extensions/libipt_SET.c

   1 /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
   2  *                         Patrick Schaaf <bof@bof.de>
   3  *                         Martin Josefsson <gandalf@wlug.westbo.se>
   4  * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 as
   8  * published by the Free Software Foundation.
   9  */
  10
  11 /* Shared library add-on to iptables to add IP set mangling target. */
  12 #include <stdio.h>
  13 #include <netdb.h>
  14 #include <string.h>
  15 #include <stdlib.h>
  16 #include <getopt.h>
  17 #include <ctype.h>
  18
  19 #include <xtables.h>
  20 #include <linux/netfilter_ipv4/ip_set.h>
  21 #include <linux/netfilter_ipv4/ipt_set.h>
  22 #include "libipt_set.h"
  23
  24 static void SET_help(void)
  25 {
  26         printf("SET target options:\n"
  27                " --add-set name flags\n"
  28                " --del-set name flags\n"
  29                "                add/del src/dst IP/port from/to named sets,\n"
  30                "                where flags are the comma separated list of\n"
  31                "                'src' and 'dst'.\n");
  32 }
  33
  34 static const struct option SET_opts[] = {
  35         {"add-set",   1, NULL, '1'},
  36         {"del-set",   1, NULL, '2'},
  37         { }
  38 };
  39
  40 static void SET_init(struct xt_entry_target *target)
  41 {
  42         struct ipt_set_info_target *info =
  43             (struct ipt_set_info_target *) target->data;
  44
  45         memset(info, 0, sizeof(struct ipt_set_info_target));
  46         info->add_set.index =
  47         info->del_set.index = IP_SET_INVALID_ID;
  48
  49 }
  50
  51 static void
  52 parse_target(char **argv, int invert, unsigned int *flags,
  53              struct ipt_set_info *info, const char *what)
  54 {
  55         if (info->flags[0])
  56                 xtables_error(PARAMETER_PROBLEM,
  57                            "--%s can be specified only once", what);
  58
  59         if (xtables_check_inverse(optarg, &invert, NULL, 0))
  60                 xtables_error(PARAMETER_PROBLEM,
  61                            "Unexpected `!' after --%s", what);
  62
  63         if (!argv[optind]
  64             || argv[optind][0] == '-' || argv[optind][0] == '!')
  65                 xtables_error(PARAMETER_PROBLEM,
  66                            "--%s requires two args.", what);
  67
  68         if (strlen(argv[optind-1]) > IP_SET_MAXNAMELEN - 1)
  69                 xtables_error(PARAMETER_PROBLEM,
  70                            "setname `%s' too long, max %d characters.",
  71                            argv[optind-1], IP_SET_MAXNAMELEN - 1);
  72
  73         get_set_byname(argv[optind - 1], info);
  74         parse_bindings(argv[optind], info);
  75         optind++;
  76
  77         *flags = 1;
  78 }
  79
  80 static int SET_parse(int c, char **argv, int invert, unsigned int *flags,
  81                      const void *entry, struct xt_entry_target **target)
  82 {
  83         struct ipt_set_info_target *myinfo =
  84             (struct ipt_set_info_target *) (*target)->data;
  85
  86         switch (c) {
  87         case '1':               /* --add-set <set> <flags> */
  88                 parse_target(argv, invert, flags,
  89                              &myinfo->add_set, "add-set");
  90                 break;
  91         case '2':               /* --del-set <set>[:<flags>] <flags> */
  92                 parse_target(argv, invert, flags,
  93                              &myinfo->del_set, "del-set");
  94                 break;
  95
  96         default:
  97                 return 0;
  98         }
  99         return 1;
 100 }
 101
 102 static void SET_check(unsigned int flags)
 103 {
 104         if (!flags)
 105                 xtables_error(PARAMETER_PROBLEM,
 106                            "You must specify either `--add-set' or `--del-set'");
 107 }
 108
 109 static void
 110 print_target(const char *prefix, const struct ipt_set_info *info)
 111 {
 112         int i;
 113         char setname[IP_SET_MAXNAMELEN];
 114
 115         if (info->index == IP_SET_INVALID_ID)
 116                 return;
 117         get_set_byid(setname, info->index);
 118         printf("%s %s", prefix, setname);
 119         for (i = 0; i < IP_SET_MAX_BINDINGS; i++) {
 120                 if (!info->flags[i])
 121                         break;
 122                 printf("%s%s",
 123                        i == 0 ? " " : ",",
 124                        info->flags[i] & IPSET_SRC ? "src" : "dst");
 125         }
 126         printf(" ");
 127 }
 128
 129 static void SET_print(const void *ip, const struct xt_entry_target *target,
 130                       int numeric)
 131 {
 132         const struct ipt_set_info_target *info = (const void *)target->data;
 133
 134         print_target("add-set", &info->add_set);
 135         print_target("del-set", &info->del_set);
 136 }
 137
 138 static void SET_save(const void *ip, const struct xt_entry_target *target)
 139 {
 140         const struct ipt_set_info_target *info = (const void *)target->data;
 141
 142         print_target("--add-set", &info->add_set);
 143         print_target("--del-set", &info->del_set);
 144 }
 145
 146 static struct xtables_target set_tg_reg = {
 147         .name           = "SET",
 148         .version        = XTABLES_VERSION,
 149         .family         = NFPROTO_IPV4,
 150         .size           = XT_ALIGN(sizeof(struct ipt_set_info_target)),
 151         .userspacesize  = XT_ALIGN(sizeof(struct ipt_set_info_target)),
 152         .help           = SET_help,
 153         .init           = SET_init,
 154         .parse          = SET_parse,
 155         .final_check    = SET_check,
 156         .print          = SET_print,
 157         .save           = SET_save,
 158         .extra_opts     = SET_opts,
 159 };
 160
 161 void _init(void)
 162 {
 163         xtables_register_target(&set_tg_reg);
 164 }