Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
SoftwareDesign
/
csu3_am335x
8
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Салаа: master
Салаанууд Тагууд
csu3_am335x
/
EVSE
/
GPL
/
iptables-1.4.18
/
extensions
/
libipt_REJECT.c

libipt_REJECT.c 4.4 KB
Байнгын холболт Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. /* Shared library add-on to iptables to add customized REJECT support.
    2. 

  2.  *
    3. 

  3.  * (C) 2000 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
    4. 

  4.  */
    5. 

  5. #include <stdio.h>
    6. 

  6. #include <string.h>
    7. 

  7. #include <xtables.h>
    8. 

  8. #include <linux/netfilter_ipv4/ipt_REJECT.h>
    9. 

  9. #include <linux/version.h>
    10. 

  10. 

  11. /* If we are compiling against a kernel that does not support
    12. 

  12.  * IPT_ICMP_ADMIN_PROHIBITED, we are emulating it.
    13. 

  13.  * The result will be a plain DROP of the packet instead of
    14. 

  14.  * reject. -- Maciej Soltysiak <solt@dns.toxicfilms.tv>
    15. 

  15.  */
    16. 

  16. #ifndef IPT_ICMP_ADMIN_PROHIBITED
    17. 

  17. #define IPT_ICMP_ADMIN_PROHIBITED	IPT_TCP_RESET + 1
    18. 

  18. #endif
    19. 

  19. 

  20. struct reject_names {
    21. 

  21. 	const char *name;
    22. 

  22. 	const char *alias;
    23. 

  23. 	enum ipt_reject_with with;
    24. 

  24. 	const char *desc;
    25. 

  25. };
    26. 

  26. 

  27. enum {
    28. 

  28. 	O_REJECT_WITH = 0,
    29. 

  29. };
    30. 

  30. 

  31. static const struct reject_names reject_table[] = {
    32. 

  32. 	{"icmp-net-unreachable", "net-unreach",
    33. 

  33. 		IPT_ICMP_NET_UNREACHABLE, "ICMP network unreachable"},
    34. 

  34. 	{"icmp-host-unreachable", "host-unreach",
    35. 

  35. 		IPT_ICMP_HOST_UNREACHABLE, "ICMP host unreachable"},
    36. 

  36. 	{"icmp-proto-unreachable", "proto-unreach",
    37. 

  37. 		IPT_ICMP_PROT_UNREACHABLE, "ICMP protocol unreachable"},
    38. 

  38. 	{"icmp-port-unreachable", "port-unreach",
    39. 

  39. 		IPT_ICMP_PORT_UNREACHABLE, "ICMP port unreachable (default)"},
    40. 

  40. #if 0
    41. 

  41. 	{"echo-reply", "echoreply",
    42. 

  42. 	 IPT_ICMP_ECHOREPLY, "for ICMP echo only: faked ICMP echo reply"},
    43. 

  43. #endif
    44. 

  44. 	{"icmp-net-prohibited", "net-prohib",
    45. 

  45. 	 IPT_ICMP_NET_PROHIBITED, "ICMP network prohibited"},
    46. 

  46. 	{"icmp-host-prohibited", "host-prohib",
    47. 

  47. 	 IPT_ICMP_HOST_PROHIBITED, "ICMP host prohibited"},
    48. 

  48. 	{"tcp-reset", "tcp-rst",
    49. 

  49. 	 IPT_TCP_RESET, "TCP RST packet"},
    50. 

  50. 	{"icmp-admin-prohibited", "admin-prohib",
    51. 

  51. 	 IPT_ICMP_ADMIN_PROHIBITED, "ICMP administratively prohibited (*)"}
    52. 

  52. };
    53. 

  53. 

  54. static void
    55. 

  55. print_reject_types(void)
    56. 

  56. {
    57. 

  57. 	unsigned int i;
    58. 

  58. 

  59. 	printf("Valid reject types:\n");
    60. 

  60. 

  61. 	for (i = 0; i < ARRAY_SIZE(reject_table); ++i) {
    62. 

  62. 		printf("    %-25s\t%s\n", reject_table[i].name, reject_table[i].desc);
    63. 

  63. 		printf("    %-25s\talias\n", reject_table[i].alias);
    64. 

  64. 	}
    65. 

  65. 	printf("\n");
    66. 

  66. }
    67. 

  67. 

  68. static void REJECT_help(void)
    69. 

  69. {
    70. 

  70. 	printf(
    71. 

  71. "REJECT target options:\n"
    72. 

  72. "--reject-with type              drop input packet and send back\n"
    73. 

  73. "                                a reply packet according to type:\n");
    74. 

