2 * m_xt.c xtables based targets
3 * utilities mostly ripped from iptables <duh, its the linux way>
5 * This program is free software; you can distribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version
8 * 2 of the License, or (at your option) any later version.
10 * Authors: J Hadi Salim (hadi@cyberus.ca)
13 /*XXX: in the future (xtables 1.4.3?) get rid of everything tagged
14 * as TC_CONFIG_XT_H */
16 #include <sys/socket.h>
17 #include <netinet/in.h>
18 #include <arpa/inet.h>
20 #include <linux/netfilter.h>
21 #include <linux/netfilter_ipv4/ip_tables.h>
25 #include <linux/tc_act/tc_ipt.h>
39 #include "xt-internal.h"
43 #define ALIGN(x, a) __ALIGN_MASK(x, (typeof(x))(a)-1)
44 #define __ALIGN_MASK(x, mask) (((x)+(mask))&~(mask))
47 static const char *pname
= "tc-ipt";
48 static const char *tname
= "mangle";
49 static const char *pversion
= "0.2";
51 static const char *ipthooks
[] = {
59 static struct option original_opts
[] = {
64 static struct option
*opts
= original_opts
;
65 static unsigned int global_option_offset
;
67 const char *program_version
= XTABLES_VERSION
;
68 const char *program_name
= "tc-ipt";
69 struct afinfo afinfo
= {
71 .libprefix
= "libxt_",
72 .ipproto
= IPPROTO_IP
,
74 .so_rev_target
= IPT_SO_GET_REVISION_TARGET
,
78 #define OPTION_OFFSET 256
80 /*XXX: TC_CONFIG_XT_H */
81 static void free_opts(struct option
*local_opts
)
83 if (local_opts
!= original_opts
) {
86 global_option_offset
= 0;
90 /*XXX: TC_CONFIG_XT_H */
91 static struct option
*
92 merge_options(struct option
*oldopts
, const struct option
*newopts
,
93 unsigned int *option_offset
)
96 unsigned int num_old
, num_new
, i
;
98 for (num_old
= 0; oldopts
[num_old
].name
; num_old
++);
99 for (num_new
= 0; newopts
[num_new
].name
; num_new
++);
101 *option_offset
= global_option_offset
+ OPTION_OFFSET
;
103 merge
= malloc(sizeof(struct option
) * (num_new
+ num_old
+ 1));
104 memcpy(merge
, oldopts
, num_old
* sizeof(struct option
));
105 for (i
= 0; i
< num_new
; i
++) {
106 merge
[num_old
+ i
] = newopts
[i
];
107 merge
[num_old
+ i
].val
+= *option_offset
;
109 memset(merge
+ num_old
+ num_new
, 0, sizeof(struct option
));
115 /*XXX: TC_CONFIG_XT_H */
123 /*XXX: TC_CONFIG_XT_H */
125 check_inverse(const char option
[], int *invert
, int *my_optind
, int argc
)
127 if (option
&& strcmp(option
, "!") == 0) {
129 exit_error(PARAMETER_PROBLEM
,
130 "Multiple `!' flags not allowed");
132 if (my_optind
!= NULL
) {
134 if (argc
&& *my_optind
> argc
)
135 exit_error(PARAMETER_PROBLEM
,
136 "no argument following `!'");
144 /*XXX: TC_CONFIG_XT_H */
145 void exit_error(enum exittype status
, const char *msg
, ...)
150 fprintf(stderr
, "%s v%s: ", pname
, pversion
);
151 vfprintf(stderr
, msg
, args
);
153 fprintf(stderr
, "\n");
154 /* On error paths, make sure that we don't leak memory */
158 /*XXX: TC_CONFIG_XT_H */
159 static void set_revision(char *name
, u_int8_t revision
)
161 /* Old kernel sources don't have ".revision" field,
162 * but we stole a byte from name. */
163 name
[IPT_FUNCTION_MAXNAMELEN
- 2] = '\0';
164 name
[IPT_FUNCTION_MAXNAMELEN
- 1] = revision
;
168 * we may need to check for version mismatch
171 build_st(struct xtables_target
*target
, struct xt_entry_target
*t
)
175 XT_ALIGN(sizeof(struct xt_entry_target
)) + target
->size
;
178 target
->t
= fw_calloc(1, size
);
179 target
->t
->u
.target_size
= size
;
180 strcpy(target
->t
->u
.user
.name
, target
->name
);
181 set_revision(target
->t
->u
.user
.name
, target
->revision
);
183 if (target
->init
!= NULL
)
184 target
->init(target
->t
);
192 inline void set_lib_dir(void)
195 lib_dir
= getenv("XTABLES_LIBDIR");
197 lib_dir
= getenv("IPTABLES_LIB_DIR");
199 fprintf(stderr
