release/src/router/iptables/extensions/libip6t_REJECT.c

   1 /* Shared library add-on to iptables to add customized REJECT support.
   2  *
   3  * (C) 2000 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   4  *
   5  * ported to IPv6 by Harald Welte <laforge@gnumonks.org>
   6  *
   7  */
   8 #include <stdio.h>
   9 #include <string.h>
  10 #include <stdlib.h>
  11 #include <getopt.h>
  12 #include <ip6tables.h>
  13 #include <linux/netfilter_ipv6/ip6_tables.h>
  14 #include <linux/netfilter_ipv6/ip6t_REJECT.h>
  15
  16 struct reject_names {
  17         const char *name;
  18         const char *alias;
  19         enum ip6t_reject_with with;
  20         const char *desc;
  21 };
  22
  23 static const struct reject_names reject_table[] = {
  24         {"icmp6-no-route", "no-route",
  25                 IP6T_ICMP6_NO_ROUTE, "ICMPv6 no route"},
  26         {"icmp6-adm-prohibited", "adm-prohibited",
  27                 IP6T_ICMP6_ADM_PROHIBITED, "ICMPv6 administratively prohibited"},
  28 #if 0
  29         {"icmp6-not-neighbor", "not-neighbor"},
  30                 IP6T_ICMP6_NOT_NEIGHBOR, "ICMPv6 not a neighbor"},
  31 #endif
  32         {"icmp6-addr-unreachable", "addr-unreach",
  33                 IP6T_ICMP6_ADDR_UNREACH, "ICMPv6 address unreachable"},
  34         {"icmp6-port-unreachable", "port-unreach",
  35                 IP6T_ICMP6_PORT_UNREACH, "ICMPv6 port unreachable"},
  36         {"tcp-reset", "tcp-reset",
  37                 IP6T_TCP_RESET, "TCP RST packet"}
  38 };
  39
  40 static void
  41 print_reject_types()
  42 {
  43         unsigned int i;
  44
  45         printf("Valid reject types:\n");
  46
  47         for (i = 0; i < sizeof(reject_table)/sizeof(struct reject_names); i++) {
  48                 printf("    %-25s\t%s\n", reject_table[i].name, reject_table[i].desc);
  49                 printf("    %-25s\talias\n", reject_table[i].alias);
  50         }
  51         printf("\n");
  52 }
  53
  54 /* Saves the union ipt_targinfo in parsable form to stdout. */
  55
  56 /* Function which prints out usage message. */
  57 static void
  58 help(void)
  59 {
  60         printf(
  61 "REJECT options:\n"
  62 "--reject-with type              drop input packet and send back\n"
  63 "                                a reply packet according to type:\n");
  64
  65         print_reject_types();
  66 }
  67
  68 static struct option opts[] = {
  69         { "reject-with", 1, 0, '1' },
  70         { 0 }
  71 };
  72
  73 /* Allocate and initialize the target. */
  74 static void
  75 init(struct ip6t_entry_target *t, unsigned int *nfcache)
  76 {
  77         struct ip6t_reject_info *reject = (struct ip6t_reject_info *)t->data;
  78
  79         /* default */
  80         reject->with = IP6T_ICMP6_PORT_UNREACH;
  81
  82 }
  83
  84 /* Function which parses command options; returns true if it
  85    ate an option */
  86 static int
  87 parse(int c, char **argv, int invert, unsigned int *flags,
  88       const struct ip6t_entry *entry,
  89       struct ip6t_entry_target **target)
  90 {
  91         struct ip6t_reject_info *reject =
  92                 (struct ip6t_reject_info *)(*target)->data;
  93         unsigned int limit = sizeof(reject_table)/sizeof(struct reject_names);
  94         unsigned int i;
  95
  96         switch(c) {
  97         case '1':
  98                 if (check_inverse(optarg, &invert, NULL, 0))
  99                         exit_error(PARAMETER_PROBLEM,
 100                                    "Unexpected `!' after --reject-with");
 101                 for (i = 0; i < limit; i++) {
 102                         if ((strncasecmp(reject_table[i].name, optarg, strlen(optarg)) == 0)
 103                             || (strncasecmp(reject_table[i].alias, optarg, strlen(optarg)) == 0)) {
 104                                 reject->with = reject_table[i].with;
 105                                 return 1;
 106                         }
 107                 }
 108                 exit_error(PARAMETER_PROBLEM, "unknown reject type `%s'",optarg);
 109         default:
 110                 /* Fall through */
 111                 break;
 112         }
 113         return 0;
 114 }
 115
 116 /* Final check; nothing. */
 117 static void final_check(unsigned int flags)
 118 {
 119 }
 120
 121 /* Prints out ipt_reject_info. */
 122 static void
 123 print(const struct ip6t_ip6 *ip,
 124       const struct ip6t_entry_target *target,
 125       int numeric)
 126 {
 127         const struct ip6t_reject_info *reject
 128                 = (const struct ip6t_reject_info *)target->data;
 129         unsigned int i;
 130
 131         for (i = 0; i < sizeof(reject_table)/sizeof(struct reject_names); i++) {
 132                 if (reject_table[i].with == reject->with)
 133                         break;
 134         }
 135         printf("reject-with %s ", reject_table[i].name);
 136 }
 137
 138 /* Saves ipt_reject in parsable form to stdout. */
 139 static void save(const struct ip6t_ip6 *ip,
 140                  const struct ip6t_entry_target *target)
 141 {
 142         const struct ip6t_reject_info *reject
 143                 = (const struct ip6t_reject_info *)target->data;
 144         unsigned int i;
 145
 146         for (i = 0; i < sizeof(reject_table)/sizeof(struct reject_names); i++)
 147                 if (reject_table[i].with == reject->with)
 148                         break;
 149
 150         printf("--reject-with %s ", reject_table[i].name);
 151 }
 152
 153 struct ip6tables_target reject = {
 154         .name = "REJECT",
 155         .version        = IPTABLES_VERSION,
 156         .size           = IP6T_ALIGN(sizeof(struct ip6t_reject_info)),
 157         .userspacesize  = IP6T_ALIGN(sizeof(struct ip6t_reject_info)),
 158         .help           = &help,
 159         .init           = &init,
 160         .parse          = &parse,
 161         .final_check    = &final_check,
 162         .print          = &print,
 163         .save           = &save,
 164         .extra_opts     = opts,
 165 };
 166
 167 void _init(void)
 168 {
 169         register_target6(&reject);
 170 }