From cf655eb194951a93e4e1371747273c12466c1952 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Sat, 28 Jul 2001 18:47:11 +0000
Subject: SAME patch update (add --nodst option)

---
 extensions/libipt_SAME.c | 64 ++++++++++++++++++++++++++++++++++++------------
 1 file changed, 49 insertions(+), 15 deletions(-)

diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index 68f745c8..84bc3c5b 100644
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -7,8 +7,9 @@
 #include <iptables.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv4/ip_nat_rule.h>
+#include <linux/netfilter_ipv4/ipt_SAME.h>
 
-#define BREAKUP_IP(x) (x)>>24, ((x)>>16) & 0xFF, ((x)>>8) & 0xFF, (x) & 0xFF
+#define BREAKUP_IP(x) (x) & 0xFF, ((x)>>8) & 0xFF, ((x)>>16) & 0xFF, (x)>>24
 
 /* Function which prints out usage message. */
 static void
@@ -17,12 +18,16 @@ help(void)
 	printf(
 "SAME v%s options:\n"
 " --to <ipaddr>-<ipaddr>\n"
-"				Addresses to map source to.\n",
+"				Addresses to map source to.\n"
+" --nodst\n"
+"				Don't use destination-ip in\n"
+"				           source selection\n",
 NETFILTER_VERSION);
 }
 
 static struct option opts[] = {
 	{ "to", 1, 0, '1' },
+	{ "nodst", 0, 0, '2'},
 	{ 0 }
 };
 
@@ -30,11 +35,14 @@ static struct option opts[] = {
 static void
 init(struct ipt_entry_target *t, unsigned int *nfcache)
 {
-	struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+	struct ipt_same_info *mr = (struct ipt_same_info *)t->data;
 
 	/* Actually, it's 0, but it's ignored at the moment. */
 	mr->rangesize = 1;
 
+	/* Set default info to 0 */
+	mr->info = 0;
+	
 	/* Can't cache this */
 	*nfcache |= NFC_UNKNOWN;
 }
@@ -63,8 +71,13 @@ parse_to(char *arg, struct ip_nat_range *range)
 		exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
 			   dash+1);
 	range->max_ip = ip->s_addr;
+	if (range->min_ip >= range->max_ip)
+		exit_error(PARAMETER_PROBLEM, "Bad IP range `%u.%u.%u.%u-%u.%u.%u.%u'\n", BREAKUP_IP(range->min_ip), BREAKUP_IP(range->max_ip));
 }
 
+#define IPT_SAME_OPT_TO			0x01
+#define IPT_SAME_OPT_NODST		0x02
+
 /* Function which parses command options; returns true if it
    ate an option */
 static int
@@ -72,28 +85,43 @@ parse(int c, char **argv, int invert, unsigned int *flags,
       const struct ipt_entry *entry,
       struct ipt_entry_target **target)
 {
-	struct ip_nat_multi_range *mr
-		= (struct ip_nat_multi_range *)(*target)->data;
+	struct ipt_same_info *mr
+		= (struct ipt_same_info *)(*target)->data;
 
 	switch (c) {
 	case '1':
+		if (*flags & IPT_SAME_OPT_TO)
+			exit_error(PARAMETER_PROBLEM,
+				   "Can't specify --to twice");
+		
 		if (check_inverse(optarg, &invert))
 			exit_error(PARAMETER_PROBLEM,
 				   "Unexpected `!' after --to");
 
 		parse_to(optarg, &mr->range[0]);
-		*flags = 1;
-		return 1;
-
+		*flags |= IPT_SAME_OPT_TO;
+		break;
+		
+	case '2':
+		if (*flags & IPT_SAME_OPT_NODST)
+			exit_error(PARAMETER_PROBLEM,
+				   "Can't specify --nodst twice");
+		
+		mr->info |= IPT_SAME_NODST;
+		*flags |= IPT_SAME_OPT_NODST;
+		break;
+		
 	default:
 		return 0;
 	}
+	
+	return 1;
 }
 
 /* Final check; need --to. */
 static void final_check(unsigned int flags)
 {
-	if (!flags)
+	if (!(flags & IPT_SAME_OPT_TO))
 		exit_error(PARAMETER_PROBLEM,
 			   "SAME needs --to");
 }
@@ -104,8 +132,8 @@ print(const struct ipt_ip *ip,
       const struct ipt_entry_target *target,
       int numeric)
 {
-	struct ip_nat_multi_range *mr
-		= (struct ip_nat_multi_range *)target->data;
+	struct ipt_same_info *mr
+		= (struct ipt_same_info *)target->data;
 	struct ip_nat_range *r = &mr->range[0];
 	struct in_addr a;
 
@@ -114,14 +142,17 @@ print(const struct ipt_ip *ip,
 	printf("same %s", addr_to_dotted(&a));
 	a.s_addr = r->max_ip;
 	printf("-%s ", addr_to_dotted(&a));
+	
+	if (mr->info & IPT_SAME_NODST)
+		printf("nodst ");
 }
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */
 static void
 save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
 {
-	struct ip_nat_multi_range *mr
-		= (struct ip_nat_multi_range *)target->data;
+	struct ipt_same_info *mr
+		= (struct ipt_same_info *)target->data;
 	struct ip_nat_range *r = &mr->range[0];
 	struct in_addr a;
 
@@ -129,14 +160,17 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
 	printf("--to %s", addr_to_dotted(&a));
 	a.s_addr = r->max_ip;
 	printf("-%s ", addr_to_dotted(&a));
+	
+	if (mr->info & IPT_SAME_NODST)
+		printf("--nodst ");
 }
 
 struct iptables_target same
 = { NULL,
     "SAME",
     NETFILTER_VERSION,
-    IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
-    IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+    IPT_ALIGN(sizeof(struct ipt_same_info)),
+    IPT_ALIGN(sizeof(struct ipt_same_info)),
     &help,
     &init,
     &parse,
-- 
cgit v1.2.3