Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / f53710b16c2bae1843c3f5fee390f496dfa82526 / . / extensions / libxt_devgroup.c
blob: 4487c83304ab7aeef16b9ffb62e1705c2c9a654b [file] [log] [blame]
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]1/* Shared library add-on to iptables to add devgroup matching support.
2 *
3 * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
4 */
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]5#include <stdio.h>
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]6#include <string.h>
7#include <stdlib.h>
8#include <errno.h>
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]9#include <xtables.h>
10#include <linux/netfilter/xt_devgroup.h>
11
12static void devgroup_help(void)
13{
14 printf(
15"devgroup match options:\n"
16"[!] --src-group value[/mask] Match device group of incoming device\n"
17"[!] --dst-group value[/mask] Match device group of outgoing device\n"
18 );
19}
20
21enum {
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]22 O_SRC_GROUP = 0,
23 O_DST_GROUP,
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]24};
25
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]26static const struct xt_option_entry devgroup_opts[] = {
27 {.name = "src-group", .id = O_SRC_GROUP, .type = XTTYPE_STRING,
28 .flags = XTOPT_INVERT},
29 {.name = "dst-group", .id = O_DST_GROUP, .type = XTTYPE_STRING,
30 .flags = XTOPT_INVERT},
31 XTOPT_TABLEEND,
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]32};
33
34/* array of devgroups from /etc/iproute2/group_map */
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]35static struct xtables_lmap *devgroups;
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]36
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]37static void devgroup_init(struct xt_entry_match *match)
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]38{
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]39 const char file[] = "/etc/iproute2/group_map";
40 devgroups = xtables_lmap_init(file);
41 if (devgroups == NULL && errno != ENOENT)
42 fprintf(stderr, "Warning: %s: %s\n", file, strerror(errno));
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]43}
44
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]45static void devgroup_parse(struct xt_option_call *cb)
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]46{
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]47 struct xt_devgroup_info *info = cb->data;
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]48 unsigned int id;
49 char *end;
50
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]51 xtables_option_parse(cb);
52 switch (cb->entry->id) {
53 case O_SRC_GROUP:
54 info->src_group = strtoul(cb->arg, &end, 0);
55 if (end != cb->arg && (*end == '/' || *end == '\0')) {
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]56 if (*end == '/')
57 info->src_mask = strtoul(end+1, &end, 0);
58 else
59 info->src_mask = 0xffffffff;
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]60 if (*end != '\0' || end == cb->arg)
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]61 xtables_error(PARAMETER_PROBLEM,
62 "Bad src-group value `%s'",
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]63 cb->arg);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]64 } else {
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]65 id = xtables_lmap_name2id(devgroups, cb->arg);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]66 if (id == -1)
67 xtables_error(PARAMETER_PROBLEM,
68 "Device group `%s' not found",
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]69 cb->arg);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]70 info->src_group = id;
71 info->src_mask = 0xffffffff;
72 }
Lutz Jaenicke17f79372011-05-23 16:28:25 +0200[diff] [blame]73 info->flags |= XT_DEVGROUP_MATCH_SRC;
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]74 if (cb->invert)
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]75 info->flags |= XT_DEVGROUP_INVERT_SRC;
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]76 break;
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]77 case O_DST_GROUP:
78 info->dst_group = strtoul(cb->arg, &end, 0);
79 if (end != cb->arg && (*end == '/' || *end == '\0')) {
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]80 if (*end == '/')
81 info->dst_mask = strtoul(end+1, &end, 0);
82 else
83 info->dst_mask = 0xffffffff;
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]84 if (*end != '\0' || end == cb->arg)
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]85 xtables_error(PARAMETER_PROBLEM,
86 "Bad dst-group value `%s'",
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]87 cb->arg);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]88 } else {
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]89 id = xtables_lmap_name2id(devgroups, cb->arg);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]90 if (id == -1)
91 xtables_error(PARAMETER_PROBLEM,
92 "Device group `%s' not found",
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]93 cb->arg);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]94 info->dst_group = id;
95 info->dst_mask = 0xffffffff;
96 }
Lutz Jaenicke17f79372011-05-23 16:28:25 +0200[diff] [blame]97 info->flags |= XT_DEVGROUP_MATCH_DST;
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]98 if (cb->invert)
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]99 info->flags |= XT_DEVGROUP_INVERT_DST;
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]100 break;
101 }
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]102}
103
104static void
105print_devgroup(unsigned int id, unsigned int mask, int numeric)
106{
107 const char *name = NULL;
108
109 if (mask != 0xffffffff)
Jan Engelhardtc0f6d172011-02-16 02:42:21 +0100[diff] [blame]110 printf("0x%x/0x%x", id, mask);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]111 else {
112 if (numeric == 0)
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]113 name = xtables_lmap_id2name(devgroups, id);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]114 if (name)
Jan Engelhardtc0f6d172011-02-16 02:42:21 +0100[diff] [blame]115 printf("%s", name);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]116 else
Jan Engelhardtc0f6d172011-02-16 02:42:21 +0100[diff] [blame]117 printf("0x%x", id);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]118 }
119}
120
121static void devgroup_show(const char *pfx, const struct xt_devgroup_info *info,
122 int numeric)
123{
124 if (info->flags & XT_DEVGROUP_MATCH_SRC) {
125 if (info->flags & XT_DEVGROUP_INVERT_SRC)
Jan Engelhardtc0f6d172011-02-16 02:42:21 +0100[diff] [blame]126 printf(" !");
127 printf(" %ssrc-group ", pfx);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]128 print_devgroup(info->src_group, info->src_mask, numeric);
129 }
130
131 if (info->flags & XT_DEVGROUP_MATCH_DST) {
132 if (info->flags & XT_DEVGROUP_INVERT_DST)
Jan Engelhardtc0f6d172011-02-16 02:42:21 +0100[diff] [blame]133 printf(" !");
134 printf(" %sdst-group ", pfx);
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]135 print_devgroup(info->src_group, info->src_mask, numeric);
136 }
137}
138
139static void devgroup_print(const void *ip, const struct xt_entry_match *match,
140 int numeric)
141{
142 const struct xt_devgroup_info *info = (const void *)match->data;
143
144 devgroup_show("", info, numeric);
145}
146
147static void devgroup_save(const void *ip, const struct xt_entry_match *match)
148{
149 const struct xt_devgroup_info *info = (const void *)match->data;
150
151 devgroup_show("--", info, 0);
152}
153
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]154static void devgroup_check(struct xt_fcheck_call *cb)
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]155{
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]156 if (cb->xflags == 0)
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]157 xtables_error(PARAMETER_PROBLEM,
158 "devgroup match: You must specify either "
159 "'--src-group' or '--dst-group'");
160}
161
162static struct xtables_match devgroup_mt_reg = {
163 .name = "devgroup",
164 .version = XTABLES_VERSION,
165 .family = NFPROTO_UNSPEC,
166 .size = XT_ALIGN(sizeof(struct xt_devgroup_info)),
167 .userspacesize = XT_ALIGN(sizeof(struct xt_devgroup_info)),
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]168 .init = devgroup_init,
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]169 .help = devgroup_help,
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]170 .print = devgroup_print,
171 .save = devgroup_save,
Jan Engelhardt5d8e61e2011-03-06 16:02:03 +0100[diff] [blame]172 .x6_parse = devgroup_parse,
173 .x6_fcheck = devgroup_check,
174 .x6_options = devgroup_opts,
Patrick McHardy9ee2a9f2011-02-03 06:10:41 +0100[diff] [blame]175};
176
177void _init(void)
178{
179 xtables_register_match(&devgroup_mt_reg);
180}