2 * m_ipt.c iptables based targets
3 * utilities mostly ripped from iptables <duh, its the linux way>
5 * This program is free software; you can distribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version
8 * 2 of the License, or (at your option) any later version.
10 * Authors: J Hadi Salim (hadi@cyberus.ca)
13 #include <sys/socket.h>
14 #include <netinet/in.h>
15 #include <arpa/inet.h>
17 #include <linux/netfilter.h>
18 #include <linux/netfilter_ipv4/ip_tables.h>
21 #include <linux/tc_act/tc_ipt.h>
35 static const char *pname
= "tc-ipt";
36 static const char *tname
= "mangle";
37 static const char *pversion
= "0.1";
39 static const char *ipthooks
[] = {
47 static struct option original_opts
[] = {
52 static struct xtables_target
*t_list
;
53 static struct option
*opts
= original_opts
;
54 static unsigned int global_option_offset
;
55 #define OPTION_OFFSET 256
60 xtables_register_target(struct xtables_target
*me
)
67 static void exit_tryhelp(int status
)
69 fprintf(stderr
, "Try `%s -h' or '%s --help' for more information.\n",
74 static void exit_error(enum xtables_exittype status
, char *msg
, ...)
79 fprintf(stderr
, "%s v%s: ", pname
, pversion
);
80 vfprintf(stderr
, msg
, args
);
82 fprintf(stderr
, "\n");
83 if (status
== PARAMETER_PROBLEM
)
85 if (status
== VERSION_PROBLEM
)
87 "Perhaps iptables or your kernel needs to be upgraded.\n");
91 /* stolen from iptables 1.2.11
92 They should really have them as a library so i can link to them
93 Email them next time i remember
96 static void free_opts(struct option
*local_opts
)
98 if (local_opts
!= original_opts
) {
100 opts
= original_opts
;
101 global_option_offset
= 0;
105 static struct option
*
106 merge_options(struct option
*oldopts
, const struct option
*newopts
,
107 unsigned int *option_offset
)
109 struct option
*merge
;
110 unsigned int num_old
, num_new
, i
;
112 for (num_old
= 0; oldopts
[num_old
].name
; num_old
++);
113 for (num_new
= 0; newopts
[num_new
].name
; num_new
++);
115 *option_offset
= global_option_offset
+ OPTION_OFFSET
;
117 merge
= malloc(sizeof(struct option
) * (num_new
+ num_old
+ 1));
118 memcpy(merge
, oldopts
, num_old
* sizeof(struct option
));
119 for (i
= 0; i
< num_new
; i
++) {
120 merge
[num_old
+ i
] = newopts
[i
];
121 merge
[num_old
+ i
].val
+= *option_offset
;
123 memset(merge
+ num_old
+ num_new
, 0, sizeof(struct option
));
129 fw_calloc(size_t count
, size_t size
)
133 if ((p
= (void *) calloc(count
, size
)) == NULL
) {
134 perror("iptables: calloc failed");
140 static struct xtables_target
*
143 struct xtables_target
*m
;
145 for (m
= t_list
; m
; m
= m
->next
) {
146 if (strcmp(m
->name
, name
) == 0)
153 static struct xtables_target
*
154 get_target_name(const char *name
)
158 char *new_name
, *lname
;
159 struct xtables_target
*m
;
160 char path
[strlen(lib_dir
) + sizeof("/libipt_.so") + strlen(name
)];
