search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
K2.6 patches and update.
[tomato.git] / release / src / router / iptables / extensions / libipt_SET.c
blob1d8ace6434645ea598b421eef5175702f95aa8a9
1 /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
2 * Patrick Schaaf <bof@bof.de>
3 * Martin Josefsson <gandalf@wlug.westbo.se>
4 * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11 /* Shared library add-on to iptables to add IP set mangling target. */
12 #include <stdio.h>
13 #include <netdb.h>
14 #include <string.h>
15 #include <stdlib.h>
16 #include <getopt.h>
17 #include <ctype.h>
18
19 #include <iptables.h>
20 #include <linux/netfilter_ipv4/ip_tables.h>
21 #include <linux/netfilter_ipv4/ip_set.h>
22 #include <linux/netfilter_ipv4/ipt_set.h>
23 #include "libipt_set.h"
24
25 /* Function which prints out usage message. */
26 static void help(void)
27 {
28 printf("SET v%s options:\n"
29 " --add-set name flags\n"
30 " --del-set name flags\n"
31 " add/del src/dst IP/port from/to named sets,\n"
32 " where flags are the comma separated list of\n"
33 " 'src' and 'dst'.\n"
34 "\n", IPTABLES_VERSION);
35 }
36
37 static struct option opts[] = {
38 {"add-set", 1, 0, '1'},
39 {"del-set", 1, 0, '2'},
40 {0}
41 };
42
43 /* Initialize the target. */
44 static void init(struct ipt_entry_target *target, unsigned int *nfcache)
45 {
46 struct ipt_set_info_target *info =
47 (struct ipt_set_info_target *) target->data;
48
49 memset(info, 0, sizeof(struct ipt_set_info_target));
50 info->add_set.index =
51 info->del_set.index = IP_SET_INVALID_ID;
52
53 }
54
55 static void
56 parse_target(char **argv, int invert, unsigned int *flags,
57 struct ipt_set_info *info, const char *what)
58 {
59 if (info->flags[0])
60 exit_error(PARAMETER_PROBLEM,
61 "--%s can be specified only once", what);
62
63 if (check_inverse(optarg, &invert, NULL, 0))
64 exit_error(PARAMETER_PROBLEM,
65 "Unexpected `!' after --%s", what);
66
67 if (!argv[optind]
68 || argv[optind][0] == '-' || argv[optind][0] == '!')
69 exit_error(PARAMETER_PROBLEM,
70 "--%s requires two args.", what);
71
72 if (strlen(argv[optind-1]) > IP_SET_MAXNAMELEN - 1)
73 exit_error(PARAMETER_PROBLEM,
74 "setname `%s' too long, max %d characters.",
75 argv[optind-1], IP_SET_MAXNAMELEN - 1);
76
77 get_set_byname(argv[optind - 1], info);
78 parse_bindings(argv[optind], info);
79 optind++;
80
81 *flags = 1;
82 }
83
84 /* Function which parses command options; returns true if it
85 ate an option */
86 static int
87 parse(int c, char **argv, int invert, unsigned int *flags,
88 const struct ipt_entry *entry, struct ipt_entry_target **target)
89 {
90 struct ipt_set_info_target *myinfo =
91 (struct ipt_set_info_target *) (*target)->data;
92
93 switch (c) {
94 case '1': /* --add-set <set> <flags> */
95 parse_target(argv, invert, flags,
96 &myinfo->add_set, "add-set");
97 break;
98 case '2': /* --del-set <set>[:<flags>] <flags> */
99 parse_target(argv, invert, flags,
100 &myinfo->del_set, "del-set");
101 break;
102
103 default:
104 return 0;
105 }
106 return 1;
107 }
108
109 /* Final check; must specify at least one. */
110 static void final_check(unsigned int flags)
111 {
112 if (!flags)
113 exit_error(PARAMETER_PROBLEM,
114 "You must specify either `--add-set' or `--del-set'");
115 }
116
117 static void
118 print_target(const char *prefix, const struct ipt_set_info *info)
119 {
120 int i;
121 char setname[IP_SET_MAXNAMELEN];
122
123 if (info->index == IP_SET_INVALID_ID)
124 return;
125 get_set_byid(setname, info->index);
126 printf("%s %s", prefix, setname);
127 for (i = 0; i < IP_SET_MAX_BINDINGS; i++) {
128 if (!info->flags[i])
129 break;
130 printf("%s%s",
131 i == 0 ? " " : ",",
132 info->flags[i] & IPSET_SRC ? "src" : "dst");
133 }
134 printf(" ");
135 }
136
137 /* Prints out the targinfo. */
138 static void
139 print(const struct ipt_ip *ip,
140 const struct ipt_entry_target *target, int numeric)
141 {
142 struct ipt_set_info_target *info =
143 (struct ipt_set_info_target *) target->data;
144
145 print_target("add-set", &info->add_set);
146 print_target("del-set", &info->del_set);
147 }
148
149 /* Saves the union ipt_targinfo in parsable form to stdout. */
150 static void
151 save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
152 {
153 struct ipt_set_info_target *info =
154 (struct ipt_set_info_target *) target->data;
155
156 print_target("--add-set", &info->add_set);
157 print_target("--del-set", &info->del_set);
158 }
159
160 static
161 struct iptables_target ipt_set_target
162 = {
163 .name = "SET",
164 .version = IPTABLES_VERSION,
165 .size = IPT_ALIGN(sizeof(struct ipt_set_info_target)),
166 .userspacesize = IPT_ALIGN(sizeof(struct ipt_set_info_target)),
167 .help = &help,
168 .init = &init,
169 .parse = &parse,
170 .final_check = &final_check,
171 .print = &print,
172 .save = &save,
173 .extra_opts = opts
174 };
175
176 void _init(void)
177 {
178 register_target(&ipt_set_target);
179 }
Tomato firmware and modifications.