  74. 

  75. 	print_reject_types();
    76. 

  76. 

  77. 	printf("(*) See man page or read the INCOMPATIBILITES file for compatibility issues.\n");
    78. 

  78. }
    79. 

  79. 

  80. static const struct xt_option_entry REJECT_opts[] = {
    81. 

  81. 	{.name = "reject-with", .id = O_REJECT_WITH, .type = XTTYPE_STRING},
    82. 

  82. 	XTOPT_TABLEEND,
    83. 

  83. };
    84. 

  84. 

  85. static void REJECT_init(struct xt_entry_target *t)
    86. 

  86. {
    87. 

  87. 	struct ipt_reject_info *reject = (struct ipt_reject_info *)t->data;
    88. 

  88. 

  89. 	/* default */
    90. 

  90. 	reject->with = IPT_ICMP_PORT_UNREACHABLE;
    91. 

  91. 

  92. }
    93. 

  93. 

  94. static void REJECT_parse(struct xt_option_call *cb)
    95. 

  95. {
    96. 

  96. 	struct ipt_reject_info *reject = cb->data;
    97. 

  97. 	unsigned int i;
    98. 

  98. 

  99. 	xtables_option_parse(cb);
    100. 

  100. 	for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
    101. 

  101. 		if (strncasecmp(reject_table[i].name,
    102. 

  102. 		      cb->arg, strlen(cb->arg)) == 0 ||
    103. 

  103. 		    strncasecmp(reject_table[i].alias,
    104. 

  104. 		      cb->arg, strlen(cb->arg)) == 0) {
    105. 

  105. 			reject->with = reject_table[i].with;
    106. 

  106. 			return;
    107. 

  107. 		}
    108. 

  108. 	/* This due to be dropped late in 2.4 pre-release cycle --RR */
    109. 

  109. 	if (strncasecmp("echo-reply", cb->arg, strlen(cb->arg)) == 0 ||
    110. 

  110. 	    strncasecmp("echoreply", cb->arg, strlen(cb->arg)) == 0)
    111. 

  111. 		fprintf(stderr, "--reject-with echo-reply no longer"
    112. 

  112. 			" supported\n");
    113. 

  113. 	xtables_error(PARAMETER_PROBLEM,
    114. 

  114. 		"unknown reject type \"%s\"", cb->arg);
    115. 

  115. }
    116. 

  116. 

  117. static void REJECT_print(const void *ip, const struct xt_entry_target *target,
    118. 

  118.                          int numeric)
    119. 

  119. {
    120. 

  120. 	const struct ipt_reject_info *reject
    121. 

  121. 		= (const struct ipt_reject_info *)target->data;
    122. 

  122. 	unsigned int i;
    123. 

  123. 

  124. 	for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
    125. 

  125. 		if (reject_table[i].with == reject->with)
    126. 

  126. 			break;
    127. 

  127. 	printf(" reject-with %s", reject_table[i].name);
    128. 

  128. }
    129. 

  129. 

  130. static void REJECT_save(const void *ip, const struct xt_entry_target *target)
    131. 

  131. {
    132. 

  132. 	const struct ipt_reject_info *reject
    133. 

  133. 		= (const struct ipt_reject_info *)target->data;
    134. 

  134. 	unsigned int i;
    135. 

  135. 

  136. 	for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
    137. 

  137. 		if (reject_table[i].with == reject->with)
    138. 

  138. 			break;
    139. 

  139. 

  140. 	printf(" --reject-with %s", reject_table[i].name);
    141. 

  141. }
    142. 

  142. 

  143. static struct xtables_target reject_tg_reg = {
    144. 

  144. 	.name		= "REJECT",
    145. 

  145. 	.version	= XTABLES_VERSION,
    146. 

  146. 	.family		= NFPROTO_IPV4,
    147. 

  147. 	.size		= XT_ALIGN(sizeof(struct ipt_reject_info)),
    148. 

  148. 	.userspacesize	= XT_ALIGN(sizeof(struct ipt_reject_info)),
    149. 

  149. 	.help		= REJECT_help,
    150. 

  150. 	.init		= REJECT_init,
    151. 

  151. 	.print		= REJECT_print,
    152. 

  152. 	.save		= REJECT_save,
    153. 

  153. 	.x6_parse	= REJECT_parse,
    154. 

  154. 	.x6_options	= REJECT_opts,
    155. 

  155. };
    156. 

  156. 

  157. void _init(void)
    158. 

  158. {
    159. 

  159. 	xtables_register_target(&reject_tg_reg);
    160. 

  160. }
    161.