|
Packit Service |
d1fe03 |
#include <stdint.h>
|
|
Packit Service |
d1fe03 |
#include <stdio.h>
|
|
Packit Service |
d1fe03 |
#include <string.h>
|
|
Packit Service |
d1fe03 |
#include <stdlib.h>
|
|
Packit Service |
d1fe03 |
#include <xtables.h>
|
|
Packit Service |
d1fe03 |
#include <linux/netfilter.h>
|
|
Packit Service |
d1fe03 |
#include <linux/netfilter/xt_iprange.h>
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
struct ipt_iprange {
|
|
Packit Service |
d1fe03 |
/* Inclusive: network order. */
|
|
Packit Service |
d1fe03 |
__be32 min_ip, max_ip;
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
struct ipt_iprange_info {
|
|
Packit Service |
d1fe03 |
struct ipt_iprange src;
|
|
Packit Service |
d1fe03 |
struct ipt_iprange dst;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
/* Flags from above */
|
|
Packit Service |
d1fe03 |
uint8_t flags;
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
enum {
|
|
Packit Service |
d1fe03 |
O_SRC_RANGE = 0,
|
|
Packit Service |
d1fe03 |
O_DST_RANGE,
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void iprange_mt_help(void)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
printf(
|
|
Packit Service |
d1fe03 |
"iprange match options:\n"
|
|
Packit Service |
d1fe03 |
"[!] --src-range ip[-ip] Match source IP in the specified range\n"
|
|
Packit Service |
d1fe03 |
"[!] --dst-range ip[-ip] Match destination IP in the specified range\n");
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static const struct xt_option_entry iprange_mt_opts[] = {
|
|
Packit Service |
d1fe03 |
{.name = "src-range", .id = O_SRC_RANGE, .type = XTTYPE_STRING,
|
|
Packit Service |
d1fe03 |
.flags = XTOPT_INVERT},
|
|
Packit Service |
d1fe03 |
{.name = "dst-range", .id = O_DST_RANGE, .type = XTTYPE_STRING,
|
|
Packit Service |
d1fe03 |
.flags = XTOPT_INVERT},
|
|
Packit Service |
d1fe03 |
XTOPT_TABLEEND,
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void
|
|
Packit Service |
d1fe03 |
iprange_parse_spec(const char *from, const char *to, union nf_inet_addr *range,
|
|
Packit Service |
d1fe03 |
uint8_t family, const char *optname)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const char *spec[2] = {from, to};
|
|
Packit Service |
d1fe03 |
struct in6_addr *ia6;
|
|
Packit Service |
d1fe03 |
struct in_addr *ia4;
|
|
Packit Service |
d1fe03 |
unsigned int i;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
memset(range, 0, sizeof(union nf_inet_addr) * 2);
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (family == NFPROTO_IPV6) {
|
|
Packit Service |
d1fe03 |
for (i = 0; i < ARRAY_SIZE(spec); ++i) {
|
|
Packit Service |
d1fe03 |
ia6 = xtables_numeric_to_ip6addr(spec[i]);
|
|
Packit Service |
d1fe03 |
if (ia6 == NULL)
|
|
Packit Service |
d1fe03 |
xtables_param_act(XTF_BAD_VALUE, "iprange",
|
|
Packit Service |
d1fe03 |
optname, spec[i]);
|
|
Packit Service |
d1fe03 |
range[i].in6 = *ia6;
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
} else {
|
|
Packit Service |
d1fe03 |
for (i = 0; i < ARRAY_SIZE(spec); ++i) {
|
|
Packit Service |
d1fe03 |
ia4 = xtables_numeric_to_ipaddr(spec[i]);
|
|
Packit Service |
d1fe03 |
if (ia4 == NULL)
|
|
Packit Service |
d1fe03 |
xtables_param_act(XTF_BAD_VALUE, "iprange",
|
|
Packit Service |
d1fe03 |
optname, spec[i]);
|
|
Packit Service |
d1fe03 |
range[i].in = *ia4;
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void iprange_parse_range(const char *oarg, union nf_inet_addr *range,
|
|
Packit Service |
d1fe03 |
uint8_t family, const char *optname)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
char *arg = strdup(oarg);
|
|
Packit Service |
