1 /*
2 * Arturo Borrero Gonzalez <[email protected]> adapted
3 * this code to libxtables for arptables-compat in 2015
4 */
5
6 #include <stdio.h>
7 #include <netdb.h>
8 #include <string.h>
9 #include <stdlib.h>
10 #include <limits.h>
11 #include <getopt.h>
12 #include <netinet/ether.h>
13 #include <xtables.h>
14 #include <linux/netfilter_arp/arpt_mangle.h>
15 #include "iptables/nft.h"
16
arpmangle_print_help(void)17 static void arpmangle_print_help(void)
18 {
19 printf(
20 "mangle target options:\n"
21 "--mangle-ip-s IP address\n"
22 "--mangle-ip-d IP address\n"
23 "--mangle-mac-s MAC address\n"
24 "--mangle-mac-d MAC address\n"
25 "--mangle-target target (DROP, CONTINUE or ACCEPT -- default is ACCEPT)\n");
26 }
27
28 #define MANGLE_IPS '1'
29 #define MANGLE_IPT '2'
30 #define MANGLE_DEVS '3'
31 #define MANGLE_DEVT '4'
32 #define MANGLE_TARGET '5'
33
34 static const struct option arpmangle_opts[] = {
35 { .name = "mangle-ip-s", .has_arg = true, .val = MANGLE_IPS },
36 { .name = "mangle-ip-d", .has_arg = true, .val = MANGLE_IPT },
37 { .name = "mangle-mac-s", .has_arg = true, .val = MANGLE_DEVS },
38 { .name = "mangle-mac-d", .has_arg = true, .val = MANGLE_DEVT },
39 { .name = "mangle-target", .has_arg = true, .val = MANGLE_TARGET },
40 XT_GETOPT_TABLEEND,
41 };
42
arpmangle_init(struct xt_entry_target * target)43 static void arpmangle_init(struct xt_entry_target *target)
44 {
45 struct arpt_mangle *mangle = (struct arpt_mangle *)target->data;
46
47 mangle->target = NF_ACCEPT;
48 }
49
50 static int
arpmangle_parse(int c,char ** argv,int invert,unsigned int * flags,const void * entry,struct xt_entry_target ** target)51 arpmangle_parse(int c, char **argv, int invert, unsigned int *flags,
52 const void *entry, struct xt_entry_target **target)
53 {
54 struct arpt_mangle *mangle = (struct arpt_mangle *)(*target)->data;
55 struct in_addr *ipaddr, mask;
56 struct ether_addr *macaddr;
57 const struct arpt_entry *e = (const struct arpt_entry *)entry;
58 unsigned int nr;
59 int ret = 1;
60
61 memset(&mask, 0, sizeof(mask));
62
63 switch (c) {
64 case MANGLE_IPS:
65 xtables_ipparse_any(optarg, &ipaddr, &mask, &nr);
66 mangle->u_s.src_ip.s_addr = ipaddr->s_addr;
67 free(ipaddr);
68 mangle->flags |= ARPT_MANGLE_SIP;
69 break;
70 case MANGLE_IPT:
71 xtables_ipparse_any(optarg, &ipaddr, &mask, &nr);
72 mangle->u_t.tgt_ip.s_addr = ipaddr->s_addr;
73 free(ipaddr);
74 mangle->flags |= ARPT_MANGLE_TIP;
75 break;
76 case MANGLE_DEVS:
77 if (e->arp.arhln_mask == 0)
78 xtables_error(PARAMETER_PROBLEM,
79 "no --h-length defined");
80 if (e->arp.invflags & ARPT_INV_ARPHLN)
81 xtables_error(PARAMETER_PROBLEM,
82 "! --h-length not allowed for "
83 "--mangle-mac-s");
84 if (e->arp.arhln != 6)
85 xtables_error(PARAMETER_PROBLEM,
86 "only --h-length 6 supported");
87 macaddr = ether_aton(optarg);
88 if (macaddr == NULL)
89 xtables_error(PARAMETER_PROBLEM,
90 "invalid source MAC");
91 memcpy(mangle->src_devaddr, macaddr, e->arp.arhln);
92 mangle->flags |= ARPT_MANGLE_SDEV;
93 break;
94 case MANGLE_DEVT:
