source-git / iptables

Clone
Source Code
GIT

Blame extensions/libxt_TPROXY.c

c8 c8s master
  1.   f3543805e9eec5af3f84f239b78a3927765c0d29
  2.   extensions
  3.   libxt_TPROXY.c
Blob History Raw
Packit 7b22a4 
/*
Packit 7b22a4 
 * shared library add-on to iptables to add TPROXY target support.
Packit 7b22a4 
 *
Packit 7b22a4 
 * Copyright (C) 2002-2008 BalaBit IT Ltd.
Packit 7b22a4 
 */
Packit 7b22a4 
#include <stdio.h>
Packit 7b22a4 
#include <limits.h>
Packit 7b22a4 
#include <xtables.h>
Packit 7b22a4 
#include <linux/netfilter/xt_TPROXY.h>
Packit 7b22a4 
#include <arpa/inet.h>
Packit 7b22a4
Packit 7b22a4 
enum {
Packit 7b22a4 
	P_PORT = 0,
Packit 7b22a4 
	P_ADDR,
Packit 7b22a4 
	P_MARK,
Packit 7b22a4 
	F_PORT = 1 << P_PORT,
Packit 7b22a4 
	F_ADDR = 1 << P_ADDR,
Packit 7b22a4 
	F_MARK = 1 << P_MARK,
Packit 7b22a4 
};
Packit 7b22a4
Packit 7b22a4 
#define s struct xt_tproxy_target_info
Packit 7b22a4 
static const struct xt_option_entry tproxy_tg0_opts[] = {
Packit 7b22a4 
	{.name = "on-port", .id = P_PORT, .type = XTTYPE_PORT,
Packit 7b22a4 
	 .flags = XTOPT_MAND | XTOPT_NBO | XTOPT_PUT, XTOPT_POINTER(s, lport)},
Packit 7b22a4 
	{.name = "on-ip", .id = P_ADDR, .type = XTTYPE_HOST},
Packit 7b22a4 
	{.name = "tproxy-mark", .id = P_MARK, .type = XTTYPE_MARKMASK32},
Packit 7b22a4 
	XTOPT_TABLEEND,
Packit 7b22a4 
};
Packit 7b22a4 
#undef s
Packit 7b22a4 
#define s struct xt_tproxy_target_info_v1
Packit 7b22a4 
static const struct xt_option_entry tproxy_tg1_opts[] = {
Packit 7b22a4 
	{.name = "on-port", .id = P_PORT, .type = XTTYPE_PORT,
Packit 7b22a4 
	 .flags = XTOPT_MAND | XTOPT_NBO | XTOPT_PUT, XTOPT_POINTER(s, lport)},
Packit 7b22a4 
	{.name = "on-ip", .id = P_ADDR, .type = XTTYPE_HOST,
Packit 7b22a4 
	 .flags = XTOPT_PUT, XTOPT_POINTER(s, laddr)},
Packit 7b22a4 
	{.name = "tproxy-mark", .id = P_MARK, .type = XTTYPE_MARKMASK32},
Packit 7b22a4 
	XTOPT_TABLEEND,
Packit 7b22a4 
};
Packit 7b22a4 
#undef s
Packit 7b22a4
Packit 7b22a4 
static void tproxy_tg_help(void)
Packit 7b22a4 
{
Packit 7b22a4 
	printf(
Packit 7b22a4 
"TPROXY target options:\n"
Packit 7b22a4 
"  --on-port port		    Redirect connection to port, or the original port if 0\n"
Packit 7b22a4 
"  --on-ip ip			    Optionally redirect to the given IP\n"
Packit 7b22a4 
"  --tproxy-mark value[/mask]	    Mark packets with the given value/mask\n\n");
Packit 7b22a4 
}
Packit 7b22a4
Packit 7b22a4 
static void tproxy_tg_print(const void *ip, const struct xt_entry_target *target,
Packit 7b22a4 
			 int numeric)
Packit 7b22a4 
{
Packit 7b22a4 
	const struct xt_tproxy_target_info *info = (const void *)target->data;
Packit 7b22a4 
	printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
Packit 7b22a4 
	       xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr),
Packit 7b22a4 
	       ntohs(info->lport), (unsigned int)info->mark_value,
Packit 7b22a4 
	       (unsigned int)info->mark_mask);
Packit 7b22a4 
}
Packit 7b22a4
Packit 7b22a4 
static void
Packit 7b22a4 
tproxy_tg_print4(const void *ip, const struct xt_entry_target *target,
