#include <iptables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
+#include <linux/netfilter_ipv4/ipt_SAME.h>
-#define BREAKUP_IP(x) (x)>>24, ((x)>>16) & 0xFF, ((x)>>8) & 0xFF, (x) & 0xFF
+#define BREAKUP_IP(x) (x) & 0xFF, ((x)>>8) & 0xFF, ((x)>>16) & 0xFF, (x)>>24
/* Function which prints out usage message. */
static void
printf(
"SAME v%s options:\n"
" --to <ipaddr>-<ipaddr>\n"
-" Addresses to map source to.\n",
+" Addresses to map source to.\n"
+" --nodst\n"
+" Don't use destination-ip in\n"
+" source selection\n",
NETFILTER_VERSION);
}
static struct option opts[] = {
{ "to", 1, 0, '1' },
+ { "nodst", 0, 0, '2'},
{ 0 }
};
static void
init(struct ipt_entry_target *t, unsigned int *nfcache)
{
- struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+ struct ipt_same_info *mr = (struct ipt_same_info *)t->data;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
+ /* Set default info to 0 */
+ mr->info = 0;
+
/* Can't cache this */
*nfcache |= NFC_UNKNOWN;
}
exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n",
dash+1);
range->max_ip = ip->s_addr;
+ if (range->min_ip >= range->max_ip)
+ exit_error(PARAMETER_PROBLEM, "Bad IP range `%u.%u.%u.%u-%u.%u.%u.%u'\n", BREAKUP_IP(range->min_ip), BREAKUP_IP(range->max_ip));
}
+#define IPT_SAME_OPT_TO 0x01
+#define IPT_SAME_OPT_NODST 0x02
+
/* Function which parses command options; returns true if it
ate an option */
static int
const struct ipt_entry *entry,
struct ipt_entry_target **target)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)(*target)->data;
+ struct ipt_same_info *mr
+ = (struct ipt_same_info *)(*target)->data;
switch (c) {
case '1':
+ if (*flags & IPT_SAME_OPT_TO)
+ exit_error(PARAMETER_PROBLEM,
+ "Can't specify --to twice");
+
if (check_inverse(optarg, &invert))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to");
parse_to(optarg, &mr->range[0]);
- *flags = 1;
- return 1;
-
+ *flags |= IPT_SAME_OPT_TO;
+ break;
+
+ case '2':
+ if (*flags & IPT_SAME_OPT_NODST)
+ exit_error(PARAMETER_PROBLEM,
+ "Can't specify --nodst twice");
+
+ mr->info |= IPT_SAME_NODST;
+ *flags |= IPT_SAME_OPT_NODST;
+ break;
+
default:
return 0;
}
+
+ return 1;
}
/* Final check; need --to. */
static void final_check(unsigned int flags)
{
- if (!flags)
+ if (!(flags & IPT_SAME_OPT_TO))
exit_error(PARAMETER_PROBLEM,
"SAME needs --to");
}
const struct ipt_entry_target *target,
int numeric)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
+ struct ipt_same_info *mr
+ = (struct ipt_same_info *)target->data;
struct ip_nat_range *r = &mr->range[0];
struct in_addr a;
printf("same %s", addr_to_dotted(&a));
a.s_addr = r->max_ip;
printf("-%s ", addr_to_dotted(&a));
+
+ if (mr->info & IPT_SAME_NODST)
+ printf("nodst ");
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
+ struct ipt_same_info *mr
+ = (struct ipt_same_info *)target->data;
struct ip_nat_range *r = &mr->range[0];
struct in_addr a;
printf("--to %s", addr_to_dotted(&a));
a.s_addr = r->max_ip;
printf("-%s ", addr_to_dotted(&a));
+
+ if (mr->info & IPT_SAME_NODST)
+ printf("--nodst ");
}
struct iptables_target same
= { NULL,
"SAME",
NETFILTER_VERSION,
- IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
- IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ IPT_ALIGN(sizeof(struct ipt_same_info)),
+ IPT_ALIGN(sizeof(struct ipt_same_info)),
&help,
&init,
&parse,
projects / thirdparty / iptables.git / commitdiff
