diff options
Diffstat (limited to 'extensions/libxt_TEE.c')
-rw-r--r-- | extensions/libxt_TEE.c | 202 |
1 files changed, 202 insertions, 0 deletions
diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c new file mode 100644 index 0000000..e4c0607 --- /dev/null +++ b/extensions/libxt_TEE.c @@ -0,0 +1,202 @@ +/* + * "TEE" target extension for iptables + * Copyright © Sebastian Claßen <sebastian.classen [at] freenet.ag>, 2007 + * Jan Engelhardt <jengelh [at] medozas de>, 2007 - 2010 + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License; either + * version 2 of the License, or any later version, as published by the + * Free Software Foundation. + */ +#include <sys/socket.h> +#include <getopt.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <arpa/inet.h> +#include <net/if.h> +#include <netinet/in.h> + +#include <xtables.h> +#include <linux/netfilter.h> +#include <linux/netfilter/x_tables.h> +#include <linux/netfilter/xt_TEE.h> + +enum { + FLAG_GATEWAY = 1 << 0, + FLAG_OIF = 1 << 1, +}; + +static const struct option tee_tg_opts[] = { + {.name = "gateway", .has_arg = true, .val = 'g'}, + {.name = "oif", .has_arg = true, .val = 'o'}, + {NULL}, +}; + +static void tee_tg_help(void) +{ + printf( +"TEE target options:\n" +" --gateway IPADDR Route packet via the gateway given by address\n" +" --oif NAME Include oif in route calculation\n" +"\n"); +} + +static int tee_tg_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_target **target) +{ + struct xt_tee_tginfo *info = (void *)(*target)->data; + const struct in_addr *ia; + + switch (c) { + case 'g': + if (*flags & FLAG_GATEWAY) + xtables_error(PARAMETER_PROBLEM, + "Cannot specify --gateway more than once"); + + ia = xtables_numeric_to_ipaddr(optarg); + if (ia == NULL) + xtables_error(PARAMETER_PROBLEM, + "Invalid IP address %s", optarg); + + memcpy(&info->gw, ia, sizeof(*ia)); + *flags |= FLAG_GATEWAY; + return true; + case 'o': + if (*flags & FLAG_OIF) + xtables_error(PARAMETER_PROBLEM, + "Cannot specify --oif more than once"); + if (strlen(optarg) >= sizeof(info->oif)) + xtables_error(PARAMETER_PROBLEM, + "oif name too long"); + strcpy(info->oif, optarg); + *flags |= FLAG_OIF; + return true; + } + + return false; +} + +static int tee_tg6_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_target **target) +{ + struct xt_tee_tginfo *info = (void *)(*target)->data; + const struct in6_addr *ia; + + switch (c) { + case 'g': + if (*flags & FLAG_GATEWAY) + xtables_error(PARAMETER_PROBLEM, + "Cannot specify --gateway more than once"); + + ia = xtables_numeric_to_ip6addr(optarg); + if (ia == NULL) + xtables_error(PARAMETER_PROBLEM, + "Invalid IP address %s", optarg); + + memcpy(&info->gw, ia, sizeof(*ia)); + *flags |= FLAG_GATEWAY; + return true; + case 'o': + if (*flags & FLAG_OIF) + xtables_error(PARAMETER_PROBLEM, + "Cannot specify --oif more than once"); + if (strlen(optarg) >= sizeof(info->oif)) + xtables_error(PARAMETER_PROBLEM, + "oif name too long"); + strcpy(info->oif, optarg); + *flags |= FLAG_OIF; + return true; + } + + return false; +} + +static void tee_tg_check(unsigned int flags) +{ + if (flags == 0) + xtables_error(PARAMETER_PROBLEM, "TEE target: " + "--gateway parameter required"); +} + +static void tee_tg_print(const void *ip, const struct xt_entry_target *target, + int numeric) +{ + const struct xt_tee_tginfo *info = (const void *)target->data; + + if (numeric) + printf("TEE gw:%s ", xtables_ipaddr_to_numeric(&info->gw.in)); + else + printf("TEE gw:%s ", xtables_ipaddr_to_anyname(&info->gw.in)); + if (*info->oif != '\0') + printf("oif=%s ", info->oif); +} + +static void tee_tg6_print(const void *ip, const struct xt_entry_target *target, + int numeric) +{ + const struct xt_tee_tginfo *info = (const void *)target->data; + + if (numeric) + printf("TEE gw:%s ", xtables_ip6addr_to_numeric(&info->gw.in6)); + else + printf("TEE gw:%s ", xtables_ip6addr_to_anyname(&info->gw.in6)); + if (*info->oif != '\0') + printf("oif=%s ", info->oif); +} + +static void tee_tg_save(const void *ip, const struct xt_entry_target *target) +{ + const struct xt_tee_tginfo *info = (const void *)target->data; + + printf("--gateway %s ", xtables_ipaddr_to_numeric(&info->gw.in)); + if (*info->oif != '\0') + printf("--oif %s ", info->oif); +} + +static void tee_tg6_save(const void *ip, const struct xt_entry_target *target) +{ + const struct xt_tee_tginfo *info = (const void *)target->data; + + printf("--gateway %s ", xtables_ip6addr_to_numeric(&info->gw.in6)); + if (*info->oif != '\0') + printf("--oif %s ", info->oif); +} + +static struct xtables_target tee_tg_reg = { + .name = "TEE", + .version = XTABLES_VERSION, + .revision = 1, + .family = NFPROTO_IPV4, + .size = XT_ALIGN(sizeof(struct xt_tee_tginfo)), + .userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)), + .help = tee_tg_help, + .parse = tee_tg_parse, + .final_check = tee_tg_check, + .print = tee_tg_print, + .save = tee_tg_save, + .extra_opts = tee_tg_opts, +}; + +static struct xtables_target tee_tg6_reg = { + .name = "TEE", + .version = XTABLES_VERSION, + .revision = 1, + .family = NFPROTO_IPV6, + .size = XT_ALIGN(sizeof(struct xt_tee_tginfo)), + .userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)), + .help = tee_tg_help, + .parse = tee_tg6_parse, + .final_check = tee_tg_check, + .print = tee_tg6_print, + .save = tee_tg6_save, + .extra_opts = tee_tg_opts, +}; + +void _init(void) +{ + xtables_register_target(&tee_tg_reg); + xtables_register_target(&tee_tg6_reg); +} |