|
Packit |
7b22a4 |
/*
|
|
Packit |
7b22a4 |
* (C) 2012 by Hans Schillstrom <hans.schillstrom@ericsson.com>
|
|
Packit |
7b22a4 |
* (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* This program is free software; you can redistribute it and/or modify
|
|
Packit |
7b22a4 |
* it under the terms of the GNU General Public License version 2 as
|
|
Packit |
7b22a4 |
* published by the Free Software Foundation.
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* Description: shared library add-on to iptables to add HMARK target support
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* Initial development by Hans Schillstrom. Pablo's improvements to this piece
|
|
Packit |
7b22a4 |
* of software has been sponsored by Sophos Astaro <http://www.sophos.com>.
|
|
Packit |
7b22a4 |
*/
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
#include <stdbool.h>
|
|
Packit |
7b22a4 |
#include <stdio.h>
|
|
Packit |
7b22a4 |
#include <string.h>
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
#include "xtables.h"
|
|
Packit |
7b22a4 |
#include <linux/netfilter/xt_HMARK.h>
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void HMARK_help(void)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
printf(
|
|
Packit |
7b22a4 |
"HMARK target options, i.e. modify hash calculation by:\n"
|
|
Packit |
7b22a4 |
" --hmark-tuple [src|dst|sport|dport|spi|proto|ct][,...]\n"
|
|
Packit |
7b22a4 |
" --hmark-mod value nfmark modulus value\n"
|
|
Packit |
7b22a4 |
" --hmark-offset value Last action add value to nfmark\n\n"
|
|
Packit |
7b22a4 |
" --hmark-rnd Random see for hashing\n"
|
|
Packit |
7b22a4 |
" Alternatively, fine tuning of what will be included in hash calculation\n"
|
|
Packit |
7b22a4 |
" --hmark-src-prefix length Source address mask CIDR prefix\n"
|
|
Packit |
7b22a4 |
" --hmark-dst-prefix length Dest address mask CIDR prefix\n"
|
|
Packit |
7b22a4 |
" --hmark-sport-mask value Mask src port with value\n"
|
|
Packit |
7b22a4 |
" --hmark-dport-mask value Mask dst port with value\n"
|
|
Packit |
7b22a4 |
" --hmark-spi-mask value For esp and ah AND spi with value\n"
|
|
Packit |
7b22a4 |
" --hmark-sport value OR src port with value\n"
|
|
Packit |
7b22a4 |
" --hmark-dport value OR dst port with value\n"
|
|
Packit |
7b22a4 |
" --hmark-spi value For esp and ah OR spi with value\n"
|
|
Packit |
7b22a4 |
" --hmark-proto-mask value Mask Protocol with value\n");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
#define hi struct xt_hmark_info
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
enum {
|
|
Packit |
7b22a4 |
O_HMARK_SADDR_MASK,
|
|
Packit |
7b22a4 |
O_HMARK_DADDR_MASK,
|
|
Packit |
7b22a4 |
O_HMARK_SPI,
|
|
Packit |
7b22a4 |
O_HMARK_SPI_MASK,
|
|
Packit |
7b22a4 |
O_HMARK_SPORT,
|
|
Packit |
7b22a4 |
O_HMARK_DPORT,
|
|
Packit |
7b22a4 |
O_HMARK_SPORT_MASK,
|
|
Packit |
7b22a4 |
O_HMARK_DPORT_MASK,
|
|
Packit |
7b22a4 |
O_HMARK_PROTO_MASK,
|
|
Packit |
7b22a4 |
O_HMARK_RND,
|
|
Packit |
7b22a4 |
O_HMARK_MODULUS,
|
|
Packit |
7b22a4 |
O_HMARK_OFFSET,
|
|
Packit |
7b22a4 |
O_HMARK_CT,
|
|
Packit |
7b22a4 |
O_HMARK_TYPE,
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
#define HMARK_OPT_PKT_MASK \
|
|
Packit |
7b22a4 |
((1 << O_HMARK_SADDR_MASK) | \
|
|
Packit |
7b22a4 |
(1 << O_HMARK_DADDR_MASK) | \
|
|
Packit |
7b22a4 |
(1 << O_HMARK_SPI_MASK) | \
|
|
Packit |
7b22a4 |
(1 << O_HMARK_SPORT_MASK) | \
|
|
Packit |
7b22a4 |
(1 << O_HMARK_DPORT_MASK) | \
|
|
Packit |
7b22a4 |
(1 << O_HMARK_PROTO_MASK) | \
|
|
Packit |
7b22a4 |
(1 << O_HMARK_SPI_MASK) | \
|
|
Packit |
7b22a4 |
(1 << O_HMARK_SPORT) | \
|
|
Packit |
7b22a4 |
(1 << O_HMARK_DPORT) | \
|
|
Packit |
7b22a4 |
(1 << O_HMARK_SPI))
