]> git.proxmox.com Git - mirror_iproute2.git/blob - tc/m_ipt.c
projects / mirror_iproute2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix leftovers from earlier change
[mirror_iproute2.git] / tc / m_ipt.c
1 /*
2 * m_ipt.c iptables based targets
3 * utilities mostly ripped from iptables <duh, its the linux way>
4 *
5 * This program is free software; you can distribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version
8 * 2 of the License, or (at your option) any later version.
9 *
10 * Authors: J Hadi Salim (hadi@cyberus.ca)
11 */
12
13 #include <syslog.h>
14 #include <sys/socket.h>
15 #include <netinet/in.h>
16 #include <arpa/inet.h>
17 #include <linux/if.h>
18 #include <iptables.h>
19 #include <linux/netfilter.h>
20 #include <linux/netfilter_ipv4/ip_tables.h>
21 #include "utils.h"
22 #include "tc_util.h"
23 #include <linux/tc_act/tc_ipt.h>
24 #include <stdio.h>
25 #include <dlfcn.h>
26 #include <getopt.h>
27 #include <errno.h>
28 #include <string.h>
29 #include <netdb.h>
30 #include <stdlib.h>
31 #include <ctype.h>
32 #include <stdarg.h>
33 #include <limits.h>
34 #include <unistd.h>
35 #include <fcntl.h>
36 #include <sys/wait.h>
37
38 static const char *pname = "tc-ipt";
39 static const char *tname = "mangle";
40 static const char *pversion = "0.1";
41
42 static const char *ipthooks[] = {
43 "NF_IP_PRE_ROUTING",
44 "NF_IP_LOCAL_IN",
45 "NF_IP_FORWARD",
46 "NF_IP_LOCAL_OUT",
47 "NF_IP_POST_ROUTING",
48 };
49
50 static struct option original_opts[] = {
51 {"jump", 1, 0, 'j'},
52 {0, 0, 0, 0}
53 };
54
55 static struct iptables_target *t_list = NULL;
56 static struct option *opts = original_opts;
57 static unsigned int global_option_offset = 0;
58 #define OPTION_OFFSET 256
59
60 char *lib_dir;
61
62 void
63 register_target(struct iptables_target *me)
64 {
65 /* fprintf(stderr, "\nDummy register_target %s \n", me->name);
66 */
67 me->next = t_list;
68 t_list = me;
69
70 }
71
72 void
73 xtables_register_target(struct iptables_target *me)
74 {
75 me->next = t_list;
76 t_list = me;
77 }
78
79 void
80 exit_tryhelp(int status)
81 {
82 fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
83 pname, pname);
84 exit(status);
85 }
86
87 void
88 exit_error(enum exittype status, char *msg, ...)
89 {
90 va_list args;
91
92 va_start(args, msg);
93 fprintf(stderr, "%s v%s: ", pname, pversion);
94 vfprintf(stderr, msg, args);
95 va_end(args);
96 fprintf(stderr, "\n");
97 if (status == PARAMETER_PROBLEM)
98 exit_tryhelp(status);
99 if (status == VERSION_PROBLEM)
100 fprintf(stderr,
101 "Perhaps iptables or your kernel needs to be upgraded.\n");
102 exit(status);
103 }
104
105 /* stolen from iptables 1.2.11
106 They should really have them as a library so i can link to them
107 Email them next time i remember
108 */
109
110 char *
111 addr_to_dotted(const struct in_addr *addrp)
112 {
113 static char buf[20];
114 const unsigned char *bytep;
115
116 bytep = (const unsigned char *) &(addrp->s_addr);
117 sprintf(buf, "%d.%d.%d.%d", bytep[0], bytep[1], bytep[2], bytep[3]);
118 return buf;
119 }
120
121 int string_to_number_ll(const char *s, unsigned long long min,
122 unsigned long long max,
123 unsigned long long *ret)
124 {
125 unsigned long long number;
126 char *end;
127
128 /* Handle hex, octal, etc. */
129 errno = 0;
130 number = strtoull(s, &end, 0);
131 if (*end == '\0' && end != s) {
132 /* we parsed a number, let's see if we want this */
133 if (errno != ERANGE && min <= number && (!max || number <= max)) {
134 *ret = number;
135 return 0;
136 }
137 }
138 return -1;
139 }
140
141 int string_to_number_l(const char *s, unsigned long min, unsigned long max,
142 unsigned long *ret)
143 {
144 int result;
145 unsigned long long number;
146
147 result = string_to_number_ll(s, min, max, &number);
148 *ret = (unsigned long)number;
149
150 return result;
151 }
152
153 int string_to_number(const char *s, unsigned int min, unsigned int max,
154 unsigned int *ret)
155 {
156 int result;
157 unsigned long number;
158
159 result = string_to_number_l(s, min, max, &number);
160 *ret = (unsigned int)number;
161
162 return result;
163 }
164
165 static void free_opts(struct option *opts)
166 {
167 if (opts != original_opts) {
168 free(opts);
169 opts = original_opts;
170 global_option_offset = 0;
171 }
172 }
173
174 static struct option *
175 merge_options(struct option *oldopts, const struct option *newopts,
176 unsigned int *option_offset)
177 {
178 struct option *merge;
179 unsigned int num_old, num_new, i;
180
181 for (num_old = 0; oldopts[num_old].name; num_old++) ;
182 for (num_new = 0; newopts[num_new].name; num_new++) ;
183
184 *option_offset = global_option_offset + OPTION_OFFSET;
185
186 merge = malloc(sizeof (struct option) * (num_new + num_old + 1));
187 memcpy(merge, oldopts, num_old * sizeof (struct option));
188 for (i = 0; i < num_new; i++) {
189 merge[num_old + i] = newopts[i];
190 merge[num_old + i].val += *option_offset;
191 }
192 memset(merge + num_old + num_new, 0, sizeof (struct option));
193
194 return merge;
195 }
196
197 static void *
198 fw_calloc(size_t count, size_t size)
199 {
200 void *p;
201
202 if ((p = (void *) calloc(count, size)) == NULL) {
203 perror("iptables: calloc failed");
204 exit(1);
205 }
206 return p;
207 }
208
209 static struct iptables_target *
210 find_t(char *name)
211 {
212 struct iptables_target *m;
213 for (m = t_list; m; m = m->next) {
214 if (strcmp(m->name, name) == 0)
215 return m;
216 }
217
218 return NULL;
219 }
220
221 static struct iptables_target *
222 get_target_name(const char *name)
223 {
224 void *handle;
225 char *error;
226 char *new_name, *lname;
227 struct iptables_target *m;
228 char path[strlen(lib_dir) + sizeof ("/libipt_.so") + strlen(name)];
229
230 new_name = malloc(strlen(name) + 1);
231 lname = malloc(strlen(name) + 1);
232 if (new_name)
233 memset(new_name, '\0', strlen(name) + 1);
234 else
235 exit_error(PARAMETER_PROBLEM, "get_target_name");
236
237 if (lname)
238 memset(lname, '\0', strlen(name) + 1);
239 else
240 exit_error(PARAMETER_PROBLEM, "get_target_name");
241
242 strcpy(new_name, name);
243 strcpy(lname, name);
244
245 if (isupper(lname[0])) {
246 int i;
247 for (i = 0; i < strlen(name); i++) {
248 lname[i] = tolower(lname[i]);
249 }
250 }
251
252 if (islower(new_name[0])) {
253 int i;
254 for (i = 0; i < strlen(new_name); i++) {
255 new_name[i] = toupper(new_name[i]);
256 }
257 }
258
259 /* try libxt_xx first */
260 sprintf(path, "%s/libxt_%s.so", lib_dir, new_name);
261 handle = dlopen(path, RTLD_LAZY);
262 if (!handle) {
263 /* try libipt_xx next */
264 sprintf(path, "%s/libipt_%s.so", lib_dir, new_name);
265 handle = dlopen(path, RTLD_LAZY);
266
267 if (!handle) {
268 sprintf(path, "%s/libxt_%s.so", lib_dir , lname);
269 handle = dlopen(path, RTLD_LAZY);
270 }
271
272 if (!handle) {
273 sprintf(path, "%s/libipt_%s.so", lib_dir , lname);
274 handle = dlopen(path, RTLD_LAZY);
275 }
276 /* ok, lets give up .. */
277 if (!handle) {
278 fputs(dlerror(), stderr);
279 printf("\n");
280 free(new_name);
281 return NULL;
282 }
283 }
284
285 m = dlsym(handle, new_name);
286 if ((error = dlerror()) != NULL) {
287 m = (struct iptables_target *) dlsym(handle, lname);
288 if ((error = dlerror()) != NULL) {
289 m = find_t(new_name);
290 if (NULL == m) {
291 m = find_t(lname);
292 if (NULL == m) {
293 fputs(error, stderr);
294 fprintf(stderr, "\n");
295 dlclose(handle);
296 free(new_name);
297 return NULL;
298 }
299 }
300 }
301 }
302
303 free(new_name);
304 return m;
305 }
306
307
308 struct in_addr *dotted_to_addr(const char *dotted)
309 {
310 static struct in_addr addr;
311 unsigned char *addrp;
312 char *p, *q;
313 unsigned int onebyte;
314 int i;
315 char buf[20];
316
317 /* copy dotted string, because we need to modify it */
318 strncpy(buf, dotted, sizeof (buf) - 1);
319 addrp = (unsigned char *) &(addr.s_addr);
320
321 p = buf;
322 for (i = 0; i < 3; i++) {
323 if ((q = strchr(p, '.')) == NULL)
324 return (struct in_addr *) NULL;
325
326 *q = '\0';
327 if (string_to_number(p, 0, 255, &onebyte) == -1)
328 return (struct in_addr *) NULL;
329
330 addrp[i] = (unsigned char) onebyte;
331 p = q + 1;
332 }
333
334 /* we've checked 3 bytes, now we check the last one */
335 if (string_to_number(p, 0, 255, &onebyte) == -1)
336 return (struct in_addr *) NULL;
337
338 addrp[3] = (unsigned char) onebyte;
339
340 return &addr;
341 }
342
343 static void set_revision(char *name, u_int8_t revision)
344 {
345 /* Old kernel sources don't have ".revision" field,
346 * but we stole a byte from name. */
347 name[IPT_FUNCTION_MAXNAMELEN - 2] = '\0';
348 name[IPT_FUNCTION_MAXNAMELEN - 1] = revision;
349 }
350
351 /*
352 * we may need to check for version mismatch
353 */
354 int
355 build_st(struct iptables_target *target, struct ipt_entry_target *t)
356 {
357 unsigned int nfcache = 0;
358
359 if (target) {
360 size_t size;
361
362 size =
363 IPT_ALIGN(sizeof (struct ipt_entry_target)) + target->size;
364
365 if (NULL == t) {
366 target->t = fw_calloc(1, size);
367 target->t->u.target_size = size;
368
369 if (target->init != NULL)
370 target->init(target->t, &nfcache);
371 set_revision(target->t->u.user.name, target->revision);
372 } else {
373 target->t = t;
374 }
375 strcpy(target->t->u.user.name, target->name);
376 return 0;
377 }
378
379 return -1;
380 }
381
382 static int parse_ipt(struct action_util *a,int *argc_p,
383 char ***argv_p, int tca_id, struct nlmsghdr *n)
384 {
385 struct iptables_target *m = NULL;
386 struct ipt_entry fw;
387 struct rtattr *tail;
388 int c;
389 int rargc = *argc_p;
390 char **argv = *argv_p;
391 int argc = 0, iargc = 0;
392 char k[16];
393 int res = -1;
394 int size = 0;
395 int iok = 0, ok = 0;
396 __u32 hook = 0, index = 0;
397 res = 0;
398
399 lib_dir = getenv("IPTABLES_LIB_DIR");
400 if (!lib_dir)
401 lib_dir = IPT_LIB_DIR;
402
403 {
404 int i;
405 for (i = 0; i < rargc; i++) {
406 if (NULL == argv[i] || 0 == strcmp(argv[i], "action")) {
407 break;
408 }
409 }
410 iargc = argc = i;
411 }
412
413 if (argc <= 2) {
414 fprintf(stderr,"bad arguements to ipt %d vs %d \n", argc, rargc);
415 return -1;
416 }
417
418 while (1) {
419 c = getopt_long(argc, argv, "j:", opts, NULL);
420 if (c == -1)
421 break;
422 switch (c) {
423 case 'j':
424 m = get_target_name(optarg);
425 if (NULL != m) {
426
427 if (0 > build_st(m, NULL)) {
428 printf(" %s error \n", m->name);
429 return -1;
430 }
431 opts =
432 merge_options(opts, m->extra_opts,
433 &m->option_offset);
434 } else {
435 fprintf(stderr," failed to find target %s\n\n", optarg);
436 return -1;
437 }
438 ok++;
439 break;
440
441 default:
442 memset(&fw, 0, sizeof (fw));
443 if (m) {
444 m->parse(c - m->option_offset, argv, 0,
445 &m->tflags, NULL, &m->t);
446 } else {
447 fprintf(stderr," failed to find target %s\n\n", optarg);
448 return -1;
449
450 }
451 ok++;
452 break;
453
454 }
455 }
456
457 if (iargc > optind) {
458 if (matches(argv[optind], "index") == 0) {
459 if (get_u32(&index, argv[optind + 1], 10)) {
460 fprintf(stderr, "Illegal \"index\"\n");
461 free_opts(opts);
462 return -1;
463 }
464 iok++;
465
466 optind += 2;
467 }
468 }
469
470 if (!ok && !iok) {
471 fprintf(stderr," ipt Parser BAD!! (%s)\n", *argv);
472 return -1;
473 }
474
475 /* check that we passed the correct parameters to the target */
476 if (m)
477 m->final_check(m->tflags);
478
479 {
480 struct tcmsg *t = NLMSG_DATA(n);
481 if (t->tcm_parent != TC_H_ROOT
482 && t->tcm_parent == TC_H_MAJ(TC_H_INGRESS)) {
483 hook = NF_IP_PRE_ROUTING;
484 } else {
485 hook = NF_IP_POST_ROUTING;
486 }
487 }
488
489 tail = NLMSG_TAIL(n);
490 addattr_l(n, MAX_MSG, tca_id, NULL, 0);
491 fprintf(stdout, "tablename: %s hook: %s\n ", tname, ipthooks[hook]);
492 fprintf(stdout, "\ttarget: ");
493
494 if (m)
495 m->print(NULL, m->t, 0);
496 fprintf(stdout, " index %d\n", index);
497
498 if (strlen(tname) > 16) {
499 size = 16;
500 k[15] = 0;
501 } else {
502 size = 1 + strlen(tname);
503 }
504 strncpy(k, tname, size);
505
506 addattr_l(n, MAX_MSG, TCA_IPT_TABLE, k, size);
507 addattr_l(n, MAX_MSG, TCA_IPT_HOOK, &hook, 4);
508 addattr_l(n, MAX_MSG, TCA_IPT_INDEX, &index, 4);
509 if (m)
510 addattr_l(n, MAX_MSG, TCA_IPT_TARG, m->t, m->t->u.target_size);
511 tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
512
513 argc -= optind;
514 argv += optind;
515 *argc_p = rargc - iargc;
516 *argv_p = argv;
517
518 optind = 0;
519 free_opts(opts);
520 /* Clear flags if target will be used again */
521 m->tflags=0;
522 m->used=0;
523 /* Free allocated memory */
524 if (m->t)
525 free(m->t);
526
527
528 return 0;
529
530 }
531
532 static int
533 print_ipt(struct action_util *au,FILE * f, struct rtattr *arg)
534 {
535 struct rtattr *tb[TCA_IPT_MAX + 1];
536 struct ipt_entry_target *t = NULL;
537
538 if (arg == NULL)
539 return -1;
540
541 lib_dir = getenv("IPTABLES_LIB_DIR");
542 if (!lib_dir)
543 lib_dir = IPT_LIB_DIR;
544
545 parse_rtattr_nested(tb, TCA_IPT_MAX, arg);
546
547 if (tb[TCA_IPT_TABLE] == NULL) {
548 fprintf(f, "[NULL ipt table name ] assuming mangle ");
549 } else {
550 fprintf(f, "tablename: %s ",
551 (char *) RTA_DATA(tb[TCA_IPT_TABLE]));
552 }
553
554 if (tb[TCA_IPT_HOOK] == NULL) {
555 fprintf(f, "[NULL ipt hook name ]\n ");
556 return -1;
557 } else {
558 __u32 hook;
559 hook = *(__u32 *) RTA_DATA(tb[TCA_IPT_HOOK]);
560 fprintf(f, " hook: %s \n", ipthooks[hook]);
561 }
562
563 if (tb[TCA_IPT_TARG] == NULL) {
564 fprintf(f, "\t[NULL ipt target parameters ] \n");
565 return -1;
566 } else {
567 struct iptables_target *m = NULL;
568 t = RTA_DATA(tb[TCA_IPT_TARG]);
569 m = get_target_name(t->u.user.name);
570 if (NULL != m) {
571 if (0 > build_st(m, t)) {
572 fprintf(stderr, " %s error \n", m->name);
573 return -1;
574 }
575
576 opts =
577 merge_options(opts, m->extra_opts,
578 &m->option_offset);
579 } else {
580 fprintf(stderr, " failed to find target %s\n\n",
581 t->u.user.name);
582 return -1;
583 }
584 fprintf(f, "\ttarget ");
585 m->print(NULL, m->t, 0);
586 if (tb[TCA_IPT_INDEX] == NULL) {
587 fprintf(f, " [NULL ipt target index ]\n");
588 } else {
589 __u32 index;
590 index = *(__u32 *) RTA_DATA(tb[TCA_IPT_INDEX]);
591 fprintf(f, " \n\tindex %d", index);
592 }
593
594 if (tb[TCA_IPT_CNT]) {
595 struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);;
596 fprintf(f, " ref %d bind %d", c->refcnt, c->bindcnt);
597 }
598 if (show_stats) {
599 if (tb[TCA_IPT_TM]) {
600 struct tcf_t *tm = RTA_DATA(tb[TCA_IPT_TM]);
601 print_tm(f,tm);
602 }
603 }
604 fprintf(f, " \n");
605
606 }
607 free_opts(opts);
608
609 return 0;
610 }
611
612 struct action_util ipt_action_util = {
613 .id = "ipt",
614 .parse_aopt = parse_ipt,
615 .print_aopt = print_ipt,
616 };
617
Upstream mirror of iproute2