 |
netfilter
firewalling, NAT, and packet mangling for linux
|
|
|
netfilter
firewalling, NAT, and packet mangling for linux
|
|
#include "config.h"#include <ctype.h>#include <errno.h>#include <fcntl.h>#include <inttypes.h>#include <netdb.h>#include <stdarg.h>#include <stdbool.h>#include <stdio.h>#include <stdlib.h>#include <string.h>#include <unistd.h>#include <sys/socket.h>#include <sys/stat.h>#include <sys/statfs.h>#include <sys/types.h>#include <sys/utsname.h>#include <sys/wait.h>#include <arpa/inet.h>#include <xtables.h>#include <limits.h>#include <linux/netfilter_ipv4/ip_tables.h>#include <linux/netfilter_ipv6/ip6_tables.h>#include <libiptc/libxtc.h>#include <dlfcn.h>#include <getopt.h>#include "iptables/internal.h"#include "xshared.h"
Macros | |
| #define | PROC_SUPER_MAGIC 0x9fa0 |
| #define | IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) |
| #define | IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) |
| #define | IP6T_SO_GET_REVISION_MATCH 68 |
| #define | IP6T_SO_GET_REVISION_TARGET 69 |
| #define | NPROTO 255 |
| #define | PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" |
Functions | |
| void | basic_exit_err (enum xtables_exittype status, const char *msg,...) __attribute__((noreturn |
| void | format (printf, 2, 3))) |
| void | xtables_free_opts (int unused) |
| struct option * | xtables_merge_options (struct option *orig_opts, struct option *oldopts, const struct option *newopts, unsigned int *option_offset) |
| void | xtables_init (void) |
| void | xtables_set_nfproto (uint8_t nfproto) |
| int | xtables_set_params (struct xtables_globals *xtp) |
| xtables_set_params - set the global parameters used by xtables : input xtables_globals structure More... | |
| int | xtables_init_all (struct xtables_globals *xtp, uint8_t nfproto) |
| void * | xtables_calloc (size_t count, size_t size) |
| xtables_*alloc - wrappers that exit on failure More... | |
| void * | xtables_malloc (size_t size) |
| void * | xtables_realloc (void *ptr, size_t size) |
| int | xtables_insmod (const char *modname, const char *modprobe, bool quiet) |
| int | xtables_load_ko (const char *modprobe, bool quiet) |
| bool | xtables_strtoul (const char *s, char **end, uintmax_t *value, uintmax_t min, uintmax_t max) |
| xtables_strtou{i,l} - string to number conversion : input string : like strtoul's "end" pointer : pointer for result : minimum accepted value : maximum accepted value More... | |
| bool | xtables_strtoui (const char *s, char **end, unsigned int *value, unsigned int min, unsigned int max) |
| int | xtables_service_to_port (const char *name, const char *proto) |
| uint16_t | xtables_parse_port (const char *port, const char *proto) |
| void | xtables_parse_interface (const char *arg, char *vianame, unsigned char *mask) |
| struct xtables_match * | xtables_find_match (const char *name, enum xtables_tryload tryload, struct xtables_rule_match **matches) |
| struct xtables_target * | xtables_find_target (const char *name, enum xtables_tryload tryload) |
| int | xtables_compatible_revision (const char *name, uint8_t revision, int opt) |
| void | xtables_register_match (struct xtables_match *me) |
| void | xtables_register_matches (struct xtables_match *match, unsigned int n) |
| void | xtables_register_target (struct xtables_target *me) |
| void | xtables_register_targets (struct xtables_target *target, unsigned int n) |
| void | xtables_rule_matches_free (struct xtables_rule_match **matches) |
| void | xtables_param_act (unsigned int status, const char *p1,...) |
| xtables_param_act - act on condition : a constant from enum xtables_exittype More... | |
| const char * | xtables_ipaddr_to_numeric (const struct in_addr *addrp) |
| const char * | xtables_ipaddr_to_anyname (const struct in_addr *addr) |
