| /* |
| * Shared library add-on to iptables to add TCPOPTSTRIP target support. |
| * Copyright (c) 2007 Sven Schnelle <svens@bitebene.org> |
| * Copyright © CC Computer Consultants GmbH, 2007 |
| * Jan Engelhardt <jengelh@computergmbh.de> |
| */ |
| #include <getopt.h> |
| #include <stdbool.h> |
| #include <stdio.h> |
| #include <string.h> |
| #include <stdlib.h> |
| #include <xtables.h> |
| #include <linux/netfilter/x_tables.h> |
| #include <linux/netfilter/xt_TCPOPTSTRIP.h> |
| #ifndef TCPOPT_MD5SIG |
| # define TCPOPT_MD5SIG 19 |
| #endif |
| |
| enum { |
| FLAG_STRIP = 1 << 0, |
| }; |
| |
| struct tcp_optionmap { |
| const char *name, *desc; |
| const unsigned int option; |
| }; |
| |
| static const struct option tcpoptstrip_tg_opts[] = { |
| {.name = "strip-options", .has_arg = true, .val = 's'}, |
| { .name = NULL } |
| }; |
| |
| static const struct tcp_optionmap tcp_optionmap[] = { |
| {"wscale", "Window scale", TCPOPT_WINDOW}, |
| {"mss", "Maximum Segment Size", TCPOPT_MAXSEG}, |
| {"sack-permitted", "SACK permitted", TCPOPT_SACK_PERMITTED}, |
| {"sack", "Selective ACK", TCPOPT_SACK}, |
| {"timestamp", "Timestamp", TCPOPT_TIMESTAMP}, |
| {"md5", "MD5 signature", TCPOPT_MD5SIG}, |
| { .name = NULL } |
| }; |
| |
| static void tcpoptstrip_tg_help(void) |
| { |
| const struct tcp_optionmap *w; |
| |
| printf( |
| "TCPOPTSTRIP target options:\n" |
| " --strip-options value strip specified TCP options denoted by value\n" |
| " (separated by comma) from TCP header\n" |
| " Instead of the numeric value, you can also use the following names:\n" |
| ); |
| |
| for (w = tcp_optionmap; w->name != NULL; ++w) |
| printf(" %-14s strip \"%s\" option\n", w->name, w->desc); |
| } |
| |
| static void tcpoptstrip_tg_init(struct xt_entry_target *t) |
| { |
| struct xt_tcpoptstrip_target_info *info = (void *)t->data; |
| |
| /* strictly necessary? play safe for now. */ |
| memset(info->strip_bmap, 0, sizeof(info->strip_bmap)); |
| } |
| |
| static void parse_list(struct xt_tcpoptstrip_target_info *info, char *arg) |
| { |
| unsigned int option; |
| char *p; |
| int i; |
| |
| while (true) { |
| p = strchr(arg, ','); |
| if (p != NULL) |
| *p = '\0'; |
| |
| option = 0; |
| for (i = 0; tcp_optionmap[i].name != NULL; ++i) |
| if (strcmp(tcp_optionmap[i].name, arg) == 0) { |
| option = tcp_optionmap[i].option; |
| break; |
| } |
| |
| if (option == 0 && string_to_number(arg, 0, 255, &option) == -1) |
| exit_error(PARAMETER_PROBLEM, |
| "Bad TCP option value \"%s\"", arg); |
| |
| if (option < 2) |
| exit_error(PARAMETER_PROBLEM, |
| "Option value may not be 0 or 1"); |
| |
| if (tcpoptstrip_test_bit(info->strip_bmap, option)) |
| exit_error(PARAMETER_PROBLEM, |
| "Option \"%s\" already specified", arg); |
| |
| tcpoptstrip_set_bit(info->strip_bmap, option); |
| if (p == NULL) |
| break; |
| arg = p + 1; |
| } |
| } |
| |
| static int tcpoptstrip_tg_parse(int c, char **argv, int invert, |
| unsigned int *flags, const void *entry, |
| struct xt_entry_target **target) |
| { |
| struct xt_tcpoptstrip_target_info *info = (void *)(*target)->data; |
| |
| switch (c) { |
| case 's': |
| if (*flags & FLAG_STRIP) |
| exit_error(PARAMETER_PROBLEM, |
| "You can specify --strip-options only once"); |
| parse_list(info, optarg); |
| *flags |= FLAG_STRIP; |
| return true; |
| } |
| |
| return false; |
| } |
| |
| static void tcpoptstrip_tg_check(unsigned int flags) |
| { |
| if (flags == 0) |
| exit_error(PARAMETER_PROBLEM, |
| "TCPOPTSTRIP: --strip-options parameter required"); |
| } |
| |
| static void |
| tcpoptstrip_print_list(const struct xt_tcpoptstrip_target_info *info, |
| bool numeric) |
| { |
| unsigned int i, j; |
| const char *name; |
| bool first = true; |
| |
| for (i = 0; i < 256; ++i) { |
| if (!tcpoptstrip_test_bit(info->strip_bmap, i)) |
| continue; |
| if (!first) |
| printf(","); |
| |
| first = false; |
| name = NULL; |
| if (!numeric) |
| for (j = 0; tcp_optionmap[j].name != NULL; ++j) |
| if (tcp_optionmap[j].option == i) |
| name = tcp_optionmap[j].name; |
| |
| if (name != NULL) |
| printf("%s", name); |
| else |
| printf("%u", i); |
| } |
| } |
| |
| static void |
| tcpoptstrip_tg_print(const void *ip, const struct xt_entry_target *target, |
| int numeric) |
| { |
| const struct xt_tcpoptstrip_target_info *info = |
| (const void *)target->data; |
| |
| printf("TCPOPTSTRIP options "); |
| tcpoptstrip_print_list(info, numeric); |
| } |
| |
| static void |
| tcpoptstrip_tg_save(const void *ip, const struct xt_entry_target *target) |
| { |
| const struct xt_tcpoptstrip_target_info *info = |
| (const void *)target->data; |
| |
| printf("--strip-options "); |
| tcpoptstrip_print_list(info, true); |
| } |
| |
| static struct xtables_target tcpoptstrip_tg_reg = { |
| .version = XTABLES_VERSION, |
| .name = "TCPOPTSTRIP", |
| .family = AF_INET, |
| .size = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)), |
| .userspacesize = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)), |
| .help = tcpoptstrip_tg_help, |
| .init = tcpoptstrip_tg_init, |
| .parse = tcpoptstrip_tg_parse, |
| .final_check = tcpoptstrip_tg_check, |
| .print = tcpoptstrip_tg_print, |
| .save = tcpoptstrip_tg_save, |
| .extra_opts = tcpoptstrip_tg_opts, |
| }; |
| |
| static struct xtables_target tcpoptstrip_tg6_reg = { |
| .version = XTABLES_VERSION, |
| .name = "TCPOPTSTRIP", |
| .family = AF_INET6, |
| .size = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)), |
| .userspacesize = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)), |
| .help = tcpoptstrip_tg_help, |
| .init = tcpoptstrip_tg_init, |
| .parse = tcpoptstrip_tg_parse, |
| .final_check = tcpoptstrip_tg_check, |
| .print = tcpoptstrip_tg_print, |
| .save = tcpoptstrip_tg_save, |
| .extra_opts = tcpoptstrip_tg_opts, |
| }; |
| |
| void _init(void) |
| { |
| xtables_register_target(&tcpoptstrip_tg_reg); |
| xtables_register_target(&tcpoptstrip_tg6_reg); |
| } |
