libip6t_hl.c revision 5d9678ad3eabc34ac40dfe055d7f6a8e44445a5a
160358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak/* 260358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak * IPv6 Hop Limit matching module 360358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak * Maciej Soltysiak <solt@dns.toxicfilms.tv> 460358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak * Based on HW's ttl match 560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak * This program is released under the terms of GNU GPL 646525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette * Cleanups by Stephane Ouellette <ouellettes@videotron.ca> 760358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak */ 860358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 960358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak#include <stdio.h> 1060358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak#include <stdlib.h> 1160358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak#include <string.h> 1260358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak#include <getopt.h> 135d9678ad3eabc34ac40dfe055d7f6a8e44445a5aJan Engelhardt#include <xtables.h> 1460358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 1560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak#include <linux/netfilter_ipv6/ip6_tables.h> 1660358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak#include <linux/netfilter_ipv6/ip6t_hl.h> 1760358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 18997045f536026c0d643bf884da5ff5de2605197fJan Engelhardtstatic void hl_help(void) 1960358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak{ 2060358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak printf( 218b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt"hl match options:\n" 22967279231a9ecfa99f26694a954afc535c63db1dJan Engelhardt"[!] --hl-eq value Match hop limit value\n" 2360358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak" --hl-lt value Match HL < value\n" 248b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt" --hl-gt value Match HL > value\n"); 2560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak} 2660358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 27997045f536026c0d643bf884da5ff5de2605197fJan Engelhardtstatic int hl_parse(int c, char **argv, int invert, unsigned int *flags, 28997045f536026c0d643bf884da5ff5de2605197fJan Engelhardt const void *entry, struct xt_entry_match **match) 2960358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak{ 3060358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak struct ip6t_hl_info *info = (struct ip6t_hl_info *) (*match)->data; 3160358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak u_int8_t value; 3260358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 3360358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak check_inverse(optarg, &invert, &optind, 0); 3460358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak value = atoi(argv[optind-1]); 3560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 3660358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak if (*flags) 3760358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak exit_error(PARAMETER_PROBLEM, 3860358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak "Can't specify HL option twice"); 3960358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 4060358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak if (!optarg) 4160358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak exit_error(PARAMETER_PROBLEM, 4260358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak "hl: You must specify a value"); 4360358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak switch (c) { 4460358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak case '2': 4560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak if (invert) 4660358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak info->mode = IP6T_HL_NE; 4760358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak else 4860358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak info->mode = IP6T_HL_EQ; 4960358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 5060358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak /* is 0 allowed? */ 5160358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak info->hop_limit = value; 5260358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak *flags = 1; 5360358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 5460358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak break; 5560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak case '3': 5660358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak if (invert) 5760358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak exit_error(PARAMETER_PROBLEM, 5860358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak "hl: unexpected `!'"); 5960358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 6060358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak info->mode = IP6T_HL_LT; 6160358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak info->hop_limit = value; 6260358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak *flags = 1; 6360358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 6460358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak break; 6560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak case '4': 6660358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak if (invert) 6760358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak exit_error(PARAMETER_PROBLEM, 6860358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak "hl: unexpected `!'"); 6960358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 7060358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak info->mode = IP6T_HL_GT; 7160358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak info->hop_limit = value; 7260358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak *flags = 1; 7360358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 7460358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak break; 7560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak default: 7660358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak return 0; 7760358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak } 7860358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 7960358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak return 1; 8060358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak} 8160358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 82997045f536026c0d643bf884da5ff5de2605197fJan Engelhardtstatic void hl_check(unsigned int flags) 8360358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak{ 8460358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak if (!flags) 8560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak exit_error(PARAMETER_PROBLEM, 8660358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak "HL match: You must specify one of " 8746525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette "`--hl-eq', `--hl-lt', `--hl-gt'"); 8860358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak} 8960358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 90997045f536026c0d643bf884da5ff5de2605197fJan Engelhardtstatic void hl_print(const void *ip, const struct xt_entry_match *match, 91997045f536026c0d643bf884da5ff5de2605197fJan Engelhardt int numeric) 9260358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak{ 9346525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette static const char *op[] = { 9446525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette [IP6T_HL_EQ] = "==", 9546525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette [IP6T_HL_NE] = "!=", 9646525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette [IP6T_HL_LT] = "<", 9746525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette [IP6T_HL_GT] = ">" }; 9846525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette 9960358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak const struct ip6t_hl_info *info = 10060358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak (struct ip6t_hl_info *) match->data; 10160358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 10246525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette printf("HL match HL %s %u ", op[info->mode], info->hop_limit); 10360358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak} 10460358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 105997045f536026c0d643bf884da5ff5de2605197fJan Engelhardtstatic void hl_save(const void *ip, const struct xt_entry_match *match) 10660358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak{ 10746525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette static const char *op[] = { 10846525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette [IP6T_HL_EQ] = "eq", 10946525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette [IP6T_HL_NE] = "eq !", 11046525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette [IP6T_HL_LT] = "lt", 11146525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette [IP6T_HL_GT] = "gt" }; 11246525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette 11360358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak const struct ip6t_hl_info *info = 11460358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak (struct ip6t_hl_info *) match->data; 11560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 11646525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette printf("--hl-%s %u ", op[info->mode], info->hop_limit); 11760358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak} 11860358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 119997045f536026c0d643bf884da5ff5de2605197fJan Engelhardtstatic const struct option hl_opts[] = { 120500f483fff529dcd88ec96b9d5054be6cd6363a0Patrick McHardy { .name = "hl", .has_arg = 1, .val = '2' }, 121500f483fff529dcd88ec96b9d5054be6cd6363a0Patrick McHardy { .name = "hl-eq", .has_arg = 1, .val = '2' }, 122500f483fff529dcd88ec96b9d5054be6cd6363a0Patrick McHardy { .name = "hl-lt", .has_arg = 1, .val = '3' }, 123500f483fff529dcd88ec96b9d5054be6cd6363a0Patrick McHardy { .name = "hl-gt", .has_arg = 1, .val = '4' }, 1249ee386a1b6d7704b259460152c959ab0e79e02aaMax Kellermann { .name = NULL } 12560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak}; 12660358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 1278b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardtstatic struct xtables_match hl_mt6_reg = { 12846525cd3880d2b1aad0b049122a67c9e626ec6d9Stephane Ouellette .name = "hl", 1298b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt .version = XTABLES_VERSION, 13003d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt .family = NFPROTO_IPV6, 1318b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt .size = XT_ALIGN(sizeof(struct ip6t_hl_info)), 1328b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt .userspacesize = XT_ALIGN(sizeof(struct ip6t_hl_info)), 133997045f536026c0d643bf884da5ff5de2605197fJan Engelhardt .help = hl_help, 134997045f536026c0d643bf884da5ff5de2605197fJan Engelhardt .parse = hl_parse, 135997045f536026c0d643bf884da5ff5de2605197fJan Engelhardt .final_check = hl_check, 136997045f536026c0d643bf884da5ff5de2605197fJan Engelhardt .print = hl_print, 137997045f536026c0d643bf884da5ff5de2605197fJan Engelhardt .save = hl_save, 138997045f536026c0d643bf884da5ff5de2605197fJan Engelhardt .extra_opts = hl_opts, 13960358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak}; 14060358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 14160358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak 14260358d73482620aeafc34f38df36e462875fd244Maciej Soltysiakvoid _init(void) 14360358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak{ 1448b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt xtables_register_match(&hl_mt6_reg); 14560358d73482620aeafc34f38df36e462875fd244Maciej Soltysiak} 146