libipt_MASQUERADE.c revision 9c67defe98f04f72f19dfd09c8030e1de4b8bf0f 
1/* Shared library add-on to iptables to add masquerade support. */
2#include <stdio.h>
3#include <netdb.h>
4#include <string.h>
5#include <stdlib.h>
6#include <getopt.h>
7#include <iptables.h>
8#include <linux/netfilter_ipv4/ip_tables.h>
9#include <linux/netfilter/nf_nat.h>
10
11/* Function which prints out usage message. */
12static void
13help(void)
14{
15	printf(
16"MASQUERADE v%s options:\n"
17" --to-ports <port>[-<port>]\n"
18"				Port (range) to map to.\n"
19" --random\n"
20"				Randomize source port.\n"
21"\n"
22,
23IPTABLES_VERSION);
24}
25
26static struct option opts[] = {
27	{ "to-ports", 1, 0, '1' },
28	{ "random", 0, 0, '2' },
29	{ 0 }
30};
31
32/* Initialize the target. */
33static void
34init(struct ipt_entry_target *t, unsigned int *nfcache)
35{
36	struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
37
38	/* Actually, it's 0, but it's ignored at the moment. */
39	mr->rangesize = 1;
40
41}
42
43/* Parses ports */
44static void
45parse_ports(const char *arg, struct ip_nat_multi_range *mr)
46{
47	const char *dash;
48	int port;
49
50	mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
51
52	port = atoi(arg);
53	if (port <= 0 || port > 65535)
54		exit_error(PARAMETER_PROBLEM, "Port `%s' not valid\n", arg);
55
56	dash = strchr(arg, '-');
57	if (!dash) {
58		mr->range[0].min.tcp.port
59			= mr->range[0].max.tcp.port
60			= htons(port);
61	} else {
62		int maxport;
63
64		maxport = atoi(dash + 1);
65		if (maxport == 0 || maxport > 65535)
66			exit_error(PARAMETER_PROBLEM,
67				   "Port `%s' not valid\n", dash+1);
68		if (maxport < port)
69			/* People are stupid.  Present reader excepted. */
70			exit_error(PARAMETER_PROBLEM,
71				   "Port range `%s' funky\n", arg);
72		mr->range[0].min.tcp.port = htons(port);
73		mr->range[0].max.tcp.port = htons(maxport);
74	}
75}
76
77/* Function which parses command options; returns true if it
78   ate an option */
79static int
80parse(int c, char **argv, int invert, unsigned int *flags,
81      const struct ipt_entry *entry,
82      struct ipt_entry_target **target)
83{
84	int portok;
85	struct ip_nat_multi_range *mr
86		= (struct ip_nat_multi_range *)(*target)->data;
87
88	if (entry->ip.proto == IPPROTO_TCP
89	    || entry->ip.proto == IPPROTO_UDP
90	    || entry->ip.proto == IPPROTO_ICMP)
91		portok = 1;
92	else
93		portok = 0;
94
95	switch (c) {
96	case '1':
97		if (!portok)
98			exit_error(PARAMETER_PROBLEM,
99				   "Need TCP or UDP with port specification");
100
101		if (check_inverse(optarg, &invert, NULL, 0))
102			exit_error(PARAMETER_PROBLEM,
103				   "Unexpected `!' after --to-ports");
104
105		parse_ports(optarg, mr);
106		return 1;
107
108	case '2':
109		mr->range[0].flags |=  IP_NAT_RANGE_PROTO_RANDOM;
110		return 1;
111
112	default:
113		return 0;
114	}
115}
116
117/* Final check; don't care. */
118static void final_check(unsigned int flags)
119{
120}
121
122/* Prints out the targinfo. */
123static void
124print(const struct ipt_ip *ip,
125      const struct ipt_entry_target *target,
126      int numeric)
127{
128	struct ip_nat_multi_range *mr
129		= (struct ip_nat_multi_range *)target->data;
130	struct ip_nat_range *r = &mr->range[0];
131
132	if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
133		printf("masq ports: ");
134		printf("%hu", ntohs(r->min.tcp.port));
135		if (r->max.tcp.port != r->min.tcp.port)
136			printf("-%hu", ntohs(r->max.tcp.port));
137		printf(" ");
138	}
139
140	if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
141		printf("random ");
142}
143
144/* Saves the union ipt_targinfo in parsable form to stdout. */
145static void
146save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
147{
148	struct ip_nat_multi_range *mr
149		= (struct ip_nat_multi_range *)target->data;
150	struct ip_nat_range *r = &mr->range[0];
151
152	if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
153		printf("--to-ports %hu", ntohs(r->min.tcp.port));
154		if (r->max.tcp.port != r->min.tcp.port)
155			printf("-%hu", ntohs(r->max.tcp.port));
156		printf(" ");
157	}
158
159	if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
160		printf("--random ");
161}
162
163static struct iptables_target masq = { NULL,
164	.name		= "MASQUERADE",
165	.version	= IPTABLES_VERSION,
166	.size		= IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
167	.userspacesize	= IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
168	.help		= &help,
169	.init		= &init,
170	.parse		= &parse,
171	.final_check	= &final_check,
172	.print		= &print,
173	.save		= &save,
174	.extra_opts	= opts
175};
176
177void _init(void)
178{
179	register_target(&masq);
180}
181