1 /* 2 * m_xt.c xtables based targets 3 * utilities mostly ripped from iptables <duh, its the linux way> 4 * 5 * This program is free software; you can distribute it and/or 6 * modify it under the terms of the GNU General Public License 7 * as published by the Free Software Foundation; either version 8 * 2 of the License, or (at your option) any later version. 9 * 10 * Authors: J Hadi Salim (hadi (at) cyberus.ca) 11 */ 12 13 #include <syslog.h> 14 #include <sys/socket.h> 15 #include <netinet/in.h> 16 #include <arpa/inet.h> 17 #include <net/if.h> 18 #include <limits.h> 19 #include <linux/netfilter.h> 20 #include <linux/netfilter_ipv4/ip_tables.h> 21 #include <xtables.h> 22 #include "utils.h" 23 #include "tc_util.h" 24 #include <linux/tc_act/tc_ipt.h> 25 #include <stdio.h> 26 #include <dlfcn.h> 27 #include <getopt.h> 28 #include <errno.h> 29 #include <string.h> 30 #include <netdb.h> 31 #include <stdlib.h> 32 #include <ctype.h> 33 #include <stdarg.h> 34 #include <unistd.h> 35 #include <fcntl.h> 36 #include <sys/wait.h> 37 #ifndef XT_LIB_DIR 38 # define XT_LIB_DIR "/lib/xtables" 39 #endif 40 41 #ifndef __ALIGN_KERNEL 42 #define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1) 43 #define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) 44 #endif 45 46 #ifndef ALIGN 47 #define ALIGN(x,a) __ALIGN_KERNEL((x), (a)) 48 #endif 49 50 static const char *tname = "mangle"; 51 52 char *lib_dir; 53 54 static const char *ipthooks[] = { 55 "NF_IP_PRE_ROUTING", 56 "NF_IP_LOCAL_IN", 57 "NF_IP_FORWARD", 58 "NF_IP_LOCAL_OUT", 59 "NF_IP_POST_ROUTING", 60 }; 61 62 static struct option original_opts[] = { 63 { 64 .name = "jump", 65 .has_arg = 1, 66 .val = 'j' 67 }, 68 {0, 0, 0, 0} 69 }; 70 71 static struct xtables_globals tcipt_globals = { 72 .option_offset = 0, 73 .program_name = "tc-ipt", 74 .program_version = "0.2", 75 .orig_opts = original_opts, 76 .opts = original_opts, 77 .exit_err = NULL, 78 }; 79 80 /* 81 * we may need to check for version mismatch 82 */ 83 static int 84 build_st(struct xtables_target *target, struct xt_entry_target *t) 85 { 86 87 size_t size = 88 XT_ALIGN(sizeof (struct xt_entry_target)) + target->size; 89 90 if (NULL == t) { 91 target->t = xtables_calloc(1, size); 92 target->t->u.target_size = size; 93 strcpy(target->t->u.user.name, target->name); 94 target->t->u.user.revision = target->revision; 95 96 if (target->init != NULL) 97 target->init(target->t); 98 } else { 99 target->t = t; 100 } 101 return 0; 102 103 } 104 105 static void set_lib_dir(void) 106 { 107 108 lib_dir = getenv("XTABLES_LIBDIR"); 109 if (!lib_dir) { 110 lib_dir = getenv("IPTABLES_LIB_DIR"); 111 if (lib_dir) 112 fprintf(stderr, "using deprecated IPTABLES_LIB_DIR \n"); 113 } 114 if (lib_dir == NULL) 115 lib_dir = XT_LIB_DIR; 116 117 } 118 119 static int parse_ipt(struct action_util *a,int *argc_p, 120 char ***argv_p, int tca_id, struct nlmsghdr *n) 121 { 122 struct xtables_target *m = NULL; 123 struct ipt_entry fw; 124 struct rtattr *tail; 125 126 int c; 127 int rargc = *argc_p; 128 char **argv = *argv_p; 129 int argc = 0, iargc = 0; 130 char k[16]; 131 int size = 0; 132 int iok = 0, ok = 0; 133 __u32 hook = 0, index = 0; 134 struct option *opts = NULL; 135 136 xtables_init_all(&tcipt_globals, NFPROTO_IPV4); 137 set_lib_dir(); 138 139 { 140 int i; 141 for (i = 0; i < rargc; i++) { 142 if (NULL == argv[i] || 0 == strcmp(argv[i], "action")) { 143 break; 144 } 145 } 146 iargc = argc = i; 147 } 148 149 if (argc <= 2) { 150 fprintf(stderr,"bad arguments to ipt %d vs %d \n", argc, rargc); 151 return -1; 152 } 153 154 while (1) { 155 c = getopt_long(argc, argv, "j:", tcipt_globals.opts, NULL); 156 if (c == -1) 157 break; 158 switch (c) { 159 case 'j': 160 m = xtables_find_target(optarg, XTF_TRY_LOAD); 161 if (NULL != m) { 162 163 if (0 > build_st(m, NULL)) { 164 printf(" %s error \n", m->name); 165 return -1; 166 } 167 #if (XTABLES_VERSION_CODE >= 6) 168 opts = xtables_options_xfrm(tcipt_globals.orig_opts, 169 tcipt_globals.opts, 170 m->x6_options, 171 &m->option_offset); 172 #else 173 opts = xtables_merge_options(tcipt_globals.opts, 174 m->extra_opts, 175 &m->option_offset); 176 #endif 177 if (opts == NULL) { 178 fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); 179 return -1; 180 } else 181 tcipt_globals.opts = opts; 182 } else { 183 fprintf(stderr," failed to find target %s\n\n", optarg); 184 return -1; 185 } 186 ok++; 187 break; 188 189 default: 190 memset(&fw, 0, sizeof (fw)); 191 #if (XTABLES_VERSION_CODE >= 6) 192 if (m != NULL && m->x6_parse != NULL ) { 193 xtables_option_tpcall(c, argv, 0 , m, NULL); 194 #else 195 if (m != NULL && m->parse != NULL ) { 196 m->parse(c - m->option_offset, argv, 0, &m->tflags, 197 NULL, &m->t); 198 #endif 199 } else { 200 fprintf(stderr,"failed to find target %s\n\n", optarg); 201 return -1; 202 203 } 204 ok++; 205 break; 206 } 207 } 208 209 if (iargc > optind) { 210 if (matches(argv[optind], "index") == 0) { 211 if (get_u32(&index, argv[optind + 1], 10)) { 212 fprintf(stderr, "Illegal \"index\"\n"); 213 xtables_free_opts(1); 214 return -1; 215 } 216 iok++; 217 218 optind += 2; 219 } 220 } 221 222 if (!ok && !iok) { 223 fprintf(stderr," ipt Parser BAD!! (%s)\n", *argv); 224 return -1; 225 } 226 227 /* check that we passed the correct parameters to the target */ 228 #if (XTABLES_VERSION_CODE >= 6) 229 if (m) 230 xtables_option_tfcall(m); 231 #else 232 if (m && m->final_check) 233 m->final_check(m->tflags); 234 #endif 235 236 { 237 struct tcmsg *t = NLMSG_DATA(n); 238 if (t->tcm_parent != TC_H_ROOT 239 && t->tcm_parent == TC_H_MAJ(TC_H_INGRESS)) { 240 hook = NF_IP_PRE_ROUTING; 241 } else { 242 hook = NF_IP_POST_ROUTING; 243 } 244 } 245 246 tail = NLMSG_TAIL(n); 247 addattr_l(n, MAX_MSG, tca_id, NULL, 0); 248 fprintf(stdout, "tablename: %s hook: %s\n ", tname, ipthooks[hook]); 249 fprintf(stdout, "\ttarget: "); 250 251 if (m) 252 m->print(NULL, m->t, 0); 253 fprintf(stdout, " index %d\n", index); 254 255 if (strlen(tname) > 16) { 256 size = 16; 257 k[15] = 0; 258 } else { 259 size = 1 + strlen(tname); 260 } 261 strncpy(k, tname, size); 262 263 addattr_l(n, MAX_MSG, TCA_IPT_TABLE, k, size); 264 addattr_l(n, MAX_MSG, TCA_IPT_HOOK, &hook, 4); 265 addattr_l(n, MAX_MSG, TCA_IPT_INDEX, &index, 4); 266 if (m) 267 addattr_l(n, MAX_MSG, TCA_IPT_TARG, m->t, m->t->u.target_size); 268 tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail; 269 270 argc -= optind; 271 argv += optind; 272 *argc_p = rargc - iargc; 273 *argv_p = argv; 274 275 optind = 0; 276 xtables_free_opts(1); 277 278 if (m) { 279 /* Clear flags if target will be used again */ 280 m->tflags = 0; 281 m->used = 0; 282 /* Free allocated memory */ 283 if (m->t) 284 free(m->t); 285 } 286 287 return 0; 288 289 } 290 291 static int 292 print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) 293 { 294 struct rtattr *tb[TCA_IPT_MAX + 1]; 295 struct xt_entry_target *t = NULL; 296 struct option *opts = NULL; 297 298 if (arg == NULL) 299 return -1; 300 301 /* copy tcipt_globals because .opts will be modified by iptables */ 302 struct xtables_globals tmp_tcipt_globals = tcipt_globals; 303 304 xtables_init_all(&tmp_tcipt_globals, NFPROTO_IPV4); 305 set_lib_dir(); 306 307 parse_rtattr_nested(tb, TCA_IPT_MAX, arg); 308 309 if (tb[TCA_IPT_TABLE] == NULL) { 310 fprintf(f, "[NULL ipt table name ] assuming mangle "); 311 } else { 312 fprintf(f, "tablename: %s ", 313 rta_getattr_str(tb[TCA_IPT_TABLE])); 314 } 315 316 if (tb[TCA_IPT_HOOK] == NULL) { 317 fprintf(f, "[NULL ipt hook name ]\n "); 318 return -1; 319 } else { 320 __u32 hook; 321 hook = rta_getattr_u32(tb[TCA_IPT_HOOK]); 322 fprintf(f, " hook: %s \n", ipthooks[hook]); 323 } 324 325 if (tb[TCA_IPT_TARG] == NULL) { 326 fprintf(f, "\t[NULL ipt target parameters ] \n"); 327 return -1; 328 } else { 329 struct xtables_target *m = NULL; 330 t = RTA_DATA(tb[TCA_IPT_TARG]); 331 m = xtables_find_target(t->u.user.name, XTF_TRY_LOAD); 332 if (NULL != m) { 333 if (0 > build_st(m, t)) { 334 fprintf(stderr, " %s error \n", m->name); 335 return -1; 336 } 337 338 #if (XTABLES_VERSION_CODE >= 6) 339 opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts, 340 tmp_tcipt_globals.opts, 341 m->x6_options, 342 &m->option_offset); 343 #else 344 opts = xtables_merge_options(tmp_tcipt_globals.opts, 345 m->extra_opts, 346 &m->option_offset); 347 #endif 348 if (opts == NULL) { 349 fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); 350 return -1; 351 } else 352 tmp_tcipt_globals.opts = opts; 353 } else { 354 fprintf(stderr, " failed to find target %s\n\n", 355 t->u.user.name); 356 return -1; 357 } 358 fprintf(f, "\ttarget "); 359 m->print(NULL, m->t, 0); 360 if (tb[TCA_IPT_INDEX] == NULL) { 361 fprintf(f, " [NULL ipt target index ]\n"); 362 } else { 363 __u32 index; 364 index = rta_getattr_u32(tb[TCA_IPT_INDEX]); 365 fprintf(f, " \n\tindex %d", index); 366 } 367 368 if (tb[TCA_IPT_CNT]) { 369 struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);; 370 fprintf(f, " ref %d bind %d", c->refcnt, c->bindcnt); 371 } 372 if (show_stats) { 373 if (tb[TCA_IPT_TM]) { 374 struct tcf_t *tm = RTA_DATA(tb[TCA_IPT_TM]); 375 print_tm(f,tm); 376 } 377 } 378 fprintf(f, " \n"); 379 380 } 381 xtables_free_opts(1); 382 383 return 0; 384 } 385 386 struct action_util xt_action_util = { 387 .id = "xt", 388 .parse_aopt = parse_ipt, 389 .print_aopt = print_ipt, 390 }; 391
