2 * m_ipt.c iptables based targets
3 * utilities mostly ripped from iptables <duh, its the linux way>
5 * This program is free software; you can distribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version
8 * 2 of the License, or (at your option) any later version.
10 * Authors: J Hadi Salim (hadi@cyberus.ca)
12 * TODO: bad bad hardcoding IPT_LIB_DIR and PROC_SYS_MODPROBE
17 #include <sys/socket.h>
18 #include <netinet/in.h>
19 #include <arpa/inet.h>
21 #include <linux/netfilter_ipv4/ip_tables.h>
24 #include <linux/tc_act/tc_ipt.h>
39 const char *pname = "tc-ipt";
40 const char *tname = "mangle";
41 const char *pversion = "0.1";
51 #define IPT_LIB_DIR "/usr/local/lib/iptables"
54 #ifndef PROC_SYS_MODPROBE
55 #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
58 static const char *ipthooks[] = {
66 static struct option original_opts[] = {
71 static struct iptables_target *t_list = NULL;
72 static unsigned int global_option_offset = 0;
73 #define OPTION_OFFSET 256
76 /* no clue why register match is within targets
77 figure out later. Talk to Harald -- JHS
80 register_match(struct iptables_match *me)
82 /* fprintf(stderr, "\nDummy register_match\n"); */
86 register_target(struct iptables_target *me)
88 /* fprintf(stderr, "\nDummy register_target %s \n", me->name);
97 exit_tryhelp(int status)
99 fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
105 exit_error(enum exittype status, char *msg, ...)
110 fprintf(stderr, "%s v%s: ", pname, pversion);
111 vfprintf(stderr, msg, args);
113 fprintf(stderr, "\n");
114 if (status == PARAMETER_PROBLEM)
115 exit_tryhelp(status);
116 if (status == VERSION_PROBLEM)
118 "Perhaps iptables or your kernel needs to be upgraded.\n");
122 /* stolen from iptables 1.2.11
123 They should really have them as a library so i can link to them
124 Email them next time i remember
128 addr_to_dotted(const struct in_addr *addrp)
131 const unsigned char *bytep;
133 bytep = (const unsigned char *) &(addrp->s_addr);
134 sprintf(buf, "%d.%d.%d.%d", bytep[0], bytep[1], bytep[2], bytep[3]);
138 int string_to_number_ll(const char *s, unsigned long long min,
139 unsigned long long max,
140 unsigned long long *ret)
142 unsigned long long number;
145 /* Handle hex, octal, etc. */
147 number = strtoull(s, &end, 0);
148 if (*end == '\0' && end != s) {
149 /* we parsed a number, let's see if we want this */
150 if (errno != ERANGE && min <= number && (!max || number <= max)) {
158 int string_to_number_l(const char *s, unsigned long min, unsigned long max,
162 unsigned long long number;
164 result = string_to_number_ll(s, min, max, &number);
165 *ret = (unsigned long)number;
170 int string_to_number(const char *s, unsigned int min, unsigned int max,
174 unsigned long number;
176 result = string_to_number_l(s, min, max, &number);
177 *ret = (unsigned int)number;
184 string_to_number(const char *s, unsigned int min, unsigned int max,
190 /* Handle hex, octal, etc. */
192 number = strtol(s, &end, 0);
193 if (*end == '\0' && end != s) {
194 /* we parsed a number, let's see if we want this */
195 if (errno != ERANGE && min <= number && number <= max) {
204 static struct option *
205 copy_options(struct option *oldopts)
207 struct option *merge;
208 unsigned int num_old;
209 for (num_old = 0; oldopts[num_old].name; num_old++) ;
210 merge = malloc(sizeof (struct option) * (num_old + 1));
213 memcpy(merge, oldopts, num_old * sizeof (struct option));
214 memset(merge + num_old, 0, sizeof (struct option));
218 static struct option *
219 merge_options(struct option *oldopts, const struct option *newopts,
220 unsigned int *option_offset)
222 struct option *merge;
223 unsigned int num_old, num_new, i;
225 for (num_old = 0; oldopts[num_old].name; num_old++) ;
226 for (num_new = 0; newopts[num_new].name; num_new++) ;
228 *option_offset = global_option_offset + OPTION_OFFSET;
230 merge = malloc(sizeof (struct option) * (num_new + num_old + 1));
231 memcpy(merge, oldopts, num_old * sizeof (struct option));
232 for (i = 0; i < num_new; i++) {
233 merge[num_old + i] = newopts[i];
234 merge[num_old + i].val += *option_offset;
236 memset(merge + num_old + num_new, 0, sizeof (struct option));
242 fw_calloc(size_t count, size_t size)
246 if ((p = (void *) calloc(count, size)) == NULL) {
247 perror("iptables: calloc failed");
255 fw_malloc(size_t size)
259 if ((p = (void *) malloc(size)) == NULL) {
260 perror("iptables: malloc failed");
267 check_inverse(const char option[], int *invert)
269 if (option && strcmp(option, "!") == 0) {
271 exit_error(PARAMETER_PROBLEM,
272 "Multiple `!' flags not allowed");
281 static struct iptables_target *
284 struct iptables_target *m;
285 for (m = t_list; m; m = m->next) {
286 if (strcmp(m->name, name) == 0)
293 static struct iptables_target *
294 get_target_name(char *name)
298 char *new_name, *lname;
299 struct iptables_target *m;
301 char path[sizeof (IPT_LIB_DIR) + sizeof ("/libipt_.so") + strlen(name)];
303 new_name = malloc(strlen(name) + 1);
304 lname = malloc(strlen(name) + 1);
306 memset(new_name, '\0', strlen(name) + 1);
308 exit_error(PARAMETER_PROBLEM, "get_target_name");
311 memset(lname, '\0', strlen(name) + 1);
313 exit_error(PARAMETER_PROBLEM, "get_target_name");
315 strcpy(new_name, name);
318 if (isupper(lname[0])) {
320 for (i = 0; i < strlen(name); i++) {
321 lname[i] = tolower(lname[i]);
325 if (islower(new_name[0])) {
327 for (i = 0; i < strlen(new_name); i++) {
328 new_name[i] = toupper(new_name[i]);
332 sprintf(path, IPT_LIB_DIR "/libipt_%s.so", new_name);
333 handle = dlopen(path, RTLD_LAZY);
335 sprintf(path, IPT_LIB_DIR "/libipt_%s.so", lname);
336 handle = dlopen(path, RTLD_LAZY);
338 fputs(dlerror(), stderr);
344 m = dlsym(handle, new_name);
345 if ((error = dlerror()) != NULL) {
346 m = (struct iptables_target *) dlsym(handle, lname);
347 if ((error = dlerror()) != NULL) {
348 m = find_t(new_name);
352 fputs(error, stderr);
353 fprintf(stderr, "\n");
366 addr_to_dotted(const struct in_addr *addrp)
369 const unsigned char *bytep;
371 bytep = (const unsigned char *) &(addrp->s_addr);
372 sprintf(buf, "%d.%d.%d.%d", bytep[0], bytep[1], bytep[2], bytep[3]);
377 struct in_addr *dotted_to_addr(const char *dotted)
379 static struct in_addr addr;
380 unsigned char *addrp;
382 unsigned int onebyte;
386 /* copy dotted string, because we need to modify it */
387 strncpy(buf, dotted, sizeof (buf) - 1);
388 addrp = (unsigned char *) &(addr.s_addr);
391 for (i = 0; i < 3; i++) {
392 if ((q = strchr(p, '.')) == NULL)
393 return (struct in_addr *) NULL;
396 if (string_to_number(p, 0, 255, &onebyte) == -1)
397 return (struct in_addr *) NULL;
399 addrp[i] = (unsigned char) onebyte;
403 /* we've checked 3 bytes, now we check the last one */
404 if (string_to_number(p, 0, 255, &onebyte) == -1)
405 return (struct in_addr *) NULL;
407 addrp[3] = (unsigned char) onebyte;
413 build_st(struct iptables_target *target, struct ipt_entry_target *t)
415 unsigned int nfcache = 0;
421 IPT_ALIGN(sizeof (struct ipt_entry_target)) + target->size;
424 target->t = fw_calloc(1, size);
425 target->init(target->t, &nfcache);
426 target->t->u.target_size = size;
430 strcpy(target->t->u.user.name, target->name);
437 static int parse_ipt(struct action_util *a,int *argc_p,
438 char ***argv_p, int tca_id, struct nlmsghdr *n)
440 struct iptables_target *m = NULL;
445 char **argv = *argv_p;
447 int argc = 0, iargc = 0;
452 __u32 hook = 0, index = 0;
457 for (i = 0; i < rargc; i++) {
458 if (NULL == argv[i] || 0 == strcmp(argv[i], "action")) {
466 fprintf(stderr,"bad arguements to ipt %d vs %d \n", argc, rargc);
470 opts = copy_options(original_opts);
476 c = getopt_long(argc, argv, "j:", opts, NULL);
481 m = get_target_name(optarg);
484 if (0 > build_st(m, NULL)) {
485 printf(" %s error \n", m->name);
489 merge_options(opts, m->extra_opts,
492 fprintf(stderr," failed to find target %s\n\n", optarg);
499 memset(&fw, 0, sizeof (fw));
501 unsigned int fake_flags = 0;
502 m->parse(c - m->option_offset, argv, 0,
503 &fake_flags, NULL, &m->t);
505 fprintf(stderr," failed to find target %s\n\n", optarg);
511 /*m->final_check(m->t); -- Is this necessary?
512 ** useful when theres depencies
513 ** eg ipt_TCPMSS.c has have the TCP match loaded
514 ** before this can be used;
515 ** also seems the ECN target needs it
523 if (iargc > optind) {
524 if (matches(argv[optind], "index") == 0) {
525 if (get_u32(&index, argv[optind + 1], 10)) {
526 fprintf(stderr, "Illegal \"index\"\n");
536 fprintf(stderr," ipt Parser BAD!! (%s)\n", *argv);
541 struct tcmsg *t = NLMSG_DATA(n);
542 if (t->tcm_parent != TC_H_ROOT
543 && t->tcm_parent == TC_H_MAJ(TC_H_INGRESS)) {
544 hook = NF_IP_PRE_ROUTING;
546 hook = NF_IP_POST_ROUTING;
550 tail = (struct rtattr *) (((void *) n) + NLMSG_ALIGN(n->nlmsg_len));
551 addattr_l(n, MAX_MSG, tca_id, NULL, 0);
552 fprintf(stdout, "tablename: %s hook: %s\n ", tname, ipthooks[hook]);
553 fprintf(stdout, "\ttarget: ");
556 m->print(NULL, m->t, 0);
557 fprintf(stdout, " index %d\n", index);
559 if (strlen(tname) > 16) {
563 size = 1 + strlen(tname);
565 strncpy(k, tname, size);
567 addattr_l(n, MAX_MSG, TCA_IPT_TABLE, k, size);
568 addattr_l(n, MAX_MSG, TCA_IPT_HOOK, &hook, 4);
569 addattr_l(n, MAX_MSG, TCA_IPT_INDEX, &index, 4);
571 addattr_l(n, MAX_MSG, TCA_IPT_TARG, m->t, m->t->u.target_size);
573 (((void *) n) + NLMSG_ALIGN(n->nlmsg_len)) - (void *) tail;
577 *argc_p = rargc - iargc;
587 print_ipt(struct action_util *au,FILE * f, struct rtattr *arg)
589 struct rtattr *tb[TCA_IPT_MAX + 1];
590 struct ipt_entry_target *t = NULL;
596 opts = copy_options(original_opts);
600 memset(tb, 0, sizeof (tb));
601 parse_rtattr(tb, TCA_IPT_MAX, RTA_DATA(arg), RTA_PAYLOAD(arg));
603 if (tb[TCA_IPT_TABLE] == NULL) {
604 fprintf(f, "[NULL ipt table name ] assuming mangle ");
606 fprintf(f, "tablename: %s ",
607 (char *) RTA_DATA(tb[TCA_IPT_TABLE]));
610 if (tb[TCA_IPT_HOOK] == NULL) {
611 fprintf(f, "[NULL ipt hook name ]\n ");
615 hook = *(__u32 *) RTA_DATA(tb[TCA_IPT_HOOK]);
616 fprintf(f, " hook: %s \n", ipthooks[hook]);
619 if (tb[TCA_IPT_TARG] == NULL) {
620 fprintf(f, "\t[NULL ipt target parameters ] \n");
623 struct iptables_target *m = NULL;
624 t = RTA_DATA(tb[TCA_IPT_TARG]);
625 m = get_target_name(t->u.user.name);
627 if (0 > build_st(m, t)) {
628 fprintf(stderr, " %s error \n", m->name);
633 merge_options(opts, m->extra_opts,
636 fprintf(stderr, " failed to find target %s\n\n",
640 fprintf(f, "\ttarget ");
641 m->print(NULL, m->t, 0);
642 if (tb[TCA_IPT_INDEX] == NULL) {
643 fprintf(f, " [NULL ipt target index ]\n");
646 index = *(__u32 *) RTA_DATA(tb[TCA_IPT_INDEX]);
647 fprintf(f, " \n\tindex %d", index);
650 if (tb[TCA_IPT_CNT]) {
651 struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);;
652 fprintf(f, " ref %d bind %d", c->refcnt, c->bindcnt);
655 if (tb[TCA_IPT_TM]) {
656 struct tcf_t *tm = RTA_DATA(tb[TCA_IPT_TM]);
667 struct action_util ipt_action_util = {
669 .parse_aopt = parse_ipt,
670 .print_aopt = print_ipt,
projects / lisovros / iproute2_canprio.git / blob