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static const struct xt_option_entry HMARK_opts[] = {
|
|
Packit |
7b22a4 |
{ .name = "hmark-tuple",
|
|
Packit |
7b22a4 |
.type = XTTYPE_STRING,
|
|
Packit |
7b22a4 |
.id = O_HMARK_TYPE,
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-src-prefix",
|
|
Packit |
7b22a4 |
.type = XTTYPE_PLENMASK,
|
|
Packit |
7b22a4 |
.id = O_HMARK_SADDR_MASK,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(hi, src_mask)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-dst-prefix",
|
|
Packit |
7b22a4 |
.type = XTTYPE_PLENMASK,
|
|
Packit |
7b22a4 |
.id = O_HMARK_DADDR_MASK,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(hi, dst_mask)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-sport-mask",
|
|
Packit |
7b22a4 |
.type = XTTYPE_UINT16,
|
|
Packit |
7b22a4 |
.id = O_HMARK_SPORT_MASK,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(hi, port_mask.p16.src)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-dport-mask",
|
|
Packit |
7b22a4 |
.type = XTTYPE_UINT16,
|
|
Packit |
7b22a4 |
.id = O_HMARK_DPORT_MASK,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(hi, port_mask.p16.dst)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-spi-mask",
|
|
Packit |
7b22a4 |
.type = XTTYPE_UINT32,
|
|
Packit |
7b22a4 |
.id = O_HMARK_SPI_MASK,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(hi, port_mask.v32)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-sport",
|
|
Packit |
7b22a4 |
.type = XTTYPE_UINT16,
|
|
Packit |
7b22a4 |
.id = O_HMARK_SPORT,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(hi, port_set.p16.src)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-dport",
|
|
Packit |
7b22a4 |
.type = XTTYPE_UINT16,
|
|
Packit |
7b22a4 |
.id = O_HMARK_DPORT,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(hi, port_set.p16.dst)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-spi",
|
|
Packit |
7b22a4 |
.type = XTTYPE_UINT32,
|
|
Packit |
7b22a4 |
.id = O_HMARK_SPI,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(hi, port_set.v32)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-proto-mask",
|
|
Packit |
7b22a4 |
.type = XTTYPE_UINT16,
|
|
Packit |
7b22a4 |
.id = O_HMARK_PROTO_MASK,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(hi, proto_mask)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-rnd",
|
|
Packit |
7b22a4 |
.type = XTTYPE_UINT32,
|
|
Packit |
7b22a4 |
.id = O_HMARK_RND,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(hi, hashrnd)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-mod",
|
|
Packit |
7b22a4 |
.type = XTTYPE_UINT32,
|
|
Packit |
7b22a4 |
.id = O_HMARK_MODULUS,
|
|
Packit |
7b22a4 |
.min = 1,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT | XTOPT_MAND, XTOPT_POINTER(hi, hmodulus)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{ .name = "hmark-offset",
|
|
Packit |
7b22a4 |
.type = XTTYPE_UINT32,
|
|
Packit |
7b22a4 |
.id = O_HMARK_OFFSET,
|
|
Packit |
7b22a4 |
.flags = XTOPT_PUT, XTOPT_POINTER(hi, hoffset)
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
XTOPT_TABLEEND,
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static int
|
|
Packit |
7b22a4 |
hmark_parse(const char *type, size_t len, struct xt_hmark_info *info,
|
|
Packit |
7b22a4 |
unsigned int *xflags)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
if (strncasecmp(type, "ct", len) == 0) {
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_CT);
|
|
Packit |
7b22a4 |
*xflags |= (1 << O_HMARK_CT);
|
|
Packit |
7b22a4 |
} else if (strncasecmp(type, "src", len) == 0) {
|
|
Packit |
7b22a4 |
memset(&info->src_mask, 0xff, sizeof(info->src_mask));
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_SADDR_MASK);
|
|
Packit |
7b22a4 |