162 #ifdef NO_SHARED_LIBS
166 new_name
= calloc(1, strlen(name
) + 1);
167 lname
= calloc(1, strlen(name
) + 1);
169 exit_error(PARAMETER_PROBLEM
, "get_target_name");
171 exit_error(PARAMETER_PROBLEM
, "get_target_name");
173 strcpy(new_name
, name
);
176 if (isupper(lname
[0])) {
179 for (i
= 0; i
< strlen(name
); i
++) {
180 lname
[i
] = tolower(lname
[i
]);
184 if (islower(new_name
[0])) {
187 for (i
= 0; i
< strlen(new_name
); i
++) {
188 new_name
[i
] = toupper(new_name
[i
]);
192 /* try libxt_xx first */
193 sprintf(path
, "%s/libxt_%s.so", lib_dir
, new_name
);
194 handle
= dlopen(path
, RTLD_LAZY
);
196 /* try libipt_xx next */
197 sprintf(path
, "%s/libipt_%s.so", lib_dir
, new_name
);
198 handle
= dlopen(path
, RTLD_LAZY
);
201 sprintf(path
, "%s/libxt_%s.so", lib_dir
, lname
);
202 handle
= dlopen(path
, RTLD_LAZY
);
206 sprintf(path
, "%s/libipt_%s.so", lib_dir
, lname
);
207 handle
= dlopen(path
, RTLD_LAZY
);
209 /* ok, lets give up .. */
211 fputs(dlerror(), stderr
);
219 m
= dlsym(handle
, new_name
);
220 if ((error
= dlerror()) != NULL
) {
221 m
= (struct xtables_target
*) dlsym(handle
, lname
);
222 if ((error
= dlerror()) != NULL
) {
223 m
= find_t(new_name
);
227 fputs(error
, stderr
);
228 fprintf(stderr
, "\n");
243 static void set_revision(char *name
, u_int8_t revision
)
245 /* Old kernel sources don't have ".revision" field,
246 * but we stole a byte from name. */
247 name
[IPT_FUNCTION_MAXNAMELEN
- 2] = '\0';
248 name
[IPT_FUNCTION_MAXNAMELEN
- 1] = revision
;
252 * we may need to check for version mismatch
254 static int build_st(struct xtables_target
*target
, struct ipt_entry_target
*t
)
260 XT_ALIGN(sizeof(struct ipt_entry_target
)) + target
->size
;
263 target
->t
= fw_calloc(1, size
);
264 target
->t
->u
.target_size
= size
;
266 if (target
->init
!= NULL
)
267 target
->init(target
->t
);
268 set_revision(target
->t
->u
.user
.name
, target
->revision
);
272 strcpy(target
->t
->u
.user
.name
, target
->name
);
279 static int parse_ipt(struct action_util
*a
, int *argc_p
,
280 char ***argv_p
, int tca_id
, struct nlmsghdr
*n
)
282 struct xtables_target
*m
= NULL
;
287 char **argv
= *argv_p
;
288 int argc
= 0, iargc
= 0;
289 char k
[FILTER_NAMESZ
];
292 __u32 hook
= 0, index
= 0;
294 lib_dir
= getenv("IPTABLES_LIB_DIR");
296 lib_dir
= IPT_LIB_DIR
;
301 for (i
= 0; i
< rargc
; i
++) {
302 if (!argv
[i
] || strcmp(argv
[i
], "action") == 0)
309 fprintf(stderr
, "bad arguments to ipt %d vs %d\n", argc
, rargc
);
314 c
= getopt_long(argc
, argv
, "j:", opts
, NULL
);
319 m
= get_target_name(optarg
);
322 if (build_st(m
, NULL
) < 0) {
323 printf(" %s error\n", m
->name
);
327 merge_options(opts
, m
->extra_opts
,
330 fprintf(stderr
, " failed to find target %s\n\n", optarg
);
337 memset(&fw
, 0, sizeof(fw
));
339 m
->parse(c
- m
->option_offset
, argv
, 0,
340 &m
->tflags
, NULL
, &m
->t
);
342 fprintf(stderr
