libip6t_REJECT.c revision bf97128c7262f17a02fec41cdae75b472ba77f88
1/* Shared library add-on to ip6tables to add customized REJECT support. 2 * 3 * (C) 2000 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 4 * 5 * ported to IPv6 by Harald Welte <laforge@gnumonks.org> 6 * 7 */ 8#include <stdio.h> 9#include <string.h> 10#include <stdlib.h> 11#include <getopt.h> 12#include <xtables.h> 13#include <linux/netfilter_ipv6/ip6t_REJECT.h> 14 15struct reject_names { 16 const char *name; 17 const char *alias; 18 enum ip6t_reject_with with; 19 const char *desc; 20}; 21 22static const struct reject_names reject_table[] = { 23 {"icmp6-no-route", "no-route", 24 IP6T_ICMP6_NO_ROUTE, "ICMPv6 no route"}, 25 {"icmp6-adm-prohibited", "adm-prohibited", 26 IP6T_ICMP6_ADM_PROHIBITED, "ICMPv6 administratively prohibited"}, 27#if 0 28 {"icmp6-not-neighbor", "not-neighbor"}, 29 IP6T_ICMP6_NOT_NEIGHBOR, "ICMPv6 not a neighbor"}, 30#endif 31 {"icmp6-addr-unreachable", "addr-unreach", 32 IP6T_ICMP6_ADDR_UNREACH, "ICMPv6 address unreachable"}, 33 {"icmp6-port-unreachable", "port-unreach", 34 IP6T_ICMP6_PORT_UNREACH, "ICMPv6 port unreachable"}, 35 {"tcp-reset", "tcp-reset", 36 IP6T_TCP_RESET, "TCP RST packet"} 37}; 38 39static void 40print_reject_types(void) 41{ 42 unsigned int i; 43 44 printf("Valid reject types:\n"); 45 46 for (i = 0; i < ARRAY_SIZE(reject_table); ++i) { 47 printf(" %-25s\t%s\n", reject_table[i].name, reject_table[i].desc); 48 printf(" %-25s\talias\n", reject_table[i].alias); 49 } 50 printf("\n"); 51} 52 53static void REJECT_help(void) 54{ 55 printf( 56"REJECT target options:\n" 57"--reject-with type drop input packet and send back\n" 58" a reply packet according to type:\n"); 59 60 print_reject_types(); 61} 62 63static const struct option REJECT_opts[] = { 64 { "reject-with", 1, NULL, '1' }, 65 { .name = NULL } 66}; 67 68static void REJECT_init(struct xt_entry_target *t) 69{ 70 struct ip6t_reject_info *reject = (struct ip6t_reject_info *)t->data; 71 72 /* default */ 73 reject->with = IP6T_ICMP6_PORT_UNREACH; 74 75} 76 77static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags, 78 const void *entry, struct xt_entry_target **target) 79{ 80 struct ip6t_reject_info *reject = 81 (struct ip6t_reject_info *)(*target)->data; 82 unsigned int i; 83 84 switch(c) { 85 case '1': 86 if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) 87 xtables_error(PARAMETER_PROBLEM, 88 "Unexpected `!' after --reject-with"); 89 for (i = 0; i < ARRAY_SIZE(reject_table); ++i) 90 if ((strncasecmp(reject_table[i].name, optarg, strlen(optarg)) == 0) 91 || (strncasecmp(reject_table[i].alias, optarg, strlen(optarg)) == 0)) { 92 reject->with = reject_table[i].with; 93 return 1; 94 } 95 xtables_error(PARAMETER_PROBLEM, "unknown reject type \"%s\"", optarg); 96 default: 97 /* Fall through */ 98 break; 99 } 100 return 0; 101} 102 103static void REJECT_print(const void *ip, const struct xt_entry_target *target, 104 int numeric) 105{ 106 const struct ip6t_reject_info *reject 107 = (const struct ip6t_reject_info *)target->data; 108 unsigned int i; 109 110 for (i = 0; i < ARRAY_SIZE(reject_table); ++i) 111 if (reject_table[i].with == reject->with) 112 break; 113 printf("reject-with %s ", reject_table[i].name); 114} 115 116static void REJECT_save(const void *ip, const struct xt_entry_target *target) 117{ 118 const struct ip6t_reject_info *reject 119 = (const struct ip6t_reject_info *)target->data; 120 unsigned int i; 121 122 for (i = 0; i < ARRAY_SIZE(reject_table); ++i) 123 if (reject_table[i].with == reject->with) 124 break; 125 126 printf("--reject-with %s ", reject_table[i].name); 127} 128 129static struct xtables_target reject_tg6_reg = { 130 .name = "REJECT", 131 .version = XTABLES_VERSION, 132 .family = NFPROTO_IPV6, 133 .size = XT_ALIGN(sizeof(struct ip6t_reject_info)), 134 .userspacesize = XT_ALIGN(sizeof(struct ip6t_reject_info)), 135 .help = REJECT_help, 136 .init = REJECT_init, 137 .parse = REJECT_parse, 138 .print = REJECT_print, 139 .save = REJECT_save, 140 .extra_opts = REJECT_opts, 141}; 142 143void _init(void) 144{ 145 xtables_register_target(&reject_tg6_reg); 146} 147