*xflags |= (1 << O_HMARK_SADDR_MASK);
|
|
Packit |
7b22a4 |
} else if (strncasecmp(type, "dst", len) == 0) {
|
|
Packit |
7b22a4 |
memset(&info->dst_mask, 0xff, sizeof(info->dst_mask));
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_DADDR_MASK);
|
|
Packit |
7b22a4 |
*xflags |= (1 << O_HMARK_DADDR_MASK);
|
|
Packit |
7b22a4 |
} else if (strncasecmp(type, "sport", len) == 0) {
|
|
Packit |
7b22a4 |
memset(&info->port_mask.p16.src, 0xff,
|
|
Packit |
7b22a4 |
sizeof(info->port_mask.p16.src));
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_SPORT_MASK);
|
|
Packit |
7b22a4 |
*xflags |= (1 << O_HMARK_SPORT_MASK);
|
|
Packit |
7b22a4 |
} else if (strncasecmp(type, "dport", len) == 0) {
|
|
Packit |
7b22a4 |
memset(&info->port_mask.p16.dst, 0xff,
|
|
Packit |
7b22a4 |
sizeof(info->port_mask.p16.dst));
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_DPORT_MASK);
|
|
Packit |
7b22a4 |
*xflags |= (1 << O_HMARK_DPORT_MASK);
|
|
Packit |
7b22a4 |
} else if (strncasecmp(type, "proto", len) == 0) {
|
|
Packit |
7b22a4 |
memset(&info->proto_mask, 0xff, sizeof(info->proto_mask));
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_PROTO_MASK);
|
|
Packit |
7b22a4 |
*xflags |= (1 << O_HMARK_PROTO_MASK);
|
|
Packit |
7b22a4 |
} else if (strncasecmp(type, "spi", len) == 0) {
|
|
Packit |
7b22a4 |
memset(&info->port_mask.v32, 0xff, sizeof(info->port_mask.v32));
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_SPI_MASK);
|
|
Packit |
7b22a4 |
*xflags |= (1 << O_HMARK_SPI_MASK);
|
|
Packit |
7b22a4 |
} else
|
|
Packit |
7b22a4 |
return 0;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
return 1;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void
|
|
Packit |
7b22a4 |
hmark_parse_type(struct xt_option_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const char *arg = cb->arg;
|
|
Packit |
7b22a4 |
struct xt_hmark_info *info = cb->data;
|
|
Packit |
7b22a4 |
const char *comma;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
while ((comma = strchr(arg, ',')) != NULL) {
|
|
Packit |
7b22a4 |
if (comma == arg ||
|
|
Packit |
7b22a4 |
!hmark_parse(arg, comma-arg, info, &cb->xflags))
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, "Bad type \"%s\"", arg);
|
|
Packit |
7b22a4 |
arg = comma+1;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
if (!*arg)
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, "\"--hmark-tuple\" requires "
|
|
Packit |
7b22a4 |
"a list of types with no "
|
|
Packit |
7b22a4 |
"spaces, e.g. "
|
|
Packit |
7b22a4 |
"src,dst,sport,dport,proto");
|
|
Packit |
7b22a4 |
if (strlen(arg) == 0 ||
|
|
Packit |
7b22a4 |
!hmark_parse(arg, strlen(arg), info, &cb->xflags))
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, "Bad type \"%s\"", arg);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void HMARK_parse(struct xt_option_call *cb, int plen)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
struct xt_hmark_info *info = cb->data;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
xtables_option_parse(cb);
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
switch (cb->entry->id) {
|
|
Packit |
7b22a4 |
case O_HMARK_TYPE:
|
|
Packit |
7b22a4 |
hmark_parse_type(cb);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_SADDR_MASK:
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_SADDR_MASK);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_DADDR_MASK:
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_DADDR_MASK);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_SPI:
|
|
Packit |
7b22a4 |
info->port_set.v32 = htonl(cb->val.u32);
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_SPI);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_SPORT:
|
|
Packit |
7b22a4 |