, " failed to find target %s\n\n", optarg
);
352 if (iargc
> optind
) {
353 if (matches(argv
[optind
], "index") == 0) {
354 if (get_u32(&index
, argv
[optind
+ 1], 10)) {
355 fprintf(stderr
, "Illegal \"index\"\n");
366 fprintf(stderr
, " ipt Parser BAD!! (%s)\n", *argv
);
370 /* check that we passed the correct parameters to the target */
372 m
->final_check(m
->tflags
);
375 struct tcmsg
*t
= NLMSG_DATA(n
);
377 if (t
->tcm_parent
!= TC_H_ROOT
378 && t
->tcm_parent
== TC_H_MAJ(TC_H_INGRESS
)) {
379 hook
= NF_IP_PRE_ROUTING
;
381 hook
= NF_IP_POST_ROUTING
;
385 tail
= addattr_nest(n
, MAX_MSG
, tca_id
);
386 fprintf(stdout
, "tablename: %s hook: %s\n ", tname
, ipthooks
[hook
]);
387 fprintf(stdout
, "\ttarget: ");
390 m
->print(NULL
, m
->t
, 0);
391 fprintf(stdout
, " index %d\n", index
);
393 if (strlen(tname
) > 16) {
397 size
= 1 + strlen(tname
);
399 strncpy(k
, tname
, size
);
401 addattr_l(n
, MAX_MSG
, TCA_IPT_TABLE
, k
, size
);
402 addattr_l(n
, MAX_MSG
, TCA_IPT_HOOK
, &hook
, 4);
403 addattr_l(n
, MAX_MSG
, TCA_IPT_INDEX
, &index
, 4);
405 addattr_l(n
, MAX_MSG
, TCA_IPT_TARG
, m
->t
, m
->t
->u
.target_size
);
406 addattr_nest_end(n
, tail
);
410 *argc_p
= rargc
- iargc
;
415 /* Clear flags if target will be used again */
418 /* Free allocated memory */
428 print_ipt(struct action_util
*au
, FILE * f
, struct rtattr
*arg
)
430 struct rtattr
*tb
[TCA_IPT_MAX
+ 1];
431 struct ipt_entry_target
*t
= NULL
;
436 lib_dir
= getenv("IPTABLES_LIB_DIR");
438 lib_dir
= IPT_LIB_DIR
;
440 parse_rtattr_nested(tb
, TCA_IPT_MAX
, arg
);
442 if (tb
[TCA_IPT_TABLE
] == NULL
) {
443 fprintf(f
, "[NULL ipt table name ] assuming mangle ");
445 fprintf(f
, "tablename: %s ",
446 rta_getattr_str(tb
[TCA_IPT_TABLE
]));
449 if (tb
[TCA_IPT_HOOK
] == NULL
) {
450 fprintf(f
, "[NULL ipt hook name ]\n ");
455 hook
= rta_getattr_u32(tb
[TCA_IPT_HOOK
]);
456 fprintf(f
, " hook: %s\n", ipthooks
[hook
]);
459 if (tb
[TCA_IPT_TARG
] == NULL
) {
460 fprintf(f
, "\t[NULL ipt target parameters ]\n");
463 struct xtables_target
*m
= NULL
;
465 t
= RTA_DATA(tb
[TCA_IPT_TARG
]);
466 m
= get_target_name(t
->u
.user
.name
);
468 if (build_st(m
, t
) < 0) {
469 fprintf(stderr
, " %s error\n", m
->name
);
474 merge_options(opts
, m
->extra_opts
,
477 fprintf(stderr
, " failed to find target %s\n\n",
481 fprintf(f
, "\ttarget ");
482 m
->print(NULL
, m
->t
, 0);
483 if (tb
[TCA_IPT_INDEX
] == NULL
) {
484 fprintf(f
, " [NULL ipt target index ]\n");
488 index
= rta_getattr_u32(tb
[TCA_IPT_INDEX
]);
489 fprintf(f
, "\n\tindex %u", index
);
492 if (tb
[TCA_IPT_CNT
]) {
493 struct tc_cnt
*c
= RTA_DATA(tb
[TCA_IPT_CNT
]);
495 fprintf(f
, " ref %d bind %d", c
->refcnt
, c
->bindcnt
);
498 if (tb
[TCA_IPT_TM
]) {
499 struct tcf_t
*tm
= RTA_DATA(tb
[TCA_IPT_TM
]);
512 struct action_util ipt_action_util
= {
514 .parse_aopt
= parse_ipt
,
515 .print_aopt
= print_ipt
,