95 if (e->arp.arhln_mask == 0)
96 xtables_error(PARAMETER_PROBLEM,
97 "no --h-length defined");
98 if (e->arp.invflags & ARPT_INV_ARPHLN)
99 xtables_error(PARAMETER_PROBLEM,
100 "! hln not allowed for --mangle-mac-d");
101 if (e->arp.arhln != 6)
102 xtables_error(PARAMETER_PROBLEM,
103 "only --h-length 6 supported");
104 macaddr = ether_aton(optarg);
105 if (macaddr == NULL)
106 xtables_error(PARAMETER_PROBLEM, "invalid target MAC");
107 memcpy(mangle->tgt_devaddr, macaddr, e->arp.arhln);
108 mangle->flags |= ARPT_MANGLE_TDEV;
109 break;
110 case MANGLE_TARGET:
111 if (!strcmp(optarg, "DROP"))
112 mangle->target = NF_DROP;
113 else if (!strcmp(optarg, "ACCEPT"))
114 mangle->target = NF_ACCEPT;
115 else if (!strcmp(optarg, "CONTINUE"))
116 mangle->target = XT_CONTINUE;
117 else
118 xtables_error(PARAMETER_PROBLEM,
119 "bad target for --mangle-target");
120 break;
121 default:
122 ret = 0;
123 }
124
125 return ret;
126 }
127
arpmangle_final_check(unsigned int flags)128 static void arpmangle_final_check(unsigned int flags)
129 {
130 }
131
ipaddr_to(const struct in_addr * addrp,int numeric)132 static const char *ipaddr_to(const struct in_addr *addrp, int numeric)
133 {
134 if (numeric)
135 return xtables_ipaddr_to_numeric(addrp);
136 else
137 return xtables_ipaddr_to_anyname(addrp);
138 }
139
140 static void
arpmangle_print(const void * ip,const struct xt_entry_target * target,int numeric)141 arpmangle_print(const void *ip, const struct xt_entry_target *target,
142 int numeric)
143 {
144 struct arpt_mangle *m = (struct arpt_mangle *)(target->data);
145
146 if (m->flags & ARPT_MANGLE_SIP) {
147 printf(" --mangle-ip-s %s",
148 ipaddr_to(&(m->u_s.src_ip), numeric));
149 }
150 if (m->flags & ARPT_MANGLE_SDEV) {
151 printf(" --mangle-mac-s ");
152 xtables_print_mac((unsigned char *)m->src_devaddr);
153 }
154 if (m->flags & ARPT_MANGLE_TIP) {
155 printf(" --mangle-ip-d %s",
156 ipaddr_to(&(m->u_t.tgt_ip), numeric));
157 }
158 if (m->flags & ARPT_MANGLE_TDEV) {
159 printf(" --mangle-mac-d ");
160 xtables_print_mac((unsigned char *)m->tgt_devaddr);
161 }
162 if (m->target != NF_ACCEPT) {
163 printf(" --mangle-target %s",
164 m->target == NF_DROP ? "DROP" : "CONTINUE");
165 }
166 }
167
arpmangle_save(const void * ip,const struct xt_entry_target * target)168 static void arpmangle_save(const void *ip, const struct xt_entry_target *target)
169 {
170 arpmangle_print(ip, target, 0);
171 }
172
173 static struct xtables_target arpmangle_target = {
174 .name = "mangle",
175 .revision = 0,
176 .version = XTABLES_VERSION,
177 .family = NFPROTO_ARP,
178 .size = XT_ALIGN(sizeof(struct arpt_mangle)),
179 .userspacesize = XT_ALIGN(sizeof(struct arpt_mangle)),
180 .help = arpmangle_print_help,
181 .init = arpmangle_init,
182 .parse = arpmangle_parse,
183 .final_check = arpmangle_final_check,
184 .print = arpmangle_print,
185 .save = arpmangle_save,
186 .extra_opts = arpmangle_opts,
187 };
188
_init(void)189 void _init(void)
190 {
191 xtables_register_target(&arpmangle_target);
192 }
193