1 /* Shared library add-on to iptables to add simple non load-balancing SNAT support. */
8 #include <linux/netfilter_ipv4/ip_tables.h>
9 #include <linux/netfilter/nf_nat.h>
10 /* For 64bit kernel / 32bit userspace */
11 #include "../include/linux/netfilter_ipv4/ipt_SAME.h"
13 /* Function which prints out usage message. */
19 " --to <ipaddr>-<ipaddr>\n"
20 " Addresses to map source to.\n"
21 " May be specified more than\n"
22 " once for multiple ranges.\n"
24 " Don't use destination-ip in\n"
27 " Randomize source port\n"
32 static struct option opts
[] = {
34 { "nodst", 0, 0, '2'},
35 { "random", 0, 0, '3' },
39 /* Initialize the target. */
41 init(struct ipt_entry_target
*t
, unsigned int *nfcache
)
43 struct ipt_same_info
*mr
= (struct ipt_same_info
*)t
->data
;
45 /* Set default to 0 */
52 /* Parses range of IPs */
54 parse_to(char *arg
, struct ip_nat_range
*range
)
59 range
->flags
|= IP_NAT_RANGE_MAP_IPS
;
60 dash
= strchr(arg
, '-');
65 ip
= dotted_to_addr(arg
);
67 exit_error(PARAMETER_PROBLEM
, "Bad IP address `%s'\n",
69 range
->min_ip
= ip
->s_addr
;
72 ip
= dotted_to_addr(dash
+1);
74 exit_error(PARAMETER_PROBLEM
, "Bad IP address `%s'\n",
77 range
->max_ip
= ip
->s_addr
;
79 if (range
->min_ip
> range
->max_ip
)
80 exit_error(PARAMETER_PROBLEM
, "Bad IP range `%s-%s'\n",
84 #define IPT_SAME_OPT_TO 0x01
85 #define IPT_SAME_OPT_NODST 0x02
86 #define IPT_SAME_OPT_RANDOM 0x04
88 /* Function which parses command options; returns true if it
91 parse(int c
, char **argv
, int invert
, unsigned int *flags
,
92 const struct ipt_entry
*entry
,
93 struct ipt_entry_target
**target
)
95 struct ipt_same_info
*mr
96 = (struct ipt_same_info
*)(*target
)->data
;
101 if (mr
->rangesize
== IPT_SAME_MAX_RANGE
)
102 exit_error(PARAMETER_PROBLEM
,
103 "Too many ranges specified, maximum "
106 if (check_inverse(optarg
, &invert
, NULL
, 0))
107 exit_error(PARAMETER_PROBLEM
,
108 "Unexpected `!' after --to");
110 parse_to(optarg
, &mr
->range
[mr
->rangesize
]);
111 /* WTF do we need this for? */
112 if (*flags
& IPT_SAME_OPT_RANDOM
)
113 mr
->range
[mr
->rangesize
].flags
114 |= IP_NAT_RANGE_PROTO_RANDOM
;
116 *flags
|= IPT_SAME_OPT_TO
;
120 if (*flags
& IPT_SAME_OPT_NODST
)
121 exit_error(PARAMETER_PROBLEM
,
122 "Can't specify --nodst twice");
124 mr
->info
|= IPT_SAME_NODST
;
125 *flags
|= IPT_SAME_OPT_NODST
;
129 *flags
|= IPT_SAME_OPT_RANDOM
;
130 for (count
=0; count
< mr
->rangesize
; count
++)
131 mr
->range
[count
].flags
|= IP_NAT_RANGE_PROTO_RANDOM
;
141 /* Final check; need --to. */
142 static void final_check(unsigned int flags
)
144 if (!(flags
& IPT_SAME_OPT_TO
))
145 exit_error(PARAMETER_PROBLEM
,
149 /* Prints out the targinfo. */
151 print(const struct ipt_ip
*ip
,
152 const struct ipt_entry_target
*target
,
156 struct ipt_same_info
*mr
157 = (struct ipt_same_info
*)target
->data
;
162 for (count
= 0; count
< mr
->rangesize
; count
++) {
163 struct ip_nat_range
*r
= &mr
->range
[count
];
166 a
.s_addr
= r
->min_ip
;
168 printf("%s", addr_to_dotted(&a
));
169 a
.s_addr
= r
->max_ip
;
171 if (r
->min_ip
== r
->max_ip
)
174 printf("-%s ", addr_to_dotted(&a
));
175 if (r
->flags
& IP_NAT_RANGE_PROTO_RANDOM
)
179 if (mr
->info
& IPT_SAME_NODST
)
186 /* Saves the union ipt_targinfo in parsable form to stdout. */
188 save(const struct ipt_ip
*ip
, const struct ipt_entry_target
*target
)
191 struct ipt_same_info
*mr
192 = (struct ipt_same_info
*)target
->data
;
195 for (count
= 0; count
< mr
->rangesize
; count
++) {
196 struct ip_nat_range
*r
= &mr
->range
[count
];
199 a
.s_addr
= r
->min_ip
;
200 printf("--to %s", addr_to_dotted(&a
));
201 a
.s_addr
= r
->max_ip
;
203 if (r
->min_ip
== r
->max_ip
)
206 printf("-%s ", addr_to_dotted(&a
));
207 if (r
->flags
& IP_NAT_RANGE_PROTO_RANDOM
)
211 if (mr
->info
& IPT_SAME_NODST
)
218 static struct iptables_target same
= {
221 .version
= IPTABLES_VERSION
,
222 .size
= IPT_ALIGN(sizeof(struct ipt_same_info
)),
223 .userspacesize
= IPT_ALIGN(sizeof(struct ipt_same_info
)),
227 .final_check
= &final_check
,
235 register_target(&same
);