Packit 7b22a4 
		 int numeric)
Packit 7b22a4 
{
Packit 7b22a4 
	const struct xt_tproxy_target_info_v1 *info =
Packit 7b22a4 
		(const void *)target->data;
Packit 7b22a4
Packit 7b22a4 
	printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
Packit 7b22a4 
	       xtables_ipaddr_to_numeric(&info->laddr.in),
Packit 7b22a4 
	       ntohs(info->lport), (unsigned int)info->mark_value,
Packit 7b22a4 
	       (unsigned int)info->mark_mask);
Packit 7b22a4 
}
Packit 7b22a4
Packit 7b22a4 
static void
Packit 7b22a4 
tproxy_tg_print6(const void *ip, const struct xt_entry_target *target,
Packit 7b22a4 
		 int numeric)
Packit 7b22a4 
{
Packit 7b22a4 
	const struct xt_tproxy_target_info_v1 *info =
Packit 7b22a4 
		(const void *)target->data;
Packit 7b22a4
Packit 7b22a4 
	printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
Packit 7b22a4 
	       xtables_ip6addr_to_numeric(&info->laddr.in6),
Packit 7b22a4 
	       ntohs(info->lport), (unsigned int)info->mark_value,
Packit 7b22a4 
	       (unsigned int)info->mark_mask);
Packit 7b22a4 
}
Packit 7b22a4
Packit 7b22a4 
static void tproxy_tg_save(const void *ip, const struct xt_entry_target *target)
Packit 7b22a4 
{
Packit 7b22a4 
	const struct xt_tproxy_target_info *info = (const void *)target->data;
Packit 7b22a4
Packit 7b22a4 
	printf(" --on-port %u", ntohs(info->lport));
Packit 7b22a4 
	printf(" --on-ip %s",
Packit 7b22a4 
	       xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr));
Packit 7b22a4 
	printf(" --tproxy-mark 0x%x/0x%x",
Packit 7b22a4 
	       (unsigned int)info->mark_value, (unsigned int)info->mark_mask);
Packit 7b22a4 
}
Packit 7b22a4
Packit 7b22a4 
static void
Packit 7b22a4 
tproxy_tg_save4(const void *ip, const struct xt_entry_target *target)
Packit 7b22a4 
{
Packit 7b22a4 
	const struct xt_tproxy_target_info_v1 *info;
Packit 7b22a4
Packit 7b22a4 
	info = (const void *)target->data;
Packit 7b22a4 
	printf(" --on-port %u", ntohs(info->lport));
Packit 7b22a4 
	printf(" --on-ip %s", xtables_ipaddr_to_numeric(&info->laddr.in));
Packit 7b22a4 
	printf(" --tproxy-mark 0x%x/0x%x",
Packit 7b22a4 
	       (unsigned int)info->mark_value, (unsigned int)info->mark_mask);
Packit 7b22a4 
}
Packit 7b22a4
Packit 7b22a4 
static void
Packit 7b22a4 
tproxy_tg_save6(const void *ip, const struct xt_entry_target *target)
Packit 7b22a4 
{
Packit 7b22a4 
	const struct xt_tproxy_target_info_v1 *info;
Packit 7b22a4
Packit 7b22a4 
	info = (const void *)target->data;
Packit 7b22a4 
	printf(" --on-port %u", ntohs(info->lport));
Packit 7b22a4 
	printf(" --on-ip %s", xtables_ip6addr_to_numeric(&info->laddr.in6));
Packit 7b22a4 
	printf(" --tproxy-mark 0x%x/0x%x",
Packit 7b22a4 
	       (unsigned int)info->mark_value, (unsigned int)info->mark_mask);
Packit 7b22a4 
}
Packit 7b22a4
Packit 7b22a4 
static void tproxy_tg0_parse(struct xt_option_call *cb)
Packit 7b22a4 
{
Packit 7b22a4 
	struct xt_tproxy_target_info *info = cb->data;
Packit 7b22a4
Packit 7b22a4 
	xtables_option_parse(cb);
Packit 7b22a4 