d1fe03 |
char *dash;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (arg == NULL)
|
|
Packit Service |
d1fe03 |
xtables_error(RESOURCE_PROBLEM, "strdup");
|
|
Packit Service |
d1fe03 |
dash = strchr(arg, '-');
|
|
Packit Service |
d1fe03 |
if (dash == NULL) {
|
|
Packit Service |
d1fe03 |
iprange_parse_spec(arg, arg, range, family, optname);
|
|
Packit Service |
d1fe03 |
free(arg);
|
|
Packit Service |
d1fe03 |
return;
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
*dash = '\0';
|
|
Packit Service |
d1fe03 |
iprange_parse_spec(arg, dash + 1, range, family, optname);
|
|
Packit Service |
d1fe03 |
if (memcmp(&range[0], &range[1], sizeof(*range)) > 0)
|
|
Packit Service |
d1fe03 |
fprintf(stderr, "xt_iprange: range %s-%s is reversed and "
|
|
Packit Service |
d1fe03 |
"will never match\n", arg, dash + 1);
|
|
Packit Service |
d1fe03 |
free(arg);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void iprange_parse(struct xt_option_call *cb)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
struct ipt_iprange_info *info = cb->data;
|
|
Packit Service |
d1fe03 |
union nf_inet_addr range[2];
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
xtables_option_parse(cb);
|
|
Packit Service |
d1fe03 |
switch (cb->entry->id) {
|
|
Packit Service |
d1fe03 |
case O_SRC_RANGE:
|
|
Packit Service |
d1fe03 |
info->flags |= IPRANGE_SRC;
|
|
Packit Service |
d1fe03 |
if (cb->invert)
|
|
Packit Service |
d1fe03 |
info->flags |= IPRANGE_SRC_INV;
|
|
Packit Service |
d1fe03 |
iprange_parse_range(cb->arg, range,
|
|
Packit Service |
d1fe03 |
NFPROTO_IPV4, "--src-range");
|
|
Packit Service |
d1fe03 |
info->src.min_ip = range[0].ip;
|
|
Packit Service |
d1fe03 |
info->src.max_ip = range[1].ip;
|
|
Packit Service |
d1fe03 |
break;
|
|
Packit Service |
d1fe03 |
case O_DST_RANGE:
|
|
Packit Service |
d1fe03 |
info->flags |= IPRANGE_DST;
|
|
Packit Service |
d1fe03 |
if (cb->invert)
|
|
Packit Service |
d1fe03 |
info->flags |= IPRANGE_DST_INV;
|
|
Packit Service |
d1fe03 |
iprange_parse_range(cb->arg, range,
|
|
Packit Service |
d1fe03 |
NFPROTO_IPV4, "--dst-range");
|
|
Packit Service |
d1fe03 |
info->dst.min_ip = range[0].ip;
|
|
Packit Service |
d1fe03 |
info->dst.max_ip = range[1].ip;
|
|
Packit Service |
d1fe03 |
break;
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void iprange_mt_parse(struct xt_option_call *cb, uint8_t nfproto)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
struct xt_iprange_mtinfo *info = cb->data;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
xtables_option_parse(cb);
|
|
Packit Service |
d1fe03 |
switch (cb->entry->id) {
|
|
Packit Service |
d1fe03 |
case O_SRC_RANGE:
|
|
Packit Service |
d1fe03 |
iprange_parse_range(cb->arg, &info->src_min, nfproto,
|
|
Packit Service |
d1fe03 |
"--src-range");
|
|
Packit Service |
d1fe03 |
info->flags |= IPRANGE_SRC;
|
|
Packit Service |
d1fe03 |
if (cb->invert)
|
|
Packit Service |
d1fe03 |
info->flags |= IPRANGE_SRC_INV;
|
|
Packit Service |
d1fe03 |
break;
|
|
Packit Service |
d1fe03 |
case O_DST_RANGE:
|
|
Packit Service |
d1fe03 |
iprange_parse_range(cb->arg, &info->dst_min, nfproto,
|
|
Packit Service |
d1fe03 |
"--dst-range");
|
|
Packit Service |
d1fe03 |
info->flags |= IPRANGE_DST;
|
|
Packit Service |
d1fe03 |
if (cb->invert)
|
|
Packit Service |
d1fe03 |
info->flags |= IPRANGE_DST_INV;
|
|
Packit Service |
d1fe03 |
break;
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void iprange_mt4_parse(struct xt_option_call *cb)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
iprange_mt_parse(cb, NFPROTO_IPV4);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void iprange_mt6_parse(struct xt_option_call *cb)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
iprange_mt_parse(cb, NFPROTO_IPV6);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void iprange_mt_check(struct xt_fcheck_call *cb)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
if (cb->xflags == 0)
|
|
Packit Service |
d1fe03 |
xtables_error(PARAMETER_PROBLEM,
|
|
Packit Service |
d1fe03 |
"iprange match: You must specify `--src-range' or `--dst-range'");
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void
|
|
Packit Service |
d1fe03 |
print_iprange(const struct ipt_iprange *range)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const unsigned char *byte_min, *byte_max;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
byte_min = (const unsigned char *)&range->min_ip;
|
|
Packit Service |
d1fe03 |
byte_max = (const unsigned char *)&range->max_ip;
|
|
Packit Service |
d1fe03 |
printf(" %u.%u.%u.%u-%u.%u.%u.%u",
|
|
Packit Service |
d1fe03 |
byte_min[0], byte_min[1], byte_min[2], byte_min[3],
|
|
Packit Service |
d1fe03 |
byte_max[0], byte_max[1], byte_max[2], byte_max[3]);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void iprange_print(const void *ip, const struct xt_entry_match *match,
|
|
Packit Service |
d1fe03 |
int numeric)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const struct ipt_iprange_info *info = (const void *)match->data;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC) {
|
|
Packit Service |
d1fe03 |
printf(" source IP range");
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
print_iprange(&info->src);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST) {
|
|
Packit Service |
d1fe03 |
printf(" destination IP range");
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
print_iprange(&info->dst);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void
|
|
Packit Service |
d1fe03 |
iprange_mt4_print(const void *ip, const struct xt_entry_match *match,
|
|
Packit Service |
d1fe03 |
int numeric)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const struct xt_iprange_mtinfo *info = (const void *)match->data;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC) {
|
|
Packit Service |
d1fe03 |
printf(" source IP range");
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
/*
|
|
Packit Service |
d1fe03 |
* ipaddr_to_numeric() uses a static buffer, so cannot
|
|
Packit Service |
d1fe03 |
* combine the printf() calls.
|
|
Packit Service |
d1fe03 |
*/
|
|
Packit Service |
d1fe03 |
printf(" %s", xtables_ipaddr_to_numeric(&info->src_min.in));
|
|
Packit Service |
d1fe03 |
printf("-%s", xtables_ipaddr_to_numeric(&info->src_max.in));
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST) {
|
|
Packit Service |
d1fe03 |
printf(" destination IP range");
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
printf(" %s", xtables_ipaddr_to_numeric(&info->dst_min.in));
|
|
Packit Service |
d1fe03 |
printf("-%s", xtables_ipaddr_to_numeric(&info->dst_max.in));
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void
|
|
Packit Service |
d1fe03 |
iprange_mt6_print(const void *ip, const struct xt_entry_match *match,
|
|
Packit Service |
d1fe03 |
int numeric)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const struct xt_iprange_mtinfo *info = (const void *)match->data;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC) {
|
|
Packit Service |
d1fe03 |
printf(" source IP range");
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
/*
|
|
Packit Service |
d1fe03 |
* ipaddr_to_numeric() uses a static buffer, so cannot
|
|
Packit Service |
d1fe03 |
* combine the printf() calls.
|
|
Packit Service |
d1fe03 |
*/
|
|
Packit Service |
d1fe03 |
printf(" %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
|
|
Packit Service |
d1fe03 |
printf("-%s", xtables_ip6addr_to_numeric(&info->src_max.in6));
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST) {
|
|
Packit Service |
d1fe03 |
printf(" destination IP range");
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
printf(" %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
|
|
Packit Service |
d1fe03 |
printf("-%s", xtables_ip6addr_to_numeric(&info->dst_max.in6));
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void iprange_save(const void *ip, const struct xt_entry_match *match)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const struct ipt_iprange_info *info = (const void *)match->data;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC) {
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
printf(" --src-range");
|
|
Packit Service |
d1fe03 |
print_iprange(&info->src);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST) {
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
printf(" --dst-range");
|
|
Packit Service |
d1fe03 |
print_iprange(&info->dst);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void iprange_mt4_save(const void *ip, const struct xt_entry_match *match)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const struct xt_iprange_mtinfo *info = (const void *)match->data;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC) {
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
printf(" --src-range %s",
|
|
Packit Service |
d1fe03 |
xtables_ipaddr_to_numeric(&info->src_min.in));
|
|
Packit Service |
d1fe03 |
printf("-%s", xtables_ipaddr_to_numeric(&info->src_max.in));
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST) {
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
printf(" --dst-range %s",
|
|
Packit Service |
d1fe03 |
xtables_ipaddr_to_numeric(&info->dst_min.in));
|
|
Packit Service |
d1fe03 |
printf("-%s", xtables_ipaddr_to_numeric(&info->dst_max.in));
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void iprange_mt6_save(const void *ip, const struct xt_entry_match *match)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const struct xt_iprange_mtinfo *info = (const void *)match->data;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC) {
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
printf(" --src-range %s",
|
|
Packit Service |
d1fe03 |
xtables_ip6addr_to_numeric(&info->src_min.in6));
|
|
Packit Service |
d1fe03 |
printf("-%s", xtables_ip6addr_to_numeric(&info->src_max.in6));
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST) {
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST_INV)
|
|
Packit Service |
d1fe03 |
printf(" !");
|
|
Packit Service |
d1fe03 |
printf(" --dst-range %s",
|
|
Packit Service |
d1fe03 |
xtables_ip6addr_to_numeric(&info->dst_min.in6));
|
|
Packit Service |
d1fe03 |
printf("-%s", xtables_ip6addr_to_numeric(&info->dst_max.in6));
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static void
|
|
Packit Service |
d1fe03 |
print_iprange_xlate(const struct ipt_iprange *range,
|
|
Packit Service |
d1fe03 |
struct xt_xlate *xl)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const unsigned char *byte_min, *byte_max;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
byte_min = (const unsigned char *)&range->min_ip;
|
|
Packit Service |
d1fe03 |
byte_max = (const unsigned char *)&range->max_ip;
|
|
Packit Service |
d1fe03 |
xt_xlate_add(xl, " %u.%u.%u.%u-%u.%u.%u.%u ",
|
|
Packit Service |
d1fe03 |
byte_min[0], byte_min[1], byte_min[2], byte_min[3],
|
|
Packit Service |
d1fe03 |
byte_max[0], byte_max[1], byte_max[2], byte_max[3]);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static int iprange_xlate(struct xt_xlate *xl,
|
|
Packit Service |
d1fe03 |
const struct xt_xlate_mt_params *params)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const struct ipt_iprange_info *info = (const void *)params->match->data;
|
|
Packit Service |
d1fe03 |
char *space = "";
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC) {
|
|
Packit Service |
d1fe03 |
xt_xlate_add(xl, "ip saddr%s",
|
|
Packit Service |
d1fe03 |
info->flags & IPRANGE_SRC_INV ? " !=" : "");
|
|
Packit Service |
d1fe03 |
print_iprange_xlate(&info->src, xl);
|
|
Packit Service |
d1fe03 |
space = " ";
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST) {
|
|
Packit Service |
d1fe03 |
xt_xlate_add(xl, "%sip daddr%s", space,
|
|
Packit Service |
d1fe03 |
info->flags & IPRANGE_DST_INV ? " !=" : "");
|
|
Packit Service |
d1fe03 |
print_iprange_xlate(&info->dst, xl);
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
return 1;
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static int iprange_mt4_xlate(struct xt_xlate *xl,
|
|
Packit Service |
d1fe03 |
const struct xt_xlate_mt_params *params)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const struct xt_iprange_mtinfo *info =
|
|
Packit Service |
d1fe03 |
(const void *)params->match->data;
|
|
Packit Service |
d1fe03 |
char *space = "";
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC) {
|
|
Packit Service |
d1fe03 |
xt_xlate_add(xl, "ip saddr%s %s",
|
|
Packit Service |
d1fe03 |
info->flags & IPRANGE_SRC_INV ? " !=" : "",
|
|
Packit Service |
d1fe03 |
xtables_ipaddr_to_numeric(&info->src_min.in));
|
|
Packit Service |
d1fe03 |
xt_xlate_add(xl, "-%s",
|
|
Packit Service |
d1fe03 |
xtables_ipaddr_to_numeric(&info->src_max.in));
|
|
Packit Service |
d1fe03 |
space = " ";
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST) {
|
|
Packit Service |
d1fe03 |
xt_xlate_add(xl, "%sip daddr%s %s", space,
|
|
Packit Service |
d1fe03 |
info->flags & IPRANGE_DST_INV ? " !=" : "",
|
|
Packit Service |
d1fe03 |
xtables_ipaddr_to_numeric(&info->dst_min.in));
|
|
Packit Service |
d1fe03 |
xt_xlate_add(xl, "-%s",
|
|
Packit Service |
d1fe03 |
xtables_ipaddr_to_numeric(&info->dst_max.in));
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
return 1;
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static int iprange_mt6_xlate(struct xt_xlate *xl,
|
|
Packit Service |
d1fe03 |
const struct xt_xlate_mt_params *params)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
const struct xt_iprange_mtinfo *info =
|
|
Packit Service |
d1fe03 |
(const void *)params->match->data;
|
|
Packit Service |
d1fe03 |
char *space = "";
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_SRC) {
|
|
Packit Service |
d1fe03 |
xt_xlate_add(xl, "ip6 saddr%s %s",
|
|
Packit Service |
d1fe03 |
info->flags & IPRANGE_SRC_INV ? " !=" : "",
|
|
Packit Service |
d1fe03 |
xtables_ip6addr_to_numeric(&info->src_min.in6));
|
|
Packit Service |
d1fe03 |
xt_xlate_add(xl, "-%s",
|
|
Packit Service |
d1fe03 |
xtables_ip6addr_to_numeric(&info->src_max.in6));
|
|
Packit Service |
d1fe03 |
space = " ";
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
if (info->flags & IPRANGE_DST) {
|
|
Packit Service |
d1fe03 |
xt_xlate_add(xl, "%sip6 daddr%s %s", space,
|
|
Packit Service |
d1fe03 |
info->flags & IPRANGE_DST_INV ? " !=" : "",
|
|
Packit Service |
d1fe03 |
xtables_ip6addr_to_numeric(&info->dst_min.in6));
|
|
Packit Service |
d1fe03 |
xt_xlate_add(xl, "-%s",
|
|
Packit Service |
d1fe03 |
xtables_ip6addr_to_numeric(&info->dst_max.in6));
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
return 1;
|
|
Packit Service |
d1fe03 |
}
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
static struct xtables_match iprange_mt_reg[] = {
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
.version = XTABLES_VERSION,
|
|
Packit Service |
d1fe03 |
.name = "iprange",
|
|
Packit Service |
d1fe03 |
.revision = 0,
|
|
Packit Service |
d1fe03 |
.family = NFPROTO_IPV4,
|
|
Packit Service |
d1fe03 |
.size = XT_ALIGN(sizeof(struct ipt_iprange_info)),
|
|
Packit Service |
d1fe03 |
.userspacesize = XT_ALIGN(sizeof(struct ipt_iprange_info)),
|
|
Packit Service |
d1fe03 |
.help = iprange_mt_help,
|
|
Packit Service |
d1fe03 |
.x6_parse = iprange_parse,
|
|
Packit Service |
d1fe03 |
.x6_fcheck = iprange_mt_check,
|
|
Packit Service |
d1fe03 |
.print = iprange_print,
|
|
Packit Service |
d1fe03 |
.save = iprange_save,
|
|
Packit Service |
d1fe03 |
.x6_options = iprange_mt_opts,
|
|
Packit Service |
d1fe03 |
.xlate = iprange_xlate,
|
|
Packit Service |
d1fe03 |
},
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
.version = XTABLES_VERSION,
|
|
Packit Service |
d1fe03 |
.name = "iprange",
|
|
Packit Service |
d1fe03 |
.revision = 1,
|
|
Packit Service |
d1fe03 |
.family = NFPROTO_IPV4,
|
|
Packit Service |
d1fe03 |
.size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
|
|
Packit Service |
d1fe03 |
.userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
|
|
Packit Service |
d1fe03 |
.help = iprange_mt_help,
|
|
Packit Service |
d1fe03 |
.x6_parse = iprange_mt4_parse,
|
|
Packit Service |
d1fe03 |
.x6_fcheck = iprange_mt_check,
|
|
Packit Service |
d1fe03 |
.print = iprange_mt4_print,
|
|
Packit Service |
d1fe03 |
.save = iprange_mt4_save,
|
|
Packit Service |
d1fe03 |
.x6_options = iprange_mt_opts,
|
|
Packit Service |
d1fe03 |
.xlate = iprange_mt4_xlate,
|
|
Packit Service |
d1fe03 |
},
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
.version = XTABLES_VERSION,
|
|
Packit Service |
d1fe03 |
.name = "iprange",
|
|
Packit Service |
d1fe03 |
.revision = 1,
|
|
Packit Service |
d1fe03 |
.family = NFPROTO_IPV6,
|
|
Packit Service |
d1fe03 |
.size = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
|
|
Packit Service |
d1fe03 |
.userspacesize = XT_ALIGN(sizeof(struct xt_iprange_mtinfo)),
|
|
Packit Service |
d1fe03 |
.help = iprange_mt_help,
|
|
Packit Service |
d1fe03 |
.x6_parse = iprange_mt6_parse,
|
|
Packit Service |
d1fe03 |
.x6_fcheck = iprange_mt_check,
|
|
Packit Service |
d1fe03 |
.print = iprange_mt6_print,
|
|
Packit Service |
d1fe03 |
.save = iprange_mt6_save,
|
|
Packit Service |
d1fe03 |
.x6_options = iprange_mt_opts,
|
|
Packit Service |
d1fe03 |
.xlate = iprange_mt6_xlate,
|
|
Packit Service |
d1fe03 |
},
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
void _init(void)
|
|
Packit Service |
d1fe03 |
{
|
|
Packit Service |
d1fe03 |
xtables_register_matches(iprange_mt_reg, ARRAY_SIZE(iprange_mt_reg));
|
|
Packit Service |
d1fe03 |
}
|