info->port_set.p16.src = htons(cb->val.u16);
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_SPORT);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_DPORT:
|
|
Packit |
7b22a4 |
info->port_set.p16.dst = htons(cb->val.u16);
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_DPORT);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_SPORT_MASK:
|
|
Packit |
7b22a4 |
info->port_mask.p16.src = htons(cb->val.u16);
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_SPORT_MASK);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_DPORT_MASK:
|
|
Packit |
7b22a4 |
info->port_mask.p16.dst = htons(cb->val.u16);
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_DPORT_MASK);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_SPI_MASK:
|
|
Packit |
7b22a4 |
info->port_mask.v32 = htonl(cb->val.u32);
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_SPI_MASK);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_PROTO_MASK:
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_PROTO_MASK);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_RND:
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_RND);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_MODULUS:
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_MODULUS);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_OFFSET:
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_OFFSET);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_HMARK_CT:
|
|
Packit |
7b22a4 |
info->flags |= XT_HMARK_FLAG(XT_HMARK_CT);
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
cb->xflags |= (1 << cb->entry->id);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void HMARK_ip4_parse(struct xt_option_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
HMARK_parse(cb, 32);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
static void HMARK_ip6_parse(struct xt_option_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
HMARK_parse(cb, 128);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void HMARK_check(struct xt_fcheck_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
if (!(cb->xflags & (1 << O_HMARK_MODULUS)))
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, "--hmark-mod is mandatory");
|
|
Packit |
7b22a4 |
if (!(cb->xflags & (1 << O_HMARK_RND)))
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, "--hmark-rnd is mandatory");
|
|
Packit |
7b22a4 |
if (cb->xflags & (1 << O_HMARK_SPI_MASK) &&
|
|
Packit |
7b22a4 |
(cb->xflags & ((1 << O_HMARK_SPORT_MASK) |
|
|
Packit |
7b22a4 |
(1 << O_HMARK_DPORT_MASK))))
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, "you cannot use "
|
|
Packit |
7b22a4 |
"--hmark-spi-mask and --hmark-?port-mask,"
|
|
Packit |
7b22a4 |
"at the same time");
|
|
Packit |
7b22a4 |
if (!((cb->xflags & HMARK_OPT_PKT_MASK) ||
|
|
Packit |
7b22a4 |
cb->xflags & (1 << O_HMARK_CT)))
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, "you have to specify "
|
|
Packit |
7b22a4 |
"--hmark-tuple at least");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void HMARK_print(const struct xt_hmark_info *info)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT_MASK))
|
|
Packit |
7b22a4 |
printf("sport-mask 0x%x ", htons(info->port_mask.p16.src));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT_MASK))
|
|
Packit |
7b22a4 |
printf("dport-mask 0x%x ", htons(info->port_mask.p16.dst));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI_MASK))
|
|
Packit |
7b22a4 |
printf("spi-mask 0x%x ", htonl(info->port_mask.v32));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT))
|
|
Packit |
7b22a4 |
printf("sport 0x%x ", htons(info->port_set.p16.src));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT))
|
|
Packit |
7b22a4 |
