libxt_socket.c revision 73866357e4a7a0fdc1b293bf8863fee2bd56da9e
1430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian/* 2430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian * Shared library add-on to iptables to add early socket matching support. 3430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian * 4430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian * Copyright (C) 2007 BalaBit IT Ltd. 5430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian */ 64d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt#include <getopt.h> 74d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt#include <stdbool.h> 84d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt#include <stdio.h> 9430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian#include <xtables.h> 104d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt#include <linux/netfilter/xt_socket.h> 11430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian 124d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtstatic const struct option socket_mt_opts[] = { 134d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt {.name = "transparent", .has_arg = false, .val = 't'}, 144d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt XT_GETOPT_TABLEEND, 154d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt}; 164d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 174d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtstatic void socket_mt_help(void) 184d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt{ 194d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt printf( 204d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt "socket match options:\n" 214d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt " --transparent Ignore non-transparent sockets\n\n"); 224d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt} 234d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 244d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtstatic int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags, 254d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt const void *entry, struct xt_entry_match **match) 264d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt{ 274d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt struct xt_socket_mtinfo1 *info = (void *)(*match)->data; 284d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 294d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt switch (c) { 304d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt case 't': 314d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt info->flags |= XT_SOCKET_TRANSPARENT; 324d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt return true; 334d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt } 344d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt return false; 354d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt} 364d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 374d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtstatic void 384d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtsocket_mt_save(const void *ip, const struct xt_entry_match *match) 394d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt{ 404d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt const struct xt_socket_mtinfo1 *info = (const void *)match->data; 414d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 424d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt if (info->flags & XT_SOCKET_TRANSPARENT) 4373866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" --transparent"); 444d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt} 454d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 464d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtstatic void 474d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtsocket_mt_print(const void *ip, const struct xt_entry_match *match, 484d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt int numeric) 494d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt{ 5073866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" socket"); 514d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt socket_mt_save(ip, match); 524d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt} 534d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt 544d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardtstatic struct xtables_match socket_mt_reg[] = { 554d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt { 564d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .name = "socket", 574d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .revision = 0, 584d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .family = NFPROTO_IPV4, 594d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .version = XTABLES_VERSION, 604d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .size = XT_ALIGN(0), 614d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .userspacesize = XT_ALIGN(0), 624d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt }, 634d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt { 644d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .name = "socket", 654d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .revision = 1, 664d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .family = NFPROTO_UNSPEC, 674d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .version = XTABLES_VERSION, 684d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), 694d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo1)), 704d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .help = socket_mt_help, 714d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .parse = socket_mt_parse, 724d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .print = socket_mt_print, 734d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .save = socket_mt_save, 744d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt .extra_opts = socket_mt_opts, 754d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt }, 76430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian}; 77430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian 78430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztianvoid _init(void) 79430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian{ 804d2a77ff8cb4115925477cd5ce0ea972494107abJan Engelhardt xtables_register_matches(socket_mt_reg, ARRAY_SIZE(socket_mt_reg)); 81430bbc782ea034c6314a00a841f737560a56717cKOVACS Krisztian} 82