, "using deprecated IPTABLES_LIB_DIR\n");
202 lib_dir
= XT_LIB_DIR
;
206 static int parse_ipt(struct action_util
*a
, int *argc_p
,
207 char ***argv_p
, int tca_id
, struct nlmsghdr
*n
)
209 struct xtables_target
*m
= NULL
;
214 char **argv
= *argv_p
;
215 int argc
= 0, iargc
= 0;
216 char k
[FILTER_NAMESZ
];
219 __u32 hook
= 0, index
= 0;
226 for (i
= 0; i
< rargc
; i
++) {
227 if (!argv
[i
] || strcmp(argv
[i
], "action") == 0)
234 fprintf(stderr
, "bad arguments to ipt %d vs %d\n", argc
, rargc
);
239 c
= getopt_long(argc
, argv
, "j:", opts
, NULL
);
244 m
= find_target(optarg
, TRY_LOAD
);
247 if (build_st(m
, NULL
) < 0) {
248 printf(" %s error\n", m
->name
);
252 merge_options(opts
, m
->extra_opts
,
255 fprintf(stderr
, " failed to find target %s\n\n", optarg
);
262 memset(&fw
, 0, sizeof(fw
));
264 m
->parse(c
- m
->option_offset
, argv
, 0,
265 &m
->tflags
, NULL
, &m
->t
);
267 fprintf(stderr
, " failed to find target %s\n\n", optarg
);
277 if (iargc
> optind
) {
278 if (matches(argv
[optind
], "index") == 0) {
279 if (get_u32(&index
, argv
[optind
+ 1], 10)) {
280 fprintf(stderr
, "Illegal \"index\"\n");
291 fprintf(stderr
, " ipt Parser BAD!! (%s)\n", *argv
);
295 /* check that we passed the correct parameters to the target */
297 m
->final_check(m
->tflags
);
300 struct tcmsg
*t
= NLMSG_DATA(n
);
302 if (t
->tcm_parent
!= TC_H_ROOT
303 && t
->tcm_parent
== TC_H_MAJ(TC_H_INGRESS
)) {
304 hook
= NF_IP_PRE_ROUTING
;
306 hook
= NF_IP_POST_ROUTING
;
310 tail
= addattr_nest(n
, MAX_MSG
, tca_id
);
311 fprintf(stdout
, "tablename: %s hook: %s\n ", tname
, ipthooks
[hook
]);
312 fprintf(stdout
, "\ttarget: ");
315 m
->print(NULL
, m
->t
, 0);
316 fprintf(stdout
, " index %d\n", index
);
318 if (strlen(tname
) > 16) {
322 size
= 1 + strlen(tname
);
324 strncpy(k
, tname
, size
);
326 addattr_l(n
, MAX_MSG
, TCA_IPT_TABLE
, k
, size
);
327 addattr_l(n
, MAX_MSG
, TCA_IPT_HOOK
, &hook
, 4);
328 addattr_l(n
, MAX_MSG
, TCA_IPT_INDEX
, &index
, 4);
330 addattr_l(n
, MAX_MSG
, TCA_IPT_TARG
, m
->t
, m
->t
->u
.target_size
);
331 addattr_nest_end(n
, tail
);
335 *argc_p
= rargc
- iargc
;
340 /* Clear flags if target will be used again */
343 /* Free allocated memory */
353 print_ipt(struct action_util
*au
, FILE * f
, struct rtattr
*arg
)
355 struct rtattr
*tb
[TCA_IPT_MAX
+ 1];
356 struct xt_entry_target
*t
= NULL
;
357 struct xtables_target
*m
;
365 parse_rtattr_nested(tb
, TCA_IPT_MAX
, arg
);
367 if (tb
[TCA_IPT_TABLE
] == NULL
) {
368 fprintf(stderr
, "Missing ipt table name, assuming mangle\n");
370 fprintf(f
, "tablename: %s ",
371 rta_getattr_str(tb
[TCA_IPT_TABLE
]));
374 if (tb
[TCA_IPT_HOOK
] == NULL
) {
375 fprintf(stderr
, "Missing ipt hook name\n");
379 if (tb
[TCA_IPT_TARG
] == NULL
) {
380 fprintf(stderr
, "Missing ipt target parameters\n");
384 hook
= rta_getattr_u32(tb
[TCA_IPT_HOOK
]);
385 fprintf(f
, " hook: %s\n", ipthooks
[hook
]);
387 t
= RTA_DATA(tb
[TCA_IPT_TARG
]);
388 m
= find_target(t
->u
.user
.name
, TRY_LOAD
);
390 if (build_st(m
, t
) < 0) {
391 fprintf(stderr
, " %s error\n", m
->name
);
396 merge_options(opts
, m
->extra_opts
,
399 fprintf(stderr
, " failed to find target %s\n\n",
403 fprintf(f
, "\ttarget ");
404 m
->print(NULL
, m
->t
, 0);
405 if (tb
[TCA_IPT_INDEX
] == NULL
) {
406 fprintf(f
, " [NULL ipt target index ]\n");
410 index
= rta_getattr_u32(tb
[TCA_IPT_INDEX
]);
411 fprintf(f
, "\n\tindex %u", index
);
414 if (tb
[TCA_IPT_CNT
]) {
415 struct tc_cnt
*c
= RTA_DATA(tb
[TCA_IPT_CNT
]);
417 fprintf(f
, " ref %d bind %d", c
->refcnt
, c
->bindcnt
);
420 if (tb
[TCA_IPT_TM
]) {
421 struct tcf_t
*tm
= RTA_DATA(tb
[TCA_IPT_TM
]);
433 struct action_util ipt_action_util
= {
435 .parse_aopt
= parse_ipt
,
436 .print_aopt
= print_ipt
,