summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--extensions/libipt_REJECT.c47
1 files changed, 45 insertions, 2 deletions
diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
index 362c65ed..dd4ac629 100644
--- a/extensions/libipt_REJECT.c
+++ b/extensions/libipt_REJECT.c
@@ -24,6 +24,11 @@ struct reject_names {
const char *desc;
};
+struct reject_names_xlate {
+ const char *name;
+ enum ipt_reject_with with;
+};
+
enum {
O_REJECT_WITH = 0,
};
@@ -129,8 +134,8 @@ static void REJECT_print(const void *ip, const struct xt_entry_target *target,
static void REJECT_save(const void *ip, const struct xt_entry_target *target)
{
- const struct ipt_reject_info *reject
- = (const struct ipt_reject_info *)target->data;
+ const struct ipt_reject_info *reject =
+ (const struct ipt_reject_info *)target->data;
unsigned int i;
for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
@@ -140,6 +145,43 @@ static void REJECT_save(const void *ip, const struct xt_entry_target *target)
printf(" --reject-with %s", reject_table[i].name);
}
+static const struct reject_names_xlate reject_table_xlate[] = {
+ {"net-unreachable", IPT_ICMP_NET_UNREACHABLE},
+ {"host-unreachable", IPT_ICMP_HOST_UNREACHABLE},
+ {"prot-unreachable", IPT_ICMP_PROT_UNREACHABLE},
+ {"port-unreachable", IPT_ICMP_PORT_UNREACHABLE},
+#if 0
+ {"echo-reply", IPT_ICMP_ECHOREPLY},
+#endif
+ {"net-prohibited", IPT_ICMP_NET_PROHIBITED},
+ {"host-prohibited", IPT_ICMP_HOST_PROHIBITED},
+ {"tcp reset", IPT_TCP_RESET},
+ {"admin-prohibited", IPT_ICMP_ADMIN_PROHIBITED}
+};
+
+static int REJECT_xlate(const struct xt_entry_target *target,
+ struct xt_buf *buf, int numeric)
+{
+ const struct ipt_reject_info *reject =
+ (const struct ipt_reject_info *)target->data;
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_SIZE(reject_table_xlate); ++i) {
+ if (reject_table_xlate[i].with == reject->with)
+ break;
+ }
+
+ if (reject->with == IPT_TCP_RESET)
+ xt_buf_add(buf, "reject with %s",
+ reject_table_xlate[i].name);
+ else
+ xt_buf_add(buf, "reject with icmp type %s",
+ reject_table_xlate[i].name);
+
+ return 1;
+}
+
+
static struct xtables_target reject_tg_reg = {
.name = "REJECT",
.version = XTABLES_VERSION,
@@ -152,6 +194,7 @@ static struct xtables_target reject_tg_reg = {
.save = REJECT_save,
.x6_parse = REJECT_parse,
.x6_options = REJECT_opts,
+ .xlate = REJECT_xlate,
};
void _init(void)