libip6t_dst.c revision 32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e 
1/* Shared library add-on to ip6tables to add Dst header support. */
2#include <stdbool.h>
3#include <stdio.h>
4#include <netdb.h>
5#include <string.h>
6#include <stdlib.h>
7#include <getopt.h>
8#include <errno.h>
9#include <xtables.h>
10#include <linux/netfilter_ipv6/ip6t_opts.h>
11#include <sys/types.h>
12#include <sys/socket.h>
13#include <arpa/inet.h>
14
15static void dst_help(void)
16{
17	printf(
18"dst match options:\n"
19"[!] --dst-len length            total length of this header\n"
20"  --dst-opts TYPE[:LEN][,TYPE[:LEN]...]\n"
21"                                Options and its length (list, max: %d)\n",
22IP6T_OPTS_OPTSNR);
23}
24
25static const struct option dst_opts[] = {
26	{.name = "dst-len",        .has_arg = true, .val = '1'},
27	{.name = "dst-opts",       .has_arg = true, .val = '2'},
28	{.name = "dst-not-strict", .has_arg = true, .val = '3'},
29	XT_GETOPT_TABLEEND,
30};
31
32static u_int32_t
33parse_opts_num(const char *idstr, const char *typestr)
34{
35	unsigned long int id;
36	char* ep;
37
38	id = strtoul(idstr, &ep, 0);
39
40	if ( idstr == ep ) {
41		xtables_error(PARAMETER_PROBLEM,
42		           "dst: no valid digits in %s `%s'", typestr, idstr);
43	}
44	if ( id == ULONG_MAX  && errno == ERANGE ) {
45		xtables_error(PARAMETER_PROBLEM,
46			   "%s `%s' specified too big: would overflow",
47			   typestr, idstr);
48	}
49	if ( *idstr != '\0'  && *ep != '\0' ) {
50		xtables_error(PARAMETER_PROBLEM,
51		           "dst: error parsing %s `%s'", typestr, idstr);
52	}
53	return id;
54}
55
56static int
57parse_options(const char *optsstr, u_int16_t *opts)
58{
59        char *buffer, *cp, *next, *range;
60        unsigned int i;
61
62	buffer = strdup(optsstr);
63        if (!buffer)
64		xtables_error(OTHER_PROBLEM, "strdup failed");
65
66        for (cp = buffer, i = 0; cp && i < IP6T_OPTS_OPTSNR; cp = next, i++)
67        {
68                next = strchr(cp, ',');
69
70                if (next)
71			*next++='\0';
72
73                range = strchr(cp, ':');
74
75                if (range) {
76                        if (i == IP6T_OPTS_OPTSNR-1)
77				xtables_error(PARAMETER_PROBLEM,
78                                           "too many ports specified");
79                        *range++ = '\0';
80                }
81
82		opts[i] = (parse_opts_num(cp, "opt") & 0xFF) << 8;
83                if (range) {
84			if (opts[i] == 0)
85				xtables_error(PARAMETER_PROBLEM,
86					"PAD0 hasn't got length");
87			opts[i] |= parse_opts_num(range, "length") & 0xFF;
88                } else
89                        opts[i] |= (0x00FF);
90
91#ifdef DEBUG
92		printf("opts str: %s %s\n", cp, range);
93		printf("opts opt: %04X\n", opts[i]);
94#endif
95	}
96
97        if (cp)
98		xtables_error(PARAMETER_PROBLEM, "too many addresses specified");
99
100	free(buffer);
101
102#ifdef DEBUG
103	printf("addr nr: %d\n", i);
104#endif
105
106	return i;
107}
108
109static void dst_init(struct xt_entry_match *m)
110{
111	struct ip6t_opts *optinfo = (struct ip6t_opts *)m->data;
112
113	optinfo->hdrlen = 0;
114	optinfo->flags = 0;
115	optinfo->invflags = 0;
116	optinfo->optsnr = 0;
117}
118
119static int dst_parse(int c, char **argv, int invert, unsigned int *flags,
120                     const void *entry, struct xt_entry_match **match)
121{
122	struct ip6t_opts *optinfo = (struct ip6t_opts *)(*match)->data;
123
124	switch (c) {
125	case '1':
126		if (*flags & IP6T_OPTS_LEN)
127			xtables_error(PARAMETER_PROBLEM,
128				   "Only one `--dst-len' allowed");
129		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
130		optinfo->hdrlen = parse_opts_num(optarg, "length");
131		if (invert)
132			optinfo->invflags |= IP6T_OPTS_INV_LEN;
133		optinfo->flags |= IP6T_OPTS_LEN;
134		*flags |= IP6T_OPTS_LEN;
135		break;
136	case '2':
137		if (*flags & IP6T_OPTS_OPTS)
138			xtables_error(PARAMETER_PROBLEM,
139				   "Only one `--dst-opts' allowed");
140                xtables_check_inverse(optarg, &invert, &optind, 0, argv);
141                if (invert)
142			xtables_error(PARAMETER_PROBLEM,
143				" '!' not allowed with `--dst-opts'");
144		optinfo->optsnr = parse_options(optarg, optinfo->opts);
145		optinfo->flags |= IP6T_OPTS_OPTS;
146		*flags |= IP6T_OPTS_OPTS;
147		break;
148	case '3':
149		if (*flags & IP6T_OPTS_NSTRICT)
150			xtables_error(PARAMETER_PROBLEM,
151				   "Only one `--dst-not-strict' allowed");
152		if ( !(*flags & IP6T_OPTS_OPTS) )
153			xtables_error(PARAMETER_PROBLEM,
154				   "`--dst-opts ...' required before "
155				   "`--dst-not-strict'");
156		optinfo->flags |= IP6T_OPTS_NSTRICT;
157		*flags |= IP6T_OPTS_NSTRICT;
158		break;
159	default:
160		return 0;
161	}
162
163	return 1;
164}
165
166static void
167print_options(unsigned int optsnr, u_int16_t *optsp)
168{
169	unsigned int i;
170
171	for(i = 0; i < optsnr; i++) {
172		printf("%d", (optsp[i] & 0xFF00) >> 8);
173
174		if ((optsp[i] & 0x00FF) != 0x00FF)
175			printf(":%d", (optsp[i] & 0x00FF));
176
177		printf("%c", (i != optsnr - 1) ? ',' : ' ');
178	}
179}
180
181static void dst_print(const void *ip, const struct xt_entry_match *match,
182                      int numeric)
183{
184	const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
185
186	printf("dst ");
187	if (optinfo->flags & IP6T_OPTS_LEN)
188		printf("length:%s%u ",
189			optinfo->invflags & IP6T_OPTS_INV_LEN ? "!" : "",
190			optinfo->hdrlen);
191
192	if (optinfo->flags & IP6T_OPTS_OPTS)
193		printf("opts ");
194
195	print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts);
196
197	if (optinfo->flags & IP6T_OPTS_NSTRICT)
198		printf("not-strict ");
199
200	if (optinfo->invflags & ~IP6T_OPTS_INV_MASK)
201		printf("Unknown invflags: 0x%X ",
202		       optinfo->invflags & ~IP6T_OPTS_INV_MASK);
203}
204
205static void dst_save(const void *ip, const struct xt_entry_match *match)
206{
207	const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
208
209	if (optinfo->flags & IP6T_OPTS_LEN) {
210		printf("%s--dst-len %u ",
211			(optinfo->invflags & IP6T_OPTS_INV_LEN) ? "! " : "",
212			optinfo->hdrlen);
213	}
214
215	if (optinfo->flags & IP6T_OPTS_OPTS)
216		printf("--dst-opts ");
217
218	print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts);
219
220	if (optinfo->flags & IP6T_OPTS_NSTRICT)
221		printf("--dst-not-strict ");
222}
223
224static struct xtables_match dst_mt6_reg = {
225	.name          = "dst",
226	.version       = XTABLES_VERSION,
227	.family        = NFPROTO_IPV6,
228	.size          = XT_ALIGN(sizeof(struct ip6t_opts)),
229	.userspacesize = XT_ALIGN(sizeof(struct ip6t_opts)),
230	.help          = dst_help,
231	.init          = dst_init,
232	.parse         = dst_parse,
233	.print         = dst_print,
234	.save          = dst_save,
235	.extra_opts    = dst_opts,
236};
237
238void
239_init(void)
240{
241	xtables_register_match(&dst_mt6_reg);
242}
243