libipt_REDIRECT.c revision 0f16c725aadaac7e670d632ecbaea3661ff00827
1/* Shared library add-on to iptables to add redirect support. */ 2#include <stdio.h> 3#include <netdb.h> 4#include <string.h> 5#include <stdlib.h> 6#include <getopt.h> 7#include <xtables.h> 8#include <linux/netfilter_ipv4/ip_tables.h> 9#include <linux/netfilter/nf_nat.h> 10 11#define IPT_REDIRECT_OPT_DEST 0x01 12#define IPT_REDIRECT_OPT_RANDOM 0x02 13 14static void REDIRECT_help(void) 15{ 16 printf( 17"REDIRECT target options:\n" 18" --to-ports <port>[-<port>]\n" 19" Port (range) to map to.\n"); 20} 21 22static const struct option REDIRECT_opts[] = { 23 { "to-ports", 1, NULL, '1' }, 24 { "random", 0, NULL, '2' }, 25 { .name = NULL } 26}; 27 28static void REDIRECT_init(struct xt_entry_target *t) 29{ 30 struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data; 31 32 /* Actually, it's 0, but it's ignored at the moment. */ 33 mr->rangesize = 1; 34 35} 36 37/* Parses ports */ 38static void 39parse_ports(const char *arg, struct ip_nat_multi_range *mr) 40{ 41 const char *dash; 42 int port; 43 44 mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED; 45 46 if (strchr(arg, '.')) 47 exit_error(PARAMETER_PROBLEM, "IP address not permitted\n"); 48 49 port = atoi(arg); 50 if (port == 0) 51 port = xtables_service_to_port(arg, NULL); 52 53 if (port == 0 || port > 65535) 54 exit_error(PARAMETER_PROBLEM, "Port `%s' not valid\n", arg); 55 56 dash = strchr(arg, '-'); 57 if (!dash) { 58 mr->range[0].min.tcp.port 59 = mr->range[0].max.tcp.port 60 = htons(port); 61 } else { 62 int maxport; 63 64 maxport = atoi(dash + 1); 65 if (maxport == 0 || maxport > 65535) 66 exit_error(PARAMETER_PROBLEM, 67 "Port `%s' not valid\n", dash+1); 68 if (maxport < port) 69 /* People are stupid. */ 70 exit_error(PARAMETER_PROBLEM, 71 "Port range `%s' funky\n", arg); 72 mr->range[0].min.tcp.port = htons(port); 73 mr->range[0].max.tcp.port = htons(maxport); 74 } 75} 76 77static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags, 78 const void *e, struct xt_entry_target **target) 79{ 80 const struct ipt_entry *entry = e; 81 struct ip_nat_multi_range *mr 82 = (struct ip_nat_multi_range *)(*target)->data; 83 int portok; 84 85 if (entry->ip.proto == IPPROTO_TCP 86 || entry->ip.proto == IPPROTO_UDP 87 || entry->ip.proto == IPPROTO_SCTP 88 || entry->ip.proto == IPPROTO_DCCP 89 || entry->ip.proto == IPPROTO_ICMP) 90 portok = 1; 91 else 92 portok = 0; 93 94 switch (c) { 95 case '1': 96 if (!portok) 97 exit_error(PARAMETER_PROBLEM, 98 "Need TCP, UDP, SCTP or DCCP with port specification"); 99 100 if (xtables_check_inverse(optarg, &invert, NULL, 0)) 101 exit_error(PARAMETER_PROBLEM, 102 "Unexpected `!' after --to-ports"); 103 104 parse_ports(optarg, mr); 105 if (*flags & IPT_REDIRECT_OPT_RANDOM) 106 mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; 107 *flags |= IPT_REDIRECT_OPT_DEST; 108 return 1; 109 110 case '2': 111 if (*flags & IPT_REDIRECT_OPT_DEST) { 112 mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; 113 *flags |= IPT_REDIRECT_OPT_RANDOM; 114 } else 115 *flags |= IPT_REDIRECT_OPT_RANDOM; 116 return 1; 117 118 default: 119 return 0; 120 } 121} 122 123static void REDIRECT_print(const void *ip, const struct xt_entry_target *target, 124 int numeric) 125{ 126 struct ip_nat_multi_range *mr 127 = (struct ip_nat_multi_range *)target->data; 128 struct ip_nat_range *r = &mr->range[0]; 129 130 if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { 131 printf("redir ports "); 132 printf("%hu", ntohs(r->min.tcp.port)); 133 if (r->max.tcp.port != r->min.tcp.port) 134 printf("-%hu", ntohs(r->max.tcp.port)); 135 printf(" "); 136 if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM) 137 printf("random "); 138 } 139} 140 141static void REDIRECT_save(const void *ip, const struct xt_entry_target *target) 142{ 143 struct ip_nat_multi_range *mr 144 = (struct ip_nat_multi_range *)target->data; 145 struct ip_nat_range *r = &mr->range[0]; 146 147 if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { 148 printf("--to-ports "); 149 printf("%hu", ntohs(r->min.tcp.port)); 150 if (r->max.tcp.port != r->min.tcp.port) 151 printf("-%hu", ntohs(r->max.tcp.port)); 152 printf(" "); 153 if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM) 154 printf("--random "); 155 } 156} 157 158static struct xtables_target redirect_tg_reg = { 159 .name = "REDIRECT", 160 .version = XTABLES_VERSION, 161 .family = NFPROTO_IPV4, 162 .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)), 163 .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)), 164 .help = REDIRECT_help, 165 .init = REDIRECT_init, 166 .parse = REDIRECT_parse, 167 .print = REDIRECT_print, 168 .save = REDIRECT_save, 169 .extra_opts = REDIRECT_opts, 170}; 171 172void _init(void) 173{ 174 xtables_register_target(&redirect_tg_reg); 175} 176