+++ /dev/null
-/*
- * fwd - OpenWrt firewall daemon - libiptc/libxtables interface
- *
- * Copyright (C) 2009 Jo-Philipp Wich <xm@subsignal.org>
- *
- * The fwd program is free software: you can redistribute it and/or
- * modify it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * The fwd program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with the fwd program. If not, see http://www.gnu.org/licenses/.
- */
-
-
-#include "fwd.h"
-#include "fwd_xtables.h"
-#include "fwd_utils.h"
-
-
-/* Required by certain extensions like SNAT and DNAT */
-int kernel_version;
-
-extern void
-get_kernel_version(void) {
- static struct utsname uts;
- int x = 0, y = 0, z = 0;
-
- if (uname(&uts) == -1) {
- fprintf(stderr, "Unable to retrieve kernel version.\n");
- xtables_free_opts(1);
- exit(1);
- }
-
- sscanf(uts.release, "%d.%d.%d", &x, &y, &z);
- kernel_version = LINUX_VERSION(x, y, z);
-}
-
-
-static void xt_exit_error(enum xtables_exittype status, const char *msg, ...)
-{
- va_list ap;
- va_start(ap, msg);
- vprintf(msg, ap);
- va_end(ap);
- exit(1);
-}
-
-void fwd_xt_init(void)
-{
- struct xtables_globals xt_globals = {
- .option_offset = 0,
- .program_version = IPTABLES_VERSION,
- .opts = 0,
- .orig_opts = 0,
- .exit_err = (void *)&xt_exit_error,
- };
-
- xtables_init();
- xtables_set_nfproto(NFPROTO_IPV4);
- xtables_set_params(&xt_globals);
-}
-
-
-struct fwd_xt_rule * fwd_xt_init_rule(struct iptc_handle *h)
-{
- struct fwd_xt_rule *r;
-
- if( (r = fwd_alloc_ptr(struct fwd_xt_rule)) != NULL )
- {
- if( (r->entry = fwd_alloc_ptr(struct ipt_entry)) != NULL )
- {
- r->iptc = h;
- return r;
- }
- }
-
- fwd_free_ptr(r);
- return NULL;
-}
-
-void fwd_xt_parse_frag(
- struct fwd_xt_rule *r, int frag, int inv
-) {
- if( frag )
- {
- r->entry->ip.flags |= IPT_F_FRAG;
-
- if( inv )
- r->entry->ip.invflags |= IPT_INV_FRAG;
- }
-}
-
-void fwd_xt_parse_proto(
- struct fwd_xt_rule *r, struct fwd_proto *p, int inv
-) {
- if( p != NULL )
- {
- switch(p->type)
- {
- case FWD_PR_TCP:
- r->entry->ip.proto = 6;
- break;
-
- case FWD_PR_UDP:
- r->entry->ip.proto = 17;
- break;
-
- case FWD_PR_ICMP:
- r->entry->ip.proto = 1;
- break;
-
- case FWD_PR_CUSTOM:
- r->entry->ip.proto = p->proto;
- break;
-
- case FWD_PR_ALL:
- case FWD_PR_TCPUDP:
- r->entry->ip.proto = 0;
- break;
- }
-
- if( inv )
- r->entry->ip.invflags |= IPT_INV_PROTO;
- }
-}
-
-void fwd_xt_parse_in(
- struct fwd_xt_rule *r, struct fwd_network *n, int inv
-) {
- if( n != NULL )
- {
- strncpy(r->entry->ip.iniface, n->ifname, IFNAMSIZ);
-
- if( inv )
- r->entry->ip.invflags |= IPT_INV_VIA_IN;
- }
-}
-
-void fwd_xt_parse_out(
- struct fwd_xt_rule *r, struct fwd_network *n, int inv
-) {
- if( n != NULL )
- {
- strncpy(r->entry->ip.outiface, n->ifname, IFNAMSIZ);
-
- if( inv )
- r->entry->ip.invflags |= IPT_INV_VIA_OUT;
- }
-}
-
-void fwd_xt_parse_src(
- struct fwd_xt_rule *r, struct fwd_cidr *c, int inv
-) {
- if( c != NULL )
- {
- r->entry->ip.src.s_addr = c->addr.s_addr;
- r->entry->ip.smsk.s_addr = htonl(~((1 << (32 - c->prefix)) - 1));
-
- if( inv )
- r->entry->ip.invflags |= IPT_INV_SRCIP;
- }
-}
-
-void fwd_xt_parse_dest(
- struct fwd_xt_rule *r, struct fwd_cidr *c, int inv
-) {
- if( c != NULL )
- {
- r->entry->ip.dst.s_addr = c->addr.s_addr;
- r->entry->ip.dmsk.s_addr = htonl(~((1 << (32 - c->prefix)) - 1));
-
- if( inv )
- r->entry->ip.invflags |= IPT_INV_DSTIP;
- }
-}
-
-
-struct xtables_match * fwd_xt_get_match(
- struct fwd_xt_rule *r, const char *name
-) {
- struct xtables_match *m = xtables_find_match(name, XTF_TRY_LOAD, &r->matches);
- size_t s;
-
- if( m != NULL )
- {
- s = IPT_ALIGN(sizeof(struct ipt_entry_match)) + m->size;
-
- if( (m->m = malloc(s)) != NULL )
- {
- memset(m->m, 0, s);
- strcpy(m->m->u.user.name, m->name);
- m->m->u.match_size = s;
-
- if( m->init )
- m->init(m->m);
-
- return m;
- }
- }
-
- return NULL;
-}
-
-void __fwd_xt_parse_match(
- struct fwd_xt_rule *r, struct xtables_match *m, ...
