libip6t_dst.c revision bf97128c7262f17a02fec41cdae75b472ba77f88
1/* Shared library add-on to ip6tables to add Dst header support. */ 2#include <stdio.h> 3#include <netdb.h> 4#include <string.h> 5#include <stdlib.h> 6#include <getopt.h> 7#include <errno.h> 8#include <xtables.h> 9#include <linux/netfilter_ipv6/ip6t_opts.h> 10#include <sys/types.h> 11#include <sys/socket.h> 12#include <arpa/inet.h> 13 14static void dst_help(void) 15{ 16 printf( 17"dst match options:\n" 18"[!] --dst-len length total length of this header\n" 19" --dst-opts TYPE[:LEN][,TYPE[:LEN]...]\n" 20" Options and its length (list, max: %d)\n", 21IP6T_OPTS_OPTSNR); 22} 23 24static const struct option dst_opts[] = { 25 { .name = "dst-len", .has_arg = 1, .val = '1' }, 26 { .name = "dst-opts", .has_arg = 1, .val = '2' }, 27 { .name = "dst-not-strict", .has_arg = 1, .val = '3' }, 28 { .name = NULL } 29}; 30 31static u_int32_t 32parse_opts_num(const char *idstr, const char *typestr) 33{ 34 unsigned long int id; 35 char* ep; 36 37 id = strtoul(idstr, &ep, 0); 38 39 if ( idstr == ep ) { 40 xtables_error(PARAMETER_PROBLEM, 41 "dst: no valid digits in %s `%s'", typestr, idstr); 42 } 43 if ( id == ULONG_MAX && errno == ERANGE ) { 44 xtables_error(PARAMETER_PROBLEM, 45 "%s `%s' specified too big: would overflow", 46 typestr, idstr); 47 } 48 if ( *idstr != '\0' && *ep != '\0' ) { 49 xtables_error(PARAMETER_PROBLEM, 50 "dst: error parsing %s `%s'", typestr, idstr); 51 } 52 return id; 53} 54 55static int 56parse_options(const char *optsstr, u_int16_t *opts) 57{ 58 char *buffer, *cp, *next, *range; 59 unsigned int i; 60 61 buffer = strdup(optsstr); 62 if (!buffer) 63 xtables_error(OTHER_PROBLEM, "strdup failed"); 64 65 for (cp = buffer, i = 0; cp && i < IP6T_OPTS_OPTSNR; cp = next, i++) 66 { 67 next = strchr(cp, ','); 68 69 if (next) 70 *next++='\0'; 71 72 range = strchr(cp, ':'); 73 74 if (range) { 75 if (i == IP6T_OPTS_OPTSNR-1) 76 xtables_error(PARAMETER_PROBLEM, 77 "too many ports specified"); 78 *range++ = '\0'; 79 } 80 81 opts[i] = (parse_opts_num(cp, "opt") & 0xFF) << 8; 82 if (range) { 83 if (opts[i] == 0) 84 xtables_error(PARAMETER_PROBLEM, 85 "PAD0 hasn't got length"); 86 opts[i] |= parse_opts_num(range, "length") & 0xFF; 87 } else 88 opts[i] |= (0x00FF); 89 90#ifdef DEBUG 91 printf("opts str: %s %s\n", cp, range); 92 printf("opts opt: %04X\n", opts[i]); 93#endif 94 } 95 96 if (cp) 97 xtables_error(PARAMETER_PROBLEM, "too many addresses specified"); 98 99 free(buffer); 100 101#ifdef DEBUG 102 printf("addr nr: %d\n", i); 103#endif 104 105 return i; 106} 107 108static void dst_init(struct xt_entry_match *m) 109{ 110 struct ip6t_opts *optinfo = (struct ip6t_opts *)m->data; 111 112 optinfo->hdrlen = 0; 113 optinfo->flags = 0; 114 optinfo->invflags = 0; 115 optinfo->optsnr = 0; 116} 117 118static int dst_parse(int c, char **argv, int invert, unsigned int *flags, 119 const void *entry, struct xt_entry_match **match) 120{ 121 struct ip6t_opts *optinfo = (struct ip6t_opts *)(*match)->data; 122 123 switch (c) { 124 case '1': 125 if (*flags & IP6T_OPTS_LEN) 126 xtables_error(PARAMETER_PROBLEM, 127 "Only one `--dst-len' allowed"); 