| int | xtables_ipmask_to_cidr (const struct in_addr *mask) |
| const char * | xtables_ipmask_to_numeric (const struct in_addr *mask) |
| struct in_addr * | xtables_numeric_to_ipaddr (const char *dotted) |
| struct in_addr * | xtables_numeric_to_ipmask (const char *dotted) |
| void | xtables_ipparse_multiple (const char *name, struct in_addr **addrpp, struct in_addr **maskpp, unsigned int *naddrs) |
| void | xtables_ipparse_any (const char *name, struct in_addr **addrpp, struct in_addr *maskp, unsigned int *naddrs) |
| xtables_ipparse_any - transform arbitrary name to in_addr More... | |
| const char * | xtables_ip6addr_to_numeric (const struct in6_addr *addrp) |
| const char * | xtables_ip6addr_to_anyname (const struct in6_addr *addr) |
| int | xtables_ip6mask_to_cidr (const struct in6_addr *k) |
| const char * | xtables_ip6mask_to_numeric (const struct in6_addr *addrp) |
| struct in6_addr * | xtables_numeric_to_ip6addr (const char *num) |
| void | xtables_ip6parse_multiple (const char *name, struct in6_addr **addrpp, struct in6_addr **maskpp, unsigned int *naddrs) |
| void | xtables_ip6parse_any (const char *name, struct in6_addr **addrpp, struct in6_addr *maskp, unsigned int *naddrs) |
| void | xtables_save_string (const char *value) |
| Print the specified value to standard output, quoting dangerous characters if required. More... | |
| uint16_t | xtables_parse_protocol (const char *s) |
| void | xtables_print_num (uint64_t number, unsigned int format) |
| void | get_kernel_version (void) |
Variables | |
| int | line = -1 |
| struct xtables_globals * | xt_params = NULL |
| const struct xtables_afinfo * | afinfo |
| const char * | xtables_modprobe_program |
| struct xtables_match * | xtables_pending_matches |
| struct xtables_target * | xtables_pending_targets |
| struct xtables_match * | xtables_matches |
| struct xtables_target * | xtables_targets |
| const struct xtables_pprot | xtables_chain_protos [] |
| int | kernel_version |
| #define IP6T_SO_GET_REVISION_MATCH 68 |
| #define IP6T_SO_GET_REVISION_TARGET 69 |
| #define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) |
| #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) |
| #define NPROTO 255 |
Referenced by xtables_register_match(), and xtables_register_target().
| #define PROC_SUPER_MAGIC 0x9fa0 |
| #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" |
| void basic_exit_err | ( | enum xtables_exittype | status, |
| const char * | msg, | ||
| ... | |||
| ) |
References xtables_globals::program_name, xtables_globals::program_version, and xt_params.
Referenced by xtables_set_params().
| void format | ( | printf | , |
| 2 | , | ||
| 3 | |||
| ) |
| void get_kernel_version | ( | void | ) |
| void* xtables_calloc | ( | size_t | count, |
| size_t | size | ||
| ) |
xtables_*alloc - wrappers that exit on failure
References NULL.
Referenced by command_default(), do_command4(), do_command6(), and do_commandarp().
| int xtables_compatible_revision | ( | const char * | name, |
| uint8_t | revision, | ||
| int | opt | ||
| ) |
References xtables_afinfo::family, xtables_afinfo::ipproto, xt_get_revision::name, xt_get_revision::revision, s, sockfd, xtables_load_ko(), and xtables_modprobe_program.
| struct xtables_match* xtables_find_match | ( | const char * | name, |
| enum xtables_tryload | tryload, | ||
| struct xtables_rule_match ** | matches | ||
| ) |
References xtables_rule_match::completed, xtables_globals::exit_err, xtables_afinfo::libprefix, xtables_match::loaded, xtables_match::m, xtables_rule_match::match, xtables_match::mflags, xtables_match::name, xtables_match::next, xtables_rule_match::next, NULL, PARAMETER_PROBLEM, xtables_match::udata, XT_EXTENSION_MAXNAMELEN, xt_params, xtables_error, xtables_malloc(), XTF_DONT_LOAD, XTF_DURING_LOAD, and XTF_LOAD_MUST_SUCCEED.
Referenced by do_command4(), do_command6(), and do_commandx().
| struct xtables_target* xtables_find_target | ( | const char * | name, |
| enum xtables_tryload | tryload | ||
| ) |
References xtables_globals::exit_err, xtables_afinfo::libprefix, xtables_target::loaded, xtables_target::name, xtables_target::next, NULL, PARAMETER_PROBLEM, xtables_target::used, xt_params, XTC_LABEL_ACCEPT, XTC_LABEL_DROP, XTC_LABEL_QUEUE, XTC_LABEL_RETURN, XTF_DONT_LOAD, XTF_DURING_LOAD, and XTF_LOAD_MUST_SUCCEED.
Referenced by do_command4(), do_command6(), do_commandarp(), do_commandx(), nft_parse_target(), nft_rule_to_arptables_command_state(), nft_rule_to_iptables_command_state(), print_rule4(), and print_rule6().
| void xtables_free_opts | ( | int | unused | ) |
References NULL, xtables_globals::opts, xtables_globals::orig_opts, and xt_params.
Referenced by do_command4(), do_command6(), do_commandx(), get_kernel_version(), ip6tables_exit_error(), iptables_exit_error(), xtables_exit_error(), xtables_merge_options(), and xtables_options_xfrm().
| void xtables_init | ( | void | ) |
References NULL.
Referenced by xtables_arp_main(), and xtables_init_all().
| int xtables_init_all | ( | struct xtables_globals * | xtp, |
| uint8_t | nfproto | ||
| ) |
References xtables_init(), xtables_set_nfproto(), and xtables_set_params().
Referenced by ip6tables_main(), ip6tables_restore_main(), ip6tables_save_main(), iptables_main(), iptables_restore_main(), iptables_save_main(), and xtables_events_main().
| int xtables_insmod | ( | const char * | modname, |
| const char * | modprobe, | ||
| bool | quiet | ||
| ) |
| const char* xtables_ip6addr_to_anyname | ( | const struct in6_addr * | addr | ) |
| const char* xtables_ip6addr_to_numeric | ( | const struct in6_addr * | addrp | ) |
Referenced by xtables_ip6addr_to_anyname(), and xtables_ip6mask_to_numeric().
| int xtables_ip6mask_to_cidr | ( | const struct in6_addr * | k | ) |
| const char* xtables_ip6mask_to_numeric | ( | const struct in6_addr * | addrp | ) |
References buf, xtables_ip6addr_to_numeric(), and xtables_ip6mask_to_cidr().
| void xtables_ip6parse_multiple | ( | const char * | name, |
| struct in6_addr ** | addrpp, | ||
| struct in6_addr ** | maskpp, | ||
| unsigned int * | naddrs | ||
| ) |
References xtables_globals::exit_err, len, name, NULL, PARAMETER_PROBLEM, xt_params, xtables_malloc(), and xtables_realloc().
Referenced by do_command6().
| const char* xtables_ipaddr_to_anyname | ( | const struct in_addr * | addr | ) |
| const char* xtables_ipaddr_to_numeric | ( | const struct in_addr * | addrp | ) |
References buf.
Referenced by xtables_ipaddr_to_anyname(), and xtables_ipmask_to_numeric().
| int xtables_ipmask_to_cidr | ( | const struct in_addr * | mask | ) |
| const char* xtables_ipmask_to_numeric | ( | const struct in_addr * | mask | ) |
References buf, xtables_ipaddr_to_numeric(), and xtables_ipmask_to_cidr().
| void xtables_ipparse_multiple | ( | const char * | name, |
| struct in_addr ** | addrpp, | ||
| struct in_addr ** | maskpp, | ||
| unsigned int * | naddrs | ||
| ) |
References xtables_globals::exit_err, len, name, NULL, PARAMETER_PROBLEM, xt_params, xtables_malloc(), and xtables_realloc().
Referenced by do_command4().
| int xtables_load_ko | ( | const char * | modprobe, |
| bool | quiet | ||
| ) |
References xtables_afinfo::kmod, xtables_afinfo::proc_exists, and xtables_insmod().
Referenced by do_command4(), do_command6(), and xtables_compatible_revision().
| void* xtables_malloc | ( | size_t | size | ) |
References NULL.
Referenced by for_each_chain4(), for_each_chain6(), xtables_find_match(), xtables_ip6parse_multiple(), and xtables_ipparse_multiple().
| struct option* xtables_merge_options | ( | struct option * | orig_opts, |
| struct option * | oldopts, | ||
| const struct option * | newopts, | ||
| unsigned int * | option_offset | ||
| ) |
References NULL, xtables_globals::option_offset, XT_OPTION_OFFSET_SCALE, xt_params, and xtables_free_opts().
Referenced by command_default().
| struct in_addr* xtables_numeric_to_ipaddr | ( | const char * | dotted | ) |
| struct in_addr* xtables_numeric_to_ipmask | ( | const char * | dotted | ) |
| void xtables_param_act | ( | unsigned int | status, |
| const char * | p1, | ||
| ... | |||
| ) |
xtables_param_act - act on condition : a constant from enum xtables_exittype
XTF_ONLY_ONCE: print error message that option may only be used once. : module name (e.g. "mark") (...): option in conflict (e.g. "--mark") (...): condition to match on (see extensions/ for examples)
XTF_NO_INVERT: option does not support inversion : module name : option in conflict : condition to match on
XTF_BAD_VALUE: bad value for option : module name : option with which the problem occured (e.g. "--mark") : string the user passed in (e.g. "99999999999999")
XTF_ONE_ACTION: two mutually exclusive actions have been specified : module name
Displays an error message and exits the program.
References xtables_globals::exit_err, PARAMETER_PROBLEM, xt_params, XTF_BAD_VALUE, XTF_NO_INVERT, XTF_ONE_ACTION, and XTF_ONLY_ONCE.
| void xtables_parse_interface | ( | const char * | arg, |
| char * | vianame, | ||
| unsigned char * | mask | ||
| ) |
References xtables_globals::exit_err, IFNAMSIZ, PARAMETER_PROBLEM, and xt_params.
Referenced by do_command4(), do_command6(), and do_commandx().
| uint16_t xtables_parse_port | ( | const char * | port, |
| const char * | proto | ||
| ) |
References xtables_globals::exit_err, NULL, PARAMETER_PROBLEM, xt_params, xtables_service_to_port(), and xtables_strtoui().
| uint16_t xtables_parse_protocol | ( | const char * | s | ) |
References ARRAY_SIZE, xtables_globals::exit_err, NULL, PARAMETER_PROBLEM, xt_params, and xtables_strtoui().
Referenced by do_command4(), do_command6(), and do_commandx().
| void xtables_print_num | ( | uint64_t | number, |
| unsigned int | format | ||
| ) |
References FMT, and FMT_KILOMEGAGIGA.
Referenced by print_firewall_details(), and print_header().
| void* xtables_realloc | ( | void * | ptr, |
| size_t | size | ||
| ) |
References NULL.
Referenced by xtables_ip6parse_multiple(), and xtables_ipparse_multiple().
| void xtables_register_match | ( | struct xtables_match * | me | ) |
References xtables_match::extra_opts, xtables_afinfo::family, xtables_match::family, xtables_match::name, xtables_match::next, NPROTO, NULL, xtables_globals::program_name, xtables_match::revision, xtables_match::version, xtables_match::x6_options, XT_EXTENSION_MAXNAMELEN, xt_params, xtables_option_metavalidate(), and xtables_pending_matches.
Referenced by _init(), and xtables_register_matches().
| void xtables_register_matches | ( | struct xtables_match * | match, |
| unsigned int | n | ||
| ) |
References xtables_register_match().
Referenced by _init().
| void xtables_register_target | ( | struct xtables_target * | me | ) |
References xtables_target::extra_opts, xtables_afinfo::family, xtables_target::family, xtables_target::name, xtables_target::next, NPROTO, NULL, xtables_globals::program_name, xtables_target::revision, xtables_target::version, xtables_target::x6_options, XT_EXTENSION_MAXNAMELEN, xt_params, xtables_option_metavalidate(), and xtables_pending_targets.
Referenced by _init(), and xtables_register_targets().
| void xtables_register_targets | ( | struct xtables_target * | target, |
| unsigned int | n | ||
| ) |
References xtables_register_target().
Referenced by _init().
| void xtables_rule_matches_free | ( | struct xtables_rule_match ** | matches | ) |
References xtables_match::m, xtables_rule_match::match, xtables_match::next, xtables_rule_match::next, and NULL.
Referenced by do_command4(), do_command6(), and do_commandx().
| void xtables_save_string | ( | const char * | value | ) |
Print the specified value to standard output, quoting dangerous characters if required.
References NULL.
| int xtables_service_to_port | ( | const char * | name, |
| const char * | proto | ||
| ) |
| void xtables_set_nfproto | ( | uint8_t | nfproto | ) |
References NFPROTO_IPV4, and NFPROTO_IPV6.
Referenced by do_commandx(), and xtables_init_all().
| int xtables_set_params | ( | struct xtables_globals * | xtp | ) |
xtables_set_params - set the global parameters used by xtables : input xtables_globals structure
The app is expected to pass a valid xtables_globals data-filled with proper values cannot be NULL
Returns -1 on failure to set and 0 on success
References basic_exit_err(), xtables_globals::exit_err, and xt_params.
Referenced by iptables_xml_main(), xtables_arp_main(), and xtables_init_all().
| bool xtables_strtoui | ( | const char * | s, |
| char ** | end, | ||
| unsigned int * | value, | ||
| unsigned int | min, | ||
| unsigned int | max | ||
| ) |
References NULL, and xtables_strtoul().
Referenced by xtables_parse_port(), and xtables_parse_protocol().
| bool xtables_strtoul | ( | const char * | s, |
| char ** | end, | ||
| uintmax_t * | value, | ||
| uintmax_t | min, | ||
| uintmax_t | max | ||
| ) |
xtables_strtou{i,l} - string to number conversion : input string : like strtoul's "end" pointer : pointer for result : minimum accepted value : maximum accepted value
If is NULL, we assume the caller wants a "strict strtoul", and hence "15a" is rejected. In either case, the value obtained is compared for min-max compliance. Base is always 0, i.e. autodetect depending on .
Returns true/false whether number was accepted. On failure, *value has undefined contents.
References NULL.
Referenced by xtables_strtoui().
| const struct xtables_afinfo* afinfo |
Referenced by xtables_arp_main().
| int kernel_version |
| int line = -1 |
| struct xtables_globals* xt_params = NULL |
Referenced by basic_exit_err(), do_command4(), do_command6(), do_commandx(), ip6tables_restore_main(), iptables_restore_main(), xtables_find_match(), xtables_find_target(), xtables_free_opts(), xtables_ip6parse_multiple(), xtables_ipparse_multiple(), xtables_merge_options(), xtables_option_metavalidate(), xtables_option_parse(), xtables_options_fcheck(), xtables_options_xfrm(), xtables_param_act(), xtables_parse_interface(), xtables_parse_port(), xtables_parse_protocol(), xtables_register_match(), xtables_register_target(), and xtables_set_params().
| const struct xtables_pprot xtables_chain_protos[] |
Referenced by proto_to_name().
| struct xtables_match* xtables_matches |
Referenced by do_command4(), do_command6(), and do_commandx().
| const char* xtables_modprobe_program |
| struct xtables_match* xtables_pending_matches |
Referenced by xtables_register_match().
| struct xtables_target* xtables_pending_targets |
Referenced by xtables_register_target().
| struct xtables_target* xtables_targets |
Referenced by do_command4(), do_command6(), do_commandarp(), and do_commandx().
1.8.8 
