libipt_MASQUERADE.c revision 03d99486d8283552705b58dc55b6085dffc38792
1/* Shared library add-on to iptables to add masquerade support. */ 2#include <stdio.h> 3#include <netdb.h> 4#include <string.h> 5#include <stdlib.h> 6#include <getopt.h> 7#include <iptables.h> 8#include <linux/netfilter_ipv4/ip_tables.h> 9#include <linux/netfilter/nf_nat.h> 10 11static void MASQUERADE_help(void) 12{ 13 printf( 14"MASQUERADE target options:\n" 15" --to-ports <port>[-<port>]\n" 16" Port (range) to map to.\n" 17" --random\n" 18" Randomize source port.\n"); 19} 20 21static const struct option MASQUERADE_opts[] = { 22 { "to-ports", 1, NULL, '1' }, 23 { "random", 0, NULL, '2' }, 24 { .name = NULL } 25}; 26 27static void MASQUERADE_init(struct xt_entry_target *t) 28{ 29 struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data; 30 31 /* Actually, it's 0, but it's ignored at the moment. */ 32 mr->rangesize = 1; 33 34} 35 36/* Parses ports */ 37static void 38parse_ports(const char *arg, struct ip_nat_multi_range *mr) 39{ 40 const char *dash; 41 int port; 42 43 mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED; 44 45 port = atoi(arg); 46 if (port <= 0 || port > 65535) 47 exit_error(PARAMETER_PROBLEM, "Port `%s' not valid\n", arg); 48 49 dash = strchr(arg, '-'); 50 if (!dash) { 51 mr->range[0].min.tcp.port 52 = mr->range[0].max.tcp.port 53 = htons(port); 54 } else { 55 int maxport; 56 57 maxport = atoi(dash + 1); 58 if (maxport == 0 || maxport > 65535) 59 exit_error(PARAMETER_PROBLEM, 60 "Port `%s' not valid\n", dash+1); 61 if (maxport < port) 62 /* People are stupid. Present reader excepted. */ 63 exit_error(PARAMETER_PROBLEM, 64 "Port range `%s' funky\n", arg); 65 mr->range[0].min.tcp.port = htons(port); 66 mr->range[0].max.tcp.port = htons(maxport); 67 } 68} 69 70static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags, 71 const void *e, struct xt_entry_target **target) 72{ 73 const struct ipt_entry *entry = e; 74 int portok; 75 struct ip_nat_multi_range *mr 76 = (struct ip_nat_multi_range *)(*target)->data; 77 78 if (entry->ip.proto == IPPROTO_TCP 79 || entry->ip.proto == IPPROTO_UDP 80 || entry->ip.proto == IPPROTO_SCTP 81 || entry->ip.proto == IPPROTO_DCCP 82 || entry->ip.proto == IPPROTO_ICMP) 83 portok = 1; 84 else 85 portok = 0; 86 87 switch (c) { 88 case '1': 89 if (!portok) 90 exit_error(PARAMETER_PROBLEM, 91 "Need TCP, UDP, SCTP or DCCP with port specification"); 92 93 if (check_inverse(optarg, &invert, NULL, 0)) 94 exit_error(PARAMETER_PROBLEM, 95 "Unexpected `!' after --to-ports"); 96 97 parse_ports(optarg, mr); 98 return 1; 99 100 case '2': 101 mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; 102 return 1; 103 104 default: 105 return 0; 106 } 107} 108 109static void 110MASQUERADE_print(const void *ip, const struct xt_entry_target *target, 111 int numeric) 112{ 113 struct ip_nat_multi_range *mr 114 = (struct ip_nat_multi_range *)target->data; 115 struct ip_nat_range *r = &mr->range[0]; 116 117 if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { 118 printf("masq ports: "); 119 printf("%hu", ntohs(r->min.tcp.port)); 120 if (r->max.tcp.port != r->min.tcp.port) 121 printf("-%hu", ntohs(r->max.tcp.port)); 122 printf(" "); 123 } 124 125 if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) 126 printf("random "); 127} 128 129static void 130MASQUERADE_save(const void *ip, const struct xt_entry_target *target) 131{ 132 struct ip_nat_multi_range *mr 133 = (struct ip_nat_multi_range *)target->data; 134 struct ip_nat_range *r = &mr->range[0]; 135 136 if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { 137 printf("--to-ports %hu", ntohs(r->min.tcp.port)); 138 if (r->max.tcp.port != r->min.tcp.port) 139 printf("-%hu", ntohs(r->max.tcp.port)); 140 printf(" "); 141 } 142 143 if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) 144 printf("--random "); 145} 146 147static struct xtables_target masquerade_tg_reg = { 148 .name = "MASQUERADE", 149 .version = XTABLES_VERSION, 150 .family = NFPROTO_IPV4, 151 .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)), 152 .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)), 153 .help = MASQUERADE_help, 154 .init = MASQUERADE_init, 155 .parse = MASQUERADE_parse, 156 .print = MASQUERADE_print, 157 .save = MASQUERADE_save, 158 .extra_opts = MASQUERADE_opts, 159}; 160 161void _init(void) 162{ 163 xtables_register_target(&masquerade_tg_reg); 164} 165