Blame - extensions/libxt_iprange.c - platform/external/iptables

blob: 65a15c943469a1847175ad2a0e56687312ef0722 [file] [log] [blame]

Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	1	/* Shared library add-on to iptables to add IP range matching support. */
				2	#include <stdio.h>
				3	#include <netdb.h>
				4	#include <string.h>
				5	#include <stdlib.h>
				6	#include <getopt.h>
				7
				8	#include <iptables.h>
				9	#include <linux/netfilter_ipv4/ipt_iprange.h>
				10
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	11	static void iprange_mt_help(void)
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	12	{
				13	printf(
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	14	"iprange match options:\n"
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	15	"[!] --src-range ip-ip Match source IP in the specified range\n"
				16	"[!] --dst-range ip-ip Match destination IP in the specified range\n"
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	17	"\n");
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	18	}
				19
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	20	static const struct option iprange_mt_opts[] = {
				21	{.name = "src-range", .has_arg = true, .val = '1'},
				22	{.name = "dst-range", .has_arg = true, .val = '2'},
				23	{},
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	24	};
				25
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	26	static void
				27	parse_iprange(char arg, struct ipt_iprange range)
				28	{
				29	char *dash;
Jan Engelhardt	bd94384	2008-01-20 13:38:08 +0000	[diff] [blame]	30	const struct in_addr *ip;
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	31
				32	dash = strchr(arg, '-');
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	33	if (dash != NULL)
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	34	*dash = '\0';
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	35
Jan Engelhardt	bd94384	2008-01-20 13:38:08 +0000	[diff] [blame]	36	ip = numeric_to_ipaddr(arg);
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	37	if (ip != NULL)
				38	exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	39	arg);
				40	range->min_ip = ip->s_addr;
				41
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	42	if (dash != NULL) {
Jan Engelhardt	bd94384	2008-01-20 13:38:08 +0000	[diff] [blame]	43	ip = numeric_to_ipaddr(dash+1);
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	44	if (ip != NULL)
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	45	exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
				46	dash+1);
				47	range->max_ip = ip->s_addr;
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	48	} else {
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	49	range->max_ip = range->min_ip;
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	50	}
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	51	}
				52
Jan Engelhardt	59d1640	2007-10-04 16:28:39 +0000	[diff] [blame]	53	static int iprange_parse(int c, char *argv, int invert, unsigned int flags,
				54	const void entry, struct xt_entry_match *match)
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	55	{
				56	struct ipt_iprange_info info = (struct ipt_iprange_info )(*match)->data;
				57
				58	switch (c) {
				59	case '1':
				60	if (*flags & IPRANGE_SRC)
				61	exit_error(PARAMETER_PROBLEM,
				62	"iprange match: Only use --src-range ONCE!");
				63	*flags \|= IPRANGE_SRC;
				64
				65	info->flags \|= IPRANGE_SRC;
				66	check_inverse(optarg, &invert, &optind, 0);
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	67	if (invert)
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	68	info->flags \|= IPRANGE_SRC_INV;
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	69	parse_iprange(optarg, &info->src);
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	70
				71	break;
				72
				73	case '2':
				74	if (*flags & IPRANGE_DST)
				75	exit_error(PARAMETER_PROBLEM,
				76	"iprange match: Only use --dst-range ONCE!");
				77	*flags \|= IPRANGE_DST;
				78
				79	info->flags \|= IPRANGE_DST;
				80	check_inverse(optarg, &invert, &optind, 0);
				81	if (invert)
				82	info->flags \|= IPRANGE_DST_INV;
				83
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	84	parse_iprange(optarg, &info->dst);
Nicolas Bouliane	b9c6ec1	2004-07-12 07:16:54 +0000	[diff] [blame]	85
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	86	break;
				87
				88	default:
				89	return 0;
				90	}
				91	return 1;
				92	}
				93
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	94	static void iprange_mt_check(unsigned int flags)
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	95	{
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	96	if (flags == 0)
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	97	exit_error(PARAMETER_PROBLEM,
				98	"iprange match: You must specify `--src-range' or `--dst-range'");
				99	}
				100
				101	static void
				102	print_iprange(const struct ipt_iprange *range)
				103	{
				104	const unsigned char byte_min, byte_max;
				105
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	106	byte_min = (const unsigned char *)&range->min_ip;
				107	byte_max = (const unsigned char *)&range->max_ip;
				108	printf("%u.%u.%u.%u-%u.%u.%u.%u ",
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	109	byte_min[0], byte_min[1], byte_min[2], byte_min[3],
				110	byte_max[0], byte_max[1], byte_max[2], byte_max[3]);
				111	}
				112
Jan Engelhardt	59d1640	2007-10-04 16:28:39 +0000	[diff] [blame]	113	static void iprange_print(const void ip, const struct xt_entry_match match,
				114	int numeric)
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	115	{
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	116	const struct ipt_iprange_info info = (const void )match->data;
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	117
				118	if (info->flags & IPRANGE_SRC) {
				119	printf("source IP range ");
				120	if (info->flags & IPRANGE_SRC_INV)
				121	printf("! ");
				122	print_iprange(&info->src);
				123	}
				124	if (info->flags & IPRANGE_DST) {
				125	printf("destination IP range ");
				126	if (info->flags & IPRANGE_DST_INV)
				127	printf("! ");
				128	print_iprange(&info->dst);
				129	}
				130	}
				131
Jan Engelhardt	59d1640	2007-10-04 16:28:39 +0000	[diff] [blame]	132	static void iprange_save(const void ip, const struct xt_entry_match match)
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	133	{
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	134	const struct ipt_iprange_info info = (const void )match->data;
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	135
				136	if (info->flags & IPRANGE_SRC) {
				137	if (info->flags & IPRANGE_SRC_INV)
				138	printf("! ");
				139	printf("--src-range ");
				140	print_iprange(&info->src);
				141	if (info->flags & IPRANGE_DST)
				142	fputc(' ', stdout);
				143	}
				144	if (info->flags & IPRANGE_DST) {
				145	if (info->flags & IPRANGE_DST_INV)
				146	printf("! ");
				147	printf("--dst-range ");
				148	print_iprange(&info->dst);
				149	}
				150	}
				151
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	152	static struct xtables_match iprange_match = {
				153	.version = IPTABLES_VERSION,
				154	.name = "iprange",
				155	.revision = 0,
				156	.family = AF_INET,
				157	.size = XT_ALIGN(sizeof(struct ipt_iprange_info)),
				158	.userspacesize = XT_ALIGN(sizeof(struct ipt_iprange_info)),
				159	.help = iprange_mt_help,
				160	.parse = iprange_parse,
				161	.final_check = iprange_mt_check,
				162	.print = iprange_print,
				163	.save = iprange_save,
				164	.extra_opts = iprange_mt_opts,
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	165	};
				166
				167	void _init(void)
				168	{
Jan Engelhardt	41daaa0	2008-01-20 13:42:43 +0000	[diff] [blame^]	169	xtables_register_match(&iprange_match);
Joszef Kadlecsik	9cb6615	2003-04-23 13:27:09 +0000	[diff] [blame]	170	}