search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
manpages: do not include v4-only modules in ip6tables manpage
[jleu-iptables.git] / extensions / libipt_REDIRECT.c
blob01f9d0ff3089245c8dc7d7cdf777ad690209911a
1 /* Shared library add-on to iptables to add redirect support. */
2 #include <stdio.h>
3 #include <netdb.h>
4 #include <string.h>
5 #include <stdlib.h>
6 #include <getopt.h>
7 #include <xtables.h>
8 #include <limits.h> /* INT_MAX in ip_tables.h */
9 #include <linux/netfilter_ipv4/ip_tables.h>
10 #include <net/netfilter/nf_nat.h>
11
12 #define IPT_REDIRECT_OPT_DEST 0x01
13 #define IPT_REDIRECT_OPT_RANDOM 0x02
14
15 static void REDIRECT_help(void)
16 {
17 printf(
18 "REDIRECT target options:\n"
19 " --to-ports <port>[-<port>]\n"
20 " Port (range) to map to.\n");
21 }
22
23 static const struct option REDIRECT_opts[] = {
24 { "to-ports", 1, NULL, '1' },
25 { "random", 0, NULL, '2' },
26 { .name = NULL }
27 };
28
29 static void REDIRECT_init(struct xt_entry_target *t)
30 {
31 struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
32
33 /* Actually, it's 0, but it's ignored at the moment. */
34 mr->rangesize = 1;
35
36 }
37
38 /* Parses ports */
39 static void
40 parse_ports(const char *arg, struct nf_nat_multi_range *mr)
41 {
42 const char *dash;
43 int port;
44
45 mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
46
47 if (strchr(arg, '.'))
48 xtables_error(PARAMETER_PROBLEM, "IP address not permitted\n");
49
50 port = atoi(arg);
51 if (port == 0)
52 port = xtables_service_to_port(arg, NULL);
53
54 if (port == 0 || port > 65535)
55 xtables_error(PARAMETER_PROBLEM, "Port \"%s\" not valid\n", arg);
56
57 dash = strchr(arg, '-');
58 if (!dash) {
59 mr->range[0].min.tcp.port
60 = mr->range[0].max.tcp.port
61 = htons(port);
62 } else {
63 int maxport;
64
65 maxport = atoi(dash + 1);
66 if (maxport == 0 || maxport > 65535)
67 xtables_error(PARAMETER_PROBLEM,
68 "Port `%s' not valid\n", dash+1);
69 if (maxport < port)
70 /* People are stupid. */
71 xtables_error(PARAMETER_PROBLEM,
72 "Port range `%s' funky\n", arg);
73 mr->range[0].min.tcp.port = htons(port);
74 mr->range[0].max.tcp.port = htons(maxport);
75 }
76 }
77
78 static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags,
79 const void *e, struct xt_entry_target **target)
80 {
81 const struct ipt_entry *entry = e;
82 struct nf_nat_multi_range *mr
83 = (struct nf_nat_multi_range *)(*target)->data;
84 int portok;
85
86 if (entry->ip.proto == IPPROTO_TCP
87 || entry->ip.proto == IPPROTO_UDP
88 || entry->ip.proto == IPPROTO_SCTP
89 || entry->ip.proto == IPPROTO_DCCP
90 || entry->ip.proto == IPPROTO_ICMP)
91 portok = 1;
92 else
93 portok = 0;
94
95 switch (c) {
96 case '1':
97 if (!portok)
98 xtables_error(PARAMETER_PROBLEM,
99 "Need TCP, UDP, SCTP or DCCP with port specification");
100
101 if (xtables_check_inverse(optarg, &invert, NULL, 0))
102 xtables_error(PARAMETER_PROBLEM,
103 "Unexpected `!' after --to-ports");
104
105 parse_ports(optarg, mr);
106 if (*flags & IPT_REDIRECT_OPT_RANDOM)
107 mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
108 *flags |= IPT_REDIRECT_OPT_DEST;
109 return 1;
110
111 case '2':
112 if (*flags & IPT_REDIRECT_OPT_DEST) {
113 mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
114 *flags |= IPT_REDIRECT_OPT_RANDOM;
115 } else
116 *flags |= IPT_REDIRECT_OPT_RANDOM;
117 return 1;
118
119 default:
120 return 0;
121 }
122 }
123
124 static void REDIRECT_print(const void *ip, const struct xt_entry_target *target,
125 int numeric)
126 {
127 const struct nf_nat_multi_range *mr = (const void *)target->data;
128 const struct nf_nat_range *r = &mr->range[0];
129
130 if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
131 printf("redir ports ");
132 printf("%hu", ntohs(r->min.tcp.port));
133 if (r->max.tcp.port != r->min.tcp.port)
134 printf("-%hu", ntohs(r->max.tcp.port));
135 printf(" ");
136 if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
137 printf("random ");
138 }
139 }
140
141 static void REDIRECT_save(const void *ip, const struct xt_entry_target *target)
142 {
143 const struct nf_nat_multi_range *mr = (const void *)target->data;
144 const struct nf_nat_range *r = &mr->range[0];
145
146 if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
147 printf("--to-ports ");
148 printf("%hu", ntohs(r->min.tcp.port));
149 if (r->max.tcp.port != r->min.tcp.port)
150 printf("-%hu", ntohs(r->max.tcp.port));
151 printf(" ");
152 if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
153 printf("--random ");
154 }
155 }
156
157 static struct xtables_target redirect_tg_reg = {
158 .name = "REDIRECT",
159 .version = XTABLES_VERSION,
160 .family = NFPROTO_IPV4,
161 .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
162 .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
163 .help = REDIRECT_help,
164 .init = REDIRECT_init,
165 .parse = REDIRECT_parse,
166 .print = REDIRECT_print,
167 .save = REDIRECT_save,
168 .extra_opts = REDIRECT_opts,
169 };
170
171 void _init(void)
172 {
173 xtables_register_target(&redirect_tg_reg);
174 }
Various project for iptables