1430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian/* 2430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian * Shared library add-on to iptables to add early socket matching support. 3430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian * 4430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian * Copyright (C) 2007 BalaBit IT Ltd. 5430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian */ 64d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt#include <stdio.h> 7430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian#include <xtables.h> 84d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt#include <linux/netfilter/xt_socket.h> 9430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian 109c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardtenum { 119c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt O_TRANSPARENT = 0, 129c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt}; 139c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt 149c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardtstatic const struct xt_option_entry socket_mt_opts[] = { 159c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt {.name = "transparent", .id = O_TRANSPARENT, .type = XTTYPE_NONE}, 169c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt XTOPT_TABLEEND, 174d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt}; 184d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 194d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtstatic void socket_mt_help(void) 204d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt{ 214d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt printf( 224d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt "socket match options:\n" 234d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt " --transparent Ignore non-transparent sockets\n\n"); 244d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt} 254d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 269c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardtstatic void socket_mt_parse(struct xt_option_call *cb) 274d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt{ 289c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt struct xt_socket_mtinfo1 *info = cb->data; 294d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 309c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt xtables_option_parse(cb); 319c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt switch (cb->entry->id) { 329c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt case O_TRANSPARENT: 334d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt info->flags |= XT_SOCKET_TRANSPARENT; 349c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt break; 354d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt } 364d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt} 374d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 384d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtstatic void 394d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtsocket_mt_save(const void *ip, const struct xt_entry_match *match) 404d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt{ 414d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt const struct xt_socket_mtinfo1 *info = (const void *)match->data; 424d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 434d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt if (info->flags & XT_SOCKET_TRANSPARENT) 4473866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" --transparent"); 454d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt} 464d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 474d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtstatic void 484d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtsocket_mt_print(const void *ip, const struct xt_entry_match *match, 494d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt int numeric) 504d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt{ 5173866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" socket"); 524d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt socket_mt_save(ip, match); 534d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt} 544d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 554d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtstatic struct xtables_match socket_mt_reg[] = { 564d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt { 574d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .name = "socket", 584d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .revision = 0, 594d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .family = NFPROTO_IPV4, 604d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .version = XTABLES_VERSION, 614d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .size = XT_ALIGN(0), 624d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .userspacesize = XT_ALIGN(0), 634d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt }, 644d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt { 654d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .name = "socket", 664d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .revision = 1, 674d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .family = NFPROTO_UNSPEC, 684d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .version = XTABLES_VERSION, 694d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), 704d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), 714d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .help = socket_mt_help, 724d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .print = socket_mt_print, 734d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .save = socket_mt_save, 749c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt .x6_parse = socket_mt_parse, 759c5c10554c61f0b22cbc65b27b765fa8172040f7Jan Engelhardt .x6_options = socket_mt_opts, 764d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt }, 77430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian}; 78430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian 79430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztianvoid _init(void) 80430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian{ 814d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt xtables_register_matches(socket_mt_reg, ARRAY_SIZE(socket_mt_reg)); 82430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian} 83