summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorlaforge <laforge>2001-07-28 18:47:11 +0000
committerlaforge <laforge>2001-07-28 18:47:11 +0000
commit9a11770d645c313697cd3953f81aacc9b80990d6 (patch)
tree3d1af2459decc2fdc66376109e2d7159c49613c9 /extensions
parenta66b998e92b76eb66a59c7266892a672b85afa18 (diff)
SAME patch update (add --nodst option)
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libipt_SAME.c64
1 files changed, 49 insertions, 15 deletions
diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index 68f745c..84bc3c5 100644
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -7,8 +7,9 @@
#include <iptables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
+#include <linux/netfilter_ipv4/ipt_SAME.h>
-#define BREAKUP_IP(x) (x)>>24, ((x)>>16) & 0xFF, ((x)>>8) & 0xFF, (x) & 0xFF
+#define BREAKUP_IP(x) (x) & 0xFF, ((x)>>8) & 0xFF, ((x)>>16) & 0xFF, (x)>>24
/* Function which prints out usage message. */
static void
@@ -17,12 +18,16 @@ help(void)
printf(
"SAME v%s options:\n"
" --to <ipaddr>-<ipaddr>\n"
-" Addresses to map source to.\n",
+" Addresses to map source to.\n"
+" --nodst\n"
+" Don't use destination-ip in\n"
+" source selection\n",
NETFILTER_VERSION);
}
static struct option opts[] = {
{ "to", 1, 0, '1' },
+ { "nodst", 0, 0, '2'},
{ 0 }
};
@@ -30,11 +35,14 @@ static struct option opts[] = {
static void
init(struct ipt_entry_target *t, unsigned int *nfcache)
{
- struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+ struct ipt_same_info *mr = (struct ipt_same_info *)t->data;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
+ /* Set default info to 0 */
+ mr->info = 0;
+
/* Can't cache this */
*nfcache |= NFC_UNKNOWN;
}
@@ -63,8 +71,13 @@ parse_to(char *arg, struct ip_nat_range *range)
exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
dash+1);
range->max_ip = ip->s_addr;
+ if (range->min_ip >= range->max_ip)
+ exit_error(PARAMETER_PROBLEM, "Bad IP range `%u.%u.%u.%u-%u.%u.%u.%u'\n", BREAKUP_IP(range->min_ip), BREAKUP_IP(range->max_ip));
}
+#define IPT_SAME_OPT_TO 0x01
+#define IPT_SAME_OPT_NODST 0x02
+
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -72,28 +85,43 @@ parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
struct ipt_entry_target **target)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)(*target)->data;
+ struct ipt_same_info *mr
+ = (struct ipt_same_info *)(*target)->data;
switch (c) {
case '1':
+ if (*flags & IPT_SAME_OPT_TO)
+ exit_error(PARAMETER_PROBLEM,
+ "Can't specify --to twice");
+
if (check_inverse(optarg, &invert))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to");
parse_to(optarg, &mr->range[0]);
- *flags = 1;
- return 1;
-
+ *flags |= IPT_SAME_OPT_TO;
+ break;
+
+ case '2':
+ if (*flags & IPT_SAME_OPT_NODST)
+ exit_error(PARAMETER_PROBLEM,
+ "Can't specify --nodst twice");
+
+ mr->info |= IPT_SAME_NODST;
+ *flags |= IPT_SAME_OPT_NODST;
+ break;
+
default:
return 0;
}
+
+ return 1;
}
/* Final check; need --to. */
static void final_check(unsigned int flags)
{
- if (!flags)
+ if (!(flags & IPT_SAME_OPT_TO))
exit_error(PARAMETER_PROBLEM,
"SAME needs --to");
}
@@ -104,8 +132,8 @@ print(const struct ipt_ip *ip,
const struct ipt_entry_target *target,
int numeric)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
+ struct ipt_same_info *mr
+ = (struct ipt_same_info *)target->data;
struct ip_nat_range *r = &mr->range[0];
struct in_addr a;
@@ -114,14 +142,17 @@ print(const struct ipt_ip *ip,
printf("same %s", addr_to_dotted(&a));
a.s_addr = r->max_ip;
printf("-%s ", addr_to_dotted(&a));
+
+ if (mr->info & IPT_SAME_NODST)
+ printf("nodst ");
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
+ struct ipt_same_info *mr
+ = (struct ipt_same_info *)target->data;
struct ip_nat_range *r = &mr->range[0];
struct in_addr a;
@@ -129,14 +160,17 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
printf("--to %s", addr_to_dotted(&a));
a.s_addr = r->max_ip;
printf("-%s ", addr_to_dotted(&a));
+
+ if (mr->info & IPT_SAME_NODST)
+ printf("--nodst ");
}
struct iptables_target same
= { NULL,
"SAME",
NETFILTER_VERSION,
- IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
- IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ IPT_ALIGN(sizeof(struct ipt_same_info)),
+ IPT_ALIGN(sizeof(struct ipt_same_info)),
&help,
&init,
&parse,