From 20197e5d9dea21e3445290b0cba7c7a2c42e1b80 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org" Date: Tue, 14 Dec 2004 02:58:31 +0000 Subject: [PATCH] ROUTE --tee target extension (Patrick Schaaf) --- extensions/libipt_ROUTE.c | 48 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 8 deletions(-) (limited to 'extensions/libipt_ROUTE.c') diff --git a/extensions/libipt_ROUTE.c b/extensions/libipt_ROUTE.c index 1cb3e89..b14abdb 100644 --- a/extensions/libipt_ROUTE.c +++ b/extensions/libipt_ROUTE.c @@ -1,6 +1,6 @@ /* Shared library add-on to iptables to add ROUTE target support. * Author : Cedric de Launois, - * v 1.8 2003/06/24 + * v 1.11 2004/11/23 */ #include @@ -15,19 +15,27 @@ #include #include +/* compile IPT_ROUTE_TEE support even if kernel headers are unpatched */ +#ifndef IPT_ROUTE_TEE +#define IPT_ROUTE_TEE 0x02 +#endif + /* Function which prints out usage message. */ static void help(void) { printf( "ROUTE target v%s options:\n" -" --oif \tifname \t\tRoute the packet through `ifname' network interface\n" -" --iif \tifname \t\tChange the packet's incoming interface to `ifname'\n" -" --gw \tip \t\tRoute the packet via this gateway\n" -" --continue\t \t\tRoute the packet and continue traversing the\n" -" \t \t\trules. Not valid with --iif.\n" +" --oif \tifname \t\tRoute packet through `ifname' network interface\n" +" --iif \tifname \t\tChange packet's incoming interface to `ifname'\n" +" --gw \tip \t\tRoute packet via this gateway `ip'\n" +" --continue\t \t\tRoute packet and continue traversing the\n" +" \t \t\trules. Not valid with --iif or --tee.\n" +" --tee\t \t\tDuplicate packet, route the duplicate,\n" +" \t \t\tcontinue traversing with original packet.\n" +" \t \t\tNot valid with --iif or --continue.\n" "\n", -"1.8"); +"1.11"); } static struct option opts[] = { @@ -35,6 +43,7 @@ static struct option opts[] = { { "iif", 1, 0, '2' }, { "gw", 1, 0, '3' }, { "continue", 0, 0, '4' }, + { "tee", 0, 0, '5' }, { 0 } }; @@ -56,6 +65,7 @@ init(struct ipt_entry_target *t, unsigned int *nfcache) #define IPT_ROUTE_OPT_IIF 0x02 #define IPT_ROUTE_OPT_GW 0x04 #define IPT_ROUTE_OPT_CONTINUE 0x08 +#define IPT_ROUTE_OPT_TEE 0x10 /* Function which parses command options; returns true if it ate an option */ @@ -134,12 +144,28 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & IPT_ROUTE_OPT_CONTINUE) exit_error(PARAMETER_PROBLEM, "Can't specify --continue twice"); + if (*flags & IPT_ROUTE_OPT_TEE) + exit_error(PARAMETER_PROBLEM, + "Can't specify --continue AND --tee"); route_info->flags |= IPT_ROUTE_CONTINUE; *flags |= IPT_ROUTE_OPT_CONTINUE; break; + case '5': + if (*flags & IPT_ROUTE_OPT_TEE) + exit_error(PARAMETER_PROBLEM, + "Can't specify --tee twice"); + if (*flags & IPT_ROUTE_OPT_CONTINUE) + exit_error(PARAMETER_PROBLEM, + "Can't specify --tee AND --continue"); + + route_info->flags |= IPT_ROUTE_TEE; + *flags |= IPT_ROUTE_OPT_TEE; + + break; + default: return 0; } @@ -155,7 +181,7 @@ final_check(unsigned int flags) exit_error(PARAMETER_PROBLEM, "ROUTE target: oif, iif or gw option required"); - if ((flags & IPT_ROUTE_OPT_CONTINUE) && (flags & IPT_ROUTE_OPT_IIF)) + if ((flags & (IPT_ROUTE_OPT_CONTINUE|IPT_ROUTE_OPT_TEE)) && (flags & IPT_ROUTE_OPT_IIF)) exit_error(PARAMETER_PROBLEM, "ROUTE target: can't continue traversing the rules with iif option"); } @@ -186,6 +212,9 @@ print(const struct ipt_ip *ip, if (route_info->flags & IPT_ROUTE_CONTINUE) printf("continue"); + if (route_info->flags & IPT_ROUTE_TEE) + printf("tee"); + } @@ -208,6 +237,9 @@ static void save(const struct ipt_ip *ip, if (route_info->flags & IPT_ROUTE_CONTINUE) printf("--continue "); + + if (route_info->flags & IPT_ROUTE_TEE) + printf("--tee "); } -- cgit v1.2.3