printf("dport 0x%x ", htons(info->port_set.p16.dst));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI))
|
|
Packit |
7b22a4 |
printf("spi 0x%x ", htonl(info->port_set.v32));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_PROTO_MASK))
|
|
Packit |
7b22a4 |
printf("proto-mask 0x%x ", info->proto_mask);
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_RND))
|
|
Packit |
7b22a4 |
printf("rnd 0x%x ", info->hashrnd);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void HMARK_ip6_print(const void *ip,
|
|
Packit |
7b22a4 |
const struct xt_entry_target *target, int numeric)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_hmark_info *info =
|
|
Packit |
7b22a4 |
(const struct xt_hmark_info *)target->data;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
printf(" HMARK ");
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_MODULUS))
|
|
Packit |
7b22a4 |
printf("mod %u ", info->hmodulus);
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_OFFSET))
|
|
Packit |
7b22a4 |
printf("+ 0x%x ", info->hoffset);
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_CT))
|
|
Packit |
7b22a4 |
printf("ct, ");
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK))
|
|
Packit |
7b22a4 |
printf("src-prefix %s ",
|
|
Packit |
7b22a4 |
xtables_ip6mask_to_numeric(&info->src_mask.in6) + 1);
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK))
|
|
Packit |
7b22a4 |
printf("dst-prefix %s ",
|
|
Packit |
7b22a4 |
xtables_ip6mask_to_numeric(&info->dst_mask.in6) + 1);
|
|
Packit |
7b22a4 |
HMARK_print(info);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
static void HMARK_ip4_print(const void *ip,
|
|
Packit |
7b22a4 |
const struct xt_entry_target *target, int numeric)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_hmark_info *info =
|
|
Packit |
7b22a4 |
(const struct xt_hmark_info *)target->data;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
printf(" HMARK ");
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_MODULUS))
|
|
Packit |
7b22a4 |
printf("mod %u ", info->hmodulus);
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_OFFSET))
|
|
Packit |
7b22a4 |
printf("+ 0x%x ", info->hoffset);
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_CT))
|
|
Packit |
7b22a4 |
printf("ct, ");
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK))
|
|
Packit |
7b22a4 |
printf("src-prefix %u ",
|
|
Packit |
7b22a4 |
xtables_ipmask_to_cidr(&info->src_mask.in));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK))
|
|
Packit |
7b22a4 |
printf("dst-prefix %u ",
|
|
Packit |
7b22a4 |
xtables_ipmask_to_cidr(&info->dst_mask.in));
|
|
Packit |
7b22a4 |
HMARK_print(info);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void HMARK_save(const struct xt_hmark_info *info)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT_MASK))
|
|
Packit |
7b22a4 |
printf(" --hmark-sport-mask 0x%04x",
|
|
Packit |
7b22a4 |
htons(info->port_mask.p16.src));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT_MASK))
|
|
Packit |
7b22a4 |
printf(" --hmark-dport-mask 0x%04x",
|
|
Packit |
7b22a4 |
htons(info->port_mask.p16.dst));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI_MASK))
|
|
Packit |
7b22a4 |
printf(" --hmark-spi-mask 0x%08x",
|
|
Packit |
7b22a4 |
htonl(info->port_mask.v32));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT))
|
|
Packit |
7b22a4 |
printf(" --hmark-sport 0x%04x",
|
|
Packit |
7b22a4 |
htons(info->port_set.p16.src));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT))
|
|
Packit |
7b22a4 |
printf(" --hmark-dport 0x%04x",
|
|
Packit |
7b22a4 |
htons(info->port_set.p16.dst));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI))
|
|
Packit |
7b22a4 |
printf(" --hmark-spi 0x%08x", htonl(info->port_set.v32));
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_PROTO_MASK))
|
|
Packit |
7b22a4 |
printf(" --hmark-proto-mask 0x%02x", info->proto_mask);
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_RND))
|
|
Packit |
7b22a4 |
printf(" --hmark-rnd 0x%08x", info->hashrnd);
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_MODULUS))
|
|
Packit |
7b22a4 |
printf(" --hmark-mod %u", info->hmodulus);
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_OFFSET))
|
|
Packit |
7b22a4 |
printf(" --hmark-offset %u", info->hoffset);
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_CT))
|
|
Packit |
7b22a4 |
printf(" --hmark-tuple ct");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void HMARK_ip6_save(const void *ip, const struct xt_entry_target *target)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_hmark_info *info =
|
|
Packit |
7b22a4 |
(const struct xt_hmark_info *)target->data;
|
|
Packit |
7b22a4 |
int ret;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK)) {
|
|
Packit |
7b22a4 |
ret = xtables_ip6mask_to_cidr(&info->src_mask.in6);
|
|
Packit |
7b22a4 |
printf(" --hmark-src-prefix %d", ret);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK)) {
|
|
Packit |
7b22a4 |
ret = xtables_ip6mask_to_cidr(&info->dst_mask.in6);
|
|
Packit |
7b22a4 |
printf(" --hmark-dst-prefix %d", ret);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
HMARK_save(info);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void HMARK_ip4_save(const void *ip, const struct xt_entry_target *target)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_hmark_info *info =
|
|
Packit |
7b22a4 |
(const struct xt_hmark_info *)target->data;
|
|
Packit |
7b22a4 |
int ret;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK)) {
|
|
Packit |
7b22a4 |
ret = xtables_ipmask_to_cidr(&info->src_mask.in);
|
|
Packit |
7b22a4 |
printf(" --hmark-src-prefix %d", ret);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK)) {
|
|
Packit |
7b22a4 |
ret = xtables_ipmask_to_cidr(&info->dst_mask.in);
|
|
Packit |
7b22a4 |
printf(" --hmark-dst-prefix %d", ret);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
HMARK_save(info);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static struct xtables_target mark_tg_reg[] = {
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
.family = NFPROTO_IPV4,
|
|
Packit |
7b22a4 |
.name = "HMARK",
|
|
Packit |
7b22a4 |
.version = XTABLES_VERSION,
|
|
Packit |
7b22a4 |
.size = XT_ALIGN(sizeof(struct xt_hmark_info)),
|
|
Packit |
7b22a4 |
.userspacesize = XT_ALIGN(sizeof(struct xt_hmark_info)),
|
|
Packit |
7b22a4 |
.help = HMARK_help,
|
|
Packit |
7b22a4 |
.print = HMARK_ip4_print,
|
|
Packit |
7b22a4 |
.save = HMARK_ip4_save,
|
|
Packit |
7b22a4 |
.x6_parse = HMARK_ip4_parse,
|
|
Packit |
7b22a4 |
.x6_fcheck = HMARK_check,
|
|
Packit |
7b22a4 |
.x6_options = HMARK_opts,
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
.family = NFPROTO_IPV6,
|
|
Packit |
7b22a4 |
.name = "HMARK",
|
|
Packit |
7b22a4 |
.version = XTABLES_VERSION,
|
|
Packit |
7b22a4 |
.size = XT_ALIGN(sizeof(struct xt_hmark_info)),
|
|
Packit |
7b22a4 |
.userspacesize = XT_ALIGN(sizeof(struct xt_hmark_info)),
|
|
Packit |
7b22a4 |
.help = HMARK_help,
|
|
Packit |
7b22a4 |
.print = HMARK_ip6_print,
|
|
Packit |
7b22a4 |
.save = HMARK_ip6_save,
|
|
Packit |
7b22a4 |
.x6_parse = HMARK_ip6_parse,
|
|
Packit |
7b22a4 |
.x6_fcheck = HMARK_check,
|
|
Packit |
7b22a4 |
.x6_options = HMARK_opts,
|
|
Packit |
7b22a4 |
},
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
void _init(void)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
xtables_register_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
|
|
Packit |
7b22a4 |
}
|