128 xtables_check_inverse(optarg, &invert, &optind, 0, argv); 129 optinfo->hdrlen = parse_opts_num(argv[optind-1], "length"); 130 if (invert) 131 optinfo->invflags |= IP6T_OPTS_INV_LEN; 132 optinfo->flags |= IP6T_OPTS_LEN; 133 *flags |= IP6T_OPTS_LEN; 134 break; 135 case '2': 136 if (*flags & IP6T_OPTS_OPTS) 137 xtables_error(PARAMETER_PROBLEM, 138 "Only one `--dst-opts' allowed"); 139 xtables_check_inverse(optarg, &invert, &optind, 0, argv); 140 if (invert) 141 xtables_error(PARAMETER_PROBLEM, 142 " '!' not allowed with `--dst-opts'"); 143 optinfo->optsnr = parse_options(argv[optind-1], optinfo->opts); 144 optinfo->flags |= IP6T_OPTS_OPTS; 145 *flags |= IP6T_OPTS_OPTS; 146 break; 147 case '3': 148 if (*flags & IP6T_OPTS_NSTRICT) 149 xtables_error(PARAMETER_PROBLEM, 150 "Only one `--dst-not-strict' allowed"); 151 if ( !(*flags & IP6T_OPTS_OPTS) ) 152 xtables_error(PARAMETER_PROBLEM, 153 "`--dst-opts ...' required before " 154 "`--dst-not-strict'"); 155 optinfo->flags |= IP6T_OPTS_NSTRICT; 156 *flags |= IP6T_OPTS_NSTRICT; 157 break; 158 default: 159 return 0; 160 } 161 162 return 1; 163} 164 165static void 166print_options(unsigned int optsnr, u_int16_t *optsp) 167{ 168 unsigned int i; 169 170 for(i = 0; i < optsnr; i++) { 171 printf("%d", (optsp[i] & 0xFF00) >> 8); 172 173 if ((optsp[i] & 0x00FF) != 0x00FF) 174 printf(":%d", (optsp[i] & 0x00FF)); 175 176 printf("%c", (i != optsnr - 1) ? ',' : ' '); 177 } 178} 179 180static void dst_print(const void *ip, const struct xt_entry_match *match, 181 int numeric) 182{ 183 const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data; 184 185 printf("dst "); 186 if (optinfo->flags & IP6T_OPTS_LEN) 187 printf("length:%s%u ", 188 optinfo->invflags & IP6T_OPTS_INV_LEN ? "!" : "", 189 optinfo->hdrlen); 190 191 if (optinfo->flags & IP6T_OPTS_OPTS) 192 printf("opts "); 193 194 print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts); 195 196 if (optinfo->flags & IP6T_OPTS_NSTRICT) 197 printf("not-strict "); 198 199 if (optinfo->invflags & ~IP6T_OPTS_INV_MASK) 200 printf("Unknown invflags: 0x%X ", 201 optinfo->invflags & ~IP6T_OPTS_INV_MASK); 202} 203 204static void dst_save(const void *ip, const struct xt_entry_match *match) 205{ 206 const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data; 207 208 if (optinfo->flags & IP6T_OPTS_LEN) { 209 printf("%s--dst-len %u ", 210 (optinfo->invflags & IP6T_OPTS_INV_LEN) ? "! " : "", 211 optinfo->hdrlen); 212 } 213 214 if (optinfo->flags & IP6T_OPTS_OPTS) 215 printf("--dst-opts "); 216 217 print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts); 218 219 if (optinfo->flags & IP6T_OPTS_NSTRICT) 220 printf("--dst-not-strict "); 221} 222 223static struct xtables_match dst_mt6_reg = { 224 .name = "dst", 225 .version = XTABLES_VERSION, 226 .family = NFPROTO_IPV6, 227 .size = XT_ALIGN(sizeof(struct ip6t_opts)), 228 .userspacesize = XT_ALIGN(sizeof(struct ip6t_opts)), 229 .help = dst_help, 230 .init = dst_init, 231 .parse = dst_parse, 232 .print = dst_print, 233 .save = dst_save, 234 .extra_opts = dst_opts, 235}; 236 237void 238_init(void) 239{ 240 xtables_register_match(&dst_mt6_reg); 241} 242