT_RANDOM)
105 mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
106 *flags |= IPT_REDIRECT_OPT_DEST;
107 return 1;
108
109 case '2':
110 if (*flags & IPT_REDIRECT_OPT_DEST) {
111 mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
112 *flags |= IPT_REDIRECT_OPT_RANDOM;
113 } else
114 *flags |= IPT_REDIRECT_OPT_RANDOM;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]115 return 1;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]116 }
Jan Engelhardtd09b6d52011-01-08 03:02:37 +0100[diff] [blame]117 return 0;
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]118}
119
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]120static void REDIRECT_print(const void *ip, const struct xt_entry_target *target,
121 int numeric)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]122{
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]123 const struct nf_nat_multi_range *mr = (const void *)target->data;
124 const struct nf_nat_range *r = &mr->range[0];
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]125
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]126 if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]127 printf(" redir ports ");
Rusty Russellf9b2e662000-04-19 11:24:02 +0000[diff] [blame]128 printf("%hu", ntohs(r->min.tcp.port));
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]129 if (r->max.tcp.port != r->min.tcp.port)
Rusty Russellf9b2e662000-04-19 11:24:02 +0000[diff] [blame]130 printf("-%hu", ntohs(r->max.tcp.port));
Patrick McHardyef399a32007-05-29 11:24:45 +0000[diff] [blame]131 if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]132 printf(" random");
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]133 }
134}
135
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]136static void REDIRECT_save(const void *ip, const struct xt_entry_target *target)
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]137{
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]138 const struct nf_nat_multi_range *mr = (const void *)target->data;
139 const struct nf_nat_range *r = &mr->range[0];
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]140
141 if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]142 printf(" --to-ports ");
Rusty Russellf9b2e662000-04-19 11:24:02 +0000[diff] [blame]143 printf("%hu", ntohs(r->min.tcp.port));
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]144 if (r->max.tcp.port != r->min.tcp.port)
Rusty Russellf9b2e662000-04-19 11:24:02 +0000[diff] [blame]145 printf("-%hu", ntohs(r->max.tcp.port));
Patrick McHardyef399a32007-05-29 11:24:45 +0000[diff] [blame]146 if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]147 printf(" --random");
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]148 }
149}
150
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]151static struct xtables_target redirect_tg_reg = {
Pablo Neira8caee8b2004-12-28 13:11:59 +0000[diff] [blame]152 .name = "REDIRECT",
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]153 .version = XTABLES_VERSION,
Jan Engelhardt03d99482008-11-18 12:27:54 +0100[diff] [blame]154 .family = NFPROTO_IPV4,
Jan Engelhardt978e27e2009-02-21 04:42:32 +0100[diff] [blame]155 .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
156 .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
Jan Engelhardt1d5b63d2007-10-04 16:29:00 +0000[diff] [blame]157 .help = REDIRECT_help,
158 .init = REDIRECT_init,
159 .parse = REDIRECT_parse,
160 .print = REDIRECT_print,
161 .save = REDIRECT_save,
162 .extra_opts = REDIRECT_opts,
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]163};
164
165void _init(void)
166{
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]167 xtables_register_target(&redirect_tg_reg);
Marc Bouchere6869a82000-03-20 06:03:29 +0000[diff] [blame]168}