-) {
- char optc;
- char *s, **opts;
- size_t len = 1;
- int inv = 0;
-
- va_list ap;
- va_start(ap, m);
-
- opts = malloc(len * sizeof(*opts));
- opts[0] = "x";
-
- while( (s = (char *)va_arg(ap, char *)) != NULL )
- {
- opts = realloc(opts, ++len * sizeof(*opts));
- opts[len-1] = s;
- }
-
- va_end(ap);
-
- if( len > 1 )
- {
- optind = 0;
-
- while( (optc = getopt_long(len, opts, "", m->extra_opts, NULL)) > -1 )
- {
- if( (optc == '?') && (optarg[0] == '!') && (optarg[1] == '\0') )
- {
- inv = 1;
- continue;
- }
-
- m->parse(optc, opts, inv, &m->mflags, r->entry, &m->m);
- inv = 0;
- }
- }
-
- free(opts);
-}
-
-
-struct xtables_target * fwd_xt_get_target(
- struct fwd_xt_rule *r, const char *name
-) {
- struct xtables_target *t = xtables_find_target(name, XTF_TRY_LOAD);
- size_t s;
-
- if( !t )
- t = xtables_find_target(IPT_STANDARD_TARGET, XTF_LOAD_MUST_SUCCEED);
-
- if( t != NULL )
- {
- s = IPT_ALIGN(sizeof(struct ipt_entry_target)) + t->size;
-
- if( (t->t = malloc(s)) != NULL )
- {
- memset(t->t, 0, s);
- strcpy(t->t->u.user.name, name);
- t->t->u.target_size = s;
- xtables_set_revision(t->t->u.user.name, t->revision);
-
- if( t->init )
- t->init(t->t);
-
- r->target = t;
-
- return t;
- }
- }
-
- return NULL;
-}
-
-void __fwd_xt_parse_target(
- struct fwd_xt_rule *r, struct xtables_target *t, ...
-) {
- char optc;
- char *s, **opts;
- size_t len = 1;
- int inv = 0;
-
- va_list ap;
- va_start(ap, t);
-
- opts = malloc(len * sizeof(*opts));
- opts[0] = "x";
-
- while( (s = (char *)va_arg(ap, char *)) != NULL )
- {
- opts = realloc(opts, ++len * sizeof(*opts));
- opts[len-1] = s;
- }
-
- va_end(ap);
-
- if( len > 1 )
- {
- optind = 0;
-
- while( (optc = getopt_long(len, opts, "", t->extra_opts, NULL)) > -1 )
- {
- if( (optc == '?') && (optarg[0] == '!') && (optarg[1] == '\0') )
- {
- inv = 1;
- continue;
- }
-
- t->parse(optc, opts, inv, &t->tflags, r->entry, &t->t);
- inv = 0;
- }
- }
-
- free(opts);
-}
-
-
-static int fwd_xt_exec_rule(struct fwd_xt_rule *r, const char *chain, int pos)
-{
- size_t s;
- struct xtables_rule_match *m, *next;
- struct xtables_match *em;
- struct xtables_target *et;
- struct ipt_entry *e;
- int rv = 0;
-
- s = IPT_ALIGN(sizeof(struct ipt_entry));
-
- for( m = r->matches; m; m = m->next )
- s += m->match->m->u.match_size;
-
- if( (e = malloc(s + r->target->t->u.target_size)) != NULL )
- {
- memset(e, 0, s + r->target->t->u.target_size);
- memcpy(e, r->entry, sizeof(struct ipt_entry));
-
- e->target_offset = s;
- e->next_offset = s + r->target->t->u.target_size;
-
- s = 0;
-
- for( m = r->matches; m; m = m->next )
- {
- memcpy(e->elems + s, m->match->m, m->match->m->u.match_size);
- s += m->match->m->u.match_size;
- }
-
- memcpy(e->elems + s, r->target->t, r->target->t->u.target_size);
-
- rv = (pos > -1)
- ? iptc_insert_entry(chain, e, (unsigned int) pos, r->iptc)
- : iptc_append_entry(chain, e, r->iptc)
- ;
- }
- else
- {
- errno = ENOMEM;
- }
-
-
- fwd_free_ptr(e);
- fwd_free_ptr(r->entry);
- fwd_free_ptr(r->target->t);
-
- for( m = r->matches; m; )
- {
- next = m->next;
- fwd_free_ptr(m->match->m);
-
- if( m->match == m->match->next )
- fwd_free_ptr(m->match);
-
- fwd_free_ptr(m);
- m = next;
- }
-
- fwd_free_ptr(r);
-
- /* reset all targets and matches */
- for (em = xtables_matches; em; em = em->next)
- em->mflags = 0;
-
- for (et = xtables_targets; et; et = et->next)
- {
- et->tflags = 0;
- et->used = 0;
- }
-
- return rv;
-}
-
-int fwd_xt_insert_rule(
- struct fwd_xt_rule *r, const char *chain, unsigned int pos
-) {
- return fwd_xt_exec_rule(r, chain, pos);
-}
-
-int fwd_xt_append_rule(
- struct fwd_xt_rule *r, const char *chain
-) {
- return fwd_xt_exec_rule(r, chain, -1);
-}
-
projects / project / luci.git / blobdiff