	switch (cb->entry->id) {
Packit 7b22a4 
	case P_MARK:
Packit 7b22a4 
		info->mark_value = cb->val.mark;
Packit 7b22a4 
		info->mark_mask  = cb->val.mask;
Packit 7b22a4 
		break;
Packit 7b22a4 
	case P_ADDR:
Packit 7b22a4 
		info->laddr = cb->val.haddr.ip;
Packit 7b22a4 
		break;
Packit 7b22a4 
	}
Packit 7b22a4 
}
Packit 7b22a4
Packit 7b22a4 
static void tproxy_tg1_parse(struct xt_option_call *cb)
Packit 7b22a4 
{
Packit 7b22a4 
	struct xt_tproxy_target_info_v1 *info = cb->data;
Packit 7b22a4
Packit 7b22a4 
	xtables_option_parse(cb);
Packit 7b22a4 
	switch (cb->entry->id) {
Packit 7b22a4 
	case P_MARK:
Packit 7b22a4 
		info->mark_value = cb->val.mark;
Packit 7b22a4 
		info->mark_mask  = cb->val.mask;
Packit 7b22a4 
		break;
Packit 7b22a4 
	}
Packit 7b22a4 
}
Packit 7b22a4
Packit 7b22a4 
static struct xtables_target tproxy_tg_reg[] = {
Packit 7b22a4 
	{
Packit 7b22a4 
		.name          = "TPROXY",
Packit 7b22a4 
		.revision      = 0,
Packit 7b22a4 
		.family        = NFPROTO_IPV4,
Packit 7b22a4 
		.version       = XTABLES_VERSION,
Packit 7b22a4 
		.size          = XT_ALIGN(sizeof(struct xt_tproxy_target_info)),
Packit 7b22a4 
		.userspacesize = XT_ALIGN(sizeof(struct xt_tproxy_target_info)),
Packit 7b22a4 
		.help          = tproxy_tg_help,
Packit 7b22a4 
		.print         = tproxy_tg_print,
Packit 7b22a4 
		.save          = tproxy_tg_save,
Packit 7b22a4 
		.x6_options    = tproxy_tg0_opts,
Packit 7b22a4 
		.x6_parse      = tproxy_tg0_parse,
Packit 7b22a4 
	},
Packit 7b22a4 
	{
Packit 7b22a4 
		.name          = "TPROXY",
Packit 7b22a4 
		.revision      = 1,
Packit 7b22a4 
		.family        = NFPROTO_IPV4,
Packit 7b22a4 
		.version       = XTABLES_VERSION,
Packit 7b22a4 
		.size          = XT_ALIGN(sizeof(struct xt_tproxy_target_info_v1)),
Packit 7b22a4 
		.userspacesize = XT_ALIGN(sizeof(struct xt_tproxy_target_info_v1)),
Packit 7b22a4 
		.help          = tproxy_tg_help,
Packit 7b22a4 
		.print         = tproxy_tg_print4,
Packit 7b22a4 
		.save          = tproxy_tg_save4,
Packit 7b22a4 
		.x6_options    = tproxy_tg1_opts,
Packit 7b22a4 
		.x6_parse      = tproxy_tg1_parse,
Packit 7b22a4 
	},
Packit 7b22a4 
	{
Packit 7b22a4 
		.name          = "TPROXY",
Packit 7b22a4 
		.revision      = 1,
Packit 7b22a4 
		.family        = NFPROTO_IPV6,
Packit 7b22a4 
		.version       = XTABLES_VERSION,
Packit 7b22a4 
		.size          = XT_ALIGN(sizeof(struct xt_tproxy_target_info_v1)),
Packit 7b22a4 
		.userspacesize = XT_ALIGN(sizeof(struct xt_tproxy_target_info_v1)),
Packit 7b22a4 
		.help          = tproxy_tg_help,
Packit 7b22a4 
		.print         = tproxy_tg_print6,
Packit 7b22a4 
		.save          = tproxy_tg_save6,
Packit 7b22a4 
		.x6_options    = tproxy_tg1_opts,
Packit 7b22a4 
		.x6_parse      = tproxy_tg1_parse,
Packit 7b22a4 
	},
Packit 7b22a4 
};
Packit 7b22a4
Packit 7b22a4 
void _init(void)
Packit 7b22a4 
{
Packit 7b22a4 
	xtables_register_targets(tproxy_tg_reg, ARRAY_SIZE(tproxy_tg_reg));
Packit 7b22a4 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation