IPT [PATCH 2/4] libxt_TEE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Import libxt_TEE into iptables

Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
Cc: Sebastian Classen <sebastian.classen@xxxxxxxxxx>

---
 extensions/Makefile              |    2 
 extensions/libxt_TEE.c           |  125 +++++++++++++++++++++++++++++++++++++++
 extensions/libxt_TEE.man         |    6 +
 include/linux/netfilter/xt_TEE.h |   12 +++
 4 files changed, 144 insertions(+), 1 deletion(-)

Index: iptables-modules/extensions/Makefile
===================================================================
--- iptables-modules.orig/extensions/Makefile
+++ iptables-modules/extensions/Makefile
@@ -7,7 +7,7 @@
 #
 PF_EXT_SLIB:=ah addrtype conntrack ecn icmp iprange policy realm recent tos ttl unclean CLUSTERIP DNAT ECN LOG MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL ULOG
 PF6_EXT_SLIB:=ah dst eui64 frag hbh hl icmp6 ipv6header mh policy rt HL LOG REJECT
-PFX_EXT_SLIB:=connbytes connmark connlimit comment dccp dscp esp hashlimit helper length limit mac mark multiport owner physdev pkttype quota sctp state statistic standard string tcp tcpmss time u32 udp CLASSIFY CONNMARK DSCP MARK NFLOG NFQUEUE NOTRACK TCPMSS TRACE
+PFX_EXT_SLIB:=connbytes connmark connlimit comment dccp dscp esp hashlimit helper length limit mac mark multiport owner physdev pkttype quota sctp state statistic standard string tcp tcpmss time u32 udp CLASSIFY CONNMARK DSCP MARK NFLOG NFQUEUE NOTRACK TCPMSS TEE TRACE
 
 PF_EXT_SELINUX_SLIB:=
 PF6_EXT_SELINUX_SLIB:=
Index: iptables-modules/extensions/libxt_TEE.c
===================================================================
--- /dev/null
+++ iptables-modules/extensions/libxt_TEE.c
@@ -0,0 +1,125 @@
+/*
+ * Shared library add-on to iptables to add TEE target support.
+ *
+ * Copyright Sebastian Classen <sebastian.classen@xxxxxxxxxx>, 2007
+ *
+ * Copyright © CC Computer Consultants GmbH, 2007
+ * Contact: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
+ *
+ * Based on ROUTE target with was originaly from:
+ * Cedric de Launois, <delaunois@xxxxxxxxxxxxxx>
+ * v 1.0 2007-08-20
+ */
+#include <sys/socket.h>
+#include <getopt.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <netinet/in.h>
+
+#include <xtables.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_TEE.h>
+
+enum {
+	FLAG_GATEWAY = 1 << 0,
+};
+
+static const struct option tee_tg_opts[] = {
+	{.name = "gateway", .has_arg = true, .val = 'g'},
+	{},
+};
+
+static void tee_tg_help(void)
+{
+	printf(
+"TEE target v%s options:\n"
+"  --gateway IPADDR    Route packet via the gateway given by address\n"
+"\n",
+"1.11");
+}
+
+static void tee_tg_init(struct xt_entry_target *target)
+{
+	struct xt_tee_target_info *info = (void *)target->data;
+
+	memset(info, 0, sizeof(*info));
+}
+
+static int tee_tg_parse(int c, char **argv, int invert, unsigned int *flags,
+                        const void *entry, struct xt_entry_target **target)
+{
+	struct xt_tee_target_info *info = (void *)(*target)->data;
+
+	switch (c) {
+	case 'g':
+		if (*flags & FLAG_GATEWAY)
+			exit_error(PARAMETER_PROBLEM,
+			           "Cannot specify --gw more than once");
+
+		if (check_inverse(optarg, &invert, NULL, 0))
+			exit_error(PARAMETER_PROBLEM,
+			           "Unexpected \"!\" after --gateway");
+
+		if (!inet_aton(optarg, (void *)&info->gateway_v4))
+			exit_error(PARAMETER_PROBLEM,
+			           "Invalid IP address %s", optarg);
+
+		*flags |= FLAG_GATEWAY;
+		return true;
+	}
+
+	return false;
+}
+
+static void tee_tg_check(unsigned int flags)
+{
+	if (flags == 0)
+		exit_error(PARAMETER_PROBLEM, "TEE target: "
+		           "--gateway parameter required");
+}
+
+static void tee_tg_print(const void *ip, const struct xt_entry_target *target,
+                         int numeric)
+{
+	const struct xt_tee_target_info *info = (const void *)target->data;
+
+	printf("TEE ");
+	if (info->gateway_v4 != 0) {
+		struct in_addr ip = {info->gateway_v4};
+		printf("gw:%s ", inet_ntoa(ip));
+	}
+}
+
+static void tee_tg_save(const void *ip, const struct xt_entry_target *target)
+{
+	const struct xt_tee_target_info *info = (const void *)target->data;
+
+	if (info->gateway_v4 != 0) {
+		struct in_addr ip = {info->gateway_v4};
+		printf("--gateway %s ", inet_ntoa(ip));
+	}
+}
+
+static struct xtables_target tee_tg_reg = {
+	.name          = "TEE",
+	.version       = IPTABLES_VERSION,
+	.size          = XT_ALIGN(sizeof(struct xt_tee_target_info)),
+	.userspacesize = XT_ALIGN(sizeof(struct xt_tee_target_info)),
+	.help          = tee_tg_help,
+	.init          = tee_tg_init,
+	.parse         = tee_tg_parse,
+	.final_check   = tee_tg_check,
+	.print         = tee_tg_print,
+	.save          = tee_tg_save,
+	.extra_opts    = tee_tg_opts,
+};
+
+void _init(void)
+{
+	xtables_register_target(&tee_tg_reg);
+}
Index: iptables-modules/extensions/libxt_TEE.man
===================================================================
--- /dev/null
+++ iptables-modules/extensions/libxt_TEE.man
@@ -0,0 +1,6 @@
+This is used to explicitly override the core network stack's routing decision.
+.B mangle
+table.
+.TP
+.BI "--gw " "IP_address"
+Route the packet via this gateway
Index: iptables-modules/include/linux/netfilter/xt_TEE.h
===================================================================
--- /dev/null
+++ iptables-modules/include/linux/netfilter/xt_TEE.h
@@ -0,0 +1,12 @@
+#ifndef _XT_TEE_TARGET_H
+#define _XT_TEE_TARGET_H
+
+struct xt_tee_target_info {
+	union {
+		/* Address of gateway */
+		u_int32_t gateway_v4;
+		u_int32_t gateway_v6[4];
+	};
+};
+
+#endif /* _XT_TEE_TARGET_H */
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux