extensions/libipt_NETMAP.c

   1 /* Shared library add-on to iptables to add static NAT support.
   2    Author: Svenning Soerensen <svenning@post5.tele.dk>
   3 */
   4
   5 #include <stdio.h>
   6 #include <netdb.h>
   7 #include <string.h>
   8 #include <stdlib.h>
   9 #include <getopt.h>
  10 #include <xtables.h>
  11 #include <net/netfilter/nf_nat.h>
  12
  13 #define MODULENAME "NETMAP"
  14
  15 static const struct option NETMAP_opts[] = {
  16         { "to", 1, NULL, '1' },
  17         { .name = NULL }
  18 };
  19
  20 static void NETMAP_help(void)
  21 {
  22         printf(MODULENAME" target options:\n"
  23                "  --%s address[/mask]\n"
  24                "                                Network address to map to.\n\n",
  25                NETMAP_opts[0].name);
  26 }
  27
  28 static u_int32_t
  29 bits2netmask(int bits)
  30 {
  31         u_int32_t netmask, bm;
  32
  33         if (bits >= 32 || bits < 0)
  34                 return(~0);
  35         for (netmask = 0, bm = 0x80000000; bits; bits--, bm >>= 1)
  36                 netmask |= bm;
  37         return htonl(netmask);
  38 }
  39
  40 static int
  41 netmask2bits(u_int32_t netmask)
  42 {
  43         u_int32_t bm;
  44         int bits;
  45
  46         netmask = ntohl(netmask);
  47         for (bits = 0, bm = 0x80000000; netmask & bm; netmask <<= 1)
  48                 bits++;
  49         if (netmask)
  50                 return -1; /* holes in netmask */
  51         return bits;
  52 }
  53
  54 static void NETMAP_init(struct xt_entry_target *t)
  55 {
  56         struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
  57
  58         /* Actually, it's 0, but it's ignored at the moment. */
  59         mr->rangesize = 1;
  60
  61 }
  62
  63 /* Parses network address */
  64 static void
  65 parse_to(char *arg, struct nf_nat_range *range)
  66 {
  67         char *slash;
  68         const struct in_addr *ip;
  69         u_int32_t netmask;
  70         unsigned int bits;
  71
  72         range->flags |= IP_NAT_RANGE_MAP_IPS;
  73         slash = strchr(arg, '/');
  74         if (slash)
  75                 *slash = '\0';
  76
  77         ip = xtables_numeric_to_ipaddr(arg);
  78         if (!ip)
  79                 xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
  80                            arg);
  81         range->min_ip = ip->s_addr;
  82         if (slash) {
  83                 if (strchr(slash+1, '.')) {
  84                         ip = xtables_numeric_to_ipmask(slash+1);
  85                         if (!ip)
  86                                 xtables_error(PARAMETER_PROBLEM, "Bad netmask \"%s\"\n",
  87                                            slash+1);
  88                         netmask = ip->s_addr;
  89                 }
  90                 else {
  91                         if (!xtables_strtoui(slash+1, NULL, &bits, 0, 32))
  92                                 xtables_error(PARAMETER_PROBLEM, "Bad netmask \"%s\"\n",
  93                                            slash+1);
  94                         netmask = bits2netmask(bits);
  95                 }
  96                 /* Don't allow /0 (/1 is probably insane, too) */
  97                 if (netmask == 0)
  98                         xtables_error(PARAMETER_PROBLEM, "Netmask needed\n");
  99         }
 100         else
 101                 netmask = ~0;
 102
 103         if (range->min_ip & ~netmask) {
 104                 if (slash)
 105                         *slash = '/';
 106                 xtables_error(PARAMETER_PROBLEM, "Bad network address \"%s\"\n",
 107                            arg);
 108         }
 109         range->max_ip = range->min_ip | ~netmask;
 110 }
 111
 112 static int NETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
 113                         const void *entry, struct xt_entry_target **target)
 114 {
 115         struct nf_nat_multi_range *mr
 116                 = (struct nf_nat_multi_range *)(*target)->data;
 117
 118         switch (c) {
 119         case '1':
 120                 if (xtables_check_inverse(optarg, &invert, NULL, 0))
 121                         xtables_error(PARAMETER_PROBLEM,
 122                                    "Unexpected `!' after --%s", NETMAP_opts[0].name);
 123
 124                 parse_to(optarg, &mr->range[0]);
 125                 *flags = 1;
 126                 return 1;
 127
 128         default:
 129                 return 0;
 130         }
 131 }
 132
 133 static void NETMAP_check(unsigned int flags)
 134 {
 135         if (!flags)
 136                 xtables_error(PARAMETER_PROBLEM,
 137                            MODULENAME" needs --%s", NETMAP_opts[0].name);
 138 }
 139
 140 static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
 141                          int numeric)
 142 {
 143         const struct nf_nat_multi_range *mr = (const void *)target->data;
 144         const struct nf_nat_range *r = &mr->range[0];
 145         struct in_addr a;
 146         int bits;
 147
 148         a.s_addr = r->min_ip;
 149         printf("%s", xtables_ipaddr_to_numeric(&a));
 150         a.s_addr = ~(r->min_ip ^ r->max_ip);
 151         bits = netmask2bits(a.s_addr);
 152         if (bits < 0)
 153                 printf("/%s", xtables_ipaddr_to_numeric(&a));
 154         else
 155                 printf("/%d", bits);
 156 }
 157
 158 static void NETMAP_save(const void *ip, const struct xt_entry_target *target)
 159 {
 160         printf("--%s ", NETMAP_opts[0].name);
 161         NETMAP_print(ip, target, 0);
 162 }
 163
 164 static struct xtables_target netmap_tg_reg = {
 165         .name           = MODULENAME,
 166         .version        = XTABLES_VERSION,
 167         .family         = NFPROTO_IPV4,
 168         .size           = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
 169         .userspacesize  = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
 170         .help           = NETMAP_help,
 171         .init           = NETMAP_init,
 172         .parse          = NETMAP_parse,
 173         .final_check    = NETMAP_check,
 174         .print          = NETMAP_print,
 175         .save           = NETMAP_save,
 176         .extra_opts     = NETMAP_opts,
 177 };
 178
 179 void _init(void)
 180 {
 181         xtables_register_target(&netmap_tg_reg);
 182 }