/*
 *	"TEE" target extension for iptables
 *	Copyright © Sebastian Claßen <sebastian.classen [at] freenet.ag>, 2007
 *	Jan Engelhardt <jengelh [at] medozas de>, 2007 - 2010
 *
 *	This program is free software; you can redistribute it and/or
 *	modify it under the terms of the GNU General Public License; either
 *	version 2 of the License, or any later version, as published by the
 *	Free Software Foundation.
 */
#include <sys/socket.h>
#include <getopt.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <arpa/inet.h>
#include <net/if.h>
#include <netinet/in.h>

#include <xtables.h>
#include <linux/netfilter.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_TEE.h>

enum {
	FLAG_GATEWAY = 1 << 0,
	FLAG_OIF     = 1 << 1,
};

static const struct option tee_tg_opts[] = {
	{.name = "gateway", .has_arg = true, .val = 'g'},
	{.name = "oif",     .has_arg = true, .val = 'o'},
	{NULL},
};

static void tee_tg_help(void)
{
	printf(
"TEE target options:\n"
"  --gateway IPADDR    Route packet via the gateway given by address\n"
"  --oif NAME          Include oif in route calculation\n"
"\n");
}

static int tee_tg_parse(int c, char **argv, int invert, unsigned int *flags,
                        const void *entry, struct xt_entry_target **target)
{
	struct xt_tee_tginfo *info = (void *)(*target)->data;
	const struct in_addr *ia;

	switch (c) {
	case 'g':
		if (*flags & FLAG_GATEWAY)
			xtables_error(PARAMETER_PROBLEM,
			           "Cannot specify --gateway more than once");

		ia = xtables_numeric_to_ipaddr(optarg);
		if (ia == NULL)
			xtables_error(PARAMETER_PROBLEM,
			           "Invalid IP address %s", optarg);

		memcpy(&info->gw, ia, sizeof(*ia));
		*flags |= FLAG_GATEWAY;
		return true;
	case 'o':
		if (*flags & FLAG_OIF)
			xtables_error(PARAMETER_PROBLEM,
				"Cannot specify --oif more than once");
		if (strlen(optarg) >= sizeof(info->oif))
			xtables_error(PARAMETER_PROBLEM,
				"oif name too long");
		strcpy(info->oif, optarg);
		*flags |= FLAG_OIF;
		return true;
	}

	return false;
}

static int tee_tg6_parse(int c, char **argv, int invert, unsigned int *flags,
                         const void *entry, struct xt_entry_target **target)
{
	struct xt_tee_tginfo *info = (void *)(*target)->data;
	const struct in6_addr *ia;

	switch (c) {
	case 'g':
		if (*flags & FLAG_GATEWAY)
			xtables_error(PARAMETER_PROBLEM,
			           "Cannot specify --gateway more than once");

		ia = xtables_numeric_to_ip6addr(optarg);
		if (ia == NULL)
			xtables_error(PARAMETER_PROBLEM,
			           "Invalid IP address %s", optarg);

		memcpy(&info->gw, ia, sizeof(*ia));
		*flags |= FLAG_GATEWAY;
		return true;
	case 'o':
		if (*flags & FLAG_OIF)
			xtables_error(PARAMETER_PROBLEM,
				"Cannot specify --oif more than once");
		if (strlen(optarg) >= sizeof(info->oif))
			xtables_error(PARAMETER_PROBLEM,
				"oif name too long");
		strcpy(info->oif, optarg);
		*flags |= FLAG_OIF;
		return true;
	}

	return false;
}

static void tee_tg_check(unsigned int flags)
{
	if (flags == 0)
		xtables_error(PARAMETER_PROBLEM, "TEE target: "
		           "--gateway parameter required");
}

static void tee_tg_print(const void *ip, const struct xt_entry_target *target,
                         int numeric)
{
	const struct xt_tee_tginfo *info = (const void *)target->data;

	if (numeric)
		printf(" TEE gw:%s", xtables_ipaddr_to_numeric(&info->gw.in));
	else
		printf(" TEE gw:%s", xtables_ipaddr_to_anyname(&info->gw.in));
	if (*info->oif != '\0')
		printf(" oif=%s", info->oif);
}

static void tee_tg6_print(const void *ip, const struct xt_entry_target *target,
                          int numeric)
{
	const struct xt_tee_tginfo *info = (const void *)target->data;

	if (numeric)
		printf(" TEE gw:%s", xtables_ip6addr_to_numeric(&info->gw.in6));
	else
		printf(" TEE gw:%s", xtables_ip6addr_to_anyname(&info->gw.in6));
	if (*info->oif != '\0')
		printf(" oif=%s", info->oif);
}

static void tee_tg_save(const void *ip, const struct xt_entry_target *target)
{
	const struct xt_tee_tginfo *info = (const void *)target->data;

	printf(" --gateway %s", xtables_ipaddr_to_numeric(&info->gw.in));
	if (*info->oif != '\0')
		printf(" --oif %s", info->oif);
}

static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
{
	const struct xt_tee_tginfo *info = (const void *)target->data;

	printf(" --gateway %s", xtables_ip6addr_to_numeric(&info->gw.in6));
	if (*info->oif != '\0')
		printf(" --oif %s", info->oif);
}

static struct xtables_target tee_tg_reg = {
	.name          = "TEE",
	.version       = XTABLES_VERSION,
	.revision      = 1,
	.family        = NFPROTO_IPV4,
	.size          = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
	.userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
	.help          = tee_tg_help,
	.parse         = tee_tg_parse,
	.final_check   = tee_tg_check,
	.print         = tee_tg_print,
	.save          = tee_tg_save,
	.extra_opts    = tee_tg_opts,
};

static struct xtables_target tee_tg6_reg = {
	.name          = "TEE",
	.version       = XTABLES_VERSION,
	.revision      = 1,
	.family        = NFPROTO_IPV6,
	.size          = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
	.userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
	.help          = tee_tg_help,
	.parse         = tee_tg6_parse,
	.final_check   = tee_tg_check,
	.print         = tee_tg6_print,
	.save          = tee_tg6_save,
	.extra_opts    = tee_tg_opts,
};

void _init(void)
{
	xtables_register_target(&tee_tg_reg);
	xtables_register_target(&